mirror of
https://github.com/bjw-s-labs/helm-charts.git
synced 2025-07-07 01:47:41 +02:00
feat(common): Release v4.1.2 (#430)
Signed-off-by: Dan Manners <daniel.a.manners@gmail.com> Co-authored-by: Daniel Manners <daniel.a.manners@gmail.com>
This commit is contained in:
Bernd Schorgers
parent
de383dc580
commit
42354af45b
69 changed files with 1431 additions and 668 deletions
|
|
@ -6,9 +6,9 @@ rbac:
|
|||
defaultRole:
|
||||
type: Role
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["pods"]
|
||||
verbs: ["get", "list"]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "pods" ]
|
||||
verbs: [ "get", "list" ]
|
||||
|
||||
bindings:
|
||||
defaultBinding:
|
||||
|
|
@ -16,4 +16,4 @@ rbac:
|
|||
roleRef:
|
||||
identifier: defaultRole
|
||||
subjects:
|
||||
- identifier: default
|
||||
- identifier: default
|
||||
|
|
|
|||
|
|
@ -1,9 +1,10 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
|
||||
suite: rbac - presence
|
||||
templates:
|
||||
- common.yaml
|
||||
tests:
|
||||
- it: role and rolebinding can be configured are not created by default
|
||||
- it: role and rolebinding are not created by default
|
||||
asserts:
|
||||
- not: true
|
||||
containsDocument:
|
||||
|
|
@ -25,7 +26,9 @@ tests:
|
|||
value: release-name
|
||||
equal:
|
||||
path: rules[0].verbs
|
||||
value: ["get", "list"]
|
||||
value:
|
||||
- "get"
|
||||
- "list"
|
||||
- documentSelector:
|
||||
path: $[?(@.kind == "RoleBinding")].metadata.name
|
||||
value: release-name
|
||||
|
|
@ -60,13 +63,22 @@ tests:
|
|||
rbac.roles.customRole:
|
||||
type: ClusterRole
|
||||
rules:
|
||||
- apiGroups: ["*"]
|
||||
resources: ["*"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups:
|
||||
- "*"
|
||||
resources:
|
||||
- "*"
|
||||
verbs:
|
||||
- "get"
|
||||
- "list"
|
||||
- "watch"
|
||||
asserts:
|
||||
- documentSelector:
|
||||
path: $[?(@.kind == "ClusterRole")].metadata.name
|
||||
value: release-name-customrole
|
||||
equal:
|
||||
path: rules[0].verbs
|
||||
value: ["get", "list", "watch"]
|
||||
- containsDocument:
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
any: true
|
||||
name: release-name-defaultrole
|
||||
- containsDocument:
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
any: true
|
||||
name: release-name-customrole
|
||||
|
|
|
|||
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
|
||||
suite: rbac - role tests
|
||||
templates:
|
||||
- common.yaml
|
||||
values:
|
||||
- ../_values/rbac_values.yaml
|
||||
tests:
|
||||
- it: Role should be namespaced
|
||||
documentSelector:
|
||||
path: $[?(@.kind == "Role")].metadata.name
|
||||
value: release-name
|
||||
asserts:
|
||||
- exists:
|
||||
path: metadata.namespace
|
||||
|
||||
- it: ClusterRole should not be namespaced
|
||||
set:
|
||||
rbac.roles.defaultRole:
|
||||
type: ClusterRole
|
||||
documentSelector:
|
||||
path: $[?(@.kind == "ClusterRole")].metadata.name
|
||||
value: release-name
|
||||
asserts:
|
||||
- notExists:
|
||||
path: metadata.namespace
|
||||
|
|
@ -0,0 +1,84 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
|
||||
suite: rbac - rolebinding tests
|
||||
templates:
|
||||
- common.yaml
|
||||
set:
|
||||
rbac:
|
||||
bindings:
|
||||
defaultBinding:
|
||||
enabled: true
|
||||
type: RoleBinding
|
||||
roleRef:
|
||||
name: defaultBinding
|
||||
kind: Role
|
||||
subjects:
|
||||
- kind: Group
|
||||
name: oidc:/default-group
|
||||
- kind: User
|
||||
name: default-username
|
||||
- kind: ServiceAccount
|
||||
name: default
|
||||
namespace: default
|
||||
tests:
|
||||
- it: RoleBinding should be namespaced
|
||||
documentSelector:
|
||||
path: $[?(@.kind == "RoleBinding")].metadata.name
|
||||
value: release-name
|
||||
asserts:
|
||||
- exists:
|
||||
path: metadata.namespace
|
||||
|
||||
- it: ClusterRoleBinding should not be namespaced
|
||||
set:
|
||||
