Merge pull request #50 from AechGG/feat/issue-49/service-account

yorinasub17 · web-flow · commit 6f16e64581cf · 2019-12-13T16:00:22.000-08:00
feat: issue 49: service account creation
diff --git a/charts/k8s-service/templates/serviceaccount.yaml b/charts/k8s-service/templates/serviceaccount.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.name }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    app: {{ template "k8s-service.name" . }}
+  {{- if .Values.serviceAccount.labels }}
+  {{- toYaml .Values.serviceAccount.labels | nindent 4 }}
+  {{- end }}
+  {{- if .Values.serviceAccount.annotations }}
+annotations:
+  {{ toYaml .Values.serviceAccount.annotations | indent 4 }}
+  {{- end }}
+imagePullSecrets:
+  {{ toYaml .Values.imagePullSecrets | indent 2 }}
+{{- end }}
diff --git a/charts/k8s-service/values.yaml b/charts/k8s-service/values.yaml
@@ -398,11 +398,17 @@ imagePullSecrets: []
 #                                             Namespace.
 #   - automountServiceAccountToken (bool)   : Whether or not to automatically mount the ServiceAccount token as a volume
 #                                             into the Pod. Note that this can be used to override the equivalent config
-#                                             on the SerrviceAccount.
+#                                             on the ServiceAccount.
+#   - create                        (bool)  : Whether or not to create a service account with the desired name
+#   - annotations                   (map)   : Annotations will add the provided map to the annotations for the service
+#                                             account created
 #
-# The default config uses empty string to indicate that the default service account should be used.
+# The default config uses empty string to indicate that the default service account should be used and one shouldn't
+# be created
 serviceAccount:
   name: ""
+  create: false
+  labels: {}
 
 # horizontalPodAutoscaler is a map that configures the Horizontal Pod Autoscaler information for this pod
 # The expected keys of hpa are:
diff --git a/test/k8s_service_service_account_template_test.go b/test/k8s_service_service_account_template_test.go
@@ -6,14 +6,65 @@
 package test
 
 import (
+	"path/filepath"
 	"strings"
 	"testing"
 
+	"github.com/ghodss/yaml"
+	"github.com/gruntwork-io/terratest/modules/helm"
 	"github.com/gruntwork-io/terratest/modules/random"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
+// Test that setting serviceAccount.create = true will cause the helm template to render the Service Account resource
+func TestK8SServiceAccountCreateTrueCreatesServiceAccount(t *testing.T) {
+	t.Parallel()
+	randomSAName := strings.ToLower(random.UniqueId())
+
+	helmChartPath, err := filepath.Abs(filepath.Join("..", "charts", "k8s-service"))
+	require.NoError(t, err)
+
+	// We make sure to pass in the linter_values.yaml values file, which we assume has all the required values defined.
+	// We then use SetValues to override all the defaults.
+	options := &helm.Options{
+		ValuesFiles: []string{filepath.Join("..", "charts", "k8s-service", "linter_values.yaml")},
+		SetValues:   map[string]string{"serviceAccount.name": randomSAName, "serviceAccount.create": "true"},
+	}
+	out := helm.RenderTemplate(t, options, helmChartPath, []string{"templates/serviceaccount.yaml"})
+
+	// We take the output and render it to a map to validate it has created a service account output or not
+	rendered := map[string]interface{}{}
+	err = yaml.Unmarshal([]byte(out), &rendered)
+	assert.NoError(t, err)
+	assert.NotEqual(t, 0, len(rendered))
+	assert.Equal(t, randomSAName, rendered["metadata"].(map[string]interface{})["name"])
+}
+
+// Test that setting serviceAccount.create = false will cause the helm template to not render the Service Account
+// resource
+func TestK8SServiceAccountCreateFalse(t *testing.T) {
+	t.Parallel()
+	randomSAName := strings.ToLower(random.UniqueId())
+
+	helmChartPath, err := filepath.Abs(filepath.Join("..", "charts", "k8s-service"))
+	require.NoError(t, err)
+
+	// We make sure to pass in the linter_values.yaml values file, which we assume has all the required values defined.
+	// We then use SetValues to override all the defaults.
+	options := &helm.Options{
+		ValuesFiles: []string{filepath.Join("..", "charts", "k8s-service", "linter_values.yaml")},
+		SetValues:   map[string]string{"serviceAccount.name": randomSAName, "serviceAccount.create": "false"},
+	}
+	out := helm.RenderTemplate(t, options, helmChartPath, []string{"templates/serviceaccount.yaml"})
+
+	// We take the output and render it to a map to validate it has created a service account output or not
+	rendered := map[string]interface{}{}
+	err = yaml.Unmarshal([]byte(out), &rendered)
+	assert.NoError(t, err)
+	assert.Equal(t, 0, len(rendered))
+}
+
 func TestK8SServiceServiceAccountInjection(t *testing.T) {
 	t.Parallel()
 	randomSAName := strings.ToLower(random.UniqueId())
