test(unit): add template tests (#159)

.github/workflows/unittest.yml

@@ -0,0 +1,41 @@
+name: Helm unit tests
+
+on:
+  push:
+    branches:
+      - main
+      - v[0-9]+
+      - v[0-9]+.[0-9]+
+      - cryostat-v[0-9]+.[0-9]+
+
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - labeled
+      - unlabeled
+    branches:
+      - main
+      - v[0-9]+
+      - v[0-9]+.[0-9]+
+      - cryostat-v[0-9]+.[0-9]+
+
+jobs:
+  helm-unittests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: fail if safe-to-test label NOT applied
+        if: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'safe-to-test') }}
+        run: exit 1
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v3.14.4
+      - name: Install unit test plugin
+        run: helm plugin install https://github.com/helm-unittest/helm-unittest.git --version v0.5.1
+      - name: Run Helm unit tests
+        run: helm unittest --debug ./charts/cryostat

charts/cryostat/Chart.yaml

@@ -26,7 +26,7 @@ keywords:
 - diagnostic
 
 sources:
-- https://github.com/cryostatio/cryostat3
+- https://github.com/cryostatio/cryostat
 - https://github.com/cryostatio/cryostat-core
 - https://github.com/cryostatio/cryostat-web
 - https://github.com/cryostatio/jfr-datasource

charts/cryostat/TESTING.md

@@ -0,0 +1,148 @@
+# Testing Guide for Cryostat Helm Chart
+
+This guide outlines the conventions and practices for writing and executing tests in the Cryostat Helm chart project using the Helm Unittest plugin.
+
+## Overview
+
+Helm Unittest is a Helm plugin that allows to write declarative tests for Helm charts. It enables testing the rendered templates of a Helm chart with specified values without the need for any running Kubernetes cluster.
+
+# Testing Guide for Cryostat Helm Chart
+
+## Requirements
+
+Before running tests, you need to have the following tools installed:
+
+- **Helm:** Helm is a package manager for Kubernetes needed to manage the charts.
+  `Required version: >= v3.14.4`
+- **Helm Unittest Plugin:** This plugin enables unit testing for Helm charts.
+  `Required version: >= v0.5.1`
+
+## Installation
+
+##### Installing Helm
+
+Helm can be installed on a variety of platforms. [Official Helm installation documentation](https://helm.sh/docs/intro/install/) provides detailed instructions.
+
+##### Installing Helm Unittest Plugin
+
+Once Helm is installed, you can install the Helm Unittest plugin.
+First, verify whether the Helm Unittest plugin has been successfully installed, you can use the following command to list all installed Helm plugins:
+```bash
+helm plugin list
+```
+This command will display a list of all plugins currently installed in your Helm environment, including the Helm Unittest plugin if it's already installed. Look for an entry named unittest in the output. If it's listed, then the Helm Unittest plugin is installed correctly. For example:
+```
+❯ helm plugin list
+
+NAME    	VERSION	DESCRIPTION
+unittest	0.5.1  	Unit test for helm chart in YAML with ease
+to keep your chart functional and robust.
+```
+If the Helm Unittest plugin is not listed, you can install it using the following command:
+```bash
+$ helm plugin install https://github.com/helm-unittest/helm-unittest.git
+```
+This will install the latest version of binary into helm plugin directory.
+
+## Writing Tests
+
+Each test is associated with a specific Helm template and is structured to validate specific aspects of that template. Here's a general structure for writing tests:
+
+1. **Test Suite:** A collection of tests related to a particular aspect of the chart, usually corresponding to a specific template file.
+2. **Test Cases:** Each test case should focus on a single aspect or feature of the chart. Test cases can have different configurations set through the `set` directive to simulate different environments or scenarios.
+3. **Assertions:** Test cases contain assertions that specify the expected output of the rendered templates. Assertions can check for the existence of objects, equality of values, matching patterns, and more.
+
+##### Naming Conventions for Test Files
+The naming convention for test files typically mirrors the name of the template they are testing with a `_test` suffix. For example:
+
+- service.yaml ➔ service_test.yaml
+- deployment.yaml ➔ deployment_test.yaml
+
+## Directory Structure
+
+Tests are organized under the `tests/` directory, with each test file corresponding to a template in the `templates/` directory:
+
+```plaintext
+cryostat-helm/
+├── charts
+│   └── cryostat
+│       ├── Chart.yaml
+│       ├── templates
+│       │   ├── alpha_config.yaml
+│       │   ├── ...
+│       │   └── tests
+│       │       ├── test-core-connection.yaml
+│       │       └── ...
+│       ├── TESTING.md
+│       ├── tests
+│       │   ├── alpha_config_test.yaml
+│       │   ├── ...
+│       │   ├── __snapshot__
+│       │   └── storage_access_secret_test.yaml
+│       ├── values.schema.json
+│       └── values.yaml
+
+```
+In addition, Cryostat Helm chart includes integration tests located in the `templates/tests` directory and are executed using `helm test`. These tests are different from unit tests in that they involve actual deployment of resources to a Kubernetes cluster to validate the integrated operation of those resources.
+
+## Test File Structure
+
+Here's an example of what a test file looks like:
+
+```yaml
+suite: <Name of Test Suite>
+templates:
+  - <path to template from chart root>
+tests:
+  - it: <description of what the test does>
+    set:
+      <values to be set>
+    asserts:
+      - <assert type>:
+          path: <path to value to test>
+          value: <expected value>
+```
+## Common Assertions
+- `equal`: Checks if the actual value at path equals the expected value.
+- `matchRegex`: Validates if the actual string matches the given regex pattern.
+- `exists`: Checks if the specified path exists in the document.
+- `notExists`: Ensures the specified path does not exist in the document.
+
+Visit [this document](https://github.com/helm-unittest/helm-unittest/blob/main/DOCUMENT.md#assertion-types) for more assertion types.
+## Running Tests
+
+Once Unittest plugin has been installed, tests can be executed by running the following command:
+```bash
+$ helm unittest <path-to-chart-directory>
+```
+In the case of `cryostat-helm`, the command would be:
+
+```bash
+$ helm unittest ./charts/cryostat
+```
+To run test for a specific test file, use the `-f` flag with helm unittest to specify the test file to be executed. Here's the command format:
+
+```bash
+$ helm unittest -f tests/<testfile>.yaml ./charts/<chartname>
+```
+This command will run the test for `service_test.yaml` file:
+
+```bash
+$ helm unittest -f tests/service_test.yaml ./charts/cryostat
+```
+## Additional Resources and Documentation
+
+For more infomation on Helm and writing tests for Helm charts, the following resources can be invaluable:
+
+### Helm Documentation
+
+- **Helm Official Documentation:** Provides comprehensive guides, tutorials, and reference material for working with Helm.
+  [Helm Documentation](https://helm.sh/docs/)
+
+- **Helm Chart Best Practices:** A guide by the Helm community outlining best practices for creating and managing Helm charts.
+  [Helm Chart Best Practices](https://helm.sh/docs/chart_best_practices/)
+
+### Helm Unittest Plugin
+
+- **Helm Unittest GitHub Repository:** Contains the source code, installation instructions, and detailed usage examples of the Helm Unittest plugin.
+  [Helm Unittest on GitHub](https://github.com/helm-unittest/helm-unittest)

