Connect chart testing improvements

.github/pull_request_template.md

@@ -0,0 +1,13 @@
+### ✨ Summary
+<!-- What does this change do? -->
+
+### 🔗 Resolves:
+<!-- What issue does it resolve? -->
+
+### ✅ Checklist
+- [ ] 🖊️ Commits are signed
+- [ ] 🧪 Tests added/updated
+- [ ] 📚 Docs updated (if behavior changed)
+
+### 🕵️ Review Notes & ⚠️ Risks
+<!-- Notes for reviewers, flags, feature gates, rollout considerations, etc. -->

.github/workflows/test.yml → .github/workflows/test-connect.yml

@@ -1,4 +1,4 @@
-name: Run acceptance tests
+name: Run acceptance tests [Connect chart]
 on:
   push:
 
@@ -51,33 +51,16 @@ jobs:
         run: sudo snap install yq
         if: steps.list-changed.outputs.changed == 'true'
 
-      - name: Add fixtures to YAML test cases
-        env:
-          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
-          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
-          OP_VAULT_ID: ${{ vars.OP_VAULT_ID || 'v5pz6venw4roosmkzdq2nhpv6u' }}
-          OP_ITEM_ID: ${{ vars.OP_ITEM_ID || 'hrgkzhrlvscomepxlgafb2m3ca' }}
-          OP_SECRET_VALUE: ${{ vars.OP_SECRET_VALUE || 'RGVhciBzZWN1cml0eSByZXNlYXJjaGVyLCB0aGlzIGlzIGp1c3QgYSBkdW1teSBzZWNyZXQuIFBsZWFzZSBkb24ndCByZXBvcnQgaXQu' }}
-        run: |
-          cat > fixtures.yaml << EOF
-          acceptanceTests:
-            enabled: true
-            fixtures:
-              vaultId: $OP_VAULT_ID
-              itemId: $OP_ITEM_ID
-              secretValue: $OP_SECRET_VALUE
-          EOF
-
-          for values_file in charts/connect/ci/*.yaml; do
-            # Add secrets
-            yq eval '.connect.credentials = strenv(OP_CONNECT_CREDENTIALS) | .operator.token.value = strenv(OP_CONNECT_TOKEN)' -i $values_file
-
-            # Add acceptance test fixtures
-            yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' $values_file fixtures.yaml
-          done
-
       - name: Spin up local Kubernetes cluster
         uses: helm/[email protected]
 
-      - name: Deploy and run acceptance tests
-        run: ct install --config ct.yaml
+      - name: Run acceptance tests
+        working-directory: charts/connect
+        env:
+          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
+          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
+          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+          OP_VAULT_ID: ${{ secrets.OP_VAULT_ID }}
+          OP_ITEM_ID: ${{ secrets.OP_ITEM_ID }}
+          OP_SECRET_VALUE: ${{ secrets.OP_SECRET_VALUE }}
+        run: make test-e2e

