From 9259b6b2c97b79f7172737ae26cd4b89a303909a Mon Sep 17 00:00:00 2001 From: David Collom Date: Tue, 10 Oct 2023 19:37:56 +0100 Subject: [PATCH] test: implement Helm chart unit tests (#116) --- .github/workflows/helm-test.yaml | 6 +- .../version-checker/templates/_helpers.tpl | 13 - .../version-checker/templates/deployment.yaml | 3 +- .../version-checker/templates/prometheus.yaml | 2 +- .../tests/deployment_test.yaml | 308 ++++++++++++++++++ .../tests/prometheus_test.yaml | 68 ++++ .../version-checker/tests/service_test.yaml | 16 + .../tests/serviceaccount_test.yaml | 22 ++ .../tests/servicemonitor_test.yaml | 35 ++ 9 files changed, 455 insertions(+), 18 deletions(-) create mode 100644 deploy/charts/version-checker/tests/deployment_test.yaml create mode 100644 deploy/charts/version-checker/tests/prometheus_test.yaml create mode 100644 deploy/charts/version-checker/tests/service_test.yaml create mode 100644 deploy/charts/version-checker/tests/serviceaccount_test.yaml create mode 100644 deploy/charts/version-checker/tests/servicemonitor_test.yaml diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml index 9e1f9c05..66b298f0 100644 --- a/.github/workflows/helm-test.yaml +++ b/.github/workflows/helm-test.yaml @@ -45,8 +45,8 @@ jobs: - name: Run Tests run: | - if [ ! -e "deploy/charts/verson-checker/tests" ]; then - echo "Not running tests, directory doesn't exist: deploy/charts/verson-checker/tests" + if [ ! -e "deploy/charts/version-checker/tests" ]; then + echo "Not running tests, directory doesn't exist: deploy/charts/version-checker/tests" exit 0 fi - helm unittest --helm3 --color deploy/charts/verson-checker + helm unittest deploy/charts/version-checker diff --git a/deploy/charts/version-checker/templates/_helpers.tpl b/deploy/charts/version-checker/templates/_helpers.tpl index 6ce5a80a..11f21aec 100644 --- a/deploy/charts/version-checker/templates/_helpers.tpl +++ b/deploy/charts/version-checker/templates/_helpers.tpl @@ -25,16 +25,3 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} - -{{/* -Required claims serialized to CLI argument -*/}} -{{- define "requiredClaims" -}} -{{- if .Values.oidc.requiredClaims -}} -{{- $local := (list) -}} -{{- range $k, $v := .Values.oidc.requiredClaims -}} -{{- $local = (printf "%s=%s" $k $v | append $local) -}} -{{- end -}} -{{ join "," $local }} -{{- end -}} -{{- end -}} diff --git a/deploy/charts/version-checker/templates/deployment.yaml b/deploy/charts/version-checker/templates/deployment.yaml index 63d919d3..e819ef5d 100644 --- a/deploy/charts/version-checker/templates/deployment.yaml +++ b/deploy/charts/version-checker/templates/deployment.yaml @@ -8,7 +8,7 @@ kind: Deployment metadata: name: {{ $chartname }} labels: -{{ include "version-checker.labels" . | indent 4 }} + {{ include "version-checker.labels" . | nindent 2 }} spec: replicas: {{ .Values.replicaCount }} selector: @@ -18,6 +18,7 @@ spec: metadata: labels: app: {{ $chartname }} + {{ include "version-checker.labels" . | nindent 8 }} annotations: prometheus.io/path: "/metrics" prometheus.io/scrape: "true" diff --git a/deploy/charts/version-checker/templates/prometheus.yaml b/deploy/charts/version-checker/templates/prometheus.yaml index 510bcf4c..cede0a48 100644 --- a/deploy/charts/version-checker/templates/prometheus.yaml +++ b/deploy/charts/version-checker/templates/prometheus.yaml @@ -39,7 +39,7 @@ metadata: name: {{ include "version-checker.name" . }} labels: prometheus: {{ include "version-checker.name" . }} -{{ include "version-checker.labels" . | indent 4 }} + {{ include "version-checker.labels" . | nindent 4 }} spec: replicas: {{ .Values.prometheus.replicas }} serviceAccountName: {{ .Values.prometheus.serviceAccountName }} diff --git a/deploy/charts/version-checker/tests/deployment_test.yaml b/deploy/charts/version-checker/tests/deployment_test.yaml new file mode 100644 index 00000000..925ed386 --- /dev/null +++ b/deploy/charts/version-checker/tests/deployment_test.yaml @@ -0,0 +1,308 @@ +suite: test deployment +templates: + - deployment.yaml +tests: + - it: should work (defaults) + set: + image.tag: latest + asserts: + - isKind: + of: Deployment + - equal: + path: metadata.name + value: version-checker + - equal: + path: spec.template.spec.containers[0].image + value: quay.io/jetstack/version-checker:latest + - equal: + path: spec.template.spec.containers[0].resources + value: {} + - equal: + path: spec.template.metadata.labels["app.kubernetes.io/name"] + value: