logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768
							suite: test rbac
templates:
  - rbac.yaml
tests:
  - it: should remove the labels aggregate-to-view to the view ClusterRole
    set:
      rbac:
        aggregateToView: false
    asserts:
      - notExists:
          path: metadata.labels["rbac.authorization.k8s.io/aggregate-to-view"]
        documentSelector:
          kind: ClusterRole
          path: metadata.name
          value: RELEASE-NAME-external-secrets-view
  - it: should remove the labels aggregate-to-edit to the view and edit ClusterRoles
    set:
      rbac:
        aggregateToEdit: false
    asserts:
      - notExists:
          path: metadata.labels["rbac.authorization.k8s.io/aggregate-to-edit"]
        documentSelector:
          kind: ClusterRole
          path: metadata.name
          value: RELEASE-NAME-external-secrets-view
      - notExists:
          path: metadata.labels["rbac.authorization.k8s.io/aggregate-to-edit"]
        documentSelector:
          kind: ClusterRole
          path: metadata.name
          value: RELEASE-NAME-external-secrets-edit
  - it: should not create auth delegator ClusterRoleBinding by default
    documentSelector:
      path: kind
      value: ClusterRoleBinding
    asserts:
      - notEqual:
          path: metadata.name
          value: RELEASE-NAME-external-secrets-auth-delegator

  - it: should create auth delegator ClusterRoleBinding when systemAuthDelegator is true
    set:
      systemAuthDelegator: true
    documentSelector:
      path: metadata.name
      value: RELEASE-NAME-external-secrets-auth-delegator
    asserts:
      - isKind:
          of: ClusterRoleBinding
      - equal:
          path: roleRef.apiGroup
          value: rbac.authorization.k8s.io
      - equal:
          path: roleRef.kind
          value: ClusterRole
      - equal:
          path: roleRef.name
          value: system:auth-delegator
      - equal:
          path: subjects[0].kind
          value: ServiceAccount
      - equal:
          path: subjects[0].name
          value: RELEASE-NAME-external-secrets
      - equal:
          path: subjects[0].namespace
          value: NAMESPACE