{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}

{{- if .Values.manifests.pod_rally_test }}
{{- $envAll := . }}

{{- $mounts_tests := .Values.pod.mounts.cinder_tests.cinder_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.cinder_tests.init_container }}

{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
  name: {{ print $envAll.Release.Name "-test" }}
  labels:
{{ tuple $envAll "cinder" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
  annotations:
    "helm.sh/hook": test-success
    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "cinder-test" "containerNames" (list "init" "cinder-test" "cinder-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
  restartPolicy: Never
{{ if $envAll.Values.pod.tolerations.cinder.enabled }}
{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
{{ end }}
  nodeSelector:
    {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
  serviceAccountName: {{ $serviceAccountName }}
  initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
    - name: cinder-test-ks-user
{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
      command:
        - /tmp/ks-user.sh
      volumeMounts:
        - name: pod-tmp
          mountPath: /tmp
        - name: cinder-bin
          mountPath: /tmp/ks-user.sh
          subPath: ks-user.sh
          readOnly: true
{{ dict "enabled" .Values.manifests.certificates "name" $envAll.Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume_mount"  | indent 8 }}
      env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
        - name: SERVICE_OS_SERVICE_NAME
          value: "test"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
        - name: SERVICE_OS_ROLE
          value: {{ .Values.endpoints.identity.auth.test.role | quote }}
  containers:
    - name: cinder-test
{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
      env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
        - name: RALLY_ENV_NAME
          value: {{.Release.Name}}
      command:
        - /tmp/rally-test.sh
      volumeMounts:
        - name: pod-tmp
          mountPath: /tmp
        - name: cinder-etc
          mountPath: /etc/rally/rally_tests.yaml
          subPath: rally_tests.yaml
          readOnly: true
        - name: cinder-bin
          mountPath: /tmp/rally-test.sh
          subPath: rally-test.sh
          readOnly: true
        - name: rally-db
          mountPath: /var/lib/rally
{{ dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume_mount"  | indent 8 }}
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
  volumes:
    - name: pod-tmp
      emptyDir: {}
    - name: cinder-etc
      secret:
        secretName: cinder-etc
        defaultMode: 0444
    - name: cinder-bin
      configMap:
        name: cinder-bin
        defaultMode: 0555
    - name: rally-db
      emptyDir: {}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }}
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }}