From 143eb30e5ccb44131e53d3b1cbdc854aa2f82e06 Mon Sep 17 00:00:00 2001
From: Arie Peterson <arie@greenhost.nl>
Date: Wed, 20 Dec 2023 12:48:29 +0100
Subject: [PATCH] Test that no apps are unexpectedly disabled

---
 templates/tests/test-disabled-apps.yaml | 24 ++++++++++++++++++++++++
 values.yaml                             | 10 ++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 templates/tests/test-disabled-apps.yaml

diff --git a/templates/tests/test-disabled-apps.yaml b/templates/tests/test-disabled-apps.yaml
new file mode 100644
index 00000000..ebd68ced
--- /dev/null
+++ b/templates/tests/test-disabled-apps.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-disabled-apps-test"
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    "helm.sh/hook": test
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  restartPolicy: Never
+  serviceAccountName: {{ .Release.Name }}-setup-apps-job
+  containers:
+  - name: test-disabled-apps
+    image: docker.io/bitnami/kubectl:1.25
+    command: ["kubectl", "exec", "deploy/{{ .Release.Name }}-nextcloud", "-n", {{ .Release.Namespace }}, "-c", "nextcloud", "--", "su", "www-data", "-s", "/bin/bash", "-c"]
+    args:
+    - >
+      cd /var/www/html;
+      echo 'Allowed to be disabled: {{ .Values.tests.disabledApps.allowedDisabled | keys | join "," }}';
+      echo 'Other disabled apps (empty output is okay):';
+      php occ app:list | sed -e "0,/^Disabled:$/d" | grep -v -E -e '({{ .Values.tests.disabledApps.allowedDisabled | keys | join "|" }})'; test $? -eq 1;
diff --git a/values.yaml b/values.yaml
index 2a7020ba..a33bd8d4 100644
--- a/values.yaml
+++ b/values.yaml
@@ -231,3 +231,13 @@ tests:
     #   message:
     #   author:
     #   sha:
+  # We verify in a helm test that no apps are disabled except ones from this list.
+  disabledApps:
+    allowedDisabled:
+      admin_audit:
+      bruteforcesettings:
+      encryption:
+      files_external:
+      suspicious_login:
+      twofactor_totp:
+      user_ldap:
-- 
GitLab