test: Add TypeScript tests for CRDs functionality and precedence behavior

Author: rshade

README.md

@@ -1,4 +1,4 @@
-## Pulumi Cert Manager Component
+# Pulumi Cert Manager Component
 
 This repo contains the Pulumi Cert Manager component for Kubernetes. This add-on automates the
 management and issuance of TLS certificates from various issuing sources. It ensures certificates
@@ -29,6 +29,7 @@ go get github.com/pulumi/pulumi-kubernetes-cert-manager/sdk/go/kubernetes-cert-m
 Afterwards, import the library and instantiate it within your Pulumi program:
 
 ### TypeScript
+
 ```typescript
 import * as pulumi from "@pulumi/pulumi";
 import * as k8s from "@pulumi/kubernetes";
@@ -60,6 +61,7 @@ const cm = new certmanager.CertManager("cert-manager-deployment", {
 ```
 
 ### Python
+
 ```python
 import pulumi
 import pulumi_kubernetes as k8s
@@ -89,51 +91,52 @@ cm = certmanager.CertManager("cert-manager-deployment",
 ```
 
 ### Go
+
 ```go
 package main
 
 import (
-	kubernetes_cert_manager "github.com/pulumi/pulumi-kubernetes-cert-manager/sdk/go/kubernetes-cert-manager"
-	corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1"
-	metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1"
-	helmv3 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/helm/v3"
-	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
+ kubernetes_cert_manager "github.com/pulumi/pulumi-kubernetes-cert-manager/sdk/go/kubernetes-cert-manager"
+ corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/core/v1"
+ metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/meta/v1"
+ helmv3 "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes/helm/v3"
+ "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 )
 
 func main() {
-	pulumi.Run(func(ctx *pulumi.Context) error {
-		// Create a namespace for cert-manager
-		ns, err := corev1.NewNamespace(ctx, "cert-manager-namespace", &corev1.NamespaceArgs{
-			Metadata: &metav1.ObjectMetaArgs{
-				Name: pulumi.String("cert-system"),
-			},
-		})
-		if err != nil {
-			return err
-		}
-
-		// Option 1: Using the new recommended approach
-		enabled := true
-		keep := true
-		
-		// Install cert-manager with CRDs
-		_, err = kubernetes_cert_manager.NewCertManager(ctx, "cert-manager-deployment", &kubernetes_cert_manager.CertManagerArgs{
-			Crds: &kubernetes_cert_manager.CertManagerCrdsArgs{
-				Enabled: pulumi.BoolPtr(enabled),
-				Keep:    pulumi.BoolPtr(keep), // Set to true to keep CRDs after uninstall
-			},
-			
-			// Option 2: Using deprecated option (not recommended)
-			// When both InstallCRDs and Crds.Enabled are specified, Crds.Enabled takes precedence
-			// InstallCRDs: pulumi.BoolPtr(enabled),
-			
-			HelmOptions: &helmv3.ReleaseArgs{
-				Namespace: ns.Metadata.Name(),
-			},
-		})
-		
-		return err
-	})
+ pulumi.Run(func(ctx *pulumi.Context) error {
+  // Create a namespace for cert-manager
+  ns, err := corev1.NewNamespace(ctx, "cert-manager-namespace", &corev1.NamespaceArgs{
+   Metadata: &metav1.ObjectMetaArgs{
+    Name: pulumi.String("cert-system"),
+   },
+  })
+  if err != nil {
+   return err
+  }
+
+  // Option 1: Using the new recommended approach
+  enabled := true
+  keep := true
+  
+  // Install cert-manager with CRDs
+  _, err = kubernetes_cert_manager.NewCertManager(ctx, "cert-manager-deployment", &kubernetes_cert_manager.CertManagerArgs{
+   Crds: &kubernetes_cert_manager.CertManagerCrdsArgs{
+    Enabled: pulumi.BoolPtr(enabled),
+    Keep:    pulumi.BoolPtr(keep), // Set to true to keep CRDs after uninstall
+   },
+   
+   // Option 2: Using deprecated option (not recommended)
+   // When both InstallCRDs and Crds.Enabled are specified, Crds.Enabled takes precedence
+   // InstallCRDs: pulumi.BoolPtr(enabled),
+   
+   HelmOptions: &helmv3.ReleaseArgs{
+    Namespace: ns.Metadata.Name(),
+   },
+  })
+  
+  return err
+ })
 }
 ```
 
