should create ServiceAccount for post-delete hook by default:
  1: |
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      annotations:
        helm.sh/hook: post-delete
        helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
        helm.sh/hook-weight: "-4"
      name: RELEASE-NAME-delete-hook
      namespace: NAMESPACE
? should inherit ServiceAccount name from values and not create serviceAccount if
  serviceAccount.create is false and serviceAccount.name is set
: 1: |
    containers:
    - args:
      - kube-state
      - delete
      command:
      - teleport
      env:
      - name: KUBE_NAMESPACE
        valueFrom:
          fieldRef:
            fieldPath: metadata.namespace
      - name: RELEASE_NAME
        value: RELEASE-NAME
      image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
      imagePullPolicy: IfNotPresent
      name: post-delete-job
      securityContext:
        allowPrivilegeEscalation: false
        capabilities:
          drop:
          - all
        readOnlyRootFilesystem: true
        runAsNonRoot: true
        runAsUser: 9807
    restartPolicy: OnFailure
    serviceAccountName: lint-serviceaccount
should not create ServiceAccount for post-delete hook if serviceAccount.create is false:
  1: |
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      annotations:
        helm.sh/hook: post-delete
        helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
        helm.sh/hook-weight: "-3"
      name: RELEASE-NAME-delete-hook
      namespace: NAMESPACE
    rules:
    - apiGroups:
      - ""
      resources:
      - secrets
      verbs:
      - get
      - delete
      - list
  2: |
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      annotations:
        helm.sh/hook: post-delete
        helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
        helm.sh/hook-weight: "-2"
      name: RELEASE-NAME-delete-hook
      namespace: NAMESPACE
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: Role
      name: RELEASE-NAME-delete-hook
    subjects:
    - kind: ServiceAccount
      name: RELEASE-NAME-delete-hook
      namespace: NAMESPACE
  3: |
    apiVersion: batch/v1
    kind: Job
    metadata:
      annotations:
        helm.sh/hook: post-delete
        helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
        helm.sh/hook-weight: "-1"
      name: RELEASE-NAME-delete-hook
      namespace: NAMESPACE
    spec:
      template:
        metadata:
          name: RELEASE-NAME-delete-hook
        spec:
          containers:
          - args:
            - kube-state
            - delete
            command:
            - teleport
            env:
            - name: KUBE_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: RELEASE_NAME
              value: RELEASE-NAME
            image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
            imagePullPolicy: IfNotPresent
            name: post-delete-job
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop:
                - all
              readOnlyRootFilesystem: true
              runAsNonRoot: true
              runAsUser: 9807
          restartPolicy: OnFailure
          serviceAccountName: lint-serviceaccount
should not create ServiceAccount, Role or RoleBinding for post-delete hook if serviceAccount.create and rbac.create are false:
  1: |
    containers:
    - args:
      - kube-state
      - delete
      command:
      - teleport
      env:
      - name: KUBE_NAMESPACE
        valueFrom:
          fieldRef:
            fieldPath: metadata.namespace
      - name: RELEASE_NAME
        value: RELEASE-NAME
      image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
      imagePullPolicy: IfNotPresent
      name: post-delete-job
      securityContext:
        allowPrivilegeEscalation: false
        capabilities:
          drop:
          - all
        readOnlyRootFilesystem: true
        runAsNonRoot: true
        runAsUser: 9807
    restartPolicy: OnFailure
    serviceAccountName: lint-serviceaccount
should set nodeSelector in post-delete hook:
  1: |
    containers:
    - args:
      - kube-state
      - delete
      command:
      - teleport
      env:
      - name: KUBE_NAMESPACE
        valueFrom:
          fieldRef:
            fieldPath: metadata.namespace
      - name: RELEASE_NAME
        value: RELEASE-NAME
      image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
      imagePullPolicy: IfNotPresent
      name: post-delete-job
      securityContext:
        allowPrivilegeEscalation: false
        capabilities:
          drop:
          - all
        readOnlyRootFilesystem: true
        runAsNonRoot: true
        runAsUser: 9807
    nodeSelector:
      gravitational.io/k8s-role: node
    restartPolicy: OnFailure
    serviceAccountName: RELEASE-NAME-delete-hook
should set securityContext in post-delete hook:
  1: |
    containers:
    - args:
      - kube-state
      - delete
      command:
      - teleport
      env:
      - name: KUBE_NAMESPACE
        valueFrom:
          fieldRef:
            fieldPath: metadata.namespace
      - name: RELEASE_NAME
        value: RELEASE-NAME
      image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
      imagePullPolicy: IfNotPresent
      name: post-delete-job
      securityContext:
        allowPrivilegeEscalation: false
        capabilities:
          drop:
          - all
        readOnlyRootFilesystem: true
        runAsNonRoot: true
        runAsUser: 9807
    restartPolicy: OnFailure
    serviceAccountName: RELEASE-NAME-delete-hook