--- # yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json suite: serviceAccount values templates: - common.yaml values: - ../_values/controllers_main_default_container.yaml tests: - it: a serviceAccount is not created by default asserts: - hasDocuments: count: 1 - documentIndex: 0 not: true isKind: of: ServiceAccount - it: a serviceAccount is not created when disabled set: serviceAccount: create: false asserts: - hasDocuments: count: 1 - documentIndex: 0 not: true isKind: of: ServiceAccount - it: controller uses named ServiceAccount by default set: serviceAccount: create: false name: &ServiceAccountName test asserts: - hasDocuments: count: 1 - documentIndex: &DeploymentDocument 0 isKind: of: Deployment - documentIndex: *DeploymentDocument equal: path: spec.template.spec.serviceAccountName value: *ServiceAccountName - it: controller uses `default` ServiceAccount if flag is enabled set: enforceServiceAccountCreation: true serviceAccount: create: false name: test asserts: - hasDocuments: count: 1 - documentIndex: &DeploymentDocument 0 isKind: of: Deployment - documentIndex: *DeploymentDocument equal: path: spec.template.spec.serviceAccountName value: default - it: a serviceAccount and Secret are created when enabled set: serviceAccount: create: true asserts: - hasDocuments: count: 3 - documentIndex: &ServiceAccountDocument 0 isKind: of: ServiceAccount - documentIndex: &DeploymentDocument 1 isKind: of: Deployment - documentIndex: &SecretDocument 2 isKind: of: Secret - documentIndex: *ServiceAccountDocument equal: path: metadata.name value: &ServiceAccountName RELEASE-NAME - documentIndex: *ServiceAccountDocument equal: path: secrets value: - name: RELEASE-NAME-default-sa-token - documentIndex: *DeploymentDocument equal: path: spec.template.spec.serviceAccountName value: *ServiceAccountName - documentIndex: *SecretDocument equal: path: metadata.annotations value: kubernetes.io/service-account.name: RELEASE-NAME - it: a serviceAccount and Secret are created with custom name set: serviceAccount: create: true name: &ServiceAccountName myAccount asserts: - hasDocuments: count: 3 - documentIndex: &ServiceAccountDocument 0 isKind: of: ServiceAccount - documentIndex: &DeploymentDocument 1 isKind: of: Deployment - documentIndex: &SecretDocument 2 isKind: of: Secret - documentIndex: *ServiceAccountDocument equal: path: metadata.name value: *ServiceAccountName - documentIndex: *ServiceAccountDocument equal: path: secrets value: - name: RELEASE-NAME-default-sa-token - documentIndex: *DeploymentDocument equal: path: spec.template.spec.serviceAccountName value: *ServiceAccountName - documentIndex: *SecretDocument equal: path: metadata.annotations value: kubernetes.io/service-account.name: *ServiceAccountName - it: multiple serviceAccounts and Secrets are created when enabled set: serviceAccount: create: true name: &ServiceAccountName myAccount extraServiceAccounts: mySA: create: true asserts: - hasDocuments: count: 5 - documentIndex: &ServiceAccountDocument 0 isKind: of: ServiceAccount - documentIndex: &ServiceAccountDocument2 1 isKind: of: ServiceAccount - documentIndex: &DeploymentDocument 2 isKind: of: Deployment - documentIndex: &SecretDocument 3 isKind: of: Secret - documentIndex: &SecretDocument2 4 isKind: of: Secret - documentIndex: *ServiceAccountDocument equal: path: metadata.name value: *ServiceAccountName - documentIndex: *ServiceAccountDocument2 equal: path: metadata.name value: RELEASE-NAME-mySA - documentIndex: *ServiceAccountDocument equal: path: secrets value: - name: RELEASE-NAME-default-sa-token - documentIndex: *ServiceAccountDocument2 equal: path: secrets value: - name: RELEASE-NAME-mySA-sa-token - documentIndex: *DeploymentDocument equal: path: spec.template.spec.serviceAccountName value: *ServiceAccountName - documentIndex: *SecretDocument equal: path: metadata.annotations value: kubernetes.io/service-account.name: *ServiceAccountName - documentIndex: *SecretDocument2 equal: path: metadata.annotations value: kubernetes.io/service-account.name: RELEASE-NAME-mySA - it: multiple serviceAccounts and Secrets are created with custom names set: serviceAccount: create: true name: &ServiceAccountName myAccount extraServiceAccounts: mySA: create: true name: &ServiceAccountName2 mySAcustom mySA2: create: false name: &ServiceAccountName3 mySAcustom2 asserts: - hasDocuments: count: 5 - documentIndex: &ServiceAccountDocument 0 isKind: of: ServiceAccount - documentIndex: &ServiceAccountDocument2 1 isKind: of: ServiceAccount - documentIndex: &DeploymentDocument 2 isKind: of: Deployment - documentIndex: &SecretDocument 3 isKind: of: Secret - documentIndex: &SecretDocument2 4 isKind: of: Secret - documentIndex: *ServiceAccountDocument equal: path: metadata.name value: *ServiceAccountName - documentIndex: *ServiceAccountDocument2 equal: path: metadata.name value: *ServiceAccountName2 - documentIndex: *ServiceAccountDocument equal: path: secrets value: - name: RELEASE-NAME-default-sa-token - documentIndex: *ServiceAccountDocument2 equal: path: secrets value: - name: RELEASE-NAME-mySA-sa-token - documentIndex: *DeploymentDocument equal: path: spec.template.spec.serviceAccountName value: *ServiceAccountName - documentIndex: *SecretDocument equal: path: metadata.annotations value: kubernetes.io/service-account.name: *ServiceAccountName - documentIndex: *SecretDocument2 equal: path: metadata.annotations value: kubernetes.io/service-account.name: *ServiceAccountName2