version-checker + - equal: + path: spec.template.metadata.labels["app.kubernetes.io/instance"] + value: RELEASE-NAME + - equal: + path: spec.template.spec.containers[0].name + value: version-checker + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: /readyz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 3 + - equal: + path: spec.template.spec.containers[0].readinessProbe + value: + httpGet: + path: /readyz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 3 + - isNullOrEmpty: + path: spec.template.spec.volumes + + # ACR + - it: ACR should work + set: + acr.refreshToken: ajbhvdsbjvh + acr.username: jsgbjkas + acr.password: sgkjnabskjga + asserts: + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_ACR_REFRESH_TOKEN + valueFrom: + secretKeyRef: + key: acr.refreshToken + name: version-checker + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_ACR_USERNAME + valueFrom: + secretKeyRef: + key: acr.username + name: version-checker + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_ACR_PASSWORD + valueFrom: + secretKeyRef: + key: acr.password + name: version-checker + + # ECR + - it: ECR should work + set: + ecr.iamRoleArn: ajbhvdsbjvh + ecr.accessKeyID: jsgbjkas + ecr.secretAccessKey: sgkjnabskjga + ecr.sessionToken: asgjasg + asserts: + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_ECR_IAM_ROLE_ARN + value: ajbhvdsbjvh + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_ECR_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: ecr.accessKeyID + name: version-checker + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_ECR_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: ecr.secretAccessKey + name: version-checker + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_ECR_SESSION_TOKEN + valueFrom: + secretKeyRef: + key: ecr.sessionToken + name: version-checker + + # Docker + - it: Docker should work + set: + docker.token: ajbhvdsbjvh + docker.username: username + docker.password: hunter1 + asserts: + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_DOCKER_TOKEN + valueFrom: + secretKeyRef: + key: docker.token + name: version-checker + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_DOCKER_USERNAME + valueFrom: + secretKeyRef: + key: docker.username + name: version-checker + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_DOCKER_PASSWORD + valueFrom: + secretKeyRef: + key: docker.password + name: version-checker + + # GCR + - it: GCR should work + set: + gcr.token: ajbhvdsbjvh + asserts: + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_GCR_TOKEN + valueFrom: + secretKeyRef: + key: gcr.token + name: version-checker + + # Quay + - it: Quay should work + set: + quay.token: ajbhvdsbjvh + asserts: + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_QUAY_TOKEN + valueFrom: + secretKeyRef: + key: quay.token + name: version-checker + + # Self Hosted + - it: Self hosted should work + set: + selfhosted: + - name: bob + host: http://example.com + username: asgasasf + password: hunter1 + asserts: + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_SELFHOSTED_HOST_bob + valueFrom: + secretKeyRef: + key: selfhosted.bob.host + name: version-checker + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_SELFHOSTED_USERNAME_bob + valueFrom: + secretKeyRef: + key: selfhosted.bob.username + name: version-checker + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_SELFHOSTED_PASSWORD_bob + valueFrom: + secretKeyRef: + key: selfhosted.bob.password + name: version-checker + - notContains: + path: spec.template.spec.containers[0].env + content: + name: VERSION_CHECKER_SELFHOSTED_TOKEN_bob + valueFrom: + secretKeyRef: + key: selfhosted.bob.password + name: version-checker + + # Multiple Self Hosted + - it: Multiple Self hosted should work + set: + selfhosted: + - name: bob + host: http://example.com + username: asgasasf + password: hunter1 + - name: bill + host: http://sub.example.com + token: askjgnasbjkgas + asserts: + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_SELFHOSTED_HOST_bob + valueFrom: + secretKeyRef: + key: selfhosted.bob.host + name: version-checker + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_SELFHOSTED_USERNAME_bob + valueFrom: + secretKeyRef: + key: selfhosted.bob.username + name: version-checker + - contains: + path: spec.template.spec.containers[0].env + count: 1 + content: + name: VERSION_CHECKER_SELFHOSTED_PASSWORD_bob + valueFrom: + secretKeyRef: + key: selfhosted.bob.password + name: version-checker + - notContains: + path: spec.template.spec.containers[0].env + content: + name: VERSION_CHECKER_SELFHOSTED_TOKEN_bob + valueFrom: + secretKeyRef: + key: selfhosted.bob.password + name: version-checker + - contains: + path: spec.template.spec.containers[0].env + content: + name: VERSION_CHECKER_SELFHOSTED_TOKEN_bill + valueFrom: + secretKeyRef: + key: selfhosted.bill.token + name: version-checker + - contains: + path: spec.template.spec.containers[0].env + content: + name: VERSION_CHECKER_SELFHOSTED_HOST_bill + valueFrom: + secretKeyRef: + key: selfhosted.bill.host + name: version-checker + + - it: SecretEnabled + set: + acr.refreshToken: asgasga + asserts: + - contains: + path: spec.template.spec.volumes + content: + name: version-checker + secret: + secretName: version-checker diff --git a/deploy/charts/version-checker/tests/prometheus_test.yaml b/deploy/charts/version-checker/tests/prometheus_test.yaml new file mode 100644 index 00000000..e24035c9 --- /dev/null +++ b/deploy/charts/version-checker/tests/prometheus_test.yaml @@ -0,0 +1,68 @@ +suite: test prometheus +templates: + - prometheus.yaml +tests: + - it: should work (defaults) + asserts: + - hasDocuments: + count: 0 + + - it: should work (when enabled) + set: + prometheus.enabled: true + asserts: + - hasDocuments: + count: 4 + + - containsDocument: + kind: ServiceAccount + apiVersion: v1 + documentIndex: 0 + + - documentIndex: 1 + containsDocument: + kind: Role + apiVersion: rbac.authorization.k8s.io/v1 + + - documentIndex: 2 + containsDocument: + kind: RoleBinding + apiVersion: rbac.authorization.k8s.io/v1 + - documentIndex: 2 + equal: + path: subjects[0].kind + value: ServiceAccount + - documentIndex: 2 + equal: + path: subjects[0].name + value: prometheus + - documentIndex: 2 + equal: + path: roleRef.name + value: prometheus + - documentIndex: 2 + equal: + path: roleRef.kind + value: Role + + - documentIndex: 3 + containsDocument: + kind: Prometheus + apiVersion: monitoring.coreos.com/v1 + - documentIndex: 3 + equal: + path: spec.replicas + value: 1 + - documentIndex: 3 + equal: + path: spec.serviceAccountName + value: prometheus + - documentIndex: 3 + equal: + path: spec.version + value: v2.20.1 + - documentIndex: 3 + equal: + path: spec.serviceMonitorSelector.matchLabels + value: + app: version-checker diff --git a/deploy/charts/version-checker/tests/service_test.yaml b/deploy/charts/version-checker/tests/service_test.yaml new file mode 100644 index 00000000..f0e523b6 --- /dev/null +++ b/deploy/charts/version-checker/tests/service_test.yaml @@ -0,0 +1,16 @@ +suite: test service +templates: + - service.yaml +tests: + - it: should work (defaults) + asserts: + - containsDocument: + kind: Service + apiVersion: v1 + name: version-checker + - equal: + path: spec.ports[0].targetPort + value: 8080 + - equal: + path: spec.ports[0].name + value: web diff --git a/deploy/charts/version-checker/tests/serviceaccount_test.yaml b/deploy/charts/version-checker/tests/serviceaccount_test.yaml new file mode 100644 index 00000000..9ee79fe1 --- /dev/null +++ b/deploy/charts/version-checker/tests/serviceaccount_test.yaml @@ -0,0 +1,22 @@ +suite: test deployment +templates: + - serviceaccount.yaml +tests: + - it: should work (defaults) + set: + image.tag: latest + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: ServiceAccount + apiVersion: v1 + name: version-checker + + - it: with ecr ARN Set + set: + ecr.iamRoleArn: dsjgabjgsg + asserts: + - equal: + path: metadata.annotations["eks.amazonaws.com/role-arn"] + value: dsjgabjgsg diff --git a/deploy/charts/version-checker/tests/servicemonitor_test.yaml b/deploy/charts/version-checker/tests/servicemonitor_test.yaml new file mode 100644 index 00000000..237ddfe7 --- /dev/null +++ b/deploy/charts/version-checker/tests/servicemonitor_test.yaml @@ -0,0 +1,35 @@ +suite: test ServiceMonitor +templates: + - servicemonitor.yaml +tests: + - it: should work (defaults) + asserts: + - hasDocuments: + count: 0 + + - it: works (when enabled) + set: + serviceMonitor.enabled: true + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: ServiceMonitor + apiVersion: monitoring.coreos.com/v1 + name: version-checker + + - it: able to provide custom labels + set: + serviceMonitor.enabled: true + serviceMonitor.additionalLabels: + foo: bar + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: ServiceMonitor + apiVersion: monitoring.coreos.com/v1 + name: version-checker + - equal: + path: metadata.labels["foo"] + value: bar