charts/connect/Makefile

@@ -0,0 +1,195 @@
+# 1Password Connect Helm Chart - Testing
+
+# Configuration
+CHART_NAME := connect
+NAMESPACE := default
+KIND_CLUSTER_NAME := onepassword-connect-test
+HELM_TIMEOUT := 120s
+
+# Credentials
+OP_CONNECT_CREDENTIALS ?= $(shell echo "$$OP_CONNECT_CREDENTIALS")
+OP_CONNECT_TOKEN ?= $(shell echo "$$OP_CONNECT_TOKEN")
+OP_SERVICE_ACCOUNT_TOKEN ?= $(shell echo "$$OP_SERVICE_ACCOUNT_TOKEN")
+
+# Test fixture values (must be set as environment variables)
+# OP_VAULT_ID - 1Password vault ID for testing
+# OP_ITEM_ID - 1Password item ID for testing  
+# OP_SECRET_VALUE - Expected secret value for testing
+
+# Colors for output
+RED := \033[0;31m
+GREEN := \033[0;32m
+YELLOW := \033[0;33m
+BLUE := \033[0;34m
+NC := \033[0m # No Color
+
+.PHONY: help test-e2e test-e2e-setup test-e2e-run cleanup-test-e2e check-deps revert-ci-files
+
+test-e2e: check-deps test-e2e-setup test-e2e-run cleanup-test-e2e ## Run end-to-end tests (full workflow)
+
+test-e2e-setup: ## Setup test environment
+	@echo "$(BLUE)Setting up test environment...$(NC)"
+
+	# Check if all required environment variables are set
+	@if [ -z "$(OP_CONNECT_CREDENTIALS)" ]; then \
+		echo "$(RED)Error: OP_CONNECT_CREDENTIALS environment variable is required$(NC)"; \
+		exit 1; \
+	fi
+	@if [ -z "$(OP_CONNECT_TOKEN)" ]; then \
+		echo "$(RED)Error: OP_CONNECT_TOKEN environment variable is required$(NC)"; \
+		exit 1; \
+	fi
+
+	@if [ -z "$(OP_SERVICE_ACCOUNT_TOKEN)" ]; then \
+		echo "$(RED)Error: OP_SERVICE_ACCOUNT_TOKEN environment variable is required$(NC)"; \
+		exit 1; \
+	fi
+
+	@if [ -z "$(OP_VAULT_ID)" ]; then \
+		echo "$(RED)Error: OP_VAULT_ID environment variable is required$(NC)"; \
+		echo "$(YELLOW)Set OP_VAULT_ID to your 1Password vault ID for testing$(NC)"; \
+		exit 1; \
+	fi
+	@if [ -z "$(OP_ITEM_ID)" ]; then \
+		echo "$(RED)Error: OP_ITEM_ID environment variable is required$(NC)"; \
+		echo "$(YELLOW)Set OP_ITEM_ID to your 1Password item ID for testing$(NC)"; \
+		exit 1; \
+	fi
+	@if [ -z "$(OP_SECRET_VALUE)" ]; then \
+		echo "$(RED)Error: OP_SECRET_VALUE environment variable is required$(NC)"; \
+		echo "$(YELLOW)Set OP_SECRET_VALUE to the expected secret value for testing$(NC)"; \
+		exit 1; \
+	fi
+
+	# Create Kind cluster
+	@echo "$(BLUE)Creating Kind cluster...$(NC)"
+	@kind create cluster --name $(KIND_CLUSTER_NAME) --wait 60s || true
+
+	# Create namespace
+	@echo "$(BLUE)Creating namespace...$(NC)"
+	@kubectl create namespace $(NAMESPACE) --dry-run=client -o yaml | kubectl apply -f -
+
+	# Prepare test fixtures
+	@echo "$(BLUE)Preparing test fixtures...$(NC)"
+	@echo "acceptanceTests:" > fixtures.yaml
+	@echo "  enabled: true" >> fixtures.yaml
+	@echo "  fixtures:" >> fixtures.yaml
+	@echo "    vaultId: $(OP_VAULT_ID)" >> fixtures.yaml
+	@echo "    itemId: $(OP_ITEM_ID)" >> fixtures.yaml
+	@echo "    secretValue: $(OP_SECRET_VALUE)" >> fixtures.yaml
+
+	# Process CI values files
+	@echo "$(BLUE)Processing CI values files...$(NC)"
+	@for values_file in ci/*.yaml; do \
+		echo "$(BLUE)Processing $$values_file...$(NC)"; \
+		if echo "$$values_file" | grep -q "service-account"; then \
+			yq eval '.connect.create = false | .operator.authMethod = "service-account" | .operator.serviceAccountToken.value = strenv(OP_SERVICE_ACCOUNT_TOKEN)' -i $$values_file; \
+		else \
+			yq eval '.connect.credentials = strenv(OP_CONNECT_CREDENTIALS) | .operator.authMethod = "connect" | .operator.token.value = strenv(OP_CONNECT_TOKEN)' -i $$values_file; \
+		fi; \
+		yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' $$values_file fixtures.yaml; \
+	done
+
+	@echo "$(GREEN)Test environment setup complete$(NC)"
+
+test-e2e-run: ## Run the actual tests
+	@echo "$(BLUE)Running end-to-end tests...$(NC)"
+
+	# Set up Helm repository
+	@helm repo add stable https://charts.helm.sh/stable || true
+	@helm repo update
+
+	# Run chart testing
+	@echo "$(BLUE)Installing chart and running tests...$(NC)"
+	@cd ../.. && ct install --config ct.yaml --charts charts/connect --namespace $(NAMESPACE)
+
+	@echo "$(GREEN)Tests completed successfully!$(NC)"
+
+cleanup-test-e2e: revert-ci-files ## Cleanup test environment
+	@echo "$(BLUE)Cleaning up test environment...$(NC)"
+
+	# Delete Kind cluster
+	@kind delete cluster --name $(KIND_CLUSTER_NAME) || true
+
+	# Clean up temporary files
+	@rm -f fixtures.yaml
+
+	@echo "$(GREEN)Cleanup complete$(NC)"
+
+revert-ci-files: ## Revert all changes to files in the ci/ directory
+	@echo "$(BLUE)Reverting changes to ci/ directory files...$(NC)"
+	@cd ../.. && git checkout -- charts/connect/ci/
+	@cd ../.. && git clean -f charts/connect/ci/
+	@echo "$(GREEN)CI files reverted successfully$(NC)"
+
+# Utility commands
+show-config: ## Show current test configuration
+	@echo "$(BLUE)Test Configuration:$(NC)"
+	@echo "  Chart Name: $(CHART_NAME)"
+	@echo "  Namespace: $(NAMESPACE)"
+	@echo "  Kind Cluster: $(KIND_CLUSTER_NAME)"
+	@echo ""
+	@echo "$(BLUE)Test Fixtures:$(NC)"
+	@echo "  Vault ID: $(if $(OP_VAULT_ID),$(OP_VAULT_ID),Not Set)"
+	@echo "  Item ID: $(if $(OP_ITEM_ID),$(OP_ITEM_ID),Not Set)"
+	@echo "  Secret Value: $(if $(OP_SECRET_VALUE),Set,Not Set)"
+	@echo ""
+	@echo "$(BLUE)Credentials:$(NC)"
+	@echo "  Connect Credentials: $(if $(OP_CONNECT_CREDENTIALS),Set,Not Set)"
+	@echo "  Connect Token: $(if $(OP_CONNECT_TOKEN),Set,Not Set)"
+	@echo "  Service Account Token: $(if $(OP_SERVICE_ACCOUNT_TOKEN),Set,Not Set)"
+
+install: ## Install required dependencies (auto-detect OS)
+	@echo "$(BLUE)Detecting operating system...$(NC)"
+	@if [ "$$(uname -s)" = "Darwin" ]; then \
+		echo "$(GREEN)Detected macOS$(NC)"; \
+		$(MAKE) install-macos; \
+	elif [ "$$(uname -s)" = "Linux" ]; then \
+		echo "$(GREEN)Detected Linux$(NC)"; \
+		$(MAKE) install-linux; \
+	else \
+		echo "$(RED)Unsupported operating system: $$(uname -s)$(NC)"; \
+		echo "$(YELLOW)Please install dependencies manually or add support for your OS$(NC)"; \
+		exit 1; \
+	fi
+
+install-macos: ## Install required dependencies (macOS)
+	@echo "$(BLUE)Installing dependencies for macOS...$(NC)"
+	@brew install helm kind yq chart-testing
+	@echo "$(GREEN)macOS dependencies installed$(NC)"
+
+install-linux: ## Install required dependencies (Linux)
+	@echo "$(BLUE)Installing dependencies for Linux...$(NC)"
+	@echo "$(YELLOW)Updating package lists...$(NC)"
+	@sudo apt update
+	@echo "$(YELLOW)Installing tools via apt...$(NC)"
+	@sudo apt install -y helm kind yq chart-testing
+	@echo "$(GREEN)Linux dependencies installed$(NC)"
+
+install-windows: ## Install required dependencies (Windows)
+	@echo "$(BLUE)Installing dependencies for Windows...$(NC)"
+	@echo "$(YELLOW)Installing tools via Chocolatey...$(NC)"
+	@choco install kubernetes-helm kind yq chart-testing -y --no-progress
+	@echo "$(GREEN)Windows dependencies installed$(NC)"
+
+check-deps: ## Check if required dependencies are installed
+	@echo "$(BLUE)Checking dependencies...$(NC)"
+	@command -v helm >/dev/null 2>&1 || { echo "$(RED)helm is required but not installed$(NC)"; exit 1; }
+	@command -v kind >/dev/null 2>&1 || { echo "$(RED)kind is required but not installed$(NC)"; exit 1; }
+	@command -v yq >/dev/null 2>&1 || { echo "$(RED)yq is required but not installed$(NC)"; exit 1; }
+	@command -v ct >/dev/null 2>&1 || { echo "$(RED)ct (chart-testing) is required but not installed$(NC)"; exit 1; }
+	@echo "$(GREEN)All dependencies are installed$(NC)"
+
+help: ## Show this help message
+	@echo "1Password Connect Helm Chart - Testing"
+	@echo ""
+	@echo "Available commands:"
+	@echo ""
+	@echo "$(BLUE)Installation Commands:$(NC)"
+	@awk 'BEGIN {FS = ":.*?## "} /^install.*:.*?## / {printf "  $(BLUE)%-20s$(NC) %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+	@echo ""
+	@echo "$(BLUE)Testing Commands:$(NC)"
+	@awk 'BEGIN {FS = ":.*?## "} /^test-e2e.*:.*?## / {printf "  $(BLUE)%-20s$(NC) %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+	@echo ""
+	@echo "$(BLUE)Utility Commands:$(NC)"
+	@awk 'BEGIN {FS = ":.*?## "} /^(check-deps|show-config|revert-ci-files):.*?## / {printf "  $(BLUE)%-20s$(NC) %s\n", $$1, $$2}' $(MAKEFILE_LIST)

