add primary rbac + tests

This commit is contained in:
Stavros kois
2022-11-22 19:22:10 +02:00
parent cfedcc7319
commit 48a5d55b4b
3 changed files with 428 additions and 1 deletions

View File

@@ -1,5 +1,5 @@
suite: deployment service account
suite: service account
templates:
- common.yaml
chart:

View File

@@ -0,0 +1,400 @@
suite: primary rbac utils test
templates:
- common.yaml
tests:
- it: should pass with default values
asserts:
- hasDocuments:
count: 1
- it: should fail with more than 1 primary rbac
set:
rbac:
main:
enabled: true
primary: true
other:
enabled: true
primary: true
asserts:
- failedTemplate:
errorMessage: More than one RBACS are set as primary. This is not supported.
- it: should pass with no rbac set as primary (Role)
documentIndex: &roleDoc 0
set:
rbac:
main:
enabled: true
primary: false
asserts:
- hasDocuments:
count: 3
- isKind:
of: Role
- equal:
path: metadata.name
value: RELEASE-NAME-common-test
- it: should pass with no rbac set as primary (RoleBinding)
documentIndex: &roleBindingDoc 1
set:
rbac:
main:
enabled: true
primary: false
asserts:
- hasDocuments:
count: 3
- isKind:
of: RoleBinding
- equal:
path: metadata.name
value: RELEASE-NAME-common-test
- it: should pass with no rbac set as primary (ClusterRole)
documentIndex: *roleDoc
set:
rbac:
main:
enabled: true
primary: false
clusterWide: true
asserts:
- hasDocuments:
count: 3
- isKind:
of: ClusterRole
- equal:
path: metadata.name
value: RELEASE-NAME-common-test
- it: should pass with no rbac set as primary (ClusterRoleBinding)
documentIndex: *roleBindingDoc
set:
rbac:
main:
enabled: true
primary: false
clusterWide: true
asserts:
- hasDocuments:
count: 3
- isKind:
of: ClusterRoleBinding
- equal:
path: metadata.name
value: RELEASE-NAME-common-test
###asdsa
- it: should pass with main rbac set as primary and other not (Role - main)
documentIndex: *roleDoc
set:
rbac:
main:
enabled: true
primary: true
other:
enabled: true
primary: false
asserts:
- hasDocuments:
count: 5
- isKind:
of: Role
- equal:
path: metadata.name
value: RELEASE-NAME-common-test
- it: should pass with main rbac set as primary and other not (Role - other)
documentIndex: &otherRoleDoc 2
set:
rbac:
main:
enabled: true
primary: true
other:
enabled: true
primary: false
asserts:
- hasDocuments:
count: 5
- isKind:
of: Role
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-other
- it: should pass with main rbac set as primary and other not (RoleBinding - main)
documentIndex: *roleBindingDoc
set:
rbac:
main:
enabled: true
primary: true
other:
enabled: true
primary: false
asserts:
- hasDocuments:
count: 5
- isKind:
of: RoleBinding
- equal:
path: metadata.name
value: RELEASE-NAME-common-test
- it: should pass with main rbac set as primary and other not (RoleBinding - other)
documentIndex: &otherRoleBindingDoc 3
set:
rbac:
main:
enabled: true
primary: true
other:
enabled: true
primary: false
asserts:
- hasDocuments:
count: 5
- isKind:
of: RoleBinding
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-other
- it: should pass with main rbac set as primary and other not (ClusterRole - main)
documentIndex: *roleDoc
set:
rbac:
main:
enabled: true
primary: true
clusterWide: true
other:
enabled: true
primary: false
asserts:
- hasDocuments:
count: 5
- isKind:
of: ClusterRole
- equal:
path: metadata.name
value: RELEASE-NAME-common-test
- it: should pass with main rbac set as primary and other not (ClusterRole - other)
documentIndex: *otherRoleDoc
set:
rbac:
main:
enabled: true
primary: true
other:
enabled: true
primary: false
clusterWide: true
asserts:
- hasDocuments:
count: 5
- isKind:
of: ClusterRole
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-other
- it: should pass with main rbac set as primary and other not (ClusterRoleBinding - main)
documentIndex: *roleBindingDoc
set:
rbac:
main:
enabled: true
primary: true
