more fixes

2026-06-13 03:25:57 -03:00 · 2024-07-03 09:28:52 +03:00
parent c7a653f32a
commit acbe2fd4d8
4 changed files with 26 additions and 8 deletions
--- a/library/common-test/tests/rbac/validation_test.yaml
+++ b/library/common-test/tests/rbac/validation_test.yaml
@@ -341,3 +341,20 @@ tests:
    asserts:
      - failedTemplate:
          errorMessage: RBAC - Namespace [my-extra-super-duper-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters.
+
+  - it: should fail without serviceAccount
+    set:
+      rbac:
+        my-rbac:
+          enabled: true
+          primary: true
+          rules:
+            - apiGroups:
+                - ""
+              resources:
+                - pods
+              verbs:
+                - get
+    asserts:
+      - failedTemplate:
+          errorMessage: RBAC - Expected at least one serviceAccount to exist, but got [0]
--- a/library/common-test/tests/volsync/replication_dest_spec_test.yaml
+++ b/library/common-test/tests/volsync/replication_dest_spec_test.yaml
@@ -129,7 +129,7 @@ tests:
                enabled: false
      credentials: *credentials
    asserts:
-      - documentIndex: *replicationDestDoc
+      - documentIndex: &replicationDestDoc 4
        isKind:
          of: ReplicationDestination
      - documentIndex: *replicationDestDoc
--- a/library/common/templates/lib/dependencies/_volsyncDirectWait.tpl
+++ b/library/common/templates/lib/dependencies/_volsyncDirectWait.tpl
@@ -71,12 +71,6 @@ rules:
      - watch
 {{- end -}}

-{{/* TODO: adapt this to only assign to pods that need one */}}
-{{- define "tc.v1.common.dependencies.volsync.extrawaitsa" -}}
-enabled: true
-primary: false
-{{- end -}}
-
 {{- define "tc.v1.common.dependencies.volsync.waitsa.inject" -}}
  {{- $result := include "tc.v1.common.lib.rbac.hasPrimaryOnEnabled" (dict "rootCtx" $) | fromJson -}}
  {{- $hasPrimary := $result.hasPrimary -}}
@@ -98,7 +92,7 @@ primary: false
  {{- end -}}

  {{- $_ := set .Values.serviceAccount $saName (dict
-    "enabled" true "primary" not $hasPrimary "targetSelectAll" true
+    "enabled" true "primary" (not $hasPrimary) "targetSelectAll" true
  ) -}}

 {{- end -}}
@@ -139,6 +133,10 @@ primary: false
  {{- end -}}

  {{- if $volSyncDetect -}}
+    {{/* Inject the wait service account */}}
+    {{- include "tc.v1.common.dependencies.volsync.waitsa.inject" $ -}}
+
+    {{- /* Create the wait container */}}
    {{- $container := include "tc.v1.common.dependencies.volsync.directwait" $ | fromYaml -}}
    {{- if $container -}}
      {{- range $workload := .Values.workload -}}
--- a/library/common/templates/lib/rbac/_getServiceAccounts.tpl
+++ b/library/common/templates/lib/rbac/_getServiceAccounts.tpl
@@ -10,6 +10,9 @@ objectData: The object data to be used to render the RBAC.
  {{- $objectData := .objectData -}}

  {{- $serviceAccounts := list -}}
+  {{- if not $rootCtx.Values.serviceAccount -}}
+    {{- fail "RBAC - Expected at least one serviceAccount to exist, but got [0]" -}}
+  {{- end -}}

  {{- range $name, $serviceAccount := $rootCtx.Values.serviceAccount -}}
    {{- $saName := include "tc.v1.common.lib.chart.names.fullname" $rootCtx -}}