Feat helm unittest (#334)

* interim

* Delete Project.xml

* Update statefulset_test.yaml

* Create .gitignore

* Update values.yaml

* add unittest to workflow

* Update Chart.yaml

* Update statefulset_test.yaml

* more fixes and tests

* Update statefulset_test.yaml

* more tests

* add back command

* Update statefulset_test.yaml

* revert fixes to be included in another pr

---------

Co-authored-by: PePe Amengual <jose.amengual@gmail.com>

.github/workflows/lint-test.yaml

@@ -37,7 +37,10 @@ jobs:
           if [[ -n "$changed" ]]; then
             echo "changed=true" >> "$GITHUB_OUTPUT"
           fi
-
+      - name: install helm unittests
+        if: steps.list-changed.outputs.changed == 'true'
+        run: |
+          helm plugin install --version v0.3.6 https://github.com/helm-unittest/helm-unittest
       - name: Run chart-testing (lint)
         if: steps.list-changed.outputs.changed == 'true'
         run: |

.gitignore

@@ -0,0 +1,3 @@
+# IDE or Editor-specific
+.idea/
+.vscode/

charts/atlantis/Chart.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 appVersion: v0.27.0
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 4.19.0
+version: 4.20.0
 keywords:
   - terraform
 home: https://www.runatlantis.io

charts/atlantis/templates/secret-webhook.yaml

@@ -23,7 +23,7 @@ data:
   {{- if .Values.bitbucket.baseURL }}
   bitbucket_secret: {{ required "bitbucket.secret is required if bitbucket.baseURL is specified." .Values.bitbucket.secret | b64enc }}
   {{- end}}
-  {{- end }} 
+  {{- end }}
   {{- if .Values.azuredevops }}
   azuredevops_token: {{ required "azuredevops.token is required if azuredevops configuration is specified." .Values.azuredevops.token | b64enc }}
   azuredevops_webhook_password: {{ required "azuredevops.webhookPassword is required if azuredevops configuration is specified." .Values.azuredevops.webhookPassword | b64enc }}

charts/atlantis/templates/statefulset.yaml

@@ -181,9 +181,9 @@ spec:
           {{- if .Values.command }}
           command:
           {{- range .Values.command }}
-          - {{ . }}
-          {{- end }}
-          {{- end }}
+            - {{ . }}
+            {{- end }}
+            {{- end }}
           args:
             - server
             {{- if .Values.config }}

charts/atlantis/tests/secret-api_test.yaml

@@ -0,0 +1,38 @@
+---
+suite: test secret-api for api secret
+templates:
+  - secret-api.yaml
+release:
+  name: my-release
+tests:
+  - it: default values
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: apiSecretName
+    set:
+      apiSecretName: 'atlantis-api'
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: apiSecret
+    set:
+      api.secret: 'spongebob'
+      commonLabels:
+        team: "infra"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Secret
+      - isAPIVersion:
+          of: v1
+      - equal:
+          path: metadata.name
+          value: my-release-atlantis-api
+      - equal:
+          path: data["apisecret"]
+          value: c3BvbmdlYm9i
+      - equal:
+          path: metadata.labels.team
+          value: infra

charts/atlantis/tests/secret-aws_test.yaml

@@ -0,0 +1,52 @@
+---
+suite: test secret-aws for aws
+templates:
+  - secret-aws.yaml
+release:
+  name: my-release
+tests:
+  - it: default values
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: awsSecretName
+    set:
+      awsSecretName: 'atlantis-aws'
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: aws
+    set:
+      aws:
+        credentials: |
+          [default]
+          aws_access_key_id=YOUR_ACCESS_KEY_ID
+          aws_secret_access_key=YOUR_SECRET_ACCESS_KEY
+          region=us-east-1
+        config: |
+          [profile a_role_to_assume]
+          role_arn = arn:aws:iam::123456789:role/service-role/roleToAssume
+          source_profile = default
+      commonLabels:
+        team: "infra"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Secret
+      - isAPIVersion:
+          of: v1
+      - equal:
+            path: metadata.name
+            value: my-release-atlantis-aws
+      - equal:
+            path: data["config"]
+            value: W3Byb2ZpbGUgYV9yb2xlX3RvX2Fzc3VtZV0Kcm9sZV9hcm4gPSBhcm46YXdzOmlhbTo6MTIzNDU2Nzg5OnJvbGUvc2VydmljZS1yb2xlL3JvbGVUb0Fzc3VtZQpzb3VyY2VfcHJvZmlsZSA9IGRlZmF1bHQK
+      - equal:
+            path: data["credentials"]
+            value: W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkPVlPVVJfQUNDRVNTX0tFWV9JRAphd3Nfc2VjcmV0X2FjY2Vzc19rZXk9WU9VUl9TRUNSRVRfQUNDRVNTX0tFWQpyZWdpb249dXMtZWFzdC0xCg==
+      - equal:
+            path: metadata.labels.team
+            value: infra
+
+

