From 206fb2deb0abc19b4afe3f7d7de9471b6662d5e7 Mon Sep 17 00:00:00 2001 From: Moritz Clasmeier Date: Mon, 3 Jan 2022 10:09:22 +0100 Subject: [PATCH 1/4] X-Smart-Branch-Parent: master From df5b3d5eb05ce1daac5933e5d1443ce7f50bbc60 Mon Sep 17 00:00:00 2001 From: Moritz Clasmeier Date: Fri, 10 Dec 2021 13:48:15 +0100 Subject: [PATCH 2/4] PoC: Prepare test suite for Helm charts to be able to test the rendered charts in different flavours: chart and bundle. --- go.mod | 2 +- go.sum | 12 ++ .../securedclusterservices/helmtest_test.go | 194 +++++++++++++++++- .../helmtest/bundle/cluster-name.test.yaml | 1 + .../testdata/helmtest/bundle/suite.yaml | 53 +++++ .../{ => chart}/additional-cas.test.yaml | 0 .../{ => chart}/admission-control.test.yaml | 0 .../helmtest/{ => chart}/audit-logs.test.yaml | 0 .../{ => chart}/base-config.test.yaml | 0 .../helmtest/chart/cluster-name.test.yaml | 1 + .../{ => chart}/collector-image.test.yaml | 0 ...llector-slimfull-image-overrides.test.yaml | 0 .../{ => chart}/default-labels.test.yaml | 0 .../helmtest/{ => chart}/env-vars.test.yaml | 0 .../helmtest/{ => chart}/env.test.yaml | 0 .../{ => chart}/helm-managed.test.yaml | 0 .../{ => chart}/image-pull-secrets.test.yaml | 0 .../{ => chart}/legacy-settings.test.yaml | 0 .../helmtest/{ => chart}/main-image.test.yaml | 0 .../helmtest/{ => chart}/monitoring.test.yaml | 0 .../{ => chart}/node-selector.test.yaml | 0 .../openshift-monitoring.test.yaml | 0 .../helmtest/{ => chart}/sccs.test.yaml | 0 .../{ => chart}/slim-collector.test.yaml | 0 .../testdata/helmtest/{ => chart}/suite.yaml | 2 +- .../{ => chart}/tls-secrets.test.yaml | 0 .../{ => chart}/tolerations.test.yaml | 0 .../helmtest/{ => chart}/upgrade.test.yaml | 0 .../testdata/helmtest/cluster-name.test.yaml | 37 ---- .../helmtest/shared/cluster-name.test.yaml | 22 ++ pkg/helm/template/chart_template.go | 21 ++ 31 files changed, 305 insertions(+), 40 deletions(-) create mode 120000 pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/bundle/cluster-name.test.yaml create mode 100644 pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/bundle/suite.yaml rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/additional-cas.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/admission-control.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/audit-logs.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/base-config.test.yaml (100%) create mode 120000 pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/cluster-name.test.yaml rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/collector-image.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/collector-slimfull-image-overrides.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/default-labels.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/env-vars.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/env.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/helm-managed.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/image-pull-secrets.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/legacy-settings.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/main-image.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/monitoring.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/node-selector.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/openshift-monitoring.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/sccs.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/slim-collector.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/suite.yaml (98%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/tls-secrets.