diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..d0dc851 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,34 @@ +name: Test Charts + +on: + pull_request: + branches: + - main + paths: + - 'charts/**' + push: + branches: + - main + paths: + - 'charts/**' + workflow_dispatch: + +jobs: + unit-tests: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@v3 + + - name: Install helm-unittests + run: | + helm plugin install https://github.com/helm-unittest/helm-unittest.git + + - name: Run Unit Tests + run: | + make test \ No newline at end of file diff --git a/.gitignore b/.gitignore index 4a14c74..7c049ee 100644 --- a/.gitignore +++ b/.gitignore @@ -132,4 +132,6 @@ Network Trash Folder Temporary Items .apdisk -.idea \ No newline at end of file +.idea +**/.debug +**/__snapshot__ \ No newline at end of file diff --git a/Makefile b/Makefile index 5beb381..2cac4cb 100644 --- a/Makefile +++ b/Makefile @@ -6,5 +6,8 @@ lint: $(foreach chart,$(HELM_CHARTS),helm lint charts/$(chart);) #$(foreach chart,$(INCUBATING_HELM_CHARTS),helm lint incubating/charts/$(chart);) +test: + $(foreach chart,$(HELM_CHARTS),helm unittest charts/$(chart);) + sync-crds: ./scripts/sync-crds.sh charts/risingwave-operator/crds \ No newline at end of file diff --git a/charts/risingwave-operator/.helmignore b/charts/risingwave-operator/.helmignore index 0e8a0eb..446ca36 100644 --- a/charts/risingwave-operator/.helmignore +++ b/charts/risingwave-operator/.helmignore @@ -21,3 +21,4 @@ .idea/ *.tmproj .vscode/ +tests \ No newline at end of file diff --git a/charts/risingwave/.helmignore b/charts/risingwave/.helmignore index 0e8a0eb..2d9d142 100644 --- a/charts/risingwave/.helmignore +++ b/charts/risingwave/.helmignore @@ -21,3 +21,4 @@ .idea/ *.tmproj .vscode/ +tests diff --git a/charts/risingwave/Chart.yaml b/charts/risingwave/Chart.yaml index 99062c2..977a4f0 100644 --- a/charts/risingwave/Chart.yaml +++ b/charts/risingwave/Chart.yaml @@ -29,12 +29,12 @@ appVersion: v1.6.1 dependencies: - name: etcd - version: "9.1.*" + version: "~9.14.3" repository: https://charts.bitnami.com/bitnami tags: - etcd - name: minio - version: "12.6.*" + version: "~13.7.0" repository: https://charts.bitnami.com/bitnami condition: stateStore.minio.enabled tags: diff --git a/charts/risingwave/tests/azblob_secret_test.yaml b/charts/risingwave/tests/azblob_secret_test.yaml new file mode 100644 index 0000000..315f851 --- /dev/null +++ b/charts/risingwave/tests/azblob_secret_test.yaml @@ -0,0 +1,97 @@ +suite: Test azblob secret +templates: +- templates/azblob-secret.yaml +chart: + appVersion: 1.0.0 + version: 0.0.1 +tests: +- it: disabled azblob should not render secret + set: + stateStore: + azblob: + enabled: false + asserts: + - hasDocuments: + count: 0 +- it: azblob authenticating with service account should not render secret + set: + stateStore: + minio: + enabled: false + azblob: + enabled: true + authentication: + useServiceAccount: true + asserts: + - hasDocuments: + count: 0 +- it: azblob authenticating with existing secret should not render secret + set: + stateStore: + minio: + enabled: false + azblob: + enabled: true + authentication: + useServiceAccount: false + existingSecretName: AZBLOB_SECRET + asserts: + - hasDocuments: + count: 0 +- it: azblob authenticating with credentials should pass + set: + stateStore: + minio: + enabled: false + azblob: + enabled: true + authentication: + useServiceAccount: false + accountName: ACCOUNT_NAME + accountKey: ACCOUNT_KEY + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: Secret + - equal: + path: metadata.name + value: RELEASE-NAME-risingwave-azblob + - isSubset: + path: metadata.labels + content: + helm.sh/chart: risingwave-0.0.1 + app.kubernetes.io/name: risingwave + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: 1.0.0 + app.kubernetes.io/instance: RELEASE-NAME + - notExists: + path: metadata.annotations + - equal: + path: stringData + value: + AZBLOB_ACCOUNT_NAME: "ACCOUNT_NAME" + AZBLOB_ACCOUNT_KEY: "ACCOUNT_KEY" +- it: common labels and annotations should work + set: + commonLabels: + LABEL: LABEL_V + commonAnnotations: + ANNOTATION: ANNOTATION_V + stateStore: + minio: + enabled: false + azblob: + enabled: true + asserts: + - isSubset: + path: