Add unit test coverage for clusterrole + podsecuritypolicy

hashicorp · Oct 28, 2022 · fb3161e · fb3161e
1 parent 5af4a55
commit fb3161e
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 0 deletions.
diff --git a/charts/consul/test/unit/api-gateway-controller-clusterrole.bats b/charts/consul/test/unit/api-gateway-controller-clusterrole.bats
@@ -19,3 +19,16 @@ load _helpers
       yq 'length > 0' | tee /dev/stderr)
   [ "${actual}" = "true" ]
 }
+
+@test "apiGateway/ClusterRole: uses PodSecurityPolicy with apiGateway.enabled=true and global.enablePodSecurityPolicies=true" {
+   cd 'chart_dir'
+   local actual=$(helm template \
+     -s templates/api-gateway-controller-clusterrole.yaml  \
+     --set 'global.enablePodSecurityPolicies' \
+     --set 'apiGateway.enabled=true' \
+     --set 'apiGateway.image=foo' \
+     . | tee /dev/stderr |
+     yq '.rules[] | select(.resourceNames[] == "consul-api-gateway-controller") | select(.resources[] == "podsecuritypolicies") | length > 0' |
+     tee /dev/stderr)
+ [ "${actual}" = "true" ]
+}
diff --git a/charts/consul/test/unit/api-gateway-controller-podsecuritypolicy.bats b/charts/consul/test/unit/api-gateway-controller-podsecuritypolicy.bats
@@ -0,0 +1,22 @@
+#!/usr/bin/env bats
+
+load _helpers
+
+@test "apiGateway/PodSecurityPolicy: disabled by default" {
+  cd `chart_dir`
+  assert_empty helm template \
+      -s templates/api-gateway-controller-podsecuritypolicy.yaml  \
+      .
+}
+
+@test "apiGateway/PodSecurityPolicy: enabled with apiGateway.enabled=true and global.enablePodSecurityPolicies=true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/api-gateway-controller-podsecuritypolicy.yaml  \
+      --set 'global.enablePodSecurityPolicies=true' \
+      --set 'apiGateway.enabled=true' \
+      --set 'apiGateway.image=foo' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}