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/tolerations.test.yaml (100%) rename pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/{ => chart}/upgrade.test.yaml (100%) delete mode 100644 pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/cluster-name.test.yaml create mode 100644 pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/shared/cluster-name.test.yaml diff --git a/go.mod b/go.mod index a309cb0de2838..3c1034782d2ab 100644 --- a/go.mod +++ b/go.mod @@ -96,7 +96,7 @@ require ( github.com/stackrox/anchore-client v0.0.0-20190929180200-981e05834836 github.com/stackrox/default-authz-plugin v0.0.0-20210608105219-00ad9c9f3855 github.com/stackrox/external-network-pusher v0.0.0-20210419192707-074af92bbfa7 - github.com/stackrox/helmtest v0.0.0-20211118112901-c6fc838e7f89 + github.com/stackrox/helmtest v0.0.0-20220103101722-9f16fec5b1f6 github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5 github.com/steveyen/gtreap v0.1.0 // indirect github.com/stretchr/testify v1.7.0 diff --git a/go.sum b/go.sum index 9b7a18c2e00b6..af3c66b698b61 100644 --- a/go.sum +++ b/go.sum @@ -1930,6 +1930,18 @@ github.com/stackrox/helm-operator v0.0.8-0.20211217081542-57dfe5d681e3 h1:O96olg github.com/stackrox/helm-operator v0.0.8-0.20211217081542-57dfe5d681e3/go.mod h1:u5rkZgJvT0MfanZCoq/lCqY+3Ixr+CbPxYNnhvsggHg= github.com/stackrox/helmtest v0.0.0-20211118112901-c6fc838e7f89 h1:h3Z1bazS+4RWhzDk4L3B/jN4DL0UAZCDCx7UfQ6T5jg= github.com/stackrox/helmtest v0.0.0-20211118112901-c6fc838e7f89/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= +github.com/stackrox/helmtest v0.0.0-20211210120205-cd92ec714228 h1:jElNqXja4IwH9+e1BgC8PrJWu0UXI7GhxxDJOh8ZEFs= +github.com/stackrox/helmtest v0.0.0-20211210120205-cd92ec714228/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= +github.com/stackrox/helmtest v0.0.0-20211210120914-3ef3ad60c3db h1:1QLb11+lK04OUWsp6WWKje4uqI9o5b0qr4vHiFAMO+I= +github.com/stackrox/helmtest v0.0.0-20211210120914-3ef3ad60c3db/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= +github.com/stackrox/helmtest v0.0.0-20211210122911-659d1ad89f36 h1:/kiLaI1mkQ28midG3n0tMOk4NUUMSj3GNvdYL+6J2oA= +github.com/stackrox/helmtest v0.0.0-20211210122911-659d1ad89f36/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= +github.com/stackrox/helmtest v0.0.0-20211210123307-b59b39c90d53 h1:TQ/LsB4h4LBRkvrpl4G7vlwojmFiomM2kymaHdqP3G0= +github.com/stackrox/helmtest v0.0.0-20211210123307-b59b39c90d53/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= +github.com/stackrox/helmtest v0.0.0-20211213085306-5dc6f6d3cc1f h1:I312Fj6uRds6h8ECxnah3ZRfUEZvQk5XZN1O1ur4MEM= +github.com/stackrox/helmtest v0.0.0-20211213085306-5dc6f6d3cc1f/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= +github.com/stackrox/helmtest v0.0.0-20220103101722-9f16fec5b1f6 h1:xLOTCeLZk9fj7WwAxQgqp9X4u1WyoaLlFMKcivXYznM= +github.com/stackrox/helmtest v0.0.0-20220103101722-9f16fec5b1f6/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= github.com/stackrox/k8s-cves v0.0.0-20201110001126-cc333981eaab h1:77xJmm1YkqbgrQzHI3C4MyPckWL+PYRLWakQRC6Mzj8= github.com/stackrox/k8s-cves v0.0.0-20201110001126-cc333981eaab/go.mod h1:EBskgGC5Gzt/r8ToNsuD6tYMcf+AWY0ubaFSRy5/3QM= github.com/stackrox/k8s-istio-cve-pusher v0.0.0-20210422200002-d89f671ac4f5 h1:0O3kYf9IvjnzwKBE/UuofeiKmwb8x9ga3mm26dqL4/Y= diff --git a/pkg/helm/charts/tests/securedclusterservices/helmtest_test.go b/pkg/helm/charts/tests/securedclusterservices/helmtest_test.go index fae390717f421..5326d2d2cd716 100644 --- a/pkg/helm/charts/tests/securedclusterservices/helmtest_test.go +++ b/pkg/helm/charts/tests/securedclusterservices/helmtest_test.go @@ -1,11 +1,19 @@ package securedclusterservices import ( + "fmt" "testing" helmTest "github.com/stackrox/helmtest/pkg/framework" "github.com/stackrox/rox/image" + "github.com/stackrox/rox/image/sensor" + "github.com/stackrox/rox/pkg/env" + "github.com/stackrox/rox/pkg/helm/charts" metaUtil "github.com/stackrox/rox/pkg/helm/charts/testutils" + "github.com/stackrox/rox/pkg/images/defaults" + "github.com/stackrox/rox/pkg/images/utils" + "github.com/stackrox/rox/pkg/urlfmt" + "github.com/stackrox/rox/pkg/version" "github.com/stretchr/testify/require" "helm.sh/helm/v3/pkg/chartutil" ) @@ -17,7 +25,191 @@ func TestWithHelmtest(t *testing.T) { ch, err := tpl.InstantiateAndLoad(metaUtil.MakeMetaValuesForTest(t)) require.NoError(t, err, "error instantiating chart") - suite, err := helmTest.NewLoader("testdata/helmtest").LoadSuite() + suite, err := helmTest.NewLoader("testdata/helmtest/chart").LoadSuiteWithFlavour("chart") + require.NoError(t, err, "failed to load helmtest suite") + + target := &helmTest.Target{ + Chart: ch, + ReleaseOptions: chartutil.ReleaseOptions{ + Name: "stackrox-secured-cluster-services", + Namespace: "stackrox", + IsInstall: true, + }, + } + suite.Run(t, target) +} + +func TestBundleWithHelmtest(t *testing.T) { + caCert := []byte(` +-----BEGIN CERTIFICATE----- +MIIB0jCCAXigAwIBAgIUDuyxeeW/uPhPXh1VEkEoy8k5qScwCgYIKoZIzj0EAwIw +RzEnMCUGA1UEAxMeU3RhY2tSb3ggQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRwwGgYD +VQQFExMyNjEwMTE1MzMwMjg0NTM5ODcxMB4XDTIxMTIxMDA5MDQwMFoXDTI2MTIw +OTA5MDQwMFowRzEnMCUGA1UEAxMeU3RhY2tSb3ggQ2VydGlmaWNhdGUgQXV0aG9y +aXR5MRwwGgYDVQQFExMyNjEwMTE1MzMwMjg0NTM5ODcxMFkwEwYHKoZIzj0CAQYI +KoZIzj0DAQcDQgAEPVQ/Oyg9OuGkbLdfzFIkoRq55DI0RCcQyXW4FNzkjyYiheIQ +M40nX8OrqNKl19kQ+2aha5AnfNPz8+xESz/F6qNCMEAwDgYDVR0PAQH/BAQDAgEG +MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPqCTvxyQ23AP9zccrKlNZE1HIAo +MAoGCCqGSM49BAMCA0gAMEUCIQDWfGn2/X259pOne8wKikNQV3SIcJOWqb+Qx7Gf +ZgNtGQIgOon9+aGqGUzTONWJM26nEG+9/pnbc0QYHIJzgZIk7Ps= +-----END CERTIFICATE----- +`) + admissionControllerCert := []byte(` +-----BEGIN CERTIFICATE----- +MIICkjCCAjegAwIBAgIIA9dIbqpbG3YwCgYIKoZIzj0EAwIwRzEnMCUGA1UEAxMe +U3RhY2tSb3ggQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRwwGgYDVQQFExMyNjEwMTE1 +MzMwMjg0NTM5ODcxMB4XDTIxMTIxMDA4MTIwMFoXDTIyMTIxMDA5MTIwMFowgYsx +IjAgBgNVBAsMGUFETUlTU0lPTl9DT05UUk9MX1NFUlZJQ0UxSDBGBgNVBAMMP0FE +TUlTU0lPTl9DT05UUk9MX1NFUlZJQ0U6IDIxOWFkMmViLWYxOTUtNDZjNi1iYjgy +LTliOTM4MWVmZDExNTEbMBkGA1UEBRMSMjc2NzY5NTQyMjQ4Mjc0ODA2MFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAEUcXy4PQpeNU72NGwxcKGw1r7NUNIzTIBveU/ +rhKyQ5DUAgycAwJxWUlNVRU2jy+GWYDrG1+XDgoFPpFBrEOqVqOBxzCBxDAOBgNV +HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud +EwEB/wQCMAAwHQYDVR0OBBYEFAF7GFtqB4kUi2QaInVSDvvEPI0/MB8GA1UdIwQY +MBaAFPqCTvxyQ23AP9zccrKlNZE1HIAoMEUGA1UdEQQ+MDyCGmFkbWlzc2lvbi1j +b250cm9sLnN0YWNrcm94gh5hZG1pc3Npb24tY29udHJvbC5zdGFja3JveC5zdmMw +CgYIKoZIzj0EAwIDSQAwRgIhALc0O1ayC4YlPT8t2QJ14hnjOEbQp5oQZANfa9iR +MSddAiEAlQgi9q89EFXbd7LcBfgL6Gm3Re1VRNbO+BA0rB3OThI= +-----END CERTIFICATE----- +`) + admissionControllerKey := []byte(` +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIG13qSEw6Ic1VNVXwcr5QLkF93mFwdSLFxAlFqdfPoIsoAoGCCqGSM49 +AwEHoUQDQgAEUcXy4PQpeNU72NGwxcKGw1r7NUNIzTIBveU/rhKyQ5DUAgycAwJx +WUlNVRU2jy+GWYDrG1+XDgoFPpFBrEOqVg== +-----END EC PRIVATE KEY----- +`) + collectorCert := []byte(` +-----BEGIN CERTIFICATE----- +MIICdDCCAhmgAwIBAgIJAO79iFeyz9WoMAoGCCqGSM49BAMCMEcxJzAlBgNVBAMT +HlN0YWNrUm94IENlcnRpZmljYXRlIEF1dGhvcml0eTEcMBoGA1UEBRMTMjYxMDEx +NTMzMDI4NDUzOTg3MTAeFw0yMTEyMTAwODEyMDBaFw0yMjEyMTAwOTEyMDBaMH0x +GjAYBgNVBAsMEUNPTExFQ1RPUl9TRVJWSUNFMUAwPgYDVQQDDDdDT0xMRUNUT1Jf +U0VSVklDRTogMjE5YWQyZWItZjE5NS00NmM2LWJiODItOWI5MzgxZWZkMTE1MR0w +GwYDVQQFExQxNzIyMTA3MDQ2MDM3ODE0MjEyMDBZMBMGByqGSM49AgEGCCqGSM49 +AwEHA0IABDh3DcVf1bzJ9Lb21mQcfhl23Vx7IVVQPIJuIBb6qtbSdyhWa73/eK8O +kcdsGo7oRhSx/xx4Fm6VQfc7+EYk2vWjgbcwgbQwDgYDVR0PAQH/BAQDAgWgMB0G +A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud +DgQWBBTYXW+ei03m+YiPGH5uk/js0pw1xTAfBgNVHSMEGDAWgBT6gk78ckNtwD/c +3HKypTWRNRyAKDA1BgNVHREELjAsghJjb2xsZWN0b3Iuc3RhY2tyb3iCFmNvbGxl +Y3Rvci5zdGFja3JveC5zdmMwCgYIKoZIzj0EAwIDSQAwRgIhAPCNNnrFcw2fCGSf +09UOcm6ubWA/dMoefFT7LxnELTbDAiEAw/LMeJVYJgax75FQKu8LZ26irukkK+uT +X0DijvhIVPU= +-----END CERTIFICATE----- +`) + collectorKey := []byte(` +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIBQE9SO1Smj0Hz8lXQmo/wCQqJiFFOPp1DOXS02vGH8HoAoGCCqGSM49 +AwEHoUQDQgAEOHcNxV/VvMn0tvbWZBx+GXbdXHshVVA8gm4gFvqq1tJ3KFZrvf94 +rw6Rx2wajuhGFLH/HHgWbpVB9zv4RiTa9Q== +-----END EC PRIVATE KEY----- +`) + sensorCert := []byte(` +-----BEGIN CERTIFICATE----- +MIICgzCCAiigAwIBAgIIGwUidvXyk3kwCgYIKoZIzj0EAwIwRzEnMCUGA1UEAxMe +U3RhY2tSb3ggQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRwwGgYDVQQFExMyNjEwMTE1 +MzMwMjg0NTM5ODcxMB4XDTIxMTIxMDA4MTIwMFoXDTIyMTIxMDA5MTIwMFowdjEX +MBUGA1UECwwOU0VOU09SX1NFUlZJQ0UxPTA7BgNVBAMMNFNFTlNPUl9TRVJWSUNF +OiAyMTlhZDJlYi1mMTk1LTQ2YzYtYmI4Mi05YjkzODFlZmQxMTUxHDAaBgNVBAUT +EzE5NDcwMDAzMDgyMzU0MDgyNDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASp +nT9o6DX7B+wbX7erGTUz2TPQLLgSZlmwGlNdgjHumNSzixK6we2qo5M0RMFzhTqz +xZ4YtIbAzNqRNwrT9O4io4HOMIHLMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUuBs9 +eWeUoldJ4w7m+wTHYpDsPEUwHwYDVR0jBBgwFoAU+oJO/HJDbcA/3NxysqU1kTUc +gCgwTAYDVR0RBEUwQ4IPc2Vuc29yLnN0YWNrcm94ghNzZW5zb3Iuc3RhY2tyb3gu +c3ZjghtzZW5zb3Itd2ViaG9vay5zdGFja3JveC5zdmMwCgYIKoZIzj0EAwIDSQAw +RgIhAJQqpyNLFCBsG2gl3k7tdsKDuGYjtnNrkfOyfi00JobmAiEAhyHSlGqeyz00 +CVkGFtxky4vqF6TfDxn7sIcXuXmosG4= +-----END CERTIFICATE----- +`) + sensorKey := []byte(` +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIAQWvW0FJ7lw5c10xVvbfvTFByDbprgI9WUGMt1KhsuDoAoGCCqGSM49 +AwEHoUQDQgAEqZ0/aOg1+wfsG1+3qxk1M9kz0Cy4EmZZsBpTXYIx7pjUs4sSusHt +qqOTNETBc4U6s8WeGLSGwMzakTcK0/TuIg== +-----END EC PRIVATE KEY----- +`) + certs := sensor.Certs{ + Files: map[string][]byte{ + "admission-control-cert.pem": admissionControllerCert, + "admission-control-key.pem": admissionControllerKey, + "ca.pem": caCert, + "collector-cert.pem": collectorCert, + "collector-key.pem": collectorKey, + "sensor-cert.pem": sensorCert, + "sensor-key.pem": sensorKey, + }, + } + mainImage, err := utils.GenerateImageFromStringWithDefaultTag("stackrox.io/stackrox/main", version.GetMainVersion()) + require.NoError(t, err, "generating main image name") + mainImageName := mainImage.GetName() + collectorImage, err := utils.GenerateImageFromStringWithDefaultTag("stackrox.io/stackrox/collector", version.GetCollectorVersion()) + require.NoError(t, err, "generating collector container image name") + collectorImageName := collectorImage.GetName() + + centralEndpoint := "central.stackrox:8000" + collectionMethod := "EBPF" + + chartMetaValues := charts.MetaValues{ + "ClusterName": "test-sensor", + "ClusterType": "KUBERNETES", + + "ImageRegistry": urlfmt.FormatURL(mainImageName.GetRegistry(), urlfmt.NONE, urlfmt.NoTrailingSlash), + "MainRegistry": urlfmt.FormatURL(mainImageName.GetRegistry(), urlfmt.NONE, urlfmt.NoTrailingSlash), + "ImageRemote": mainImageName.GetRemote(), + "ImageTag": mainImageName.GetTag(), + + "PublicEndpoint": urlfmt.FormatURL(centralEndpoint, urlfmt.NONE, urlfmt.NoTrailingSlash), + "AdvertisedEndpoint": urlfmt.FormatURL(env.AdvertisedEndpoint.Setting(), urlfmt.NONE, urlfmt.NoTrailingSlash), + + "CollectorRegistry": urlfmt.FormatURL(collectorImageName.GetRegistry(), urlfmt.NONE, urlfmt.NoTrailingSlash), + "CollectorImageRemote": collectorImageName.GetRemote(), + "CollectorFullImageTag": fmt.Sprintf("%s-latest", collectorImageName.GetTag()), + "CollectorFullImageRemote": collectorImageName.GetRemote(), + "CollectorSlimImageRemote": collectorImageName.GetRemote(), + "CollectorSlimImageTag": fmt.Sprintf("%s-slim", collectorImageName.GetTag()), + "CollectionMethod": collectionMethod, + + // Hardcoding RHACS charts repo for now. + // TODO: fill ChartRepo based on the current image flavor. + "ChartRepo": defaults.ChartRepo{ + URL: "http://mirror.openshift.com/pub/rhacs/charts", + }, + + "TolerationsEnabled": true, + "CreateUpgraderSA": true, + + "EnvVars": map[string]interface{}{}, + + "K8sCommand": "kubectl", + + "OfflineMode": env.OfflineModeEnv.BooleanSetting(), + + "SlimCollector": true, + + "KubectlOutput": true, + + "Versions": version.GetAllVersions(), + + "FeatureFlags": make(map[string]string), + + "AdmissionController": true, + "AdmissionControlListenOnUpdates": true, + "AdmissionControlListenOnEvents": true, + "DisableBypass": true, + "TimeoutSeconds": 10, + "ScanInline": true, + "AdmissionControllerEnabled": true, + "AdmissionControlEnforceOnUpdates": true, + } + + helmImage := image.GetDefaultImage() + tpl, err := helmImage.GetSecuredClusterServicesChartTemplate() + require.NoError(t, err, "error retrieving chart template") + ch, err := tpl.InstantiateAndLoadWithAdditionalFiles(chartMetaValues, certs.Files) + require.NoError(t, err, "error instantiating chart") + + suite, err := helmTest.NewLoader("testdata/helmtest/bundle").LoadSuiteWithFlavour("bundle") require.NoError(t, err, "failed to load helmtest suite") target := &helmTest.Target{ diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/bundle/cluster-name.