charts/connect/ci/with-connect-values.yaml

@@ -0,0 +1,8 @@
+# Deploys Operator with default configuration using Connect to authenticate
+operator:
+  create: true
+  customEnvVars:
+    - name: CUSTOM_TEST_VAR
+      value: "test-value-123"
+    - name: ANOTHER_CUSTOM_VAR
+      value: "another-value-456"

charts/connect/ci/with-service-account-values.yaml

@@ -0,0 +1,6 @@
+# Deploys Operator with default configuration using Service Account to authenticate
+operator:
+  create: true
+  authMethod: service-account
+connect:
+  create: false

charts/connect/docs/fork-pr-testing.md

@@ -0,0 +1,14 @@
+# Fork PR Testing Guide
+
+This document explains how to test external pull requests using workflow dispatch.
+
+## How to test external PR
+
+* Do a sanity check on the submitted PR
+* Copy the most recent commit hash of the PR branch
+* Go to 'Actions' -> 'Run acceptance tests' -> 'Run workflow'
+* Fill in the following:
+  * `checkout-repo`: `<PR author>/connect-helm-charts`
+  * `checkout-ref`: <copied commit hash>
+  * `branch`: `acceptance-tests-on-forks`
+* After pipeline finishes, drop a comment and in the PR to let the contributor know if there are any issues