1
2
3
4 package krusty_test
5
6 import (
7 "testing"
8
9 kusttest_test "sigs.k8s.io/kustomize/api/testutils/kusttest"
10 )
11
12
13 func TestNameUpdateInRoleRef(t *testing.T) {
14 th := kusttest_test.MakeHarness(t)
15 th.WriteF("rbac.yaml", `
16 apiVersion: rbac.authorization.k8s.io/v1
17 kind: ClusterRole
18 metadata:
19 name: my-role
20 rules:
21 - apiGroups:
22 - '*'
23 resources:
24 - '*'
25 verbs:
26 - get
27 ---
28 apiVersion: rbac.authorization.k8s.io/v1
29 kind: ClusterRoleBinding
30 metadata:
31 name: my-role
32 roleRef:
33 apiGroup: rbac.authorization.k8s.io
34 kind: ClusterRole
35 name: my-role
36 subjects:
37 - kind: ServiceAccount
38 name: default
39 namespace: foo
40 ---
41 apiVersion: rbac.authorization.k8s.io/v1
42 kind: Role
43 metadata:
44 name: my-role
45 rules:
46 - apiGroups:
47 - ""
48 resources:
49 - secrets
50 verbs:
51 - get
52 ---
53 apiVersion: rbac.authorization.k8s.io/v1
54 kind: RoleBinding
55 metadata:
56 name: my-role
57 roleRef:
58 apiGroup: rbac.authorization.k8s.io
59 version: v1
60 kind: Role
61 name: my-role
62 subjects:
63 - kind: ServiceAccount
64 name: default
65 `)
66
67 th.WriteK(".", `
68 namespace: foo
69 resources:
70 - rbac.yaml
71
72 patches:
73 - patch: |-
74 - op: add
75 path: /metadata/name
76 value: prefix_my-role
77 target:
78 group: rbac.authorization.k8s.io
79 version: v1
80 kind: ClusterRole
81 name: my-role
82 `)
83
84 m := th.Run(".", th.MakeDefaultOptions())
85 th.AssertActualEqualsExpected(m, `
86 apiVersion: rbac.authorization.k8s.io/v1
87 kind: ClusterRole
88 metadata:
89 name: prefix_my-role
90 rules:
91 - apiGroups:
92 - '*'
93 resources:
94 - '*'
95 verbs:
96 - get
97 ---
98 apiVersion: rbac.authorization.k8s.io/v1
99 kind: ClusterRoleBinding
100 metadata:
101 name: my-role
102 roleRef:
103 apiGroup: rbac.authorization.k8s.io
104 kind: ClusterRole
105 name: prefix_my-role
106 subjects:
107 - kind: ServiceAccount
108 name: default
109 namespace: foo
110 ---
111 apiVersion: rbac.authorization.k8s.io/v1
112 kind: Role
113 metadata:
114 name: my-role
115 namespace: foo
116 rules:
117 - apiGroups:
118 - ""
119 resources:
120 - secrets
121 verbs:
122 - get
123 ---
124 apiVersion: rbac.authorization.k8s.io/v1
125 kind: RoleBinding
126 metadata:
127 name: my-role
128 namespace: foo
129 roleRef:
130 apiGroup: rbac.authorization.k8s.io
131 kind: Role
132 name: my-role
133 version: v1
134 subjects:
135 - kind: ServiceAccount
136 name: default
137 namespace: foo
138 `)
139 }
140
141
142 func TestNameUpdateInRoleRef2(t *testing.T) {
143 th := kusttest_test.MakeHarness(t)
144 th.WriteF("workloads.yaml", `
145 ---
146 apiVersion: v1
147 kind: ServiceAccount
148 metadata:
149 name: myapp
150
151 ---
152 apiVersion: rbac.authorization.k8s.io/v1
153 kind: ClusterRole
154 metadata:
155 name: myapp
156 rules:
157 - apiGroups:
158 - ""
159 resources:
160 - nodes/metrics
161 verbs:
162 - get
163
164 ---
165 apiVersion: rbac.authorization.k8s.io/v1
166 kind: ClusterRoleBinding
167 metadata:
168 name: myapp
169 roleRef:
170 apiGroup: rbac.authorization.k8s.io
171 kind: ClusterRole
172 name: myapp
173 subjects:
174 - kind: ServiceAccount
175 name: myapp
176
177 ---
178 apiVersion: rbac.authorization.k8s.io/v1
179 kind: Role
180 metadata:
181 name: myapp
182 rules:
183 - apiGroups:
184 - ""
185 resources:
186 - services
187 verbs:
188 - get
189
190 ---
191 apiVersion: rbac.authorization.k8s.io/v1
192 kind: RoleBinding
193 metadata:
194 name: myapp
195 roleRef:
196 apiGroup: rbac.authorization.k8s.io
197 kind: Role
198 name: myapp
199 subjects:
200 - kind: ServiceAccount
201 name: myapp
202 `)
203
204 th.WriteF("suffixTransformer.yaml", `
205 apiVersion: builtin
206 kind: PrefixSuffixTransformer
207 metadata:
208 name: notImportantHere
209 suffix: -suffix
210 fieldSpecs:
211 - path: metadata/name
212 kind: ClusterRole
213 name: myapp
214 - path: metadata/name
215 kind: ClusterRoleBinding
216 name: myapp
217 `)
218
219 th.WriteK(".", `
220 resources:
221 - workloads.yaml
222 transformers:
223 - suffixTransformer.yaml
224 namespace: test
225
226 `)
227
228 m := th.Run(".", th.MakeDefaultOptions())
229 th.AssertActualEqualsExpected(m, `
230 apiVersion: v1
231 kind: ServiceAccount
232 metadata:
233 name: myapp
234 namespace: test
235 ---
236 apiVersion: rbac.authorization.k8s.io/v1
237 kind: ClusterRole
238 metadata:
239 name: myapp-suffix
240 rules:
241 - apiGroups:
242 - ""
243 resources:
244 - nodes/metrics
245 verbs:
246 - get
247 ---
248 apiVersion: rbac.authorization.k8s.io/v1
249 kind: ClusterRoleBinding
250 metadata:
251 name: myapp-suffix
252 roleRef:
253 apiGroup: rbac.authorization.k8s.io
254 kind: ClusterRole
255 name: myapp-suffix
256 subjects:
257 - kind: ServiceAccount
258 name: myapp
259 namespace: test
260 ---
261 apiVersion: rbac.authorization.k8s.io/v1
262 kind: Role
263 metadata:
264 name: myapp
265 namespace: test
266 rules:
267 - apiGroups:
268 - ""
269 resources:
270 - services
271 verbs:
272 - get
273 ---
274 apiVersion: rbac.authorization.k8s.io/v1
275 kind: RoleBinding
276 metadata:
277 name: myapp
278 namespace: test
279 roleRef:
280 apiGroup: rbac.authorization.k8s.io
281 kind: Role
282 name: myapp
283 subjects:
284 - kind: ServiceAccount
285 name: myapp
286 namespace: test
287 `)
288 }
289
View as plain text