From 2852fbba9b000a161b6415e9e3b55005706436f1 Mon Sep 17 00:00:00 2001
From: Vincent Desjardins <vdesjardins@gmail.com>
Date: Fri, 6 Sep 2019 10:48:12 -0400
Subject: [PATCH] annotation configuration on service account (#47)

Signed-off-by: Vincent Desjardins <vdesjardins@gmail.com>
---
 templates/_helpers.tpl               |  9 +++++++++
 templates/server-serviceaccount.yaml |  1 +
 test/unit/server-serviceaccount.bats | 29 ++++++++++++++++++++++++++++
 values.yaml                          |  4 ++++
 4 files changed, 43 insertions(+)
 create mode 100755 test/unit/server-serviceaccount.bats

diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index b09d486..213bcaa 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -259,6 +259,15 @@ Sets extra ui service annotations
   {{- end }}
 {{- end -}}
 
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceaccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceaccount.annotations }}
+  annotations:
+    {{- toYaml .Values.server.serviceaccount.annotations | nindent 4 }}
+  {{- end }}
+{{- end -}}
 
 {{/*
 Set's the container resources if the user has set any.
diff --git a/templates/server-serviceaccount.yaml b/templates/server-serviceaccount.yaml
index 1c64942..cb79883 100644
--- a/templates/server-serviceaccount.yaml
+++ b/templates/server-serviceaccount.yaml
@@ -10,4 +10,5 @@ metadata:
     app.kubernetes.io/name: {{ include "vault.name" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceaccount.annotations" . }}
 {{ end }}
diff --git a/test/unit/server-serviceaccount.bats b/test/unit/server-serviceaccount.bats
new file mode 100755
index 0000000..1c2fac5
--- /dev/null
+++ b/test/unit/server-serviceaccount.bats
@@ -0,0 +1,29 @@
+#!/usr/bin/env bats
+
+load _helpers
+
+@test "server/ServiceAccount: specify annotations" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -x templates/server-serviceaccount.yaml  \
+      --set 'server.dev.enabled=true' \
+      --set 'server.serviceaccount.annotations.foo=bar' \
+      . | tee /dev/stderr |
+      yq -r '.metadata.annotations["foo"]' | tee /dev/stderr)
+  [ "${actual}" = "null" ]
+
+  local actual=$(helm template \
+      -x templates/server-serviceaccount.yaml  \
+      --set 'server.ha.enabled=true' \
+      --set 'server.serviceaccount.annotations.foo=bar' \
+      . | tee /dev/stderr |
+      yq -r '.metadata.annotations["foo"]' | tee /dev/stderr)
+  [ "${actual}" = "bar" ]
+
+  local actual=$(helm template \
+      -x templates/server-serviceaccount.yaml  \
+      --set 'server.ha.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.metadata.annotations["foo"]' | tee /dev/stderr)
+  [ "${actual}" = "null" ]
+}
diff --git a/values.yaml b/values.yaml
index a004b7b..5c07299 100644
--- a/values.yaml
+++ b/values.yaml
@@ -206,6 +206,10 @@ server:
     # replicas. If you'd like a custom value, you can specify an override here.
       maxUnavailable: null
 
+  # Definition of the serviceaccount used to run Vault.
+  serviceaccount:
+    annotations: {}
+
 # Vault UI
 ui:
   # True if you want to create a Service entry for the Vault UI.