Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the chart-verifier version.
2021-05-27 17:09:50 -07:00 · 2021-05-27 17:09:50 -07:00 · 3593739160
commit 3593739160
parent b21b37b07a
5 changed files with 93 additions and 10 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -17,7 +17,7 @@ jobs:
    environment:
      BATS_VERSION: "1.3.0"
      # Note: the commit SHA is used here since the repo doesn't use release tags
-      CHART_VERIFIER_VERSION: "190d532246a5936dc6a7125e2da917d04e38a672"
+      CHART_VERIFIER_VERSION: "e2c03bd1a4aea20deb0a4a03ebfde254b1672050"
    steps:
      - checkout
      - run:
--- a/templates/tests/server-test.yaml
+++ b/templates/tests/server-test.yaml
@ -0,0 +1,39 @@
+{{- if .Values.server.enabled }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+
+  restartPolicy: Never
+{{- end }}
--- a/test/README.md
+++ b/test/README.md
@ -32,3 +32,10 @@ It relies on the helm [schema-gen plugin][schema-gen]. Note that some manual
 editing will be required, since several properties accept multiple data types.

 [schema-gen]: https://github.com/karuppiah7890/helm-schema-gen
+
+## Helm test
+
+Vault Helm also contains a simple helm test under
+[templates/tests/](../templates/tests/) that may be run against a helm release:
+
+    helm test <RELEASE_NAME>
--- a/test/acceptance/helm-test.bats
+++ b/test/acceptance/helm-test.bats
@ -0,0 +1,27 @@
+#!/usr/bin/env bats
+
+load _helpers
+
+@test "helm/test: running helm test" {
+  cd `chart_dir`
+
+  kubectl delete namespace acceptance --ignore-not-found=true
+  kubectl create namespace acceptance
+  kubectl config set-context --current --namespace=acceptance
+
+  helm install "$(name_prefix)" .
+  wait_for_running $(name_prefix)-0
+
+  helm test "$(name_prefix)"
+}
+
+# Clean up
+teardown() {
+  if [[ ${CLEANUP:-true} == "true" ]]
+  then
+      echo "helm/pvc teardown"
+      helm delete vault
+      kubectl delete --all pvc
+      kubectl delete namespace acceptance --ignore-not-found=true
+  fi
+}
--- a/test/chart/verifier.bats
+++ b/test/chart/verifier.bats
@ -8,6 +8,9 @@ setup_file() {
    export CHART_VOLUME=vault-helm-chart-src
    # Note: currently `latest` is the only tag available in the chart-verifier repo.
    local IMAGE="quay.io/redhat-certification/chart-verifier:latest"
+    # chart-verifier requires an openshift version if a cluster isn't available
+    local OPENSHIFT_VERSION="4.7"
+    local DISABLED_TESTS="chart-testing"

    local run_cmd="chart-verifier"
    local chart_src="."
@ -23,8 +26,11 @@ setup_file() {
        # Start chart-verifier using this volume
        run_cmd="docker run --rm --volumes-from $CHART_VOLUME $IMAGE"
    fi
-    
-    $run_cmd verify --output json $chart_src 2>&1 | tee $VERIFY_OUTPUT
+
+    $run_cmd verify $chart_src \
+      --output json \
+      --openshift-version $OPENSHIFT_VERSION \
+      --disable $DISABLED_TESTS 2>&1 | tee $VERIFY_OUTPUT
 }

 teardown_file() {
@ -33,8 +39,8 @@ teardown_file() {
    fi
 }

-@test "has-minkubeversion" {
-    check_result has-minkubeversion
+@test "has-kubeversion" {
+    check_result has-kubeversion
 }

@test "is-helm-v3" {
@ -65,12 +71,16 @@ teardown_file() {
    check_result contains-values-schema
 }

+@test "contains-test" {
+    check_result contains-test
+}
+
+@test "chart-testing" {
+    skip "Skipping since this test requires a kubernetes/openshift cluster"
+    check_result chart-testing
+}
+
@test "images-are-certified" {
    skip "Skipping until this has been addressed"
    check_result images-are-certified
 }
-
-@test "contains-test" {
-    skip "Skipping until this has been addressed"
-    check_result contains-test
-}