snyk · soniqua · Nov 12, 2024 · Nov 8, 2024
@@ -1,11 +1,11 @@
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "snyk-broker.serviceaccountName" -}}
-{{- if .Values.serviceaccount.create }}
-{{- default ( include "common.names.fullname" . ) .Values.serviceaccount.name }}
+{{- define "snyk-broker.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default ( include "common.names.fullname" . ) .Values.serviceAccount.name }}
 {{- else }}
-{{- default "default" .Values.serviceaccount.name }}
+{{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
 

@@ -1,9 +1,9 @@
-{{- if .Values.serviceaccount.create -}}
-{{- if not .Values.serviceaccount.existingName }}
+{{- if .Values.serviceAccount.create -}}
+{{- if not .Values.serviceAccount.existingName }}
 apiVersion: v1
-kind: serviceaccount
+kind: ServiceAccount
 metadata:
-  name: {{ include "snyk-broker.serviceaccountName" .}}
+  name: {{ include "snyk-broker.serviceAccountName" .}}
   namespace: {{ .Release.Namespace }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
   {{- if .Values.commonAnnotations }}

@@ -32,7 +32,7 @@ spec:
       pullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceaccountName: {{ .Values.serviceaccount.existingName | default (include "snyk-broker.serviceaccountName" .) }}
+      serviceAccountName: {{ .Values.serviceAccount.existingName | default (include "snyk-broker.serviceAccountName" .) }}
       {{- if .Values.podSecurityContext.enabled }}
       securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }}
       {{- end }}

@@ -1,40 +1,46 @@
-# tests/service_account_test.yaml
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
 suite: Service Account configurations
 templates:
-  - templates/statefulset.yaml
-  - templates/serviceaccount.yaml
+  - statefulset.yaml
+  - serviceaccount.yaml
+values:
+  - ../values.yaml
+  - fixtures/default_values.yaml
+
 tests:
   - it: can enable the service account with a custom name
     templates:
-      - templates/serviceaccount.yaml
+      - serviceaccount.yaml
     set:
-      serviceaccount:
+      serviceAccount:
         create: true
         name: "custom-service-account"
     asserts:
-      - matchSnapshot: {}
+      - equal:
+          path: metadata.name
+          value: custom-service-account
 
   - it: can use an existing service account
     set:
-      serviceaccount:
+      serviceAccount:
         create: false
         existingName: "existing-service-account"
     templates:
-      - templates/statefulset.yaml
+      - statefulset.yaml
     asserts:
       - equal:
-          path: spec.template.spec.serviceaccountName
+          path: spec.template.spec.serviceAccountName
           value: existing-service-account
 
   - it: prioritizes existing service account when both create and existingName are set
     set:
-      serviceaccount:
+      serviceAccount:
         create: true
         existingName: "existing-service-account"
         name: ""
     templates:
-      - templates/statefulset.yaml
+      - statefulset.yaml
     asserts:
       - equal:
-          path: spec.template.spec.serviceaccountName
-          value: existing-service-account
+          path: spec.template.spec.serviceAccountName
+          value: existing-service-account
@@ -34,6 +34,23 @@
       "type": "boolean",
       "default": false
     },
+    "serviceAccount": {
+      "type": "object",
+      "properties": {
+        "create": {
+          "type": "boolean"
+        },
+        "existingName": {
+          "type": "string"
+        },
+        "annotations": {
+          "type": "object"
+        },
+        "name": {
+          "type": "string"
+        }
+      }
+    },
     "acceptAppRisk": {
       "type": "boolean"
     },

@@ -186,17 +186,15 @@ image:
   pullSecrets: []
   # - name: registrySecretName
 
-##### Service Account Values. Nothing to change here #####
-
-serviceaccount:
-  ## @param serviceaccount.create Enable creation of serviceaccount for Broker pod
+## @section Service Account
+serviceAccount:
+  ## @param serviceAccount.create [default: true] Enable creation of a serviceAccount
   create: true
-  ## @param serviceaccount.existingName Optionally provide an existing service account name
+  ## @param serviceAccount.existingName [string] Optionally provide an existing serviceAccount name
   existingName: ""
-  ## @param serviceaccount.annotations Additional custom annotations for the serviceaccount
+  ## @param serviceAccount.annotations [object] Additional custom annotations for the serviceAccount
   annotations: {}
-  ## @param serviceaccount.name The name of the serviceaccount to use.
-  ## If not set and create is true, a name is generated using the common.names.fullname template
+  ## @param serviceAccount.name [string] The name of the serviceAccount to create. If not set and create is true, a name is generated
   name: ""
 
 ## Pod security context