adding bats tests

charts/consul/templates/client-daemonset.yaml

@@ -11,6 +11,7 @@
 {{- if (and (not .Values.global.enterpriseLicense.secretName) .Values.global.enterpriseLicense.secretKey) }}{{fail "enterpriseLicense.secretKey and secretName must both be specified." }}{{ end -}}
 {{- if and .Values.externalServers.enabled (not .Values.externalServers.hosts) }}{{ fail "externalServers.hosts must be set if externalServers.enabled is true" }}{{ end -}}
 {{ template "consul.validateCloudSecretNames" . }}
+{{ template "consul.validateCloudSecretKeys" . }}
 # DaemonSet to run the Consul clients on every node.
 apiVersion: apps/v1
 kind: DaemonSet

charts/consul/templates/client-snapshot-agent-deployment.yaml

@@ -3,6 +3,7 @@
 {{- if .Values.client.snapshotAgent.enabled }}
 {{- if or (and .Values.client.snapshotAgent.configSecret.secretName (not .Values.client.snapshotAgent.configSecret.secretKey)) (and (not .Values.client.snapshotAgent.configSecret.secretName) .Values.client.snapshotAgent.configSecret.secretKey) }}{{fail "client.snapshotAgent.configSecret.secretKey and client.snapshotAgent.configSecret.secretName must both be specified." }}{{ end -}}
 {{ template "consul.validateCloudSecretNames" . }}
+{{ template "consul.validateCloudSecretKeys" . }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

charts/consul/templates/connect-inject-deployment.yaml

@@ -9,6 +9,7 @@
 {{- if not (or (eq .Values.global.peering.tokenGeneration.serverAddresses.source "") (or (eq .Values.global.peering.tokenGeneration.serverAddresses.source "static") (eq .Values.global.peering.tokenGeneration.serverAddresses.source "consul"))) }}{{ fail "global.peering.tokenGeneration.serverAddresses.source must be one of empty string, 'consul' or 'static'" }}{{ end }}
 {{- if and .Values.externalServers.enabled (not .Values.externalServers.hosts) }}{{ fail "externalServers.hosts must be set if externalServers.enabled is true" }}{{ end -}}
 {{ template "consul.validateCloudSecretNames" . }}
+{{ template "consul.validateCloudSecretKeys" . }}
 # The deployment for running the Connect sidecar injector
 apiVersion: apps/v1
 kind: Deployment

charts/consul/templates/controller-deployment.yaml

@@ -3,6 +3,7 @@
 {{- if and .Values.externalServers.enabled (not .Values.externalServers.hosts) }}{{ fail "externalServers.hosts must be set if externalServers.enabled is true" }}{{ end -}}
 {{ template "consul.validateVaultWebhookCertConfiguration" . }}
 {{ template "consul.validateCloudSecretNames" . }}
+{{ template "consul.validateCloudSecretKeys" . }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

charts/consul/templates/create-federation-secret-job.yaml

@@ -3,6 +3,7 @@
 {{- if and (not .Values.global.acls.createReplicationToken) .Values.global.acls.manageSystemACLs }}{{ fail "global.acls.createReplicationToken must be true when global.acls.manageSystemACLs is true because the federation secret must include the replication token" }}{{ end }}
 {{- if eq (int .Values.server.updatePartition) 0 }}
 {{ template "consul.validateCloudSecretNames" . }}
+{{ template "consul.validateCloudSecretKeys" . }}
 apiVersion: batch/v1
 kind: Job
 metadata:

charts/consul/templates/ingress-gateways-deployment.yaml

@@ -3,6 +3,7 @@
 {{- if and .Values.global.adminPartitions.enabled (not .Values.global.enableConsulNamespaces) }}{{ fail "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" }}{{ end }}
 {{- if .Values.global.lifecycleSidecarContainer }}{{ fail "global.lifecycleSidecarContainer has been renamed to global.consulSidecarContainer. Please set values using global.consulSidecarContainer." }}{{ end }}
 {{ template "consul.validateCloudSecretNames" . }}
+{{ template "consul.validateCloudSecretKeys" . }}
 
 {{- $root := . }}
 {{- $defaults := .Values.ingressGateways.defaults }}

charts/consul/templates/mesh-gateway-deployment.yaml

@@ -6,6 +6,8 @@
 {{- if and (eq .Values.meshGateway.wanAddress.source "Static") (eq .Values.meshGateway.wanAddress.static "") }}{{ fail "if meshGateway.wanAddress.source=Static then meshGateway.wanAddress.static cannot be empty" }}{{ end }}
 {{- if and (eq .Values.meshGateway.wanAddress.source "Service") (eq .Values.meshGateway.service.type "NodePort") (not .Values.meshGateway.service.nodePort) }}{{ fail "if meshGateway.wanAddress.source=Service and meshGateway.service.type=NodePort, meshGateway.service.nodePort must be set" }}{{ end }}
 {{ template "consul.validateCloudSecretNames" . }}
+{{ template "consul.validateCloudSecretKeys" . }}
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:

charts/consul/templates/server-acl-init-job.yaml

@@ -8,6 +8,7 @@
 {{- if or (and .Values.global.acls.replicationToken.secretName (not .Values.global.acls.replicationToken.secretKey))  (and .Values.global.acls.replicationToken.secretKey (not .Values.global.acls.replicationToken.secretName))}}{{ fail "both global.acls.replicationToken.secretKey and global.acls.replicationToken.secretName must be set if one of them is provided" }}{{ end -}}
 {{- if (and .Values.global.secretsBackend.vault.enabled (and (not .Values.global.acls.bootstrapToken.secretName) (not .Values.global.acls.replicationToken.secretName ))) }}{{fail "global.acls.bootstrapToken or global.acls.replicationToken must be provided when global.secretsBackend.vault.enabled and global.acls.manageSystemACLs are true" }}{{ end -}}
 {{ template "consul.validateCloudSecretNames" . }}
+{{ template "consul.validateCloudSecretKeys" . }}
 {{- if (and .Values.global.secretsBackend.vault.enabled (not .Values.global.secretsBackend.vault.manageSystemACLsRole)) }}{{fail "global.secretsBackend.vault.manageSystemACLsRole is required when global.secretsBackend.vault.enabled and global.acls.manageSystemACLs are true" }}{{ end -}}
   {{- /* We don't render this job when server.updatePartition > 0 because that
     means a server rollout is in progress and this job won't complete unless

charts/consul/templates/server-statefulset.yaml

@@ -16,6 +16,7 @@
 {{- if (and .Values.global.acls.bootstrapToken.secretName (not .Values.global.acls.bootstrapToken.secretKey)) }}{{fail "both global.acls.bootstrapToken.secretKey and global.acls.bootstrapToken.secretName must be set if one of them is provided." }}{{ end -}}
 {{- if (and (not .Values.global.acls.bootstrapToken.secretName) .Values.global.acls.bootstrapToken.secretKey) }}{{fail "both global.acls.bootstrapToken.secretKey and global.acls.bootstrapToken.secretName must be set if one of them is provided." }}{{ end -}}
 {{ template "consul.validateCloudSecretNames" . }}
+{{ template "consul.validateCloudSecretKeys" . }}
 # StatefulSet to run the actual Consul server cluster.
 apiVersion: apps/v1
 kind: StatefulSet
@@ -348,7 +349,7 @@ spec:
                 {{- end }}
                 {{- end }}
                 -config-file=/consul/extra-config/extra-from-values.json
-                {{- if and .Values.global.cloud.enabled .Values.global.cloud.secretName }}
+                {{- if and .Values.global.cloud.enabled .Values.global.cloud.resourceId.secretName }}
                 -hcl="cloud { resource_id = \"${HCP_RESOURCE_ID}\" }"
                 {{- end }}
           volumeMounts:

charts/consul/templates/sync-catalog-deployment.yaml

@@ -2,6 +2,7 @@
 {{- if (or (and (ne (.Values.syncCatalog.enabled | toString) "-") .Values.syncCatalog.enabled) (and (eq (.Values.syncCatalog.enabled | toString) "-") .Values.global.enabled)) }}
 {{- template "consul.reservedNamesFailer" (list .Values.syncCatalog.consulNamespaces.consulDestinationNamespace "syncCatalog.consulNamespaces.consulDestinationNamespace") }}
 {{ template "consul.validateCloudSecretNames" . }}
+{{ template "consul.validateCloudSecretKeys" . }}
 # The deployment for running the sync-catalog pod
 apiVersion: apps/v1
 kind: Deployment

charts/consul/templates/terminating-gateways-deployment.yaml

@@ -2,6 +2,7 @@
 {{- if not .Values.connectInject.enabled }}{{ fail "connectInject.enabled must be true" }}{{ end -}}
 {{- if and .Values.global.adminPartitions.enabled (not .Values.global.enableConsulNamespaces) }}{{ fail "global.enableConsulNamespaces must be true if global.adminPartitions.enabled=true" }}{{ end }}
 {{ template "consul.validateCloudSecretNames" . }}
+{{ template "consul.validateCloudSecretKeys" . }}
 
