mirror of
https://github.com/truecharts/library-charts.git
synced 2026-07-05 07:26:22 -03:00
add primary rbac + tests
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
|
||||
suite: deployment service account
|
||||
suite: service account
|
||||
templates:
|
||||
- common.yaml
|
||||
chart:
|
||||
|
||||
400
library/common-test/tests/utils/utils_primary_rbac_test.yaml
Normal file
400
library/common-test/tests/utils/utils_primary_rbac_test.yaml
Normal file
@@ -0,0 +1,400 @@
|
||||
|
||||
suite: primary rbac utils test
|
||||
templates:
|
||||
- common.yaml
|
||||
tests:
|
||||
- it: should pass with default values
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
|
||||
- it: should fail with more than 1 primary rbac
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
other:
|
||||
enabled: true
|
||||
primary: true
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: More than one RBACS are set as primary. This is not supported.
|
||||
|
||||
- it: should pass with no rbac set as primary (Role)
|
||||
documentIndex: &roleDoc 0
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 3
|
||||
- isKind:
|
||||
of: Role
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test
|
||||
|
||||
- it: should pass with no rbac set as primary (RoleBinding)
|
||||
documentIndex: &roleBindingDoc 1
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 3
|
||||
- isKind:
|
||||
of: RoleBinding
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test
|
||||
|
||||
- it: should pass with no rbac set as primary (ClusterRole)
|
||||
documentIndex: *roleDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: false
|
||||
clusterWide: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 3
|
||||
- isKind:
|
||||
of: ClusterRole
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test
|
||||
|
||||
- it: should pass with no rbac set as primary (ClusterRoleBinding)
|
||||
documentIndex: *roleBindingDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: false
|
||||
clusterWide: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 3
|
||||
- isKind:
|
||||
of: ClusterRoleBinding
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test
|
||||
###asdsa
|
||||
- it: should pass with main rbac set as primary and other not (Role - main)
|
||||
documentIndex: *roleDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
other:
|
||||
enabled: true
|
||||
primary: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: Role
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test
|
||||
|
||||
- it: should pass with main rbac set as primary and other not (Role - other)
|
||||
documentIndex: &otherRoleDoc 2
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
other:
|
||||
enabled: true
|
||||
primary: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: Role
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-other
|
||||
|
||||
- it: should pass with main rbac set as primary and other not (RoleBinding - main)
|
||||
documentIndex: *roleBindingDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
other:
|
||||
enabled: true
|
||||
primary: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: RoleBinding
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test
|
||||
|
||||
- it: should pass with main rbac set as primary and other not (RoleBinding - other)
|
||||
documentIndex: &otherRoleBindingDoc 3
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
other:
|
||||
enabled: true
|
||||
primary: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: RoleBinding
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-other
|
||||
|
||||
- it: should pass with main rbac set as primary and other not (ClusterRole - main)
|
||||
documentIndex: *roleDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
clusterWide: true
|
||||
other:
|
||||
enabled: true
|
||||
primary: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: ClusterRole
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test
|
||||
|
||||
- it: should pass with main rbac set as primary and other not (ClusterRole - other)
|
||||
documentIndex: *otherRoleDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
other:
|
||||
enabled: true
|
||||
primary: false
|
||||
clusterWide: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: ClusterRole
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-other
|
||||
|
||||
- it: should pass with main rbac set as primary and other not (ClusterRoleBinding - main)
|
||||
documentIndex: *roleBindingDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
clusterWide: true
|
||||
other:
|
||||
enabled: true
|
||||
primary: false
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: ClusterRoleBinding
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test
|
||||
|
||||
- it: should pass with main rbac set as primary and other not (ClusterRoleBinding - other)
|
||||
documentIndex: *otherRoleBindingDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
other:
|
||||
enabled: true
|
||||
primary: false
|
||||
clusterWide: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: ClusterRoleBinding
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-other
|
||||
######
|
||||
- it: should pass with other rbac set as primary and main not (Role - main)
|
||||
documentIndex: *roleDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: false
|
||||
other:
|
||||
enabled: true
|
||||
primary: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: Role
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-main
|
||||
|
||||
- it: should pass with other rbac set as primary and main not (Role - other)
|
||||
documentIndex: &otherRoleDoc 2
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: false
|
||||
other:
|
||||
enabled: true
|
||||
primary: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: Role
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test
|
||||
|
||||
- it: should pass with other rbac set as primary and main not (RoleBinding - main)
|
||||
documentIndex: *roleBindingDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: false
|
||||
other:
|
||||
enabled: true
|
||||
primary: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: RoleBinding
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-main
|
||||
|
||||
- it: should pass with other rbac set as primary and main not (RoleBinding - other)
|
||||
documentIndex: &otherRoleBindingDoc 3
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: false
|
||||
other:
|
||||
enabled: true
|
||||
primary: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: RoleBinding
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test
|
||||
|
||||
- it: should pass with other rbac set as primary and main not (ClusterRole - main)
|
||||
documentIndex: *roleDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: false
|
||||
clusterWide: true
|
||||
other:
|
||||
enabled: true
|
||||
primary: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: ClusterRole
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-main
|
||||
|
||||
- it: should pass with other rbac set as primary and main not (ClusterRole - other)
|
||||
documentIndex: *otherRoleDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: false
|
||||
other:
|
||||
enabled: true
|
||||
primary: true
|
||||
clusterWide: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: ClusterRole
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test
|
||||
|
||||
- it: should pass with other rbac set as primary and main not (ClusterRoleBinding - main)
|
||||
documentIndex: *roleBindingDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: false
|
||||
clusterWide: true
|
||||
other:
|
||||
enabled: true
|
||||
primary: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: ClusterRoleBinding
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-main
|
||||
|
||||
- it: should pass with other rbac set as primary and main not (ClusterRoleBinding - other)
|
||||
documentIndex: *otherRoleBindingDoc
|
||||
set:
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: false
|
||||
other:
|
||||
enabled: true
|
||||
primary: true
|
||||
clusterWide: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: ClusterRoleBinding
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test
|
||||
27
library/common/1.0.0/templates/lib/util/_primary_rbac.tpl
Normal file
27
library/common/1.0.0/templates/lib/util/_primary_rbac.tpl
Normal file
@@ -0,0 +1,27 @@
|
||||
{{/* Returns the primary rbac object */}}
|
||||
{{- define "ix.v1.common.lib.util.rbac.primary" -}}
|
||||
{{- $enabledrbacs := dict -}}
|
||||
{{- range $name, $rbac := .Values.rbac -}}
|
||||
{{- if $rbac.enabled -}}
|
||||
{{- $_ := set $enabledrbacs $name . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $result := "" -}}
|
||||
{{- range $name, $rbac := $enabledrbacs -}}
|
||||
{{- if (hasKey $rbac "primary") -}}
|
||||
{{- if $rbac.primary -}}
|
||||
{{- if $result -}}
|
||||
{{- fail "More than one RBACS are set as primary. This is not supported." -}}
|
||||
{{- end -}}
|
||||
{{- $result = $name -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not $result -}}
|
||||
{{- $result = keys $enabledrbacs | first -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $result -}}
|
||||
{{- end -}}
|
||||
Reference in New Issue
Block a user