ci values: dont define initSecrets / postgres, they will be rendered

automatically if necessary

charts/matrix-stack/ci/element-web-checkov-values.yaml

@@ -12,12 +12,8 @@ elementWeb:
     checkov.io/skip3: CKV2_K8S_6=No network policy yet
   ingress:
     host: element.ess.localhost
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   enabled: false
-postgres:
-  enabled: false
 synapse:
   enabled: false
 wellKnownDelegation:

charts/matrix-stack/ci/element-web-minimal-values.yaml

@@ -8,12 +8,8 @@
 elementWeb:
   ingress:
     host: element.ess.localhost
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   enabled: false
-postgres:
-  enabled: false
 synapse:
   enabled: false
 wellKnownDelegation:

charts/matrix-stack/ci/matrix-authentication-service-postgres-secrets-externally-values.yaml

@@ -7,8 +7,6 @@
 
 elementWeb:
   enabled: false
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   encryptionSecret:
     secret: "{{ $.Release.Name }}-mas-external"

charts/matrix-stack/ci/matrix-authentication-service-postgres-secrets-in-helm-values.yaml

@@ -7,8 +7,6 @@
 
 elementWeb:
   enabled: false
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   encryptionSecret:
     secret: "{{ $.Release.Name }}-mas-external"

charts/matrix-stack/ci/matrix-authentication-service-secrets-externally-values.yaml

@@ -7,8 +7,6 @@
 
 elementWeb:
   enabled: false
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   encryptionSecret:
     secret: "{{ $.Release.Name }}-mas-external"
@@ -41,8 +39,6 @@ matrixAuthenticationService:
   synapseSharedSecret:
     secret: "{{ $.Release.Name }}-mas-external"
     secretKey: synapseShared
-postgres:
-  enabled: false
 synapse:
   enabled: false
 wellKnownDelegation:

charts/matrix-stack/ci/matrix-authentication-service-secrets-in-helm-values.yaml

@@ -7,8 +7,6 @@
 
 elementWeb:
   enabled: false
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   encryptionSecret:
     value: CHANGEME-ahohhohgiavee5Koh8ahwo
@@ -47,8 +45,6 @@ matrixAuthenticationService:
     value: CHANGEME-eiv6wae8shooPhie4ief8ru2egahbah0
   synapseSharedSecret:
     value: CHANGEME-iaw8eeSef4zeefie8ii3akien9tiaYah
-postgres:
-  enabled: false
 synapse:
   enabled: false
 wellKnownDelegation:

charts/matrix-stack/ci/pytest-element-web-values.yaml

@@ -24,12 +24,8 @@ elementWeb:
     host: element.{{ $.Values.serverName }}
     tlsSecret: "{{ $.Release.Name }}-element-web-tls"
   replicas: 1
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   enabled: false
-postgres:
-  enabled: false
 serverName: ess.localhost
 synapse:
   enabled: false

charts/matrix-stack/ci/pytest-well-known-values.yaml

@@ -9,12 +9,8 @@ elementWeb:
   enabled: false
 global:
   baseDomain: ess.localhost
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   enabled: false
-postgres:
-  enabled: false
 # To check that templating works against the ingress
 serverName: "{{ $.Values.global.baseDomain }}"
 synapse:

charts/matrix-stack/ci/synapse-postgres-secrets-externally-values.yaml

@@ -7,8 +7,6 @@
 
 elementWeb:
   enabled: false
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   enabled: false
 postgres:

charts/matrix-stack/ci/synapse-postgres-secrets-in-helm-values.yaml

@@ -7,8 +7,6 @@
 
 elementWeb:
   enabled: false
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   enabled: false
 postgres:

charts/matrix-stack/ci/synapse-secrets-externally-values.yaml

@@ -7,12 +7,8 @@
 
 elementWeb:
   enabled: false
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   enabled: false
-postgres:
-  enabled: false
 serverName: ess.localhost
 synapse:
   ingress:

charts/matrix-stack/ci/synapse-secrets-in-helm-values.yaml

@@ -7,12 +7,8 @@
 
 elementWeb:
   enabled: false
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   enabled: false
-postgres:
-  enabled: false
 serverName: ess.localhost
 synapse:
   ingress:

charts/matrix-stack/ci/well-known-checkov-values.yaml

@@ -12,12 +12,8 @@ haproxy:
     checkov.io/skip1: CKV_K8S_11=We deliberately don't set CPU limits. Pod is BestEffort not Guaranteed
     checkov.io/skip2: CKV_K8S_43=No digests
     checkov.io/skip3: CKV2_K8S_6=No network policy yet
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   enabled: false
-postgres:
-  enabled: false
 serverName: ess.localhost
 synapse:
   enabled: false

charts/matrix-stack/ci/well-known-minimal-values.yaml

@@ -7,12 +7,8 @@
 
 elementWeb:
   enabled: false
-initSecrets:
-  enabled: false
 matrixAuthenticationService:
   enabled: false
-postgres:
-  enabled: false
 serverName: ess.localhost
 synapse:
   enabled: false

newsfragments/188.internal.md

@@ -0,0 +1 @@
+CI values: Do not define `initSecrets` `postgres` in tests, their behaviour depends on other components presence.

tests/manifests/test_basic.py

@@ -16,7 +16,15 @@ async def test_nothing_enabled_renders_nothing(templates):
 @pytest.mark.parametrize("values_file", ["nothing-enabled-values.yaml"])
 @pytest.mark.asyncio_cooperative
 async def test_initSecrets_on_its_own_renders_nothing(values, make_templates):
-    values["initSecrets"]["enabled"] = True
+    values.setdefault("initSecrets", {})["enabled"] = True
+    templates = await make_templates(values)
+    assert len(templates) == 0, f"{templates} were generated but none were expected"
+
+
+@pytest.mark.parametrize("values_file", ["nothing-enabled-values.yaml"])
+@pytest.mark.asyncio_cooperative
+async def test_postgres_on_its_own_renders_nothing(values, make_templates):
+    values.setdefault("postgres", {})["enabled"] = True
     templates = await make_templates(values)
     assert len(templates) == 0, f"{templates} were generated but none were expected"