added addional config test

hashicorp · Sep 4, 2023 · b840d32 · b840d32
1 parent 825fb42
commit b840d32
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/charts/consul/templates/server-config-configmap.yaml b/charts/consul/templates/server-config-configmap.yaml
@@ -72,7 +72,7 @@ data:
               "ca_file": "/consul/vault-ca/tls.crt",
               {{- end }}
               "intermediate_pki_path": "{{ .connectCA.intermediatePKIPath }}",
-              {{- if (and (.vaultNamespace) (not (hasKey (default "" .connectCA.additionalConfig | fromJson) "namespace"))) }}
+              {{- if (and (.vaultNamespace) (has "namespace" (keys (default "" .connectCA.additionalConfig | fromJson)))) }}
               "namespace": "{{ .vaultNamespace }}",
               {{- end }}
               "root_pki_path": "{{ .connectCA.rootPKIPath }}",

diff --git a/charts/consul/test/unit/server-config-configmap.bats b/charts/consul/test/unit/server-config-configmap.bats
@@ -695,6 +695,27 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
+
+@test "server/ConfigMap: set Vault Namespace in connect CA config when global.secretsBackend.vault.vaultNamespace is blank but connectCA.additionalConfig is not blank" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      -s templates/server-config-configmap.yaml  \
+      --set 'global.secretsBackend.vault.enabled=true' \
+      --set 'global.secretsBackend.vault.consulServerRole=foo' \
+      --set 'global.secretsBackend.vault.consulClientRole=foo' \
+      --set 'global.secretsBackend.vault.connectCA.address=example.com' \
+      --set 'global.secretsBackend.vault.connectCA.rootPKIPath=root' \
+      --set 'global.secretsBackend.vault.connectCA.intermediatePKIPath=int' \
+      --set 'global.secretsBackend.vault.ca.secretName=ca' \
+      --set 'global.secretsBackend.vault.ca.secretKey=tls.crt' \
+      --set 'global.secretsBackend.vault.vaultNamespace=vault-namespace' \
+      --set 'global.secretsBackend.vault.connectCA.additionalConfig=\{\"connect\":\[\{\"ca_config\":\[\{\"namespace\": \"vns\"}\]\}\]\}' \
+      . | tee /dev/stderr |
+      yq '.data["connect-ca-config.json"] | contains("\"namespace\": \"vault-namespace\"")' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
 @test "server/ConfigMap: doesn't add federation config when global.federation.enabled is false (default)" {
   cd `chart_dir`
   local actual=$(helm template \