logic855
/
helm-external-secrets
зеркало из https://github.com/external-secrets/external-secrets


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
							suite: test cert controller rbac
templates:
  - cert-controller-rbac.yaml
tests:
  - it: should keep get/list/watch on customresourcedefinitions cluster-wide
    documentIndex: 0
    asserts:
      - contains:
          path: rules
          content:
            apiGroups:
              - "apiextensions.k8s.io"
            resources:
              - "customresourcedefinitions"
            verbs:
              - "get"
              - "list"
              - "watch"
  - it: should scope customresourcedefinitions update/patch to the managed CRDs by resourceNames
    documentIndex: 0
    asserts:
      - contains:
          path: rules
          content:
            apiGroups:
              - "apiextensions.k8s.io"
            resources:
              - "customresourcedefinitions"
            resourceNames:
              - "externalsecrets.external-secrets.io"
              - "secretstores.external-secrets.io"
              - "clustersecretstores.external-secrets.io"
            verbs:
              - "update"
              - "patch"
      - notContains:
          path: rules
          content:
            apiGroups:
              - "apiextensions.k8s.io"
            resources:
              - "customresourcedefinitions"
            verbs:
              - "get"
              - "list"
              - "watch"
              - "update"
              - "patch"
  - it: should exclude clustersecretstores from the scoped CRD rule when createClusterSecretStore is false
    documentIndex: 0
    set:
      crds:
        createClusterSecretStore: false
    asserts:
      - contains:
          path: rules
          content:
            apiGroups:
              - "apiextensions.k8s.io"
            resources:
              - "customresourcedefinitions"
            resourceNames:
              - "externalsecrets.external-secrets.io"
              - "secretstores.external-secrets.io"
            verbs:
              - "update"
              - "patch"
  - it: should keep get/list/watch on secrets cluster-wide
    documentIndex: 0
    asserts:
      - contains:
          path: rules
          content:
            apiGroups:
              - ""
            resources:
              - "secrets"
            verbs:
              - "get"
              - "list"
              - "watch"
  - it: should scope secret update/patch to the webhook secret by resourceNames
    documentIndex: 0
    asserts:
      - contains:
          path: rules
          content:
            apiGroups:
              - ""
            resources:
              - "secrets"
            resourceNames:
              - "RELEASE-NAME-external-secrets-webhook"
            verbs:
              - "update"
              - "patch"
      - notContains:
          path: rules
          content:
            apiGroups:
              - ""
            resources:
              - "secrets"
            verbs:
              - "get"
              - "list"
              - "watch"
              - "update"
              - "patch"