From 35937391604baaea86d1fcd2adaef12e4d2a9877 Mon Sep 17 00:00:00 2001
From: Theron Voran <tvoran@users.noreply.github.com>
Date: Thu, 27 May 2021 17:09:50 -0700
Subject: [PATCH] Adding helm test for vault server (#531)

Also adds acceptance test for 'helm test' and updates the
chart-verifier version.
---
 .circleci/config.yml             |  2 +-
 templates/tests/server-test.yaml | 39 ++++++++++++++++++++++++++++++++
 test/README.md                   |  7 ++++++
 test/acceptance/helm-test.bats   | 27 ++++++++++++++++++++++
 test/chart/verifier.bats         | 28 +++++++++++++++--------
 5 files changed, 93 insertions(+), 10 deletions(-)
 create mode 100644 templates/tests/server-test.yaml
 create mode 100644 test/acceptance/helm-test.bats

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 2f86aad..c5673d7 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -17,7 +17,7 @@ jobs:
     environment:
       BATS_VERSION: "1.3.0"
       # Note: the commit SHA is used here since the repo doesn't use release tags
-      CHART_VERIFIER_VERSION: "190d532246a5936dc6a7125e2da917d04e38a672"
+      CHART_VERIFIER_VERSION: "e2c03bd1a4aea20deb0a4a03ebfde254b1672050"
     steps:
       - checkout
       - run:
diff --git a/templates/tests/server-test.yaml b/templates/tests/server-test.yaml
new file mode 100644
index 0000000..37819de
--- /dev/null
+++ b/templates/tests/server-test.yaml
@@ -0,0 +1,39 @@
+{{- if .Values.server.enabled }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+
+  restartPolicy: Never
+{{- end }}
diff --git a/test/README.md b/test/README.md
index 722bc40..28431db 100644
--- a/test/README.md
+++ b/test/README.md
@@ -32,3 +32,10 @@ It relies on the helm [schema-gen plugin][schema-gen]. Note that some manual
 editing will be required, since several properties accept multiple data types.
 
 [schema-gen]: https://github.com/karuppiah7890/helm-schema-gen
+
+## Helm test
+
+Vault Helm also contains a simple helm test under
+[templates/tests/](../templates/tests/) that may be run against a helm release:
+
+    helm test <RELEASE_NAME>
diff --git a/test/acceptance/helm-test.bats b/test/acceptance/helm-test.bats
new file mode 100644
index 0000000..c5f9553
--- /dev/null
+++ b/test/acceptance/helm-test.bats
@@ -0,0 +1,27 @@
+#!/usr/bin/env bats
+
+load _helpers
+
+@test "helm/test: running helm test" {
+  cd `chart_dir`
+
+  kubectl delete namespace acceptance --ignore-not-found=true
+  kubectl create namespace acceptance
+  kubectl config set-context --current --namespace=acceptance
+
+  helm install "$(name_prefix)" .
+  wait_for_running $(name_prefix)-0
+
+  helm test "$(name_prefix)"
+}
+
+# Clean up
+teardown() {
+  if [[ ${CLEANUP:-true} == "true" ]]
+  then
+      echo "helm/pvc teardown"
+      helm delete vault
+      kubectl delete --all pvc
+      kubectl delete namespace acceptance --ignore-not-found=true
+  fi
+}
diff --git a/test/chart/verifier.bats b/test/chart/verifier.bats
index eab216d..f8e2986 100644
--- a/test/chart/verifier.bats
+++ b/test/chart/verifier.bats
@@ -8,6 +8,9 @@ setup_file() {
     export CHART_VOLUME=vault-helm-chart-src
     # Note: currently `latest` is the only tag available in the chart-verifier repo.
     local IMAGE="quay.io/redhat-certification/chart-verifier:latest"
+    # chart-verifier requires an openshift version if a cluster isn't available
+    local OPENSHIFT_VERSION="4.7"
+    local DISABLED_TESTS="chart-testing"
 
     local run_cmd="chart-verifier"
     local chart_src="."
@@ -23,8 +26,11 @@ setup_file() {
         # Start chart-verifier using this volume
         run_cmd="docker run --rm --volumes-from $CHART_VOLUME $IMAGE"
     fi
-    
-    $run_cmd verify --output json $chart_src 2>&1 | tee $VERIFY_OUTPUT
+
+    $run_cmd verify $chart_src \
+      --output json \
+      --openshift-version $OPENSHIFT_VERSION \
+      --disable $DISABLED_TESTS 2>&1 | tee $VERIFY_OUTPUT
 }
 
 teardown_file() {
@@ -33,8 +39,8 @@ teardown_file() {
     fi
 }
 
-@test "has-minkubeversion" {
-    check_result has-minkubeversion
+@test "has-kubeversion" {
+    check_result has-kubeversion
 }
 
 @test "is-helm-v3" {
@@ -65,12 +71,16 @@ teardown_file() {
     check_result contains-values-schema
 }
 
+@test "contains-test" {
+    check_result contains-test
+}
+
+@test "chart-testing" {
+    skip "Skipping since this test requires a kubernetes/openshift cluster"
+    check_result chart-testing
+}
+
 @test "images-are-certified" {
     skip "Skipping until this has been addressed"
     check_result images-are-certified
 }
-
-@test "contains-test" {
-    skip "Skipping until this has been addressed"
-    check_result contains-test
-}