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/bundle/cluster-name.test.yaml new file mode 120000 index 0000000000000..d4ab04915fe0c --- /dev/null +++ b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/bundle/cluster-name.test.yaml @@ -0,0 +1 @@ +../shared/cluster-name.test.yaml \ No newline at end of file diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/bundle/suite.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/bundle/suite.yaml new file mode 100644 index 0000000000000..448d4979a37fe --- /dev/null +++ b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/bundle/suite.yaml @@ -0,0 +1,53 @@ +defs: | + def container(obj; name): + obj.spec.template.spec.containers[] | select(.name == name); + + def rawEnvVars(obj; container): + [container(obj; container) | .env[] | (.value = del(.name))] | from_entries; + + def envVars(obj; container): + container(obj; container) | .env | from_entries; + + def verifyNamespace(ns): + [.objects[].metadata | select(.namespace and .namespace != ns)] | assertThat(length == 0); + + def helmClusterConfig: + .secrets["helm-cluster-config"] | .stringData["config.yaml"] | fromyaml; + + def verifyCentralEndpoint(ep): + [ + (envVars(.deployments.sensor; "sensor")["ROX_CENTRAL_ENDPOINT"] | assertThat(. == ep)), + (.secrets["helm-cluster-config"] | .stringData["config.yaml"] | fromyaml + | .clusterConfig.staticConfig.centralApiEndpoint | assertThat(. == ep)) + ][]; + + def verifySensorEndpoint(ep): + [ + (envVars(.deployments["admission-control"]; "admission-control")["ROX_SENSOR_ENDPOINT"] + | assertThat(. == ep)), + (envVars(.daemonsets.collector; "collector")["GRPC_SERVER"] | assertThat(. == ep)), + (envVars(.daemonsets.collector; "compliance")["ROX_ADVERTISED_ENDPOINT"] + | assertThat(. == ep)) + ][]; + + def verifyMonitoringExposed(service): + [service.spec.ports[] | select(.name == "monitoring" and .port == 9090 and .targetPort == "monitoring")] + | (length == 1); + + def verifyMonitoringContainerPortExposed(container): + [container | if .ports != null then .ports[] else {} end + | select(.containerPort == 9090 and .name == "monitoring")] + | (length == 1); + +server: + visibleSchemas: + - kubernetes-1.20.2 +values: + cluster: + name: "testcluster" + imagePullSecrets: + allowNone: true + config: + createSecrets: false + ca: + cert: "DUMMY CA CERTIFICATE" diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/additional-cas.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/additional-cas.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/additional-cas.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/additional-cas.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/admission-control.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/admission-control.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/admission-control.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/admission-control.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/audit-logs.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/audit-logs.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/audit-logs.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/audit-logs.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/base-config.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/base-config.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/base-config.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/base-config.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/cluster-name.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/cluster-name.test.yaml new file mode 120000 index 0000000000000..d4ab04915fe0c --- /dev/null +++ b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/cluster-name.test.yaml @@ -0,0 +1 @@ +../shared/cluster-name.test.yaml \ No newline at end of file diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/collector-image.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/collector-image.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/collector-image.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/collector-image.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/collector-slimfull-image-overrides.