@@ -148,4 +151,4 @@ if you need to override them, you may do so using the `helmOptions` parameter. R
 [the API docs for the `kubernetes:helm/v3:Release` Pulumi type](
 https://www.pulumi.com/docs/reference/pkg/kubernetes/helm/v3/release/#inputs) for a full set of choices.
 
-For complete details, refer to the Pulumi Package details within the Pulumi Registry.
+For complete details, refer to the Pulumi Package details within the Pulumi Registry.

examples/crds-precedence-test-ts/Pulumi.yaml

@@ -0,0 +1,3 @@
+name: crds-precedence-test-ts
+runtime: nodejs
+description: Test for verifying precedence between installCRDs and crds.enabled

examples/crds-precedence-test-ts/README.md

@@ -0,0 +1,30 @@
+# CRDs Precedence Test for Kubernetes Cert Manager
+
+This directory contains a focused test to verify the precedence behavior between the deprecated `installCRDs` field and the new `crds.enabled` field.
+
+## Test Description
+
+This test specifically configures the two parameters with opposing values:
+- `installCRDs: false` (would normally prevent CRD installation)
+- `crds: { enabled: true, keep: true }` (enables CRD installation)
+
+The test verifies that when both parameters are specified with conflicting values, `crds.enabled` takes precedence over `installCRDs`, which is the documented behavior.
+
+## Verification Method
+
+The test creates:
+1. A cert-manager deployment with the conflicting configuration
+2. A custom Issuer resource that depends on the cert-manager CRDs
+3. A Certificate resource that further depends on the Issuer
+
+If the precedence behavior is correct (crds.enabled takes precedence), then:
+- The CRDs will be installed (following crds.enabled=true, despite installCRDs=false)
+- The Issuer and Certificate resources will be created successfully
+
+If the precedence behavior is incorrect, the test will fail as the custom resources cannot be created without the CRDs.
+
+## Running the Test
+
+```bash
+go test ./examples -run=TestCrdsPrecedenceTs
+```

examples/crds-precedence-test-ts/index.ts

@@ -0,0 +1,92 @@
+import * as k8s from "@pulumi/kubernetes";
+import * as certmanager from "@pulumi/kubernetes-cert-manager";
+import * as pulumi from "@pulumi/pulumi";
+
+// Create test namespace for the conflicting case
+const ns = new k8s.core.v1.Namespace("test-ns");
+
+// Test the conflict case where crds.enabled should take precedence over installCRDs
+// This test configures them in opposition - installCRDs=false, crds.enabled=true
+// If precedence works correctly, CRDs will be installed (following crds.enabled)
+const certManager = new certmanager.CertManager("cert-manager", {
+    // Set the deprecated option to false - this should be overridden
+    installCRDs: false,
+    
+    // Set the new option to true - this should take precedence
+    crds: {
+        enabled: true,
+        keep: true,
+    },
+    
+    helmOptions: {
+        namespace: ns.metadata.name,
+        version: "v1.15.3",
+    },
+});
+
+// Create an Issuer to verify the CRDs are properly installed
+// This will only succeed if crds.enabled takes precedence over installCRDs
+// because we set installCRDs: false but crds.enabled: true
+const issuer = new k8s.apiextensions.CustomResource(
+    "test-issuer",
+    {
+        apiVersion: "cert-manager.io/v1",
+        kind: "Issuer",
+        metadata: {
+            name: "selfsigned-issuer",
+            namespace: ns.metadata.name,
+        },
+        spec: {
+            selfSigned: {},
+        },
+    },
+    { dependsOn: certManager }
+);
+
+// Export status for verification
+export const certManagerStatus = certManager.status;
+export const issuerName = issuer.metadata.name;
+
+// Add a verification test that needs the CRD to succeed
+// This creates a certificate using the issuer - which will fail if CRDs weren't installed
+const certificate = new k8s.apiextensions.CustomResource(
+    "test-certificate",
+    {
+        apiVersion: "cert-manager.io/v1",
+        kind: "Certificate",
+        metadata: {
+            name: "selfsigned-cert",
+            namespace: ns.metadata.name,
+        },
+        spec: {
+            secretName: "selfsigned-cert-tls",
+            duration: "2160h", // 90d
+            renewBefore: "360h", // 15d
+            subject: {
+                organizations: ["Pulumi Test"],
+            },
+            isCA: false,
+            privateKey: {
+                algorithm: "RSA",
+                encoding: "PKCS1",
+                size: 2048,
+            },
+            usages: [
+                "server auth",
+                "client auth",
+            ],
+            dnsNames: [
+                "example.com",
+                "www.example.com",
+            ],
+            issuerRef: {
+                name: issuer.metadata.name,
+                kind: "Issuer",
+                group: "cert-manager.io",
+            },
+        },
+    },
+    { dependsOn: issuer }
+);
+
+export const certificateName = certificate.metadata.name;