 {{- $root := . }}
 {{- $defaults := .Values.terminatingGateways.defaults }}

charts/consul/test/unit/api-gateway-controller-deployment.bats

@@ -971,7 +971,7 @@ load _helpers
   [[ "$output" =~ "When global.cloud.enabled is true, global.cloud.resourceId.secretName, global.cloud.clientId.secretName, and global.cloud.clientSecret.secretName must also be set." ]]
 }
 
-@test "apiGateway/Deployment: fails when global.cloud.resourceId.secretName is set but global.cloud.resourceId.secretKey is not set,thetemplate fails." {
+@test "apiGateway/Deployment: fails when global.cloud.resourceId.secretName is set but global.cloud.resourceId.secretKey is not set." {
   cd `chart_dir`
   run helm template \
       -s templates/api-gateway-controller-deployment.yaml  \
@@ -993,7 +993,7 @@ load _helpers
   [[ "$output" =~ "When either global.cloud.resourceId.secretName or global.cloud.resourceId.secretKey is defined, both must be set." ]]
 }
 
-@test "apiGateway/Deployment: fails when global.cloud.authURL.secretName is set but global.cloud.authURL.secretKey is not set,the template fails." {
+@test "apiGateway/Deployment: fails when global.cloud.authURL.secretName is set but global.cloud.authURL.secretKey is not set." {
   cd `chart_dir`
   run helm template \
       -s templates/api-gateway-controller-deployment.yaml  \
@@ -1018,7 +1018,7 @@ load _helpers
   [[ "$output" =~ "When either global.cloud.authUrl.secretName or global.cloud.authUrl.secretKey is defined, both must be set." ]]
 }
 
-@test "apiGateway/Deployment: fails when global.cloud.authURL.secretKey is set but global.cloud.authURL.secretName is not set,the template fails." {
+@test "apiGateway/Deployment: fails when global.cloud.authURL.secretKey is set but global.cloud.authURL.secretName is not set." {
   cd `chart_dir`
   run helm template \
       -s templates/api-gateway-controller-deployment.yaml  \
@@ -1043,7 +1043,7 @@ load _helpers
   [[ "$output" =~ "When either global.cloud.authUrl.secretName or global.cloud.authUrl.secretKey is defined, both must be set." ]]
 }
 
-@test "apiGateway/Deployment: fails when global.cloud.apiHost.secretName is set but global.cloud.apiHost.secretKey is not set,the template fails." {
+@test "apiGateway/Deployment: fails when global.cloud.apiHost.secretName is set but global.cloud.apiHost.secretKey is not set." {
   cd `chart_dir`
   run helm template \
       -s templates/api-gateway-controller-deployment.yaml  \
@@ -1068,7 +1068,7 @@ load _helpers
   [[ "$output" =~ "When either global.cloud.apiHost.secretName or global.cloud.apiHost.secretKey is defined, both must be set." ]]
 }
 
-@test "apiGateway/Deployment: fails when global.cloud.apiHost.secretKey is set but global.cloud.apiHost.secretName is not set,the template fails." {
+@test "apiGateway/Deployment: fails when global.cloud.apiHost.secretKey is set but global.cloud.apiHost.secretName is not set." {
   cd `chart_dir`
   run helm template \
       -s templates/api-gateway-controller-deployment.yaml  \
@@ -1093,7 +1093,7 @@ load _helpers
   [[ "$output" =~ "When either global.cloud.apiHost.secretName or global.cloud.apiHost.secretKey is defined, both must be set." ]]
 }
 
-@test "apiGateway/Deployment: fails when global.cloud.scadaAddress.secretName is set but global.cloud.scadaAddress.secretKey is not set,the template fails." {
+@test "apiGateway/Deployment: fails when global.cloud.scadaAddress.secretName is set but global.cloud.scadaAddress.secretKey is not set." {
   cd `chart_dir`
   run helm template \
       -s templates/api-gateway-controller-deployment.yaml  \
@@ -1115,10 +1115,10 @@ load _helpers
 
   [ "$status" -eq 1 ]
   echo "$output"
-  [[ "$output" =~ "When either global.cloud.scadaAddress.secretName or global.cloud.scadaAddress.scadaAddress is defined, both must be set." ]]
+  [[ "$output" =~ "When either global.cloud.scadaAddress.secretName or global.cloud.scadaAddress.secretKey is defined, both must be set." ]]
 }
 
-@test "apiGateway/Deployment: fails when global.cloud.scadaAddress.secretKey is set but global.cloud.scadaAddress.secretName is not set,the template fails." {
+@test "apiGateway/Deployment: fails when global.cloud.scadaAddress.secretKey is set but global.cloud.scadaAddress.secretName is not set." {
   cd `chart_dir`
   run helm template \
       -s templates/api-gateway-controller-deployment.yaml  \