There are helm release validation tests for the Conjur cluster prep helm charts

[izgeri]

Helm release validation tests will make use of the Helm Test feature to validate deployed instances (releases) of Helm charts.

Helm release validation tests are available for both the Kubernetes cluster prep Helm chart and the application Namespace prep Helm chart.

The list of automated test cases below include both positive test cases (for which Helm test success is expected) and negative test cases (for which Helm test failure is expected, e.g. for incorrect configuration). In essence, we are “validating the validator” for our Helm release validation tests.

The overall workflow for this automated testing is:

• Create a Kubernetes cluster for testing. (This can be done using Kubernetes-in-Docker, a.k.a. KinD, in a GitHub action).
• Create a Conjur instance. (This can be done using Conjur OSS Helm chart).
• Generate and load Conjur policy for the authn-k8s authenticator.
• Run git clone … to get a local copy of the Kubernetes cluster prep Helm chart.
• Generate and load application-specific Conjur policy.
• Run git clone … to get a local copy of the application Namespace prep Helm chart.
• For each test case listed below:
  • Create an appropriate, custom values.yaml file for the Kubernetes cluster prep Helm chart based on the test case scenario.
  • Run helm install … for the Kubernetes cluster prep Helm chart using the modified values.yaml.
  • Run helm test for the target Helm chart (second column in the chart below).
  • Verify helm test results are as expected for this test case.
  • Run helm delete … for Kubernetes cluster prep Helm chart.

Kubernetes cluster prep helm chart test scenarios

• [ ] Happy path: With correct chart values, Helm test passes (test Pod can authenticate with Conjur)
• [ ] Incorrect Conjur URL: Helm test fails with indication that it cannot curl Conjur
• [ ] Incorrect Conjur SSL certificate: Helm test fails with indication that configured Conjur SSL cert does not match Conjur’s actual SSL cert.
• [ ] Incorrect Authenticator ID: Helm test fails with indication that the test Pod cannot authenticate with Conjur

[rpothier]

Split this issue into two as the Namespace prep helm charts are not available yet. This issue now is just for the cluster prep. Here is the Namespace issue.