Add Helm chart unit tests (#520)

.github/workflows/helm-chart-unit.yaml

@@ -0,0 +1,40 @@
+name: Helm Chart Unit Tests
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'charts/**'
+      - 'version/VERSION'
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+env:
+  HELM_CHART_PATH: 'charts/hcp-terraform-operator'
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Set up Helm
+        uses: Azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        with:
+          version: v3.11.2
+
+      - name: Run unit tests suite [Go]
+        run: |
+          make helm-test

CONTRIBUTING.md

@@ -141,15 +141,15 @@ There are two main pieces of the Operator `API` and `Controller`. Depending on w
 
 - API:
 
-    If your made API-related changes(`/api/**`), please make sure you have updated the tests and always run them:
+    If your made API-related changes(`/api/**`), please ensure you have updated the tests and always run them:
 
     ```console
     $ make test-api
     ```
     
 - Controllers:
 
-    We rely on [Ginkgo](https://github.com/onsi/ginkgo) testing framework in our controllers E2E tests. If your made controller-related changes(/controllers/**), please make sure you have updated the tests and always run them.
+    We rely on [Ginkgo](https://github.com/onsi/ginkgo) testing framework in our controllers E2E tests. If your made controller-related changes(/controllers/**), please ensure you have updated the tests and always run them.
 
     Export the organization name and API token to environment variable:
 
@@ -172,6 +172,36 @@ There are two main pieces of the Operator `API` and `Controller`. Depending on w
 
     Every test should be executable through a make target, and the target should have a prefix of "test-".
 
+- Helm Chart:
+
+    If your made changes to Helm chart (`/charts/**`), please ensure you have updated the tests(`/charts/test/**`) and always run them:
+
+    ```console
+    $ make test-helm
+    ```
+
+### Update documentation
+
+- API:
+
+    The API documentation is generated from the doc strings associated with the relevant types in (`/api/v1alpha2`) and stored in (`/docs/api-reference.md`). Please ensure you run the following **make** target to update the documentation:
+
+    ```console
+    $ make docs
+    ```
+
+- Helm Chart:
+
+    The Helm documentation(`/charts/hcp-terraform-operator/README.md`) is generated by [helm-docs](https://github.com/norwoodj/helm-docs). Please make changes _only_ in the `/charts/hcp-terraform-operator/README.md.gotmpl` file.
+
+    The Values Table is generated from the comment strings associated with the relevant values in the `/charts/hcp-terraform-operator/values.yaml` file.
+
+    Please ensure you run the following **make** target to update the Helm chart documentation:
+
+    ```console
+    $ make helm-docs
+    ```
+
 ### Write a changelog
 
 We use the [Changie](https://changie.dev/) automation tool for changelog management.
@@ -188,13 +218,17 @@ Ensure that the generated files are pushed to the repository along with any code
 
 ## Submitting Changes
 
+### Creating a Issue
+
+If you are working on an already reported issue, you can skip this step. Otherwise, please report the issue you intend to work on before proposing any changes. _**This step is mandatory regardless of the size or scope of the change you want to make**_.
+
 ### Creating a Pull Request
 
 We're excited that you're ready to contribute to the Operator by creating a pull request (PR)! Pull requests are a fundamental way to propose and discuss changes with the project maintainers and contributors.
 
 1. **Description**: write a detailed description of your changes. Keep in mind, that it should be clear why you make this change, what you have changed, and how this will affect the Operator users. If you are working on a fix for an existing issue, you can provide less details about it.
 
-1. **Usage Example**: if your change is API-related, make sure you have provided **Before** and **After** usage examples.
+1. **Usage Example**: if your change is API-related, ensure you have provided **Before** and **After** usage examples.
 
 1. **References**: if you fix an existing issue, please provide a reference to it by using a relevant [GitHub keyword](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/using-keywords-in-issues-and-pull-requests#linking-a-pull-request-to-an-issue).
 

Makefile

@@ -105,6 +105,9 @@ docs: crd-ref-docs ## Generate API reference documentation.
 helm-docs: install-helm-docs ## Generate Helm chart documentation.
 	$(HELM_DOCS) --log-level=debug --chart-search-root=./charts/hcp-terraform-operator/
 
+.PHONY: helm-test
+helm-test: test-helm ## Run Helm chart tests. This is an alias for the test-helm target.
+
 ##@ Development
 
 .PHONY: manifests
@@ -145,6 +148,10 @@ test-internal: fmt vet copywrite ## Run internal/* tests.
 		./internal/pointer \
 		./internal/slice
 
