suite: Proxy Certificate
templates:
  - proxy/certificate.yaml
tests:
  - it: should request a certificate for cluster name when cert-manager is enabled (cert-manager.yaml)
    values:
      - ../.lint/cert-manager.yaml
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: Certificate
      - matchSnapshot:
          path: spec.dnsNames
      - matchSnapshot:
          path: spec.issuerRef
      - equal:
          path: spec.commonName
          value: test-cluster

  - it: should request a certificate for cluster name when cert-manager is enabled (cert-secret.yaml)
    values:
      - ../.lint/cert-secret.yaml
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: Certificate
      - matchSnapshot:
          path: spec.dnsNames
      - matchSnapshot:
          path: spec.issuerRef

  - it: should request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is set (cert-manager.yaml)
    values:
      - ../.lint/cert-manager.yaml
    set:
      publicAddr: ['teleport.test.com:443', 'teleport.shared-services.old-domain.com:443']
      highAvailability:
        certManager:
          addPublicAddrs: true
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: Certificate
      - matchSnapshot:
          path: spec.dnsNames
      - matchSnapshot:
          path: spec.issuerRef
      - equal:
          path: spec.commonName
          value: test-cluster
      - equal:
          path: spec.dnsNames[0]
          value: "test-cluster"
      - equal:
          path: spec.dnsNames[1]
          value: "*.test-cluster"
      - equal:
          path: spec.dnsNames[2]
          value: "teleport.test.com"
      - equal:
          path: spec.dnsNames[3]
          value: "teleport.shared-services.old-domain.com"

  - it: should not request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is not set (cert-manager.yaml)
    values:
      - ../.lint/cert-manager.yaml
    set:
      publicAddr: ['teleport.test.com:443', 'teleport.shared-services.old-domain.com:443']
      highAvailability:
        certManager:
          addPublicAddrs: false
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: Certificate
      - matchSnapshot:
          path: spec.dnsNames
      - matchSnapshot:
          path: spec.issuerRef
      - equal:
          path: spec.commonName
          value: test-cluster
      - equal:
          path: spec.dnsNames[0]
          value: "test-cluster"
      - equal:
          path: spec.dnsNames[1]
          value: "*.test-cluster"
      - notEqual:
          path: spec.dnsNames[2]
          value: "teleport.test.com"
      - notEqual:
          path: spec.dnsNames[3]
          value: "teleport.shared-services.old-domain.com"

  - it: should request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is set (cert-secret.yaml)
    values:
      - ../.lint/cert-secret.yaml
    set:
      publicAddr: ['teleport.test.com:443', 'teleport.shared-services.old-domain.com:443']
      highAvailability:
        certManager:
          addPublicAddrs: true
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: Certificate
      - matchSnapshot:
          path: spec.dnsNames
      - matchSnapshot:
          path: spec.issuerRef
      - equal:
          path: spec.dnsNames[0]
          value: "test-cluster"
      - equal:
          path: spec.dnsNames[1]
          value: "*.test-cluster"
      - equal:
          path: spec.dnsNames[2]
          value: "teleport.test.com"
      - equal:
          path: spec.dnsNames[3]
          value: "teleport.shared-services.old-domain.com"

  - it: should not request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is not set (cert-secret.yaml)
    values:
      - ../.lint/cert-secret.yaml
    set:
      publicAddr: ['teleport.test.com:443', 'teleport.shared-services.old-domain.com:443']
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: Certificate
      - matchSnapshot:
          path: spec.dnsNames
      - matchSnapshot:
          path: spec.issuerRef
      - notEqual:
          path: spec.commonName
          value: test-cluster
      - equal:
          path: spec.dnsNames[0]
          value: "test-cluster"
      - equal:
          path: spec.dnsNames[1]
          value: "*.test-cluster"
      - notEqual:
          path: spec.dnsNames[2]
          value: "teleport.test.com"
      - notEqual:
          path: spec.dnsNames[3]
          value: "teleport.shared-services.old-domain.com"

  - it: should request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is set, removing duplicates
    values:
      - ../.lint/cert-manager.yaml
    set:
      publicAddr: ['test-cluster:443', 'teleport.test.com:443', 'teleport.shared-services.old-domain.com:443', 'teleport.test.com:443']
      highAvailability:
        certManager:
          addPublicAddrs: true
    asserts:
      - hasDocuments:
          count: 1
      - isKind:
          of: Certificate
      - matchSnapshot:
          path: spec.dnsNames
      - matchSnapshot:
          path: spec.issuerRef
      - equal:
          path: spec.dnsNames[0]
          value: "test-cluster"
      - equal:
          path: spec.dnsNames[1]
          value: "*.test-cluster"
      - notEqual:
          path: spec.dnsNames[2]
          value: "test-cluster"
      - equal:
          path: spec.dnsNames[2]
          value: "teleport.test.com"
      - equal:
          path: spec.dnsNames[3]
          value: "teleport.shared-services.old-domain.com"
      - notEqual:
          path: spec.dnsNames[4]
          value: "teleport.test.com"