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/collector-slimfull-image-overrides.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/collector-slimfull-image-overrides.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/collector-slimfull-image-overrides.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/default-labels.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/default-labels.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/default-labels.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/default-labels.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/env-vars.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/env-vars.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/env-vars.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/env-vars.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/env.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/env.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/env.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/env.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/helm-managed.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/helm-managed.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/helm-managed.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/helm-managed.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/image-pull-secrets.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/image-pull-secrets.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/image-pull-secrets.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/image-pull-secrets.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/legacy-settings.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/legacy-settings.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/legacy-settings.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/legacy-settings.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/main-image.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/main-image.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/main-image.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/main-image.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/monitoring.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/monitoring.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/monitoring.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/monitoring.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/node-selector.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/node-selector.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/node-selector.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/node-selector.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/openshift-monitoring.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/openshift-monitoring.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/openshift-monitoring.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/openshift-monitoring.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/sccs.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/sccs.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/sccs.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/sccs.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/slim-collector.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/slim-collector.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/slim-collector.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/slim-collector.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/suite.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/suite.yaml similarity index 98% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/suite.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/suite.yaml index f854f912e4a65..f787c27498a8a 100644 --- a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/suite.yaml +++ b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/suite.yaml @@ -41,7 +41,7 @@ defs: | server: visibleSchemas: - - kubernetes-1.20.2 + - kubernetes-1.20.2 values: clusterName: "testcluster" imagePullSecrets: diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/tls-secrets.