From fc260a2a2929d82f4ae45dd3c05b945351bade77 Mon Sep 17 00:00:00 2001
From: Richard Chapman <rchapman@hpccsystems.com>
Date: Wed, 25 Sep 2024 15:41:31 +0100
Subject: [PATCH] HPCC-32722 Spurious errors from helm lint with certificates
 enabled

Signed-off-by: Richard Chapman <rchapman@hpccsystems.com>
---
 helm/hpcc/templates/esp.yaml  |  2 +-
 testing/helm/tests/certs.yaml | 56 +++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 testing/helm/tests/certs.yaml

diff --git a/helm/hpcc/templates/esp.yaml b/helm/hpcc/templates/esp.yaml
index 13d64902627..bf62463087e 100644
--- a/helm/hpcc/templates/esp.yaml
+++ b/helm/hpcc/templates/esp.yaml
@@ -105,7 +105,7 @@ data:
 {{- end -}}
 {{- $signingEnabled := eq (include "hpcc.isIssuerEnabled" (dict "root" $ "issuerKeyName" "signing")) "true" -}}
 {{- $generateSigningCert := and ($signingEnabled) (eq $application "eclwatch") -}}
-{{- $signingCertGenerator := and ($signingEnabled) (has $application (list "eclwatch" "eclservices")) | ternary "eclwatch" "" -}}
+{{- $signingCertGenerator := and ($signingEnabled) (has $application (list "eclwatch" "eclservices")) | ternary "eclwatch" "" }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
diff --git a/testing/helm/tests/certs.yaml b/testing/helm/tests/certs.yaml
new file mode 100644
index 00000000000..8cd30f53857
--- /dev/null
+++ b/testing/helm/tests/certs.yaml
@@ -0,0 +1,56 @@
+certificates:
+  enabled: true
+  issuers:
+    local:
+      name: hpcc-local-issuer
+      ## kind can be changed to ClusterIssue to refer to a ClusterIssuer. https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.ClusterIssuer
+      kind: Issuer
+      ## do not define spec (set spec: null), to reference an Issuer resource that already exists in the cluster
+      ## change spec if you'd like to change how certificates get issued... see ## https://cert-manager.io/docs/configuration/#supported-issuer-types
+      ## for information on what spec should contain.
+      spec:
+        ca:
+          secretName: hpcc-local-issuer-key-pair
+    public:
+      name: hpcc-public-issuer
+      ## kind can be changed to ClusterIssue to refer to a ClusterIssuer. https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.ClusterIssuer
+      kind: Issuer
+      ## do not define spec (set spec: null), to reference an Issuer resource that already exists in the cluster
+      ## change spec if you'd like to change how certificates get issued... see ## https://cert-manager.io/docs/configuration/#supported-issuer-types
+      ## for information on what spec should contain.
+      spec:
+        selfSigned: {}
+    vaultclient:
+      name: hpcc-vaultclient-issuer
+      enabled: false
+      ## domain: hpcc.example.com
+      rolePrefix: "hpcc-"
+      kind: Issuer
+      ## do not define spec (set spec: null), to reference an Issuer resource that already exists in the cluster
+      ## change spec if you'd like to change how certificates get issued... see ## https://cert-manager.io/docs/configuration/#supported-issuer-types
+      ## for information on what spec should contain.
+      spec:
+        ca:
+          secretName: hpcc-vaultclient-issuer-key-pair
+    remote:
+      name: hpcc-remote-issuer
+      ## set enabled to true if adding remoteClients for any components
+      enabled: false
+      ## kind can be changed to ClusterIssue to refer to a ClusterIssuer. https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.ClusterIssuer
+      kind: Issuer
+      ## do not define spec (set spec: null), to reference an Issuer resource that already exists in the cluster
+      ## change spec if you'd like to change how certificates get issued... see ## https://cert-manager.io/docs/configuration/#supported-issuer-types
+      ## for information on what spec should contain.
+      spec:
+        ca:
+          secretName: hpcc-remote-issuer-key-pair
+    signing: # intended to be used for signing/verification purposes only, e.g. by dafilesrv
+      name: hpcc-signing-issuer
+      ## kind can be changed to ClusterIssue to refer to a ClusterIssuer. https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.ClusterIssuer
+      kind: Issuer
+      ## do not define spec (set spec: null), to reference an Issuer resource that already exists in the cluster
+      ## change spec if you'd like to change how certificates get issued... see ## https://cert-manager.io/docs/configuration/#supported-issuer-types
+      ## for information on what spec should contain.
+      spec:
+        ca:
+          secretName: hpcc-signing-issuer-key-pair