1
2
3
4 package krusty_test
5
6 import (
7 "strings"
8 "testing"
9
10 kusttest_test "sigs.k8s.io/kustomize/api/testutils/kusttest"
11 )
12
13 func writeBase(th kusttest_test.Harness) {
14 th.WriteK("base", `
15 resources:
16 - serviceaccount.yaml
17 - rolebinding.yaml
18 - clusterrolebinding.yaml
19 - clusterrole.yaml
20 namePrefix: pfx-
21 nameSuffix: -sfx
22 `)
23 th.WriteF("base/serviceaccount.yaml", `
24 apiVersion: v1
25 kind: ServiceAccount
26 metadata:
27 name: serviceaccount
28 `)
29 th.WriteF("base/rolebinding.yaml", `
30 apiVersion: rbac.authorization.k8s.io/v1beta1
31 kind: RoleBinding
32 metadata:
33 name: rolebinding
34 roleRef:
35 apiGroup: rbac.authorization.k8s.io
36 kind: ClusterRole
37 name: role
38 subjects:
39 - kind: ServiceAccount
40 name: serviceaccount
41 `)
42 th.WriteF("base/clusterrolebinding.yaml", `
43 apiVersion: rbac.authorization.k8s.io/v1beta1
44 kind: ClusterRoleBinding
45 metadata:
46 name: rolebinding
47 roleRef:
48 apiGroup: rbac.authorization.k8s.io
49 kind: ClusterRole
50 name: role
51 subjects:
52 - kind: ServiceAccount
53 name: serviceaccount
54 `)
55 th.WriteF("base/clusterrole.yaml", `
56 apiVersion: rbac.authorization.k8s.io/v1
57 kind: ClusterRole
58 metadata:
59 name: role
60 rules:
61 - apiGroups: [""]
62 resources: ["secrets"]
63 verbs: ["get", "watch", "list"]
64 `)
65 }
66
67 func writeMidOverlays(th kusttest_test.Harness) {
68
69 th.WriteK("overlays/a", `
70 resources:
71 - ../../base
72 namePrefix: a-
73 nameSuffix: -suffixA
74 `)
75 th.WriteK("overlays/b", `
76 resources:
77 - ../../base
78 namePrefix: b-
79 nameSuffix: -suffixB
80 `)
81 }
82
83 func writeTopOverlay(th kusttest_test.Harness) {
84
85 th.WriteK("combined", `
86 resources:
87 - ../overlays/a
88 - ../overlays/b
89 `)
90 }
91
92 func TestBase(t *testing.T) {
93 th := kusttest_test.MakeHarness(t)
94 writeBase(th)
95 m := th.Run("base", th.MakeDefaultOptions())
96 th.AssertActualEqualsExpected(m, `
97 apiVersion: v1
98 kind: ServiceAccount
99 metadata:
100 name: pfx-serviceaccount-sfx
101 ---
102 apiVersion: rbac.authorization.k8s.io/v1beta1
103 kind: RoleBinding
104 metadata:
105 name: pfx-rolebinding-sfx
106 roleRef:
107 apiGroup: rbac.authorization.k8s.io
108 kind: ClusterRole
109 name: pfx-role-sfx
110 subjects:
111 - kind: ServiceAccount
112 name: pfx-serviceaccount-sfx
113 ---
114 apiVersion: rbac.authorization.k8s.io/v1beta1
115 kind: ClusterRoleBinding
116 metadata:
117 name: pfx-rolebinding-sfx
118 roleRef:
119 apiGroup: rbac.authorization.k8s.io
120 kind: ClusterRole
121 name: pfx-role-sfx
122 subjects:
123 - kind: ServiceAccount
124 name: pfx-serviceaccount-sfx
125 ---
126 apiVersion: rbac.authorization.k8s.io/v1
127 kind: ClusterRole
128 metadata:
129 name: pfx-role-sfx
130 rules:
131 - apiGroups:
132 - ""
133 resources:
134 - secrets
135 verbs:
136 - get
137 - watch
138 - list
139 `)
140 }
141
142 func TestMidLevelA(t *testing.T) {
143 th := kusttest_test.MakeHarness(t)
144 writeBase(th)
145 writeMidOverlays(th)
146 m := th.Run("overlays/a", th.MakeDefaultOptions())
147 th.AssertActualEqualsExpected(m, `
148 apiVersion: v1
149 kind: ServiceAccount
150 metadata:
151 name: a-pfx-serviceaccount-sfx-suffixA
152 ---
153 apiVersion: rbac.authorization.k8s.io/v1beta1
154 kind: RoleBinding
155 metadata:
156 name: a-pfx-rolebinding-sfx-suffixA
157 roleRef:
158 apiGroup: rbac.authorization.k8s.io
159 kind: ClusterRole
160 name: a-pfx-role-sfx-suffixA
161 subjects:
162 - kind: ServiceAccount
163 name: a-pfx-serviceaccount-sfx-suffixA
164 ---
165 apiVersion: rbac.authorization.k8s.io/v1beta1
166 kind: ClusterRoleBinding
167 metadata:
168 name: a-pfx-rolebinding-sfx-suffixA
169 roleRef:
170 apiGroup: rbac.authorization.k8s.io
171 kind: ClusterRole
172 name: a-pfx-role-sfx-suffixA
173 subjects:
174 - kind: ServiceAccount
175 name: a-pfx-serviceaccount-sfx-suffixA
176 ---
177 apiVersion: rbac.authorization.k8s.io/v1
178 kind: ClusterRole
179 metadata:
180 name: a-pfx-role-sfx-suffixA
181 rules:
182 - apiGroups:
183 - ""
184 resources:
185 - secrets
186 verbs:
187 - get
188 - watch
189 - list
190 `)
191 }
192
193 func TestMidLevelB(t *testing.T) {
194 th := kusttest_test.MakeHarness(t)
195 writeBase(th)
196 writeMidOverlays(th)
197 m := th.Run("overlays/b", th.MakeDefaultOptions())
198 th.AssertActualEqualsExpected(m, `
199 apiVersion: v1
200 kind: ServiceAccount
201 metadata:
202 name: b-pfx-serviceaccount-sfx-suffixB
203 ---
204 apiVersion: rbac.authorization.k8s.io/v1beta1
205 kind: RoleBinding
206 metadata:
207 name: b-pfx-rolebinding-sfx-suffixB
208 roleRef:
209 apiGroup: rbac.authorization.k8s.io
210 kind: ClusterRole
211 name: b-pfx-role-sfx-suffixB
212 subjects:
213 - kind: ServiceAccount
214 name: b-pfx-serviceaccount-sfx-suffixB
215 ---
216 apiVersion: rbac.authorization.k8s.io/v1beta1
217 kind: ClusterRoleBinding
218 metadata:
219 name: b-pfx-rolebinding-sfx-suffixB
220 roleRef:
221 apiGroup: rbac.authorization.k8s.io
222 kind: ClusterRole
223 name: b-pfx-role-sfx-suffixB
224 subjects:
225 - kind: ServiceAccount
226 name: b-pfx-serviceaccount-sfx-suffixB
227 ---
228 apiVersion: rbac.authorization.k8s.io/v1
229 kind: ClusterRole
230 metadata:
231 name: b-pfx-role-sfx-suffixB
232 rules:
233 - apiGroups:
234 - ""
235 resources:
236 - secrets
237 verbs:
238 - get
239 - watch
240 - list
241 `)
242 }
243
244 func TestMultibasesNoConflict(t *testing.T) {
245 th := kusttest_test.MakeHarness(t)
246 writeBase(th)
247 writeMidOverlays(th)
248 writeTopOverlay(th)
249 m := th.Run("combined", th.MakeDefaultOptions())
250 th.AssertActualEqualsExpected(m, `
251 apiVersion: v1
252 kind: ServiceAccount
253 metadata:
254 name: a-pfx-serviceaccount-sfx-suffixA
255 ---
256 apiVersion: rbac.authorization.k8s.io/v1beta1
257 kind: RoleBinding
258 metadata:
259 name: a-pfx-rolebinding-sfx-suffixA
260 roleRef:
261 apiGroup: rbac.authorization.k8s.io
262 kind: ClusterRole
263 name: a-pfx-role-sfx-suffixA
264 subjects:
265 - kind: ServiceAccount
266 name: a-pfx-serviceaccount-sfx-suffixA
267 ---
268 apiVersion: rbac.authorization.k8s.io/v1beta1
269 kind: ClusterRoleBinding
270 metadata:
271 name: a-pfx-rolebinding-sfx-suffixA
272 roleRef:
273 apiGroup: rbac.authorization.k8s.io
274 kind: ClusterRole
275 name: a-pfx-role-sfx-suffixA
276 subjects:
277 - kind: ServiceAccount
278 name: a-pfx-serviceaccount-sfx-suffixA
279 ---
280 apiVersion: rbac.authorization.k8s.io/v1
281 kind: ClusterRole
282 metadata:
283 name: a-pfx-role-sfx-suffixA
284 rules:
285 - apiGroups:
286 - ""
287 resources:
288 - secrets
289 verbs:
290 - get
291 - watch
292 - list
293 ---
294 apiVersion: v1
295 kind: ServiceAccount
296 metadata:
297 name: b-pfx-serviceaccount-sfx-suffixB
298 ---
299 apiVersion: rbac.authorization.k8s.io/v1beta1
300 kind: RoleBinding
301 metadata:
302 name: b-pfx-rolebinding-sfx-suffixB
303 roleRef:
304 apiGroup: rbac.authorization.k8s.io
305 kind: ClusterRole
306 name: b-pfx-role-sfx-suffixB
307 subjects:
308 - kind: ServiceAccount
309 name: b-pfx-serviceaccount-sfx-suffixB
310 ---
311 apiVersion: rbac.authorization.k8s.io/v1beta1
312 kind: ClusterRoleBinding
313 metadata:
314 name: b-pfx-rolebinding-sfx-suffixB
315 roleRef:
316 apiGroup: rbac.authorization.k8s.io
317 kind: ClusterRole
318 name: b-pfx-role-sfx-suffixB
319 subjects:
320 - kind: ServiceAccount
321 name: b-pfx-serviceaccount-sfx-suffixB
322 ---
323 apiVersion: rbac.authorization.k8s.io/v1
324 kind: ClusterRole
325 metadata:
326 name: b-pfx-role-sfx-suffixB
327 rules:
328 - apiGroups:
329 - ""
330 resources:
331 - secrets
332 verbs:
333 - get
334 - watch
335 - list
336 `)
337 }
338
339 func TestMultibasesWithConflict(t *testing.T) {
340 th := kusttest_test.MakeHarness(t)
341 writeBase(th)
342 writeMidOverlays(th)
343 writeTopOverlay(th)
344
345 th.WriteK("overlays/a", `
346 namePrefix: a-
347 nameSuffix: -suffixA
348 resources:
349 - serviceaccount.yaml
350 - ../../base
351 `)
352
353
354 th.WriteF("overlays/a/serviceaccount.yaml", `
355 apiVersion: v1
356 kind: ServiceAccount
357 metadata:
358 name: serviceaccount
359 `)
360
361 err := th.RunWithErr("combined", th.MakeDefaultOptions())
362 if err == nil {
363 t.Fatalf("expected error")
364 }
365 if !strings.Contains(err.Error(), "found multiple possible referrals") {
366 t.Fatalf("unexpected error %v", err)
367 }
368 }
369
View as plain text