charts/cryostat/templates/deployment.yaml

@@ -56,15 +56,15 @@ spec:
           - name: QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION
             value: drop-and-create
           - name: QUARKUS_DATASOURCE_USERNAME
-            value: cryostat3
+            value: cryostat
           - name: QUARKUS_DATASOURCE_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: {{ default (printf "%s-db" .Release.Name) .Values.core.databaseSecretName }}
                 key: CONNECTION_KEY
                 optional: false
           - name: QUARKUS_DATASOURCE_JDBC_URL
-            value: jdbc:postgresql://localhost:5432/cryostat3
+            value: jdbc:postgresql://localhost:5432/cryostat
           - name: STORAGE_BUCKETS_ARCHIVES_NAME
             value: archivedrecordings
           - name: QUARKUS_S3_ENDPOINT_OVERRIDE
@@ -126,15 +126,15 @@ spec:
           imagePullPolicy: {{ (.Values.db).image.pullPolicy }}
           env:
           - name: POSTGRESQL_USER
-            value: cryostat3
+            value: cryostat
           - name: POSTGRESQL_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: {{ default (printf "%s-db" .Release.Name) .Values.core.databaseSecretName }}
                 key: CONNECTION_KEY
                 optional: false
           - name: POSTGRESQL_DATABASE
-            value: cryostat3
+            value: cryostat
           - name: PG_ENCRYPT_KEY
             valueFrom:
               secretKeyRef:
@@ -153,9 +153,9 @@ spec:
               command:
               - pg_isready
               - -U
-              - cryostat3
+              - cryostat
               - -d
-              - cryostat3
+              - cryostat
         - name: {{ printf "%s-%s" .Chart.Name "storage" }}
           securityContext:
             {{- toYaml (.Values.storage).securityContext | nindent 12 }}

