From 230090d790bc6dc0be26406918bab7e1f3a0b2ad Mon Sep 17 00:00:00 2001 From: Jerome Brette Date: Sat, 20 Jul 2019 15:52:00 -0500 Subject: [PATCH] Fix namereference and stacked kustomization contexts (3/3) - Update unit and integration tests. --- pkg/resmap/resmap_test.go | 8 +- pkg/target/resourceconflict_test.go | 226 ++++++++++++++++++++++++---- 2 files changed, 201 insertions(+), 33 deletions(-) diff --git a/pkg/resmap/resmap_test.go b/pkg/resmap/resmap_test.go index d607d8485..fa6e31261 100644 --- a/pkg/resmap/resmap_test.go +++ b/pkg/resmap/resmap_test.go @@ -356,7 +356,7 @@ func TestSubsetThatCouldBeReferencedByResource(t *testing.T) { r4 := rf.FromMap( map[string]interface{}{ "apiVersion": "v1", - "kind": "ConfigMap", + "kind": "Deployment", "metadata": map[string]interface{}{ "name": "charlie", "namespace": "happy", @@ -365,7 +365,7 @@ func TestSubsetThatCouldBeReferencedByResource(t *testing.T) { r5 := rf.FromMap( map[string]interface{}{ "apiVersion": "v1", - "kind": "Deployment", + "kind": "ConfigMap", "metadata": map[string]interface{}{ "name": "charlie", "namespace": "happy", @@ -408,12 +408,12 @@ func TestSubsetThatCouldBeReferencedByResource(t *testing.T) { "happy namespace no prefix": { filter: r3, expected: resmaptest_test.NewRmBuilder(t, rf). - AddR(r3).AddR(r4).AddR(r7).ResMap(), + AddR(r3).AddR(r4).AddR(r5).AddR(r6).AddR(r7).ResMap(), }, "happy namespace with prefix": { filter: r5, expected: resmaptest_test.NewRmBuilder(t, rf). - AddR(r5).AddR(r6).AddR(r7).ResMap(), + AddR(r3).AddR(r4).AddR(r5).AddR(r6).AddR(r7).ResMap(), }, "cluster level": { filter: r7, diff --git a/pkg/target/resourceconflict_test.go b/pkg/target/resourceconflict_test.go index 676eab44c..96574c645 100644 --- a/pkg/target/resourceconflict_test.go +++ b/pkg/target/resourceconflict_test.go @@ -4,7 +4,6 @@ package target_test import ( - "strings" "testing" "sigs.k8s.io/kustomize/v3/pkg/kusttest" @@ -16,6 +15,7 @@ resources: - serviceaccount.yaml - rolebinding.yaml - clusterrolebinding.yaml +- clusterrole.yaml namePrefix: pfx- nameSuffix: -sfx `) @@ -32,7 +32,7 @@ metadata: name: rolebinding roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role + kind: ClusterRole name: role subjects: - kind: ServiceAccount @@ -45,11 +45,21 @@ metadata: name: rolebinding roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role + kind: ClusterRole name: role subjects: - kind: ServiceAccount name: serviceaccount +`) + th.WriteF("/app/base/clusterrole.yaml", ` +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: role +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] `) } @@ -97,8 +107,8 @@ metadata: name: pfx-rolebinding-sfx roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: role + kind: ClusterRole + name: pfx-role-sfx subjects: - kind: ServiceAccount name: pfx-serviceaccount-sfx @@ -109,11 +119,25 @@ metadata: name: pfx-rolebinding-sfx roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: role + kind: ClusterRole + name: pfx-role-sfx subjects: - kind: ServiceAccount name: pfx-serviceaccount-sfx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pfx-role-sfx +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - watch + - list `) } @@ -137,8 +161,8 @@ metadata: name: a-pfx-rolebinding-sfx-suffixA roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: role + kind: ClusterRole + name: a-pfx-role-sfx-suffixA subjects: - kind: ServiceAccount name: a-pfx-serviceaccount-sfx-suffixA @@ -149,11 +173,25 @@ metadata: name: a-pfx-rolebinding-sfx-suffixA roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: role + kind: ClusterRole + name: a-pfx-role-sfx-suffixA subjects: - kind: ServiceAccount name: a-pfx-serviceaccount-sfx-suffixA +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: a-pfx-role-sfx-suffixA +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - watch + - list `) } @@ -177,8 +215,8 @@ metadata: name: b-pfx-rolebinding-sfx-suffixB roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: role + kind: ClusterRole + name: b-pfx-role-sfx-suffixB subjects: - kind: ServiceAccount name: b-pfx-serviceaccount-sfx-suffixB @@ -189,11 +227,25 @@ metadata: name: b-pfx-rolebinding-sfx-suffixB roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: role + kind: ClusterRole + name: b-pfx-role-sfx-suffixB subjects: - kind: ServiceAccount name: b-pfx-serviceaccount-sfx-suffixB +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: b-pfx-role-sfx-suffixB +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - watch + - list `) } @@ -218,8 +270,8 @@ metadata: name: a-pfx-rolebinding-sfx-suffixA roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: role + kind: ClusterRole + name: a-pfx-role-sfx-suffixA subjects: - kind: ServiceAccount name: a-pfx-serviceaccount-sfx-suffixA @@ -230,12 +282,26 @@ metadata: name: a-pfx-rolebinding-sfx-suffixA roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: role + kind: ClusterRole + name: a-pfx-role-sfx-suffixA subjects: - kind: ServiceAccount name: a-pfx-serviceaccount-sfx-suffixA --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: a-pfx-role-sfx-suffixA +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - watch + - list +--- apiVersion: v1 kind: ServiceAccount metadata: @@ -247,8 +313,8 @@ metadata: name: b-pfx-rolebinding-sfx-suffixB roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: role + kind: ClusterRole + name: b-pfx-role-sfx-suffixB subjects: - kind: ServiceAccount name: b-pfx-serviceaccount-sfx-suffixB @@ -259,11 +325,25 @@ metadata: name: b-pfx-rolebinding-sfx-suffixB roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role - name: role + kind: ClusterRole + name: b-pfx-role-sfx-suffixB subjects: - kind: ServiceAccount name: b-pfx-serviceaccount-sfx-suffixB +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: b-pfx-role-sfx-suffixB +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - watch + - list `) } @@ -289,12 +369,100 @@ metadata: name: serviceaccount `) - _, err := th.MakeKustTarget().MakeCustomizedResMap() - if err == nil { - t.Fatalf("Expected resource conflict.") - } - if !strings.Contains( - err.Error(), "multiple matches for ~G_v1_ServiceAccount") { + m, err := th.MakeKustTarget().MakeCustomizedResMap() + if err != nil { t.Fatalf("Unexpected err: %v", err) } + th.AssertActualEqualsExpected(m, ` +apiVersion: v1 +kind: ServiceAccount +metadata: + name: a-serviceaccount-suffixA +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: a-pfx-serviceaccount-sfx-suffixA +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: a-pfx-rolebinding-sfx-suffixA +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: a-pfx-role-sfx-suffixA +subjects: +- kind: ServiceAccount + name: a-pfx-serviceaccount-sfx-suffixA +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: a-pfx-rolebinding-sfx-suffixA +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: a-pfx-role-sfx-suffixA +subjects: +- kind: ServiceAccount + name: a-pfx-serviceaccount-sfx-suffixA +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: a-pfx-role-sfx-suffixA +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - watch + - list +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: b-pfx-serviceaccount-sfx-suffixB +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: b-pfx-rolebinding-sfx-suffixB +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: b-pfx-role-sfx-suffixB +subjects: +- kind: ServiceAccount + name: b-pfx-serviceaccount-sfx-suffixB +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: b-pfx-rolebinding-sfx-suffixB +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: b-pfx-role-sfx-suffixB +subjects: +- kind: ServiceAccount + name: b-pfx-serviceaccount-sfx-suffixB +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: b-pfx-role-sfx-suffixB +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - watch + - list +`) }