Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 6a1373e338
Branches Tags
helm-externa...
/
deploy
/
charts
/
external-secrets
/
tests
/
rbac_test.yaml

rbac_test.yaml 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. suite: test rbac
    2. 

  2. templates:
    3. 

  3.   - rbac.yaml
    4. 

  4. tests:
    5. 

  5.   - it: should remove the labels aggregate-to-view to the view ClusterRole
    6. 

  6.     set:
    7. 

  7.       rbac:
    8. 

  8.         aggregateToView: false
    9. 

  9.     asserts:
    10. 

  10.       - notExists:
    11. 

  11.           path: metadata.labels["rbac.authorization.k8s.io/aggregate-to-view"]
    12. 

  12.         documentSelector:
    13. 

  13.           kind: ClusterRole
    14. 

  14.           path: metadata.name
    15. 

  15.           value: RELEASE-NAME-external-secrets-view
    16. 

  16.   - it: should remove the labels aggregate-to-edit to the view and edit ClusterRoles
    17. 

  17.     set:
    18. 

  18.       rbac:
    19. 

  19.         aggregateToEdit: false
    20. 

  20.     asserts:
    21. 

  21.       - notExists:
    22. 

  22.           path: metadata.labels["rbac.authorization.k8s.io/aggregate-to-edit"]
    23. 

  23.         documentSelector:
    24. 

  24.           kind: ClusterRole
    25. 

  25.           path: metadata.name
    26. 

  26.           value: RELEASE-NAME-external-secrets-view
    27. 

  27.       - notExists:
    28. 

  28.           path: metadata.labels["rbac.authorization.k8s.io/aggregate-to-edit"]
    29. 

  29.         documentSelector:
    30. 

  30.           kind: ClusterRole
    31. 

  31.           path: metadata.name
    32. 

  32.           value: RELEASE-NAME-external-secrets-edit
    33. 

  33.   - it: should not create auth delegator ClusterRoleBinding by default
    34. 

  34.     documentSelector:
    35. 

  35.       path: kind
    36. 

  36.       value: ClusterRoleBinding
    37. 

  37.     asserts:
    38. 

  38.       - notEqual:
    39. 

  39.           path: metadata.name
    40. 

  40.           value: RELEASE-NAME-external-secrets-auth-delegator
    41. 

  41. 

  42.   - it: should create auth delegator ClusterRoleBinding when systemAuthDelegator is true
    43. 

  43.     set:
    44. 

  44.       systemAuthDelegator: true
    45. 

  45.     documentSelector:
    46. 

  46.       path: metadata.name
    47. 

  47.       value: RELEASE-NAME-external-secrets-auth-delegator
    48. 

  48.     asserts:
    49. 

  49.       - isKind:
    50. 

  50.           of: ClusterRoleBinding
    51. 

  51.       - equal:
    52. 

  52.           path: roleRef.apiGroup
    53. 

  53.           value: rbac.authorization.k8s.io
    54. 

  54.       - equal:
    55. 

  55.           path: roleRef.kind
    56. 

  56.           value: ClusterRole
    57. 

  57.       - equal:
    58. 

  58.           path: roleRef.name
    59. 

  59.           value: system:auth-delegator
    60. 

  60.       - equal:
    61. 

  61.           path: subjects[0].kind
    62. 

  62.           value: ServiceAccount
    63. 

  63.       - equal:
    64. 

  64.           path: subjects[0].name
    65. 

  65.           value: RELEASE-NAME-external-secrets
    66. 

  66.       - equal:
    67. 

  67.           path: subjects[0].namespace
    68. 

  68.           value: NAMESPACE
    69.