*: convert testing datasource validity to helm test

.gitignore

@@ -1,6 +1,6 @@
 .vscode/
 .idea/
 chart/Chart.lock
-chart/charts/*
+chart/charts
 tmp/
 manifests.yaml

chart/templates/tests/test-datasources.yaml

@@ -0,0 +1,158 @@
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "{{ .Release.Name }}-test-datasource"
+  namespace: "{{ template "tobs.namespace" . }}"
+  labels:
+    {{- include "tobs.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: "{{ .Release.Name }}-test-datasource"
+  namespace: "{{ template "tobs.namespace" . }}"
+  labels:
+    {{- include "tobs.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: "{{ .Release.Name }}-test-datasource"
+subjects:
+  - kind: ServiceAccount
+    name: "{{ .Release.Name }}-test-datasource"
+    namespace: "{{ template "tobs.namespace" . }}"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: "{{ .Release.Name }}-test-datasource"
+  namespace: "{{ template "tobs.namespace" . }}"
+  labels:
+    {{- include "tobs.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  resourceNames:
+  - "{{ .Release.Name }}-grafana"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ .Release.Name }}-test-datasource"
+  namespace: "{{ template "tobs.namespace" . }}"
+  labels:
+    {{- include "tobs.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+data:
+  datasources.sh: |-
+    #!/bin/bash
+
+    # set -euo pipefail
+    set -o pipefail
+
+    # Assemble grafana query URL
+    RELEASE="{{ .Release.Name }}"
+    NAMESPACE="{{ template "tobs.namespace" . }}"
+    {{- $kubePrometheus := index .Values "kube-prometheus-stack" }}
+    GRAFANA_USER="{{ $kubePrometheus.grafana.adminUser }}"
+
+    # use curl instead of kubectl to access k8s api. This way we don't need to use container image with kubectl in it.
+    TOKEN="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
+    K8S_API_URI="https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/namespaces/${NAMESPACE}/secrets/${RELEASE}-grafana"
+    GRAFANA_PASS="$(
+        curl -s \
+            --header "Authorization: Bearer ${TOKEN}" \
+            --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
+            "$K8S_API_URI" \
+        | jq -r '.data["admin-password"]' \
+        | base64 -d
+    )"
+
+    GRAFANA_QUERY_URL="http://${GRAFANA_USER}:${GRAFANA_PASS}@${RELEASE}-grafana.${NAMESPACE}.svc:80/api/ds/query"
+
+    function query() {
+        local uid="$1"
+        local query="$2"
+        local format="$3"
+
+        local body=$(cat <<-EOM
+    {
+        "queries":[
+            {
+                "datasource":{
+                    "uid":"$uid"
+                },
+                "refId":"A",
+                "format":"$format",
+                "expr":"$query"
+            }
+        ],
+        "from":"now-5m",
+        "to":"now"
+    }
+    EOM
+    )
+        
+        curl -H "Content-Type: application/json" -X POST -d "$body" "${GRAFANA_QUERY_URL}" 2>/dev/null | jq '.results.A'
+    }
+
+    SQL_QUERY="SELECT * FROM pg_extension WHERE extname = 'timescaledb_toolkit';"
+    RESULT_SQL=$(query "c4729dfb8ceeaa0372ef27403a3932695eee995d" "$SQL_QUERY" "table")
+    if [ "$(jq 'has("error")' <<< ${RESULT_SQL})" == "true" ]; then
+        echo "GRAFANA SQL DATASOURCE CANNOT QUERY DATA DUE TO:"
+        jq '.error' <<< ${RESULT_SQL}
+        exit 1
+    fi
+
+    RESULT_PRM=$(query "dc08d25c8f267b054f12002f334e6d3d32a853e4" "ALERTS" "time_series")
+    if [ "$(jq 'has("error")' <<< ${RESULT_PRM})" == "true" ]; then
+        echo "GRAFANA PROMQL DATASOURCE CANNOT QUERY DATA DUE TO:"
+        jq '.error' <<< ${RESULT_PRM}
+        exit 1
+    fi
+
+    echo "All queries passed"
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-test-datasource"
+  labels:
+    {{- include "tobs.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: checker
+      # TODO(paulfantom): move image build to tobs repo
+      # Current multi-arch image is built from https://github.com/paulfantom/dockerfiles/blob/master/curl-jq/Dockerfile
+      image: quay.io/paulfantom/curl-jq
+      command:
+        - /bin/bash
+        - -c
+        - /usr/local/bin/datasources.sh
+      volumeMounts:
+      - mountPath: /usr/local/bin/datasources.sh
+        name: datasources-bin
+        readOnly: true
+        subPath: datasources.sh
+  serviceAccountName: "{{ .Release.Name }}-test-datasource"
+  restartPolicy: Never
+  volumes:
+  - name: datasources-bin
+    configMap:
+      name: "{{ .Release.Name }}-test-datasource"
+      defaultMode: 0755