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/tls-secrets.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/tls-secrets.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/tls-secrets.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/tolerations.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/tolerations.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/tolerations.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/tolerations.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/upgrade.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/upgrade.test.yaml similarity index 100% rename from pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/upgrade.test.yaml rename to pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/chart/upgrade.test.yaml diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/cluster-name.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/cluster-name.test.yaml deleted file mode 100644 index f70ca7582adcf..0000000000000 --- a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/cluster-name.test.yaml +++ /dev/null @@ -1,37 +0,0 @@ -tests: -- name: "cluster name secret is created on installation" - Release: - IsInstall: true - values: - clusterName: test - expect: | - .secrets["helm-effective-cluster-name"] | assertThat(. != null) - (container(.deployments.sensor; "sensor")).volumeMounts[] | select(.name == "helm-effective-cluster-name") | assertThat(. != null) - .deployments.sensor.spec.template.spec.volumes[] | select(.name == "helm-effective-cluster-name") | assertThat(. != null) - -- name: "cluster name secret is not created on upgrade" - Release: - IsInstall: false - IsUpgrade: true - expect: | - .secrets["helm-effective-cluster-name"] | assertThat(. == null) - .deployments.sensor.spec.template.spec.volumes[] | select(.name == "helm-effective-cluster-name").secret | assertThat(.optional == true) - -- name: "cluster name secret is created if confirmNewClusterName matches clusterName" - values: - confirmNewClusterName: new-cluster - clusterName: new-cluster - Release: - IsInstall: false - expect: | - .secrets["helm-effective-cluster-name"] | assertThat(. != null) - (container(.deployments.sensor; "sensor")).volumeMounts[] | select(.name == "helm-effective-cluster-name") | assertThat(. != null) - .deployments.sensor.spec.template.spec.volumes[] | select(.name == "helm-effective-cluster-name") | assertThat(. != null) - -- name: "clusterName and confirmNewClusterName must match" - values: - clusterName: old-cluster - confirmNewClusterName: new-cluster - expectError: true - expect: | - .error | assertThat(contains("Failed to change cluster name")) diff --git a/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/shared/cluster-name.test.yaml b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/shared/cluster-name.test.yaml new file mode 100644 index 0000000000000..015c9a81dfc71 --- /dev/null +++ b/pkg/helm/charts/tests/securedclusterservices/testdata/helmtest/shared/cluster-name.test.yaml @@ -0,0 +1,22 @@ +tests: + - name: "cluster name secret is created on installation" + Release: + IsInstall: true + Condition: + IfFlavour: chart + values: + clusterName: test + expect: | + .secrets["helm-effective-cluster-name"] | assertThat(. != null) + (container(.deployments.sensor; "sensor")).volumeMounts[] | select(.name == "helm-effective-cluster-name") | assertThat(. != null) + .deployments.sensor.spec.template.spec.volumes[] | select(.name == "helm-effective-cluster-name") | assertThat(. != null) + - name: "cluster name secret is created on installation" + Release: + IsInstall: true + Condition: + IfFlavour: bundle + values: + cluster: + name: test + expect: | + .secrets["helm-effective-cluster-name"] | assertThat(. != null) diff --git a/pkg/helm/template/chart_template.go b/pkg/helm/template/chart_template.go index ba45f49542fca..2e0bddb442faa 100644 --- a/pkg/helm/template/chart_template.go +++ b/pkg/helm/template/chart_template.go @@ -163,3 +163,24 @@ func (t *ChartTemplate) InstantiateAndLoad(metaVals charts.MetaValues) (*chart.C