charts/atlantis/tests/secret-basic-auth_test.yaml

@@ -0,0 +1,44 @@
+---
+suite: test secret-basic-auth for git basic-auth secret
+templates:
+  - secret-basic-auth.yaml
+release:
+  name: my-release
+tests:
+  - it: default values
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: basicAuthSecretName
+    set:
+      basicAuthSecretName: "atlantis-basic-auth"
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: basicAuth
+    set:
+      basicAuth:
+        username: "atlantis"
+        password: "forever"
+      commonLabels:
+        team: "infra"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Secret
+      - isAPIVersion:
+          of: v1
+      - equal:
+          path: metadata.name
+          value: my-release-atlantis-basic-auth
+      - equal:
+          path: data["username"]
+          value: YXRsYW50aXM=
+      - equal:
+          path: data["password"]
+          value: Zm9yZXZlcg==
+      - equal:
+          path: metadata.labels.team
+          value: infra
+

charts/atlantis/tests/secret-gitconfig_test.yaml

@@ -0,0 +1,45 @@
+---
+suite: test secret-gitconfig for gitconfig
+templates:
+  - secret-gitconfig.yaml
+release:
+  name: my-release
+tests:
+  - it: default values
+    template: secret-gitconfig.yaml
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: gitconfigSecretName
+    template: secret-gitconfig.yaml
+    set:
+      gitconfigSecretName: 'atlantis-gitconfig'
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: gitconfig
+    template: secret-gitconfig.yaml
+    set:
+      gitconfig: |
+        [url "https://YOUR_GH_TOKEN@github.com"]
+        insteadOf = https://github.com
+      commonLabels:
+        team: "infra"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Secret
+      - isAPIVersion:
+          of: v1
+      - equal:
+            path: metadata.name
+            value: my-release-atlantis-gitconfig
+      - equal:
+            path: data["gitconfig"]
+            value: W3VybCAiaHR0cHM6Ly9ZT1VSX0dIX1RPS0VOQGdpdGh1Yi5jb20iXQppbnN0ZWFkT2YgPSBodHRwczovL2dpdGh1Yi5jb20K
+      - equal:
+            path: metadata.labels.team
+            value: infra
+
+

charts/atlantis/tests/secret-netrc_test.yaml

@@ -0,0 +1,42 @@
+---
+suite: test secret-netrc for netrc
+templates:
+  - secret-netrc.yaml
+release:
+  name: my-release
+tests:
+  - it: default values
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: netrcSecretName
+    set:
+      netrcSecretName: 'atlantis-netrc'
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: netrc
+    set:
+      netrc: |
+        machine artifactory.myapp.com login YOUR_USERNAME password YOUR_PASSWORD
+        machine bitbucket.myapp.com login YOUR_USERNAME password YOUR_PASSWORD
+      commonLabels:
+        team: "infra"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Secret
+      - isAPIVersion:
+          of: v1
+      - equal:
+            path: metadata.name
+            value: my-release-atlantis-netrc
+      - equal:
+            path: data["netrc"]
+            value: bWFjaGluZSBhcnRpZmFjdG9yeS5teWFwcC5jb20gbG9naW4gWU9VUl9VU0VSTkFNRSBwYXNzd29yZCBZT1VSX1BBU1NXT1JECm1hY2hpbmUgYml0YnVja2V0Lm15YXBwLmNvbSBsb2dpbiBZT1VSX1VTRVJOQU1FIHBhc3N3b3JkIFlPVVJfUEFTU1dPUkQK
+      - equal:
+            path: metadata.labels.team
+            value: infra
+
+

charts/atlantis/tests/secret-service-account_test.yaml

@@ -0,0 +1,57 @@
+---
+suite: test secret-service-account for serviceAccountSecrets
+templates:
+  - secret-service-account.yaml
+release:
+  name: my-release
+tests:
+  - it: default values
+    template: secret-service-account.yaml
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: serviceAccountSecrets
+    template: secret-service-account.yaml
+    set:
+      serviceAccountSecrets:
+        credentials: VG9ueSBTb3ByYW5v
+        credentials-staging: Q2FybWVsYSBTb3ByYW5v
+      commonLabels:
+        team: infra
+    asserts:
+      - hasDocuments:
+          count: 2
+      - isKind:
+          of: Secret
+      - isAPIVersion:
+          of: v1
+      - equal:
+            path: metadata.labels.component
+            value: service-account-secret
+      - documentIndex: 0
+        equal:
+            path: data["service-account.json"]
+            value: VG9ueSBTb3ByYW5v
+      - documentIndex: 0
+        equal:
+            path: metadata.name
+            value: credentials
+      - documentIndex: 0
+        equal:
+            path: metadata.labels.team
+            value: infra
+      - documentIndex: 1
+        equal:
+            path: data["service-account.json"]
+            value: Q2FybWVsYSBTb3ByYW5v
+      - documentIndex: 1
+        equal:
+            path: metadata.name
+            value: credentials-staging
+      - documentIndex: 1
+        equal:
+            path: metadata.labels.team
+            value: infra
+
+
+