alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 15 Packages Projects Releases Wiki Activity
PSA/ee/appliance/host-service/tests/control-plane-manifests.test.mjs
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

72 lines
4.1 KiB
JavaScript
Raw Permalink Blame History

import fs from 'node:fs';
import path from 'node:path';
import test from 'node:test';
import assert from 'node:assert/strict';
const repoRoot = path.resolve(path.join(import.meta.dirname, '..', '..', '..', '..'));
const manifestDir = path.join(repoRoot, 'ee', 'appliance', 'control-plane', 'manifests');
function readManifest(name) {
return fs.readFileSync(path.join(manifestDir, name), 'utf8');
}
test('T002 control-plane manifests define isolated namespace, workload, exposure, state, and scoped RBAC', () => {
const kustomization = readManifest('kustomization.yaml');
const namespace = readManifest('namespace.yaml');
const rbac = readManifest('rbac.yaml');
const workload = readManifest('workload.yaml');
const all = `${kustomization}\n${namespace}\n${rbac}\n${workload}`;
assert.match(kustomization, /resources:\n\s+- namespace\.yaml\n\s+- rbac\.yaml\n\s+- workload\.yaml/);
assert.match(namespace, /kind: Namespace\nmetadata:\n\s+name: alga-appliance-control-plane/);
assert.match(namespace, /alga\.nineminds\.com\/appliance-plane: control/);
assert.doesNotMatch(namespace, /name: msp\b/);
assert.match(rbac, /kind: ServiceAccount\nmetadata:\n\s+name: appliance-control-plane\n\s+namespace: alga-appliance-control-plane/);
assert.match(rbac, /kind: ClusterRole\nmetadata:\n\s+name: appliance-control-plane-setup-admin/);
assert.match(rbac, /kind: ClusterRoleBinding\nmetadata:\n\s+name: appliance-control-plane/);
assert.match(rbac, /name: appliance-control-plane-setup-admin/);
assert.doesNotMatch(rbac, /name: cluster-admin/);
assert.match(rbac, /rbac-rationale:/);
assert.match(rbac, /customresourcedefinitions/);
assert.match(rbac, /clusterrolebindings/);
assert.match(rbac, /storageclasses/);
assert.doesNotMatch(rbac, /resources: \["\*"\]/);
assert.doesNotMatch(rbac, /verbs: \["\*"\]/);
assert.doesNotMatch(rbac, /host kubeconfig/);
assert.match(workload, /kind: ConfigMap\nmetadata:\n\s+name: appliance-control-plane-config\n\s+namespace: alga-appliance-control-plane/);
assert.match(workload, /ALGA_APPLIANCE_BUNDLE_ORIGIN: "baked-iso"/);
assert.match(workload, /ALGA_APPLIANCE_TOKEN_FILE: "\/var\/lib\/alga-appliance\/setup-token"/);
assert.match(workload, /ALGA_APPLIANCE_KUBECONFIG: "\/tmp\/alga-appliance\/kubeconfig"/);
assert.match(workload, /ALGA_APPLIANCE_HOST_AGENT_SOCKET: "\/run\/alga-appliance\/host-agent\.sock"/);
assert.doesNotMatch(workload, /ALGA_APPLIANCE_SKIP_K3S_INSTALL/);
assert.doesNotMatch(workload, /ALGA_APPLIANCE_SKIP_STORAGE_INSTALL/);
assert.doesNotMatch(workload, /kind: PersistentVolumeClaim/);
assert.match(workload, /kind: Deployment\nmetadata:\n\s+name: appliance-control-plane\n\s+namespace: alga-appliance-control-plane/);
assert.match(workload, /serviceAccountName: appliance-control-plane/);
assert.match(workload, /hostNetwork: true/);
assert.match(workload, /initContainers:\n\s+- name: init-state-permissions/);
assert.match(workload, /command: \["sh", "-c", "mkdir -p \/var\/lib\/alga-appliance && chown 10001:10001 \/var\/lib\/alga-appliance"\]/);
assert.match(workload, /hostPort: 8080/);
assert.match(workload, /containerPort: 8080/);
assert.match(workload, /image: localhost\/alga-appliance-control-plane:baked/);
assert.match(workload, /imagePullPolicy: IfNotPresent/);
assert.match(workload, /mountPath: \/var\/lib\/alga-appliance/);
// Token is read from the shared host volume, not a Kubernetes Secret.
assert.doesNotMatch(workload, /secretName: appliance-setup-token/);
assert.doesNotMatch(workload, /alga-appliance-token/);
assert.match(workload, /mountPath: \/run\/alga-appliance/);
assert.match(workload, /path: \/run\/alga-appliance/);
assert.doesNotMatch(workload, /\/etc\/rancher\/k3s\/k3s\.yaml/);
assert.match(workload, /readinessProbe:/);
assert.match(workload, /livenessProbe:/);
assert.match(workload, /allowPrivilegeEscalation: false/);
assert.match(workload, /runAsNonRoot: true/);
assert.match(workload, /kind: Service\nmetadata:\n\s+name: appliance-control-plane\n\s+namespace: alga-appliance-control-plane/);
assert.match(workload, /port: 8080\n\s+targetPort: setup-http/);
assert.doesNotMatch(all, /namespace: alga-psa\b/);
});
Reference in New Issue View Git Blame Copy Permalink