From 4a74fee06db9d11b7cba1b2169b80c03e99a8e86 Mon Sep 17 00:00:00 2001
From: Reddysekhar Gaduputi <gsekhar73@gmail.com>
Date: Wed, 29 May 2024 12:06:19 +0530
Subject: [PATCH] Add helm chart tests for admission-webhooks (#11375)

Signed-off-by: Reddysekhar Gaduputi <gsekhar73@gmail.com>
---
 .../admission-webhooks-clusterrole_test.yaml  | 11 +++++
 ...sion-webhooks-clusterrolebinding_test.yaml | 11 +++++
 .../admission-webhooks-role_test.yaml         | 11 +++++
 .../admission-webhooks-rolebinding_test.yaml  | 11 +++++
 ...mission-webhooks-service-account_test.yaml | 47 +++++++++++++++++++
 5 files changed, 91 insertions(+)
 create mode 100644 charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-clusterrole_test.yaml
 create mode 100644 charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-clusterrolebinding_test.yaml
 create mode 100644 charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-role_test.yaml
 create mode 100644 charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-rolebinding_test.yaml
 create mode 100644 charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-service-account_test.yaml

diff --git a/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-clusterrole_test.yaml b/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-clusterrole_test.yaml
new file mode 100644
index 0000000000..5535b62ff2
--- /dev/null
+++ b/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-clusterrole_test.yaml
@@ -0,0 +1,11 @@
+suite: AdmissionWebhooks > RBAC > ClusterRole
+templates:
+  - admission-webhooks/job-patch/clusterrole.yaml
+
+tests:
+  - it: should not create ClusterRole if `controller.admissionWebhooks.rbac.create` is false
+    set:
+      controller.admissionWebhooks.rbac.create: false
+    asserts:
+      - hasDocuments:
+          count: 0
diff --git a/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-clusterrolebinding_test.yaml b/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-clusterrolebinding_test.yaml
new file mode 100644
index 0000000000..8c8a728c66
--- /dev/null
+++ b/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-clusterrolebinding_test.yaml
@@ -0,0 +1,11 @@
+suite: AdmissionWebhooks > RBAC > ClusterRoleBinding
+templates:
+  - admission-webhooks/job-patch/clusterrolebinding.yaml
+
+tests:
+  - it: should not create ClusterRoleBinding if `controller.admissionWebhooks.rbac.create` is false
+    set:
+      controller.admissionWebhooks.rbac.create: false
+    asserts:
+      - hasDocuments:
+          count: 0
diff --git a/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-role_test.yaml b/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-role_test.yaml
new file mode 100644
index 0000000000..ed829ae4d0
--- /dev/null
+++ b/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-role_test.yaml
@@ -0,0 +1,11 @@
+suite: AdmissionWebhooks > RBAC > Role
+templates:
+  - admission-webhooks/job-patch/role.yaml
+
+tests:
+  - it: should not create Role if `controller.admissionWebhooks.rbac.create` is false
+    set:
+      controller.admissionWebhooks.rbac.create: false
+    asserts:
+      - hasDocuments:
+          count: 0
diff --git a/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-rolebinding_test.yaml b/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-rolebinding_test.yaml
new file mode 100644
index 0000000000..748ece8a63
--- /dev/null
+++ b/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-rolebinding_test.yaml
@@ -0,0 +1,11 @@
+suite: AdmissionWebhooks > RBAC > RoleBinding
+templates:
+  - admission-webhooks/job-patch/rolebinding.yaml
+
+tests:
+  - it: should not create RoleBinding if `controller.admissionWebhooks.rbac.create` is false
+    set:
+      controller.admissionWebhooks.rbac.create: false
+    asserts:
+      - hasDocuments:
+          count: 0
diff --git a/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-service-account_test.yaml b/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-service-account_test.yaml
new file mode 100644
index 0000000000..efd094cf86
--- /dev/null
+++ b/charts/ingress-nginx/tests/admission-webhooks/admission-webhooks-service-account_test.yaml
@@ -0,0 +1,47 @@
+suite: AdmissionWebhooks > ServiceAccount
+templates:
+  - admission-webhooks/serviceaccount.yaml
+
+tests:
+  - it: should not create a ServiceAccount if `controller.admissionWebhooks.serviceAccount.create` is false
+    set:
+      controller.admissionWebhooks.serviceAccount.create: false
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should create a ServiceAccount if `controller.admissionWebhooks.serviceAccount.create` is true
+    set:
+      controller.admissionWebhooks.serviceAccount.create: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: ServiceAccount
+      - equal:
+          path: metadata.name
+          value: ingress-nginx-admission
+
+  - it: should create a ServiceAccount with specified name if `controller.admissionWebhooks.serviceAccount.name` is set to non-empty value
+    set:
+      controller.admissionWebhooks.serviceAccount.name: ingress-nginx-admission-test-sa
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: ServiceAccount
+      - equal:
+          path: metadata.name
+          value: ingress-nginx-admission-test-sa
+
+  - it: automountServiceAccountToken in ServiceAccount should be false if `controller.admissionWebhooks.serviceAccount.automountServiceAccountToken` is false
+    set:
+      controller.admissionWebhooks.serviceAccount.automountServiceAccountToken: false
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: ServiceAccount
+      - equal:
+          path: automountServiceAccountToken
+          value: false