metadata.labels + content: + LABEL: LABEL_V + - exists: + path: metadata.annotations + - isSubset: + path: metadata.annotations + content: + ANNOTATION: ANNOTATION_V \ No newline at end of file diff --git a/charts/risingwave/tests/etcd_secret_test.yaml b/charts/risingwave/tests/etcd_secret_test.yaml new file mode 100644 index 0000000..fec494f --- /dev/null +++ b/charts/risingwave/tests/etcd_secret_test.yaml @@ -0,0 +1,83 @@ +suite: Test etcd secret +templates: +- templates/etcd-secret.yaml +chart: + appVersion: 1.0.0 + version: 0.0.1 +tests: +- it: bundled etcd should not render secret + set: + tags.etcd: true + metaStore.etcd.authentication.enabled: true + asserts: + - hasDocuments: + count: 0 +- it: external etcd without authentication should not render secret + set: + tags.etcd: false + metaStore.etcd.authentication.enabled: false + template: etcd-secret.yaml + asserts: + - hasDocuments: + count: 0 +- it: external etcd with authentication should pass + set: + tags.etcd: false + metaStore: + etcd: + endpoints: + - external-etcd:1234 + authentication: + enabled: true + username: USERNAME + password: PASSWORD + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: Secret + - equal: + path: metadata.name + value: RELEASE-NAME-risingwave-etcd + - isSubset: + path: metadata.labels + content: + helm.sh/chart: risingwave-0.0.1 + app.kubernetes.io/name: risingwave + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: 1.0.0 + app.kubernetes.io/instance: RELEASE-NAME + - notExists: + path: metadata.annotations + - equal: + path: stringData + value: + RW_ETCD_USERNAME: "USERNAME" + RW_ETCD_PASSWORD: "PASSWORD" +- it: external etcd with authentication contains common labels and annotations + set: + tags.etcd: false + commonLabels: + LABEL: LABEL_V + commonAnnotations: + ANNOTATION: ANNOTATION_V + metaStore: + etcd: + endpoints: + - external-etcd:1234 + authentication: + enabled: true + username: USERNAME + password: PASSWORD + asserts: + - isSubset: + path: metadata.labels + content: + LABEL: LABEL_V + - exists: + path: metadata.annotations + - isSubset: + path: metadata.annotations + content: + ANNOTATION: ANNOTATION_V \ No newline at end of file diff --git a/charts/risingwave/tests/gcs_secret_test.yaml b/charts/risingwave/tests/gcs_secret_test.yaml new file mode 100644 index 0000000..29fd02c --- /dev/null +++ b/charts/risingwave/tests/gcs_secret_test.yaml @@ -0,0 +1,95 @@ +suite: Test gcs secret +templates: +- templates/gcs-secret.yaml +chart: + appVersion: 1.0.0 + version: 0.0.1 +tests: +- it: disabled gcs should not render secret + set: + stateStore: + gcs: + enabled: false + asserts: + - hasDocuments: + count: 0 +- it: gcs authenticating with service account should not render secret + set: + stateStore: + minio: + enabled: false + gcs: + enabled: true + authentication: + useServiceAccount: true + asserts: + - hasDocuments: + count: 0 +- it: gcs authenticating with existing secret should not render secret + set: + stateStore: + minio: + enabled: false + gcs: + enabled: true + authentication: + useServiceAccount: false + existingSecretName: GCS_SECRET + asserts: + - hasDocuments: + count: 0 +- it: gcs authenticating with credentials should pass + set: + stateStore: + minio: + enabled: false + gcs: + enabled: true + authentication: + useServiceAccount: false + credentials: CREDENTIALS + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: Secret + - equal: + path: metadata.name + value: RELEASE-NAME-risingwave-gcs + - isSubset: + path: metadata.labels + content: + helm.sh/chart: risingwave-0.0.1 + app.kubernetes.io/name: risingwave + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: 1.0.0 + app.kubernetes.io/instance: RELEASE-NAME + - notExists: + path: metadata.annotations + - equal: + path: stringData + value: + GOOGLE_APPLICATION_CREDENTIALS: "CREDENTIALS" +- it: common labels and annotations should work + set: + commonLabels: + LABEL: LABEL_V + commonAnnotations: + ANNOTATION: ANNOTATION_V + stateStore: + minio: + enabled: false + gcs: + enabled: true + asserts: + - isSubset: + path: metadata.labels + content: + LABEL: LABEL_V + - exists: + path: metadata.annotations + - isSubset: + path: metadata.annotations + content: + ANNOTATION: ANNOTATION_V \ No