unrip/test/operator-dashboard-public-ingress-static.test.mjs

import test from 'node:test';
import assert from 'node:assert/strict';
import { readFileSync } from 'node:fs';

const manifest = readFileSync(new URL('../deploy/k8s/base/unrip.yaml', import.meta.url), 'utf8');

test('operator dashboard production manifest uses basic auth with password from secret', () => {
  assert.match(manifest, /OPERATOR_DASHBOARD_AUTH_MODE:\s+basic/);
  assert.match(manifest, /OPERATOR_DASHBOARD_AUTH_USERNAME:\s+admin/);
  assert.doesNotMatch(manifest, /OPERATOR_DASHBOARD_AUTH_PASSWORD:/);
  assert.match(manifest, /secretRef:\s*\n\s+name: unrip-secrets/);
});

test('operator dashboard has a public Traefik ingress with TLS', () => {
  assert.match(manifest, /kind: Ingress\s*\nmetadata:\s*\n\s+name: operator-dashboard/);
  assert.match(manifest, /cert-manager\.io\/cluster-issuer: letsencrypt-production/);
  assert.match(manifest, /ingressClassName: traefik/);
  assert.match(manifest, /host: doran\.133011\.xyz/);
  assert.match(manifest, /secretName: operator-dashboard-tls/);
  assert.match(manifest, /service:\s*\n\s+name: operator-dashboard\s*\n\s+port:\s*\n\s+number: 8090/);
});