Add volumes and env vars to helm hook test pod (#673)

* Fix test typo

* Add basic server-test Pod tests

 - This covers all existing functionality that matches what's
   present in server-statefulset.bats

* Fix server-test helm hook Pod rendering

 - Properly adhere to the global.enabled flag and the presence of
   the injector.externalVaultAddr setting, the same way that
   the servers StatefulSet behaves

* Add volumes and env vars to helm hook test pod

 - Uses the same extraEnvironmentVars, volumes and volumeMounts set on
   the server statefulset to configure the Vault server test pod used by
   the helm test hook
 - This is necessary in situations where TLS is configured, but the
   certificates are not affiliated with the k8s CA / part of k8s PKI

 - Fixes GH-665

CHANGELOG.md

@@ -8,6 +8,7 @@ Features:
 
 Improvements:
 * Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
 
 ## 0.18.0 (November 17th, 2021)
 

templates/tests/server-test.yaml

@@ -1,4 +1,6 @@
-{{- if .Values.server.enabled }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }}
 apiVersion: v1
 kind: Pod
 metadata:
@@ -15,6 +17,7 @@ spec:
       env:
         - name: VAULT_ADDR
           value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
       command:
         - /bin/sh
         - -c
@@ -35,6 +38,14 @@ spec:
           fi
 
           exit 0
-
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
   restartPolicy: Never
 {{- end }}
+{{- end }}

test/unit/server-statefulset.bats

@@ -537,7 +537,7 @@ load _helpers
   cd `chart_dir`
   local object=$(helm template \
       --show-only templates/server-statefulset.yaml  \
-      --set 'server.stanadlone.enabled=true' \
+      --set 'server.standalone.enabled=true' \
       --set 'server.extraEnvironmentVars.FOO=bar' \
       --set 'server.extraEnvironmentVars.FOOBAR=foobar' \
       . | tee /dev/stderr |