newline at end of file diff --git a/charts/risingwave/tests/minio_secret_test.yaml b/charts/risingwave/tests/minio_secret_test.yaml new file mode 100644 index 0000000..a5b1740 --- /dev/null +++ b/charts/risingwave/tests/minio_secret_test.yaml @@ -0,0 +1,89 @@ +suite: Test minio secret +templates: +- templates/minio-secret.yaml +chart: + appVersion: 1.0.0 + version: 0.0.1 +tests: +- it: disabled minio should not render secret + set: + stateStore: + minio: + enabled: false + asserts: + - hasDocuments: + count: 0 +- it: bundled minio should not render secret + set: + tags.minio: true + stateStore: + minio: + enabled: false + asserts: + - hasDocuments: + count: 0 +- it: external minio authenticating with existing secret should not render secret + set: + tags.minio: false + stateStore: + minio: + enabled: true + authentication: + existingSecretName: MINIO_SECRET + asserts: + - hasDocuments: + count: 0 +- it: external minio authenticating with credentials should pass + set: + tags.minio: false + stateStore: + minio: + enabled: true + authentication: + username: USERNAME + password: PASSWORD + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: Secret + - equal: + path: metadata.name + value: RELEASE-NAME-risingwave-minio + - isSubset: + path: metadata.labels + content: + helm.sh/chart: risingwave-0.0.1 + app.kubernetes.io/name: risingwave + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: 1.0.0 + app.kubernetes.io/instance: RELEASE-NAME + - notExists: + path: metadata.annotations + - equal: + path: stringData + value: + MINIO_USERNAME: "USERNAME" + MINIO_PASSWORD: "PASSWORD" +- it: common labels and annotations should work + set: + tags.minio: false + commonLabels: + LABEL: LABEL_V + commonAnnotations: + ANNOTATION: ANNOTATION_V + stateStore: + minio: + enabled: true + asserts: + - isSubset: + path: metadata.labels + content: + LABEL: LABEL_V + - exists: + path: metadata.annotations + - isSubset: + path: metadata.annotations + content: + ANNOTATION: ANNOTATION_V \ No newline at end of file diff --git a/charts/risingwave/tests/obs_secret_test.yaml b/charts/risingwave/tests/obs_secret_test.yaml new file mode 100644 index 0000000..3481202 --- /dev/null +++ b/charts/risingwave/tests/obs_secret_test.yaml @@ -0,0 +1,97 @@ +suite: Test obs secret +templates: +- templates/obs-secret.yaml +chart: + appVersion: 1.0.0 + version: 0.0.1 +tests: +- it: disabled obs should not render secret + set: + stateStore: + obs: + enabled: false + asserts: + - hasDocuments: + count: 0 +- it: obs authenticating with service account should not render secret + set: + stateStore: + minio: + enabled: false + obs: + enabled: true + authentication: + useServiceAccount: true + asserts: + - hasDocuments: + count: 0 +- it: obs authenticating with existing secret should not render secret + set: + stateStore: + minio: + enabled: false + obs: + enabled: true + authentication: + useServiceAccount: false + existingSecretName: OBS_SECRET + asserts: + - hasDocuments: + count: 0 +- it: obs authenticating with credentials should pass + set: + stateStore: + minio: + enabled: false + obs: + enabled: true + authentication: + useServiceAccount: false + accessKey: ACCESS_KEY + secretAccessKey: SECRET_ACCESS_KEY + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: Secret + - equal: + path: metadata.name + value: RELEASE-NAME-risingwave-obs + - isSubset: + path: metadata.labels + content: + helm.sh/chart: risingwave-0.0.1 + app.kubernetes.io/name: risingwave + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: 1.0.0 + app.kubernetes.io/instance: RELEASE-NAME + - notExists: + path: metadata.annotations + - equal: + path: stringData + value: + OBS_ACCESS_KEY_ID: "ACCESS_KEY" + OBS_SECRET_ACCESS_KEY: "SECRET_ACCESS_KEY" +- it: common labels and annotations should work + set: + commonLabels: + LABEL: LABEL_V + commonAnnotations: + ANNOTATION: ANNOTATION_V + stateStore: + minio: + enabled: false + obs: + enabled: true + asserts: + - isSubset: + path: metadata.labels + content: + LABEL: LABEL_V + - exists: + path: metadata.annotations + - isSubset: + path: metadata.annotations + content: + ANNOTATION: ANNOTATION_V \ No newline at end of file diff --git a/charts/risingwave/tests/oss_secret_test.yaml