clusterWide: true
other:
enabled: true
primary: false
asserts:
- hasDocuments:
count: 5
- isKind:
of: ClusterRoleBinding
- equal:
path: metadata.name
value: RELEASE-NAME-common-test
- it: should pass with main rbac set as primary and other not (ClusterRoleBinding - other)
documentIndex: *otherRoleBindingDoc
set:
rbac:
main:
enabled: true
primary: true
other:
enabled: true
primary: false
clusterWide: true
asserts:
- hasDocuments:
count: 5
- isKind:
of: ClusterRoleBinding
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-other
######
- it: should pass with other rbac set as primary and main not (Role - main)
documentIndex: *roleDoc
set:
rbac:
main:
enabled: true
primary: false
other:
enabled: true
primary: true
asserts:
- hasDocuments:
count: 5
- isKind:
of: Role
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-main
- it: should pass with other rbac set as primary and main not (Role - other)
documentIndex: &otherRoleDoc 2
set:
rbac:
main:
enabled: true
primary: false
other:
enabled: true
primary: true
asserts:
- hasDocuments:
count: 5
- isKind:
of: Role
- equal:
path: metadata.name
value: RELEASE-NAME-common-test
- it: should pass with other rbac set as primary and main not (RoleBinding - main)
documentIndex: *roleBindingDoc
set:
rbac:
main:
enabled: true
primary: false
other:
enabled: true
primary: true
asserts:
- hasDocuments:
count: 5
- isKind:
of: RoleBinding
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-main
- it: should pass with other rbac set as primary and main not (RoleBinding - other)
documentIndex: &otherRoleBindingDoc 3
set:
rbac:
main:
enabled: true
primary: false
other:
enabled: true
primary: true
asserts:
- hasDocuments:
count: 5
- isKind:
of: RoleBinding
- equal:
path: metadata.name
value: RELEASE-NAME-common-test
- it: should pass with other rbac set as primary and main not (ClusterRole - main)
documentIndex: *roleDoc
set:
rbac:
main:
enabled: true
primary: false
clusterWide: true
other:
enabled: true
primary: true
asserts:
- hasDocuments:
count: 5
- isKind:
of: ClusterRole
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-main
- it: should pass with other rbac set as primary and main not (ClusterRole - other)
documentIndex: *otherRoleDoc
set:
rbac:
main:
enabled: true
primary: false
other:
enabled: true
primary: true
clusterWide: true
asserts:
- hasDocuments:
count: 5
- isKind:
of: ClusterRole
- equal:
path: metadata.name
value: RELEASE-NAME-common-test
- it: should pass with other rbac set as primary and main not (ClusterRoleBinding - main)
documentIndex: *roleBindingDoc
set:
rbac:
main:
enabled: true
primary: false
clusterWide: true
other:
enabled: true
primary: true
asserts:
- hasDocuments:
count: 5
- isKind:
of: ClusterRoleBinding
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-main
- it: should pass with other rbac set as primary and main not (ClusterRoleBinding - other)
documentIndex: *otherRoleBindingDoc
set:
rbac:
main:
enabled: true
primary: false
other:
enabled: true
primary: true
clusterWide: true
asserts:
- hasDocuments:
count: 5
- isKind:
of: ClusterRoleBinding
- equal:
path: metadata.name
value: RELEASE-NAME-common-test

View File

@@ -0,0 +1,27 @@
{{/* Returns the primary rbac object */}}
{{- define "ix.v1.common.lib.util.rbac.primary" -}}
{{- $enabledrbacs := dict -}}
{{- range $name, $rbac := .Values.rbac -}}
{{- if $rbac.enabled -}}
{{- $_ := set $enabledrbacs $name . -}}
{{- end -}}
{{- end -}}
{{- $result := "" -}}
{{- range $name, $rbac := $enabledrbacs -}}
{{- if (hasKey $rbac "primary") -}}
{{- if $rbac.primary -}}
{{- if $result -}}
{{- fail "More than one RBACS are set as primary. This is not supported." -}}
{{- end -}}
{{- $result = $name -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if not $result -}}
{{- $result = keys $enabledrbacs | first -}}
{{- end -}}
{{- $result -}}
{{- end -}}