sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
dsk-devops-toolchains/helm/jenkins/unittests/rbac-test.yaml
dsk-minchulahn d601d0f259 디렉토리 구조 및 각 서비스 추가
2024-01-03 17:29:11 +09:00

218 lines
5.4 KiB
YAML
Raw Permalink Blame History

suite: Role Based Access Control
release:
name: my-release
namespace: my-namespace
templates:
- rbac.yaml
tests:
- it: test default number of documents
asserts:
- hasDocuments:
count: 4
- it: disable auto reload
set:
controller.sidecars.configAutoReload.enabled: false
asserts:
- hasDocuments:
count: 2
- it: disable rbac create
set:
rbac.create: false
asserts:
- hasDocuments:
count: 0
- it: Role schedule-agents
documentIndex: 0
asserts:
- isKind:
of: Role
- equal:
path: apiVersion
value: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-schedule-agents
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: rules
value:
- apiGroups: [""]
resources: ["pods", "pods/exec", "pods/log", "persistentvolumeclaims", "events"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods", "pods/exec", "persistentvolumeclaims"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- it: RoleBinding schedule-agents
documentIndex: 1
asserts:
- isKind:
of: RoleBinding
- equal:
path: apiVersion
value: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-schedule-agents
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: roleRef
value:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: my-release-jenkins-schedule-agents
- equal:
path: subjects
value:
- kind: ServiceAccount
name: my-release-jenkins
namespace: my-namespace
- it: Separate Agent Namespace
set:
agent.namespace: agent-namespace
asserts:
- equal:
path: metadata.namespace
value: agent-namespace
documentIndex: 0
- equal:
path: subjects
value:
- kind: ServiceAccount
name: my-release-jenkins
namespace: my-namespace
documentIndex: 1
- it: Role casc-reload
documentIndex: 2
asserts:
- isKind:
of: Role
- equal:
path: apiVersion
value: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-casc-reload
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: rules
value:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "watch", "list"]
- it: RoleBinding casc-reload
documentIndex: 3
asserts:
- isKind:
of: RoleBinding
- equal:
path: apiVersion
value: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-watch-configmaps
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: roleRef
value:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: my-release-jenkins-casc-reload
- equal:
path: subjects
value:
- kind: ServiceAccount
name: my-release-jenkins
namespace: my-namespace
- it: enable read secrets
set:
rbac.readSecrets: true
asserts:
- hasDocuments:
count: 6
- matchRegex:
path: metadata.labels.helm\.sh/chart
pattern: ^jenkins-
- it: disable helm.sh label
set:
renderHelmLabels: false
rbac.readSecrets: true
asserts:
- hasDocuments:
count: 6
- equal:
path: metadata.labels
value:
app.kubernetes.io/component: jenkins-controller
app.kubernetes.io/instance: my-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: jenkins
- it: Role read-secrets
set:
rbac.readSecrets: true
documentIndex: 2
asserts:
- isKind:
of: Role
- equal:
path: apiVersion
value: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-read-secrets
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: rules
value:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list"]
- it: RoleBinding read-secrets
set:
rbac.readSecrets: true
documentIndex: 3
asserts:
- isKind:
of: RoleBinding
- equal:
path: apiVersion
value: rbac.authorization.k8s.io/v1
- equal:
path: metadata.name
value: my-release-jenkins-read-secrets
- equal:
path: metadata.namespace
value: my-namespace
- equal:
path: roleRef
value:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: my-release-jenkins-read-secrets
- equal:
path: subjects
value:
- kind: ServiceAccount
name: my-release-jenkins
namespace: my-namespace
Reference in New Issue View Git Blame Copy Permalink