feat(common): Release v4.1.2 (#430)

Signed-off-by: Dan Manners <daniel.a.manners@gmail.com> Co-authored-by: Daniel Manners <daniel.a.manners@gmail.com>
2025-07-07 09:57:41 +02:00 · 2025-06-23 15:47:18 +02:00 · 2025-06-23 15:47:18 +02:00 · 42354af45b
commit 42354af45b
parent de383dc580
69 changed files with 1431 additions and 668 deletions
--- a/charts/library/common/test-chart/unittests/rbac/presence_test.yaml
+++ b/charts/library/common/test-chart/unittests/rbac/presence_test.yaml
@ -1,9 +1,10 @@
 ---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
 suite: rbac - presence
 templates:
  - common.yaml
 tests:
-  - it: role and rolebinding can be configured are not created by default
+  - it: role and rolebinding are not created by default
    asserts:
      - not: true
        containsDocument:
@ -25,7 +26,9 @@ tests:
          value: release-name
        equal:
          path: rules[0].verbs
-          value: ["get", "list"]
+          value:
+            - "get"
+            - "list"
      - documentSelector:
          path: $[?(@.kind == "RoleBinding")].metadata.name
          value: release-name
@ -60,13 +63,22 @@ tests:
      rbac.roles.customRole:
        type: ClusterRole
        rules:
-          - apiGroups: ["*"]
-            resources: ["*"]
-            verbs: ["get", "list", "watch"]
+          - apiGroups:
+              - "*"
+            resources:
+              - "*"
+            verbs:
+              - "get"
+              - "list"
+              - "watch"
    asserts:
-      - documentSelector:
-          path: $[?(@.kind == "ClusterRole")].metadata.name
-          value: release-name-customrole
-        equal:
-          path: rules[0].verbs
-          value: ["get", "list", "watch"]
+      - containsDocument:
+          kind: Role
+          apiVersion: rbac.authorization.k8s.io/v1
+          any: true
+          name: release-name-defaultrole
+      - containsDocument:
+          kind: ClusterRole
+          apiVersion: rbac.authorization.k8s.io/v1
+          any: true
+          name: release-name-customrole
--- a/charts/library/common/test-chart/unittests/rbac/role_test.yaml
+++ b/charts/library/common/test-chart/unittests/rbac/role_test.yaml
@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
+suite: rbac - role tests
+templates:
+  - common.yaml
+values:
+  - ../_values/rbac_values.yaml
+tests:
+  - it: Role should be namespaced
+    documentSelector:
+      path: $[?(@.kind == "Role")].metadata.name
+      value: release-name
+    asserts:
+      - exists:
+          path: metadata.namespace
+
+  - it: ClusterRole should not be namespaced
+    set:
+      rbac.roles.defaultRole:
+        type: ClusterRole
+    documentSelector:
+      path: $[?(@.kind == "ClusterRole")].metadata.name
+      value: release-name
+    asserts:
+      - notExists:
+          path: metadata.namespace
--- a/charts/library/common/test-chart/unittests/rbac/rolebinding_test.yaml
+++ b/charts/library/common/test-chart/unittests/rbac/rolebinding_test.yaml
@ -0,0 +1,84 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
+suite: rbac - rolebinding tests
+templates:
+  - common.yaml
+set:
+  rbac:
+    bindings:
+      defaultBinding:
+        enabled: true
+        type: RoleBinding
+        roleRef:
+          name: defaultBinding
+          kind: Role
+        subjects:
+          - kind: Group
+            name: oidc:/default-group
+          - kind: User
+            name: default-username
+          - kind: ServiceAccount
+            name: default
+            namespace: default
+tests:
+  - it: RoleBinding should be namespaced
+    documentSelector:
+      path: $[?(@.kind == "RoleBinding")].metadata.name
+      value: release-name
+    asserts:
+      - exists:
+          path: metadata.namespace
+
+  - it: ClusterRoleBinding should not be namespaced
+    set:
+      rbac.bindings.defaultBinding:
+        type: ClusterRoleBinding
+    documentSelector:
+      path: $[?(@.kind == "ClusterRoleBinding")].metadata.name
+      value: release-name
+    asserts:
+      - notExists:
+          path: metadata.namespace
+
+  - it: subject must be a valid group
+    documentSelector:
+      path: $[?(@.kind == "RoleBinding")].metadata.name
+      value: release-name
+    asserts:
+      - equal:
+          path: subjects[0].kind
+          value: Group
+      - equal:
+          path: subjects[0].name
+          value: oidc:/default-group
+      - notExists:
+          path: subjects[0].namespace
+
+  - it: subject must be a valid user
+    documentSelector:
+      path: $[?(@.kind == "RoleBinding")].metadata.name
+      value: release-name
+    asserts:
+      - equal:
+          path: subjects[1].kind
+          value: User
+      - equal:
+          path: subjects[1].name
+          value: default-username
+      - notExists:
+          path: subjects[0].namespace
+
+  - it: subject must be a valid user
+    documentSelector:
+      path: $[?(@.kind == "RoleBinding")].metadata.name
+      value: release-name
+    asserts:
+      - equal:
+          path: subjects[2].kind
+          value: ServiceAccount
+      - equal:
+          path: subjects[2].name
+          value: default
+      - equal:
+          path: subjects[2].namespace
+          value: default