test/unit/server-test.bats

@@ -0,0 +1,241 @@
+#!/usr/bin/env bats
+
+load _helpers
+
+#--------------------------------------------------------------------
+# disable / enable server deployment
+
+@test "server/server-test-Pod: disabled server.enabled" {
+  cd `chart_dir`
+  local actual=$( (helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.enabled=false' \
+      . || echo "---") | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "server/server-test-Pod: disabled server.enabled random string" {
+  cd `chart_dir`
+  local actual=$( (helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.enabled=blabla' \
+      . || echo "---") | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "server/server-test-Pod: enabled server.enabled explicit true" {
+  cd `chart_dir`
+  local actual=$( (helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.enabled=true' \
+      . || echo "---") | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+#--------------------------------------------------------------------
+
+@test "server/standalone-server-test-Pod: default server.standalone.enabled" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "server/standalone-server-test-Pod: enable with server.standalone.enabled true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.standalone.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "server/ha-server-test-Pod: enable with server.ha.enabled true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.ha.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "server/standalone-server-test-Pod: disable with global.enabled" {
+  cd `chart_dir`
+  local actual=$( (helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'global.enabled=false' \
+      --set 'server.standalone.enabled=true' \
+      . || echo "---") | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "server/standalone-server-test-Pod: disable with injector.externalVaultAddr" {
+  cd `chart_dir`
+  local actual=$( (helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'injector.externalVaultAddr=http://vault-outside' \
+      --set 'server.standalone.enabled=true' \
+      . || echo "---") | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "server/standalone-server-test-Pod: image defaults to server.image.repository:tag" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.image.repository=foo' \
+      --set 'server.image.tag=1.2.3' \
+      . | tee /dev/stderr |
+      yq -r '.spec.containers[0].image' | tee /dev/stderr)
+  [ "${actual}" = "foo:1.2.3" ]
+
+  local actual=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.image.repository=foo' \
+      --set 'server.image.tag=1.2.3' \
+      --set 'server.standalone.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.containers[0].image' | tee /dev/stderr)
+  [ "${actual}" = "foo:1.2.3" ]
+}
+
+@test "server/standalone-server-test-Pod: image tag defaults to latest" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.image.repository=foo' \
+      --set 'server.image.tag=' \
+      . | tee /dev/stderr |
+      yq -r '.spec.containers[0].image' | tee /dev/stderr)
+  [ "${actual}" = "foo:latest" ]
+
+  local actual=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.image.repository=foo' \
+      --set 'server.image.tag=' \
+      --set 'server.standalone.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.containers[0].image' | tee /dev/stderr)
+  [ "${actual}" = "foo:latest" ]
+}
+
+@test "server/standalone-server-test-Pod: default imagePullPolicy" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      . | tee /dev/stderr |
+      yq -r '.spec.containers[0].imagePullPolicy' | tee /dev/stderr)
+  [ "${actual}" = "IfNotPresent" ]
+}
+
+@test "server/standalone-server-test-Pod: Custom imagePullPolicy" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.image.pullPolicy=Always' \
+      . | tee /dev/stderr |
+      yq -r '.spec.containers[0].imagePullPolicy' | tee /dev/stderr)
+  [ "${actual}" = "Always" ]
+}
+
+#--------------------------------------------------------------------
+# resources
+
+@test "server/standalone-server-test-Pod: default resources" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.standalone.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.containers[0].resources' | tee /dev/stderr)
+  [ "${actual}" = "null" ]
+}
+
+#--------------------------------------------------------------------
+# volumes
+
+@test "server/standalone-server-test-Pod: server.volumes adds volume" {
+  cd `chart_dir`
+
+  # Test that it defines it
+  local object=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.volumes[0].name=plugins' \
+      --set 'server.volumes[0].emptyDir=\{\}' \
+      . | tee /dev/stderr |
+      yq -r '.spec.volumes[] | select(.name == "plugins")' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.emptyDir' | tee /dev/stderr)
+  [ "${actual}" = "{}" ]
+}
+
+#--------------------------------------------------------------------
+# volumeMounts
+
+@test "server/standalone-server-test-Pod: server.volumeMounts adds volumeMount" {
+  cd `chart_dir`
+
+  # Test that it defines it
+  local object=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.volumeMounts[0].name=plugins' \
+      --set 'server.volumeMounts[0].mountPath=/usr/local/libexec/vault' \
+      --set 'server.volumeMounts[0].readOnly=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.containers[0].volumeMounts[] | select(.name == "plugins")' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.mountPath' | tee /dev/stderr)
+  [ "${actual}" = "/usr/local/libexec/vault" ]
+
+  local actual=$(echo $object |
+      yq -r '.readOnly' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+#--------------------------------------------------------------------
+# extraEnvironmentVars
+
+@test "server/standalone-server-test-Pod: set extraEnvironmentVars" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.standalone.enabled=true' \
+      --set 'server.extraEnvironmentVars.FOO=bar' \
+      --set 'server.extraEnvironmentVars.FOOBAR=foobar' \
+      . | tee /dev/stderr |
+      yq -r '.spec.containers[0].env' | tee /dev/stderr)
+
+  local name=$(echo $object |
+      yq -r 'map(select(.name=="FOO")) | .[] .value' | tee /dev/stderr)
+  [ "${name}" = "bar" ]
+
+  local name=$(echo $object |
+      yq -r 'map(select(.name=="FOOBAR")) | .[] .value' | tee /dev/stderr)
+  [ "${name}" = "foobar" ]
+
+  local object=$(helm template \
+      --show-only templates/tests/server-test.yaml  \
+      --set 'server.extraEnvironmentVars.FOO=bar' \
+      --set 'server.extraEnvironmentVars.FOOBAR=foobar' \
+      . | tee /dev/stderr |
+      yq -r '.spec.containers[0].env' | tee /dev/stderr)
+
+  local name=$(echo $object |
+      yq -r 'map(select(.name=="FOO")) | .[] .value' | tee /dev/stderr)
+  [ "${name}" = "bar" ]
+
+  local name=$(echo $object |
+      yq -r 'map(select(.name=="FOOBAR")) | .[] .value' | tee /dev/stderr)
+  [ "${name}" = "foobar" ]
+}