b/charts/risingwave/tests/oss_secret_test.yaml new file mode 100644 index 0000000..a6d04c8 --- /dev/null +++ b/charts/risingwave/tests/oss_secret_test.yaml @@ -0,0 +1,97 @@ +suite: Test oss secret +templates: +- templates/oss-secret.yaml +chart: + appVersion: 1.0.0 + version: 0.0.1 +tests: +- it: disabled oss should not render secret + set: + stateStore: + oss: + enabled: false + asserts: + - hasDocuments: + count: 0 +- it: oss authenticating with service account should not render secret + set: + stateStore: + minio: + enabled: false + oss: + enabled: true + authentication: + useServiceAccount: true + asserts: + - hasDocuments: + count: 0 +- it: oss authenticating with existing secret should not render secret + set: + stateStore: + minio: + enabled: false + oss: + enabled: true + authentication: + useServiceAccount: false + existingSecretName: OSS_SECRET + asserts: + - hasDocuments: + count: 0 +- it: oss authenticating with credentials should pass + set: + stateStore: + minio: + enabled: false + oss: + enabled: true + authentication: + useServiceAccount: false + accessKey: ACCESS_KEY + secretAccessKey: SECRET_ACCESS_KEY + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: Secret + - equal: + path: metadata.name + value: RELEASE-NAME-risingwave-oss + - isSubset: + path: metadata.labels + content: + helm.sh/chart: risingwave-0.0.1 + app.kubernetes.io/name: risingwave + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: 1.0.0 + app.kubernetes.io/instance: RELEASE-NAME + - notExists: + path: metadata.annotations + - equal: + path: stringData + value: + OSS_ACCESS_KEY_ID: "ACCESS_KEY" + OSS_ACCESS_KEY_SECRET: "SECRET_ACCESS_KEY" +- it: common labels and annotations should work + set: + commonLabels: + LABEL: LABEL_V + commonAnnotations: + ANNOTATION: ANNOTATION_V + stateStore: + minio: + enabled: false + oss: + enabled: true + asserts: + - isSubset: + path: metadata.labels + content: + LABEL: LABEL_V + - exists: + path: metadata.annotations + - isSubset: + path: metadata.annotations + content: + ANNOTATION: ANNOTATION_V \ No newline at end of file diff --git a/charts/risingwave/tests/s3_secret_test.yaml b/charts/risingwave/tests/s3_secret_test.yaml new file mode 100644 index 0000000..68cfabd --- /dev/null +++ b/charts/risingwave/tests/s3_secret_test.yaml @@ -0,0 +1,97 @@ +suite: Test s3 secret +templates: +- templates/s3-secret.yaml +chart: + appVersion: 1.0.0 + version: 0.0.1 +tests: +- it: disabled s3 should not render secret + set: + stateStore: + s3: + enabled: false + asserts: + - hasDocuments: + count: 0 +- it: s3 authenticating with service account should not render secret + set: + stateStore: + minio: + enabled: false + s3: + enabled: true + authentication: + useServiceAccount: true + asserts: + - hasDocuments: + count: 0 +- it: s3 authenticating with existing secret should not render secret + set: + stateStore: + minio: + enabled: false + s3: + enabled: true + authentication: + useServiceAccount: false + existingSecretName: S3_SECRET + asserts: + - hasDocuments: + count: 0 +- it: s3 authenticating with credentials should pass + set: + stateStore: + minio: + enabled: false + s3: + enabled: true + authentication: + useServiceAccount: false + accessKey: ACCESS_KEY + secretAccessKey: SECRET_ACCESS_KEY + asserts: + - hasDocuments: + count: 1 + - containsDocument: + apiVersion: v1 + kind: Secret + - equal: + path: metadata.name + value: RELEASE-NAME-risingwave-s3 + - isSubset: + path: metadata.labels + content: + helm.sh/chart: risingwave-0.0.1 + app.kubernetes.io/name: risingwave + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: 1.0.0 + app.kubernetes.io/instance: RELEASE-NAME + - notExists: + path: metadata.annotations + - equal: + path: stringData + value: + AWS_ACCESS_KEY_ID: "ACCESS_KEY" + AWS_SECRET_ACCESS_KEY: "SECRET_ACCESS_KEY" +- it: common labels and annotations should work + set: + commonLabels: + LABEL: LABEL_V + commonAnnotations: + ANNOTATION: ANNOTATION_V + stateStore: + minio: + enabled: false + s3: + enabled: true + asserts: + - isSubset: + path: metadata.labels + content: + LABEL: LABEL_V + - exists: + path: metadata.annotations + - isSubset: + path: metadata.annotations + content: + ANNOTATION: ANNOTATION_V \ No newline at end of file