rbac.bindings.defaultBinding:
|
||||
type: ClusterRoleBinding
|
||||
documentSelector:
|
||||
path: $[?(@.kind == "ClusterRoleBinding")].metadata.name
|
||||
value: release-name
|
||||
asserts:
|
||||
- notExists:
|
||||
path: metadata.namespace
|
||||
|
||||
- it: subject must be a valid group
|
||||
documentSelector:
|
||||
path: $[?(@.kind == "RoleBinding")].metadata.name
|
||||
value: release-name
|
||||
asserts:
|
||||
- equal:
|
||||
path: subjects[0].kind
|
||||
value: Group
|
||||
- equal:
|
||||
path: subjects[0].name
|
||||
value: oidc:/default-group
|
||||
- notExists:
|
||||
path: subjects[0].namespace
|
||||
|
||||
- it: subject must be a valid user
|
||||
documentSelector:
|
||||
path: $[?(@.kind == "RoleBinding")].metadata.name
|
||||
value: release-name
|
||||
asserts:
|
||||
- equal:
|
||||
path: subjects[1].kind
|
||||
value: User
|
||||
- equal:
|
||||
path: subjects[1].name
|
||||
value: default-username
|
||||
- notExists:
|
||||
path: subjects[0].namespace
|
||||
|
||||
- it: subject must be a valid user
|
||||
documentSelector:
|
||||
path: $[?(@.kind == "RoleBinding")].metadata.name
|
||||
value: release-name
|
||||
asserts:
|
||||
- equal:
|
||||
path: subjects[2].kind
|
||||
value: ServiceAccount
|
||||
- equal:
|
||||
path: subjects[2].name
|
||||
value: default
|
||||
- equal:
|
||||
path: subjects[2].namespace
|
||||
value: default
|
||||
|
|
@ -5,6 +5,7 @@ templates:
|
|||
- common.yaml
|
||||
values:
|
||||
- ../_values/controllers_main_default_container.yaml
|
||||
- ../_values/service_main_default.yaml
|
||||
tests:
|
||||
- it: hostnames shouldn't be used for TCPRoutes and UDPRoutes
|
||||
set:
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ templates:
|
|||
- common.yaml
|
||||
values:
|
||||
- ../_values/controllers_main_default_container.yaml
|
||||
- ../_values/service_main_default.yaml
|
||||
tests:
|
||||
- it: setting gateway should pass
|
||||
set:
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ templates:
|
|||
- common.yaml
|
||||
values:
|
||||
- ../_values/controllers_main_default_container.yaml
|
||||
- ../_values/service_main_default.yaml
|
||||
set:
|
||||
route.main.parentRefs:
|
||||
- name: test
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ templates:
|
|||
- common.yaml
|
||||
values:
|
||||
- ../_values/controllers_main_default_container.yaml
|
||||
- ../_values/service_main_default.yaml
|
||||
set:
|
||||
route.main.parentRefs:
|
||||
- name: test
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ templates:
|
|||
- common.yaml
|
||||
values:
|
||||
- ../_values/controllers_main_default_container.yaml
|
||||
- ../_values/service_main_default.yaml
|
||||
set:
|
||||
route.main:
|
||||
parentRefs:
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ templates:
|
|||
- common.yaml
|
||||
values:
|
||||
- ../_values/controllers_main_default_container.yaml
|
||||
- ../_values/service_main_default.yaml
|
||||
tests:
|
||||
- it: an HTTPRoute is not created by default
|
||||
asserts:
|
||||
|
|
|
|||
|
|
@ -78,3 +78,24 @@ tests:
|
|||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Either name or identifier is required because automatic Service detection is not possible. (route: main)"
|
||||
|
||||
- it: automatic service and port reference should fail with absent rules field and when >1 service is enabled
|
||||
set:
|
||||
service:
|
||||
main:
|
||||
controller: main
|
||||
ports:
|
||||
ui:
|
||||
port: 8082
|
||||
second:
|
||||
controller: main
|
||||
ports:
|
||||
ui:
|
||||
port: 8082
|
||||
route.main:
|
||||
parentRefs:
|
||||
- name: parentName
|
||||
namespace: parentNamespace
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "An explicit rule is required because automatic Service detection is not possible. (route: main)"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue