|
|
@@ -7,29 +7,69 @@ tests:
|
|
|
rbac:
|
|
|
aggregateToView: false
|
|
|
asserts:
|
|
|
+ - isKind:
|
|
|
+ of: ClusterRole
|
|
|
+ documentSelector:
|
|
|
+ path: metadata.name
|
|
|
+ value: RELEASE-NAME-external-secrets-view
|
|
|
- notExists:
|
|
|
path: metadata.labels["rbac.authorization.k8s.io/aggregate-to-view"]
|
|
|
documentSelector:
|
|
|
- kind: ClusterRole
|
|
|
path: metadata.name
|
|
|
value: RELEASE-NAME-external-secrets-view
|
|
|
+
|
|
|
- it: should remove the labels aggregate-to-edit to the view and edit ClusterRoles
|
|
|
set:
|
|
|
rbac:
|
|
|
aggregateToEdit: false
|
|
|
asserts:
|
|
|
+ - isKind:
|
|
|
+ of: ClusterRole
|
|
|
+ documentSelector:
|
|
|
+ path: metadata.name
|
|
|
+ value: RELEASE-NAME-external-secrets-view
|
|
|
- notExists:
|
|
|
path: metadata.labels["rbac.authorization.k8s.io/aggregate-to-edit"]
|
|
|
documentSelector:
|
|
|
- kind: ClusterRole
|
|
|
path: metadata.name
|
|
|
value: RELEASE-NAME-external-secrets-view
|
|
|
+ - isKind:
|
|
|
+ of: ClusterRole
|
|
|
+ documentSelector:
|
|
|
+ path: metadata.name
|
|
|
+ value: RELEASE-NAME-external-secrets-edit
|
|
|
- notExists:
|
|
|
path: metadata.labels["rbac.authorization.k8s.io/aggregate-to-edit"]
|
|
|
documentSelector:
|
|
|
- kind: ClusterRole
|
|
|
path: metadata.name
|
|
|
value: RELEASE-NAME-external-secrets-edit
|
|
|
+
|
|
|
+ - it: should remove the labels aggregate-to-admin to the view and edit ClusterRoles
|
|
|
+ set:
|
|
|
+ rbac:
|
|
|
+ aggregateToAdmin: false
|
|
|
+ asserts:
|
|
|
+ - isKind:
|
|
|
+ of: ClusterRole
|
|
|
+ documentSelector:
|
|
|
+ path: metadata.name
|
|
|
+ value: RELEASE-NAME-external-secrets-view
|
|
|
+ - notExists:
|
|
|
+ path: metadata.labels["rbac.authorization.k8s.io/aggregate-to-admin"]
|
|
|
+ documentSelector:
|
|
|
+ path: metadata.name
|
|
|
+ value: RELEASE-NAME-external-secrets-view
|
|
|
+ - isKind:
|
|
|
+ of: ClusterRole
|
|
|
+ documentSelector:
|
|
|
+ path: metadata.name
|
|
|
+ value: RELEASE-NAME-external-secrets-edit
|
|
|
+ - notExists:
|
|
|
+ path: metadata.labels["rbac.authorization.k8s.io/aggregate-to-admin"]
|
|
|
+ documentSelector:
|
|
|
+ path: metadata.name
|
|
|
+ value: RELEASE-NAME-external-secrets-edit
|
|
|
+
|
|
|
- it: should not create auth delegator ClusterRoleBinding by default
|
|
|
documentSelector:
|
|
|
path: kind
|