charts/cryostat/templates/pvc.yaml

@@ -11,7 +11,7 @@ metadata:
   {{- end }}
 spec:
   {{- with .Values.pvc.accessModes }}
-  accessModes: 
+  accessModes:
     {{- toYaml . | nindent 4 }}
   {{- end }}
   resources:

charts/cryostat/tests/alpha_config_test.yaml

@@ -0,0 +1,28 @@
+suite: test alpha_config.yaml
+templates:
+  - templates/alpha_config.yaml
+
+tests:
+  - it: should contain server configuration in alpha_config.yaml
+    asserts:
+      - matchRegex:
+          path: data['alpha_config.yaml']
+          pattern: "server:\\s*BindAddress: http://0.0.0.0:4180"
+
+  - it: should contain upstream configurations in alpha_config.yaml
+    asserts:
+      - matchRegex:
+          path: data['alpha_config.yaml']
+          pattern: "upstreamConfig:\\s*proxyRawPath: true\\s*upstreams:\\s*- id: cryostat\\s*path: /\\s*uri: http://localhost:8181"
+      - matchRegex:
+          path: data['alpha_config.yaml']
+          pattern: "- id: grafana\\s*path: /grafana/\\s*uri: http://localhost:3000"
+      - matchRegex:
+          path: data['alpha_config.yaml']
+          pattern: "- id: storage\\s*path: \\^/storage/\\(\\.\\*\\)\\$\\s*rewriteTarget: /\\$1\\s*uri: http://localhost:8333\\s*passHostHeader: false\\s*proxyWebSockets: false"
+
+  - it: should contain provider configuration in alpha_config.yaml
+    asserts:
+      - matchRegex:
+          path: data['alpha_config.yaml']
+          pattern: "providers:\\s*- id: dummy\\s*name: Unused - Sign In Below\\s*clientId: CLIENT_ID\\s*clientSecret: CLIENT_SECRET\\s*provider: google"

charts/cryostat/tests/clusterrolebinding_test.yaml

@@ -0,0 +1,65 @@
+suite: test clusterrolebinding.yaml
+templates:
+  - clusterrolebinding.yaml
+
+tests:
+  - it: should create a ClusterRoleBinding when RBAC and OpenShift authentication are enabled
+    set:
+      rbac.create: true
+      authentication.openshift.enabled: true
+      authentication.openshift.clusterRole.name: system:auth-delegator
+    asserts:
+      - hasDocuments:
+          count: 1
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-cryostat
+      - equal:
+          path: roleRef.apiGroup
+          value: rbac.authorization.k8s.io
+      - equal:
+          path: roleRef.kind
+          value: ClusterRole
+      - equal:
+          path: roleRef.name
+          value: system:auth-delegator
+      - equal:
+          path: subjects[0].kind
+          value: ServiceAccount
+      - equal:
+          path: subjects[0].name
+          value: RELEASE-NAME-cryostat
+      - equal:
+          path: subjects[0].namespace
+          value: NAMESPACE
+
+  - it: should create a ClusterRoleBinding with a custom OpenShift cluster role
+    set:
+      rbac.create: true
+      authentication.openshift.enabled: true
+      authentication.openshift.clusterRole.name: custom-clusterrole
+    asserts:
+      - hasDocuments:
+          count: 1
+      - equal:
+          path: roleRef.name
+          value: custom-clusterrole
+
+
+  - it: should not create a ClusterRoleBinding when RBAC is disabled
+    set:
+      rbac.create: false
+      authentication.openshift.enabled: true
+      authentication.openshift.clusterRole.name: system:auth-delegator
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should not create a ClusterRoleBinding when OpenShift authentication is disabled
+    set:
+      rbac.create: true
+      authentication.openshift.enabled: false
+      authentication.openshift.clusterRole.name: system:auth-delegator
+    asserts:
+      - hasDocuments:
+          count: 0

charts/cryostat/tests/db_secret_test.yaml

@@ -0,0 +1,31 @@
+suite: test db_secret.yaml
+templates:
+  - db_secret.yaml
+
+tests:
+  - it: should create a database secret if core.databaseSecretName is not set
+    set:
+      core.databaseSecretName: ""
+    asserts:
+      - hasDocuments:
+          count: 1
+      - equal:
+          path: kind
+          value: Secret
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-db
+      - equal:
+          path: type
+          value: Opaque
+      - exists:
+          path: data.ENCRYPTION_KEY
+      - exists:
+          path: data.CONNECTION_KEY
+
+  - it: should not create a database secret if core.databaseSecretName is set
+    set:
+      core.databaseSecretName: "custom-db-secret"
+    asserts:
+      - hasDocuments:
+          count: 0