test: Add non-sensitive-data integration test

Author: Techassi

tests/templates/kuttl/non-sensitive-data/01-create-secrets.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - script: envsubst '$NAMESPACE' < 01_secret.yaml | kubectl apply -f -
+  - script: envsubst '$NAMESPACE' < 01_secretclass.yaml | kubectl apply -f -

tests/templates/kuttl/non-sensitive-data/01_secret.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-root-trust-$NAMESPACE
+  namespace: $NAMESPACE
+  labels:
+    secrets.stackable.tech/class: root-trust-$NAMESPACE
+stringData:
+  ca.crt: |
+    -----BEGIN CERTIFICATE-----
+    MIIDGzCCAgOgAwIBAgIIG5dt7kW4YcYwDQYJKoZIhvcNAQELBQAwJjEkMCIGA1UE
+    Awwbc2VjcmV0LW9wZXJhdG9yIHNlbGYtc2lnbmVkMB4XDTI2MDIxMTE2MTQ1OVoX
+    DTI3MDIxMTE2MTk1OVowJjEkMCIGA1UEAwwbc2VjcmV0LW9wZXJhdG9yIHNlbGYt
+    c2lnbmVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPkrHfHnhu1v
+    GoG45mZdvBHalxc9RFnv0oX68OkQzEjTOVvdr6eL0qycO3SDRTkFvFOwt+i472Kk
+    uGd2RR0xKRy0Rv9+vheRIQpE4AvDTVcMbI9wJJNaYRNIb0IsPSCrol4D9NB2wPej
+    8/HDquBbwP5lhpUu/ueRqKK01JrSgfS/ztn0/3pkaBp+QhyUoKEN0UzR3CCQ4yFt
+    uxQ20fGTFXglgTICSiZTTJrckL+fBpU2joiVWCDuxaO8lVjeVnHNgrLVN/3U4vMx
+    Wrd8/nl3lMGk4EOgX3JEytwiaAYCxgOBngGHAQixBg/frTUxnyAroxARccrznzt2
+    8szAmGTffwIDAQABo00wSzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS7LrYm
+    TPCRQymkBxEsGVn7eTjYJDAJBgNVHSMEAjAAMA4GA1UdDwEB/wQEAwIBhjANBgkq
+    hkiG9w0BAQsFAAOCAQEABr3a66G/FMkZT1Qdnx1b4Rc1cEt3DMMMKHhK/BkesPUa
+    65OWxx16jT6CY0kFSJvxm/sLyZnm4fbvtUEHK64rdSO8L28l6vRSOGC4VF7cbPFm
+    nAHCElsVNpBw2CORKV1+R0E2LeYo9Ks/TzH70U3HFtLkTT1s5K0xQ0sej2wcj+1F
+    09WvYgQ5PqnQwhJShgUseLcHq4AAKJ5YPo4yOxa6Bs639+KcF9HgRj214SUZKFGs
+    DlJm/wWPjD8XCqo08RcNoYO3E5yL+vJnmdmisiEXClJ+7W5fi/5EfIWo56cNh235
+    +GVR5Hs+TiEK8e8Cj6ExV0ksTERW15oNFhC/aZFfwQ==
+    -----END CERTIFICATE-----

tests/templates/kuttl/non-sensitive-data/01_secretclass.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: secrets.stackable.tech/v1alpha1
+kind: SecretClass
+metadata:
+  name: root-trust-$NAMESPACE
+spec:
+  backend:
+    k8sSearch:
+      searchNamespace:
+        name: $NAMESPACE

tests/templates/kuttl/non-sensitive-data/02-assert.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: kuttl.dev/v1beta1
+kind: TestAssert
+timeout: 10
+commands:
+  # Ensure that the Pod comes up
+  - script: kubectl wait --for=condition=Ready pod/secret-consumer-$NAMESPACE --namespace "$NAMESPACE" --timeout 60s
+  # Ensure there is only a single file in the target directory
+  - script: kubectl exec secret-consumer-$NAMESPACE --namespace "$NAMESPACE" -- bash -c 'if [ $(ls -p /stackable/ca | grep -v / | wc -l) = "1" ]; then echo "Success"; else exit 1; fi'

tests/templates/kuttl/non-sensitive-data/02-create-consumer.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - script: envsubst '$NAMESPACE' < 02_pod.yaml | kubectl apply -f -

tests/templates/kuttl/non-sensitive-data/02_pod.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: secret-consumer-$NAMESPACE
+  namespace: $NAMESPACE
+spec:
+  securityContext:
+    fsGroup: 1000
+  volumes:
+    - name: ca
+      ephemeral:
+        volumeClaimTemplate:
+          metadata:
+            annotations:
+              secrets.stackable.tech/class: root-trust-$NAMESPACE
+              # Only non-sensitive data is needed
+              secrets.stackable.tech/only-provision-identity: "true"
+              # Explicitly request a format to trigger parsing in the secret-operator
+              secrets.stackable.tech/format: tls-pem
+          spec:
+            storageClassName: secrets.stackable.tech
+            accessModes:
+              - ReadWriteOnce
+            resources:
+              requests:
+                storage: "1"
+  containers:
+    - name: test
+      image: oci.stackable.tech/sdp/testing-tools:0.3.0-stackable0.0.0-dev
+      stdin: true
+      tty: true
+      volumeMounts:
+        - name: ca
+          mountPath: /stackable/ca

tests/test-definition.yaml

@@ -48,6 +48,8 @@ tests:
   - name: cert-manager-tls
     dimensions:
       - openshift
+  - name: non-sensitive-data
+    dimensions: []
 suites:
   - name: nightly
   - name: openshift