github.com/joelanford/operator-sdk@v0.8.2/internal/pkg/scaffold/role_test.go

github.com/joelanford/operator-sdk@v0.8.2/internal/pkg/scaffold/role_test.go (about)

     1  // Copyright 2018 The Operator-SDK Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package scaffold
    16  
    17  import (
    18  	"testing"
    19  
    20  	"github.com/operator-framework/operator-sdk/internal/util/diffutil"
    21  
    22  	rbacv1 "k8s.io/api/rbac/v1"
    23  )
    24  
    25  func TestRole(t *testing.T) {
    26  	s, buf := setupScaffoldAndWriter()
    27  	err := s.Execute(appConfig, &Role{})
    28  	if err != nil {
    29  		t.Fatalf("Failed to execute the scaffold: (%v)", err)
    30  	}
    31  
    32  	if roleExp != buf.String() {
    33  		diffs := diffutil.Diff(roleExp, buf.String())
    34  		t.Fatalf("Expected vs actual differs.\n%v", diffs)
    35  	}
    36  }
    37  
    38  func TestRoleClusterScoped(t *testing.T) {
    39  	s, buf := setupScaffoldAndWriter()
    40  	err := s.Execute(appConfig, &Role{IsClusterScoped: true})
    41  	if err != nil {
    42  		t.Fatalf("Failed to execute the scaffold: (%v)", err)
    43  	}
    44  
    45  	if clusterroleExp != buf.String() {
    46  		diffs := diffutil.Diff(clusterroleExp, buf.String())
    47  		t.Fatalf("Expected vs actual differs.\n%v", diffs)
    48  	}
    49  }
    50  
    51  func TestRoleCustomRules(t *testing.T) {
    52  	s, buf := setupScaffoldAndWriter()
    53  	err := s.Execute(appConfig, &Role{
    54  		SkipDefaultRules: true,
    55  		SkipMetricsRules: true,
    56  		CustomRules: []rbacv1.PolicyRule{
    57  			{
    58  				APIGroups: []string{"policy"},
    59  				Resources: []string{"poddisruptionbudgets"},
    60  				Verbs:     []string{rbacv1.VerbAll},
    61  			},
    62  			{
    63  				APIGroups: []string{"rbac.authorization.k8s.io"},
    64  				Resources: []string{"roles", "rolebindings"},
    65  				Verbs:     []string{"get", "list", "watch"},
    66  			},
    67  		}})
    68  	if err != nil {
    69  		t.Fatalf("Failed to execute the scaffold: (%v)", err)
    70  	}
    71  
    72  	if roleCustomRulesExp != buf.String() {
    73  		diffs := diffutil.Diff(roleCustomRulesExp, buf.String())
    74  		t.Fatalf("Expected vs actual differs.\n%v", diffs)
    75  	}
    76  }
    77  
    78  const roleExp = `kind: Role
    79  apiVersion: rbac.authorization.k8s.io/v1
    80  metadata:
    81    name: app-operator
    82  rules:
    83  - apiGroups:
    84    - ""
    85    resources:
    86    - pods
    87    - services
    88    - endpoints
    89    - persistentvolumeclaims
    90    - events
    91    - configmaps
    92    - secrets
    93    verbs:
    94    - "*"
    95  - apiGroups:
    96    - apps
    97    resources:
    98    - deployments
    99    - daemonsets
   100    - replicasets
   101    - statefulsets
   102    verbs:
   103    - "*"
   104  - apiGroups:
   105    - monitoring.coreos.com
   106    resources:
   107    - servicemonitors
   108    verbs:
   109    - "get"
   110    - "create"
   111  - apiGroups:
   112    - apps
   113    resources:
   114    - deployments/finalizers
   115    resourceNames:
   116    - app-operator
   117    verbs:
   118    - "update"
   119  `
   120  
   121  const clusterroleExp = `kind: ClusterRole
   122  apiVersion: rbac.authorization.k8s.io/v1
   123  metadata:
   124    name: app-operator
   125  rules:
   126  - apiGroups:
   127    - ""
   128    resources:
   129    - pods
   130    - services
   131    - endpoints
   132    - persistentvolumeclaims
   133    - events
   134    - configmaps
   135    - secrets
   136    verbs:
   137    - "*"
   138  - apiGroups:
   139    - apps
   140    resources:
   141    - deployments
   142    - daemonsets
   143    - replicasets
   144    - statefulsets
   145    verbs:
   146    - "*"
   147  - apiGroups:
   148    - monitoring.coreos.com
   149    resources:
   150    - servicemonitors
   151    verbs:
   152    - "get"
   153    - "create"
   154  - apiGroups:
   155    - apps
   156    resources:
   157    - deployments/finalizers
   158    resourceNames:
   159    - app-operator
   160    verbs:
   161    - "update"
   162  `
   163  
   164  const roleCustomRulesExp = `kind: Role
   165  apiVersion: rbac.authorization.k8s.io/v1
   166  metadata:
   167    name: app-operator
   168  rules:
   169  - verbs:
   170    - "*"
   171    apiGroups:
   172    - "policy"
   173    resources:
   174    - "poddisruptionbudgets"
   175  - verbs:
   176    - "get"
   177    - "list"
   178    - "watch"
   179    apiGroups:
   180    - "rbac.authorization.k8s.io"
   181    resources:
   182    - "roles"
   183    - "rolebindings"
   184  `