return ch, nil } + +func (t *ChartTemplate) InstantiateAndLoadWithAdditionalFiles(metaVals charts.MetaValues, additionalFiles map[string][]byte) (*chart.Chart, error) { + instantiatedFiles, err := t.InstantiateRaw(metaVals) + if err != nil { + return nil, errors.Wrap(err, "instantiating chart template files") + } + + for path, data := range additionalFiles { + instantiatedFiles = append(instantiatedFiles, &loader.BufferedFile{ + Name: path, + Data: data, + }) + } + + ch, err := loader.LoadFiles(instantiatedFiles) + if err != nil { + return nil, errors.Wrap(err, "loading instantiated chart files") + } + + return ch, nil +} From a6237c778ea831820818b3b3579cf126efefc407 Mon Sep 17 00:00:00 2001 From: Moritz Clasmeier Date: Mon, 3 Jan 2022 12:49:15 +0100 Subject: [PATCH 3/4] go mod tidy --- go.sum | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/go.sum b/go.sum index af3c66b698b61..bf726792cacbc 100644 --- a/go.sum +++ b/go.sum @@ -1928,18 +1928,6 @@ github.com/stackrox/external-network-pusher v0.0.0-20210419192707-074af92bbfa7 h github.com/stackrox/external-network-pusher v0.0.0-20210419192707-074af92bbfa7/go.mod h1:faUw9vx/mA7ql41Ftlst5MYar2DT3nnS6oK94lbaW0g= github.com/stackrox/helm-operator v0.0.8-0.20211217081542-57dfe5d681e3 h1:O96olg7oQXTbQUbXdrDPkrT9WjesGI+3bq5H8cjmsxo= github.com/stackrox/helm-operator v0.0.8-0.20211217081542-57dfe5d681e3/go.mod h1:u5rkZgJvT0MfanZCoq/lCqY+3Ixr+CbPxYNnhvsggHg= -github.com/stackrox/helmtest v0.0.0-20211118112901-c6fc838e7f89 h1:h3Z1bazS+4RWhzDk4L3B/jN4DL0UAZCDCx7UfQ6T5jg= -github.com/stackrox/helmtest v0.0.0-20211118112901-c6fc838e7f89/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= -github.com/stackrox/helmtest v0.0.0-20211210120205-cd92ec714228 h1:jElNqXja4IwH9+e1BgC8PrJWu0UXI7GhxxDJOh8ZEFs= -github.com/stackrox/helmtest v0.0.0-20211210120205-cd92ec714228/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= -github.com/stackrox/helmtest v0.0.0-20211210120914-3ef3ad60c3db h1:1QLb11+lK04OUWsp6WWKje4uqI9o5b0qr4vHiFAMO+I= -github.com/stackrox/helmtest v0.0.0-20211210120914-3ef3ad60c3db/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= -github.com/stackrox/helmtest v0.0.0-20211210122911-659d1ad89f36 h1:/kiLaI1mkQ28midG3n0tMOk4NUUMSj3GNvdYL+6J2oA= -github.com/stackrox/helmtest v0.0.0-20211210122911-659d1ad89f36/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= -github.com/stackrox/helmtest v0.0.0-20211210123307-b59b39c90d53 h1:TQ/LsB4h4LBRkvrpl4G7vlwojmFiomM2kymaHdqP3G0= -github.com/stackrox/helmtest v0.0.0-20211210123307-b59b39c90d53/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= -github.com/stackrox/helmtest v0.0.0-20211213085306-5dc6f6d3cc1f h1:I312Fj6uRds6h8ECxnah3ZRfUEZvQk5XZN1O1ur4MEM= -github.com/stackrox/helmtest v0.0.0-20211213085306-5dc6f6d3cc1f/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= github.com/stackrox/helmtest v0.0.0-20220103101722-9f16fec5b1f6 h1:xLOTCeLZk9fj7WwAxQgqp9X4u1WyoaLlFMKcivXYznM= github.com/stackrox/helmtest v0.0.0-20220103101722-9f16fec5b1f6/go.mod h1:+BKUQnSVJqDJr4sa8zmCKyQ/UOjJuy/frPEyZnTrigY= github.com/stackrox/k8s-cves v0.0.0-20201110001126-cc333981eaab h1:77xJmm1YkqbgrQzHI3C4MyPckWL+PYRLWakQRC6Mzj8= From 004316d9708bcd5d88583cfa7bd29222d7321215 Mon Sep 17 00:00:00 2001 From: Moritz Clasmeier Date: Mon, 3 Jan 2022 13:57:56 +0100 Subject: [PATCH 4/4] Add missing comment --- pkg/helm/template/chart_template.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/helm/template/chart_template.go b/pkg/helm/template/chart_template.go index 2e0bddb442faa..d0a9f485a13cc 100644 --- a/pkg/helm/template/chart_template.go +++ b/pkg/helm/template/chart_template.go @@ -164,6 +164,8 @@ func (t *ChartTemplate) InstantiateAndLoad(metaVals charts.MetaValues) (*chart.C return ch, nil } +// InstantiateAndLoadWithAdditionalFiles is like InstantiateAndLoad but also allows injecting additionalFiles +// into the resulting chart. func (t *ChartTemplate) InstantiateAndLoadWithAdditionalFiles(metaVals charts.MetaValues, additionalFiles map[string][]byte) (*chart.Chart, error) { instantiatedFiles, err := t.InstantiateRaw(metaVals) if err != nil {