+.PHONY: test-helm
+test-helm: ## Run Helm chart tests.
+	cd charts/test; go test -timeout 5m -count=1 -v ./...
+
 .PHONY: lint
 lint: golangci-lint ## Run golangci-lint linter & yamllint
 	$(GOLANGCI_LINT) run

charts/hcp-terraform-operator/README.md

@@ -184,7 +184,7 @@ For a more detailed explanation, please refer to the [FAQ](../../docs/faq.md#gen
 | operator.watchedNamespaces | list | `[]` | List of namespaces the controllers should watch. |
 | podLabels | object | `{}` | Additional labels to add to the Operator pods. |
 | priorityClassName | string | `""` | Deployment priorityClassName. More information in [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). |
-| rbac.create | bool | `true` | Specifies whether a Role-Based Access Control (RBAC) resources should be created |
+| rbac.create | bool | `true` | Specifies whether a Role-Based Access Control (RBAC) resources should be created. |
 | replicaCount | int | `2` | The number of Operator replicas. |
 | securityContext | object | `{"runAsNonRoot":true}` | Deployment pod security context. More information in [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). |
 | serviceAccount.annotations | object | `{}` | Additional annotations for the ServiceAccount. |

charts/hcp-terraform-operator/templates/clusterrole.yaml → charts/hcp-terraform-operator/templates/clusterrole_manager.yaml

@@ -1,7 +1,7 @@
+{{- if .Values.rbac.create -}}
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
----
-{{- if .Values.rbac.create -}}
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -72,32 +72,4 @@ rules:
   - patch
   - update
   - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ .Release.Name }}-metrics-reader
-rules:
-- nonResourceURLs:
-  - /metrics
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ .Release.Name }}-proxy-role
-rules:
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
 {{- end -}}

charts/hcp-terraform-operator/templates/clusterrole_metrics_reader.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.rbac.create -}}
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Release.Name }}-metrics-reader
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
+{{- end -}}

charts/hcp-terraform-operator/templates/clusterrole_proxy.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.rbac.create -}}
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Release.Name }}-proxy-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+{{- end -}}

charts/hcp-terraform-operator/templates/clusterrolebinding.yaml → charts/hcp-terraform-operator/templates/clusterrolebinding_manager.yaml

@@ -1,7 +1,7 @@
+{{- if .Values.rbac.create -}}
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
----
-{{- if .Values.rbac.create -}}
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -11,19 +11,6 @@ roleRef:
   kind: ClusterRole
   name: {{ .Release.Name }}-manager-role
 subjects:
-- kind: ServiceAccount
-  name: {{ include "hcp-terraform-operator.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Name }}-proxy-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Release.Name }}-proxy-role
-subjects:
 - kind: ServiceAccount
   name: {{ include "hcp-terraform-operator.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}

charts/hcp-terraform-operator/templates/clusterrolebinding_proxy.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.rbac.create -}}
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Release.Name }}-proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Release.Name }}-proxy-role
+subjects:
+- kind: ServiceAccount
+  name: {{ include "hcp-terraform-operator.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end -}}

charts/hcp-terraform-operator/templates/deployment.yaml

@@ -21,7 +21,7 @@ spec:
         {{- include "hcp-terraform-operator.selectorLabels" . | nindent 8 }}
         control-plane: {{ .Release.Name }}-controller-manager
         {{- with .Values.podLabels }}
-        {{- tpl (toYaml .) $ | nindent 8 }}
+        {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
       {{- with .Values.priorityClassName }}

charts/hcp-terraform-operator/templates/role.yaml

@@ -1,7 +1,7 @@
+{{- if .Values.rbac.create -}}
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
----
-{{- if .Values.rbac.create -}}
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:

charts/hcp-terraform-operator/templates/rolebinding.yaml

@@ -1,7 +1,7 @@
+{{- if .Values.rbac.create -}}
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
----
-{{- if .Values.rbac.create -}}
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:

charts/hcp-terraform-operator/templates/serviceaccount.yaml

@@ -1,7 +1,7 @@
+{{- if .Values.serviceAccount.create -}}
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
----
-{{- if .Values.serviceAccount.create -}}
+
 apiVersion: v1
 kind: ServiceAccount
 metadata:

charts/hcp-terraform-operator/values.yaml

@@ -56,7 +56,7 @@ operator:
   #         - key: kubernetes.io/arch
   #           operator: In
   #           values:
-  #         - amd64
+  #           - amd64
   #
   # -- Kubernetes Affinity. More information: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
   affinity: {}
@@ -149,5 +149,5 @@ serviceAccount:
   name: ""
 
 rbac:
-  # -- Specifies whether a Role-Based Access Control (RBAC) resources should be created
+  # -- Specifies whether a Role-Based Access Control (RBAC) resources should be created.
   create: true