This section provides an overview and instructions for testing the Chronicle application using Helm. The Chronicle Helm Chart includes relevant components and configurations related to testing the application.
Helm is a package manager for Kubernetes that enables streamlined deployment, management, and testing of applications. The testing functionality in Helm allows you to verify the correctness and stability of your application after deployment.
The testing components and configurations specific to testing with the Chronicle Helm Chart are described below.
API Test Job¶
The API Test Job is responsible for executing a test against the Chronicle API. It ensures the availability GraphQL API endpoint. The Job is defined in the Helm Chart under the condition:
The API Test Job includes the following test steps:
- Authenticate and obtain a token (if required).
- Wait for the API to be ready.
- Execute the tests using the
Note, the Chronicle Helm Chart API test uses the reserved
Auth Endpoints Test Job¶
The Auth Endpoints Test Job verifies the availability and correctness of the
authentication endpoints used in the Chronicle application. The Job checks the
JWKS endpoint and userinfo endpoint, either using the provided URLs or the
devIdProvider if enabled. The
Job is defined in the Helm Chart under the
The Auth Endpoints Test Job includes the following test steps:
- Checks the JWKS endpoint for a valid JSON response.
- Checks the userinfo endpoint for a valid JSON response, using the provided
test.auth.tokenor the token obtained from the
devIdProvider is an optional component used for authentication during
testing and development. It simulates an identity provider to provide tokens for
API and auth endpoint tests. The
devIdProvider is defined in the Helm Chart
under the condition:
The following resources are created for the
Service: Provides network access to the
StatefulSet: Manages the stateful container that makes up the
The RBAC (Role-Based Access Control) configuration allows the necessary permissions for testing. It grants the required access rights to the Service Account used during testing.
The relevant values for testing are located under the
test section in the
auth.required: Specifies whether Chronicle's API will require authentication. If set to
devIdProvidermust be enabled, or the user must provide
test.api.enabled: Specifies whether the API test functionality is enabled (
true) or not (
test.auth.enabled: Specifies whether the Auth Endpoints test functionality is enabled (
true) or not (
test.auth.token: Provides a token that can be used for authentication-related testing. This value can be set to a specific token for testing authentication scenarios.
devIdProvider.enabled: Specifies whether the
devIdProvideris enabled (
true) or not (
auth.jwks.url: Specifies the URL of the JWKS endpoint for third-party authentication.
auth.userinfo.url: Specifies the URL of the userinfo endpoint for third-party authentication.
These are Chronicle's default
values.yaml settings. Running
helm test <installation>
will run the API test and Auth Endpoints test without using an authorization token.
Auth Required, Using
The test uses the
devIdProvider to acquire a token, which it passes in the
authorization header to both the API test and Auth Endpoints test. Chronicle has
been initialized with the default
devIdProvider auth endpoints. If
is not provided and
auth.required: true, then
devIdProvider must be enabled.
Auth Required, Third Party Auth Service¶
auth: jwks: url: https://dev-xyz-9abc.us.auth0.com/.well-known/jwks.json required: true userinfo: url: https://dev-xyz-9abc.us.auth0.com/userinfo devIdProvider: enabled: false test: api: enabled: true auth: enabled: true auth: token: eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiwiaXNzIjoiaHR0cHM6Ly9kZXYtY2hhLTlhZXQudXMuYXV0aDAuY29tLyJ9..wSM9N-paE7lA_YaL.T8Mla-PJ5VcFWdBX6SaxCkzq5LVFnEGg2eiMNc-rCXgCd6CUTFQ9Ra_JbuFZrfVZA0JxaaeY5XHJYVBJ6Gwjq25qU5XxXrXk64ZdHNIBgUYhkHoKOvEIjqYpvv8pl1A4MndAbE8NqFpyYgkaWVhSk0X9zSMWTZ6D_Y4lwMr4ihCNqJ4nd8KuyswwDYrHCnQbmBDE6u0yGmLQEIoLm1ZaCnhgDTzdnX2RgcluOrZR5a-yW8Vw6VogsGHwh6-2gsDHxgdmjpZlfR0jGHkceeCw9xl-ccVaLmTH2DS49nrhiYBfrx8oZ5dTKdj9d0ZWJ91c4CI.beiznku1urlYppbo8WHoCg
The user provides a token and auth endpoints. Note that in this scenario, it does not matter whether the devIdProvider is enabled or not, but testing requires that the user provides a token that will work with their third-party auth service.
Note on Default Settings¶
If you provide your own
auth.userinfo.url Chronicle's Helm Chart
test.auth.token. This is because failing to
provide this will require reinstallation of the Chart in order to enable testing
of a third-party userinfo URL.
Add the following settings to your
values.yaml to disable the tests:
test.auth.token in your
values.yaml, as described in
Auth Required, Third Party Auth Service.