115 lines
2.8 KiB
YAML
115 lines
2.8 KiB
YAML
suite: Platform Secret Role
|
|
templates:
|
|
- platform-rbac.yaml
|
|
|
|
tests:
|
|
- it: check explicitly disabled
|
|
set:
|
|
external:
|
|
platform:
|
|
apiKey:
|
|
namespace: "some-other-namespace"
|
|
createRBAC: false
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 0
|
|
|
|
- it: check disabled on empty namespace
|
|
set:
|
|
external:
|
|
platform:
|
|
apiKey:
|
|
namespace: ""
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 0
|
|
|
|
- it: check disabled on implicit same namespace
|
|
set:
|
|
external:
|
|
platform:
|
|
apiKey:
|
|
secretName: "some-other-secret"
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 0
|
|
|
|
- it: automatically create role for specific secret for reading & patching
|
|
set:
|
|
external:
|
|
platform:
|
|
apiKey:
|
|
secretName: "my-secret-name"
|
|
namespace: "some-other-namespace"
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 2
|
|
- documentIndex: 0
|
|
lengthEqual:
|
|
path: rules
|
|
count: 1
|
|
- documentIndex: 0
|
|
equal:
|
|
path: metadata.name
|
|
value: "vc-RELEASE-NAME-v-NAMESPACE-platform-role"
|
|
- documentIndex: 1
|
|
equal:
|
|
path: metadata.name
|
|
value: "vc-RELEASE-NAME-v-NAMESPACE-platform-role-binding"
|
|
- documentIndex: 0
|
|
contains:
|
|
path: rules
|
|
count: 1
|
|
content:
|
|
apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get"]
|
|
resourceNames: ["my-secret-name"]
|
|
- documentIndex: 1
|
|
contains:
|
|
path: subjects
|
|
count: 1
|
|
content:
|
|
kind: ServiceAccount
|
|
name: vc-RELEASE-NAME
|
|
namespace: some-other-namespace
|
|
|
|
- it: automatically create role for default secret for reading & patching
|
|
set:
|
|
external:
|
|
platform:
|
|
apiKey:
|
|
namespace: "some-other-namespace"
|
|
asserts:
|
|
- hasDocuments:
|
|
count: 2
|
|
- documentIndex: 0
|
|
lengthEqual:
|
|
path: rules
|
|
count: 1
|
|
- documentIndex: 0
|
|
equal:
|
|
path: metadata.name
|
|
value: "vc-RELEASE-NAME-v-NAMESPACE-platform-role"
|
|
- documentIndex: 1
|
|
equal:
|
|
path: metadata.name
|
|
value: "vc-RELEASE-NAME-v-NAMESPACE-platform-role-binding"
|
|
- documentIndex: 0
|
|
contains:
|
|
path: rules
|
|
count: 1
|
|
content:
|
|
apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get"]
|
|
resourceNames: ["vcluster-platform-api-key"]
|
|
- documentIndex: 1
|
|
contains:
|
|
path: subjects
|
|
count: 1
|
|
content:
|
|
kind: ServiceAccount
|
|
name: vc-RELEASE-NAME
|
|
namespace: some-other-namespace
|