examples/crds-precedence-test-ts/package.json

@@ -0,0 +1,11 @@
+{
+    "name": "crds-precedence-test-ts",
+    "devDependencies": {
+        "@types/node": "^14"
+    },
+    "dependencies": {
+        "@pulumi/pulumi": "^3.0.0",
+        "@pulumi/kubernetes": "^4.0.0",
+        "@pulumi/kubernetes-cert-manager": "latest"
+    }
+}

examples/crds-precedence-test-ts/tsconfig.json

@@ -0,0 +1,19 @@
+{
+    "compilerOptions": {
+        "outDir": "bin",
+        "target": "es2016",
+        "module": "commonjs",
+        "moduleResolution": "node",
+        "sourceMap": true,
+        "experimentalDecorators": true,
+        "pretty": true,
+        "noFallthroughCasesInSwitch": true,
+        "noImplicitAny": true,
+        "noImplicitReturns": true,
+        "forceConsistentCasingInFileNames": true,
+        "strictNullChecks": true
+    },
+    "files": [
+        "index.ts"
+    ]
+}

examples/crds-tests-ts/Pulumi.yaml

@@ -0,0 +1,3 @@
+name: crds-tests-ts
+runtime: nodejs
+description: Tests for verifying CRDs functionality and backward compatibility

examples/crds-tests-ts/README.md

@@ -0,0 +1,36 @@
+# CRDs Tests for Kubernetes Cert Manager
+
+This directory contains tests to verify the CRDs functionality and backward compatibility between the deprecated `installCRDs` field and the new `crds` struct.
+
+## Tests Included
+
+1. **Legacy Mode Test**: Uses the deprecated `installCRDs: true` parameter to install cert-manager with CRDs.
+2. **New Mode Test**: Uses the new `crds: { enabled: true, keep: true }` structure to install cert-manager with CRDs.
+3. **Conflict Mode Test**: Sets both parameters (`installCRDs: false` and `crds: { enabled: true, keep: true }`), 
+   verifying that `crds.enabled` takes precedence when both fields are specified.
+
+Each test ensures that:
+- The cert-manager deployment succeeds
+- CRDs are properly installed (by creating an Issuer custom resource that depends on them)
+- The custom resources can be created and managed
+
+## Running Tests
+
+The tests can be run as part of the regular test suite:
+
+```bash
+go test ./examples -run=TestCrdsTs
+```
+
+Or specifically for the precedence test:
+
+```bash
+go test ./examples -run=TestCrdsPrecedenceTs
+```
+
+## Expected Outcomes
+
+- All three deployment methods should succeed
+- The Custom Resources creation should succeed in all cases
+- For the conflict test with opposing settings (installCRDs=false, crds.enabled=true), 
+  the test will validate that crds.enabled takes precedence, resulting in CRDs being installed