kubernetes-sigs/kustomize
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kustomize.git synced 2026-06-11 00:52:55 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

Improve error message when namespace transformer is given invalid fieldspecs

Browse Source 
Also remove invalid+ignored fieldspecs from the defaults
This commit is contained in:
Katrina Verey
2022-07-27 19:56:24 -04:00
parent 26fcafdb57
commit 79a9154cf8
14 changed files with 148 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
plugin/builtin/namespacetransformer/NamespaceTransformer_test.go
View File

@@ -7,6 +7,7 @@ import (
"strings"
"testing"
"github.com/stretchr/testify/assert"
kusttest_test "sigs.k8s.io/kustomize/api/testutils/kusttest"
)
@@ -20,12 +21,6 @@ fieldSpecs:
- path: subjects/namespace
kind: ClusterRoleBinding
group: rbac.authorization.k8s.io
- path: subjects
kind: RoleBinding
group: rbac.authorization.k8s.io
- path: subjects
kind: ClusterRoleBinding
group: rbac.authorization.k8s.io
`
func TestNamespaceTransformer1(t *testing.T) {
@@ -700,3 +695,70 @@ subjects:
})
}
}
func TestNamespaceTransformer_InvalidFieldSpecs(t *testing.T) {
th := kusttest_test.MakeEnhancedHarness(t).
PrepBuiltin("NamespaceTransformer")
defer th.Reset()
th.RunTransformerAndCheckError(`
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: notImportantHere
namespace: test
unsetOnly: true
fieldSpecs:
- path: subjects
kind: RoleBinding
group: rbac.authorization.k8s.io
- path: subjects
kind: ClusterRoleBinding
group: rbac.authorization.k8s.io
`, `
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
subjects:
- kind: ServiceAccount
name: default
namespace: other
- kind: ServiceAccount
name: default
namespace: ""
- kind: ServiceAccount
name: default
- kind: ServiceAccount
name: another
namespace: random
---
apiVersion: example.com/v1
kind: RoleBinding
metadata:
namespace: bar
name: rolebinding
subjects:
- name: default
namespace: bar
`,
func(t *testing.T, err error) {
t.Helper()
assert.EqualError(t, err, `namespace field specs must target scalar nodes: `+
`considering field 'subjects' of object ClusterRoleBinding.v1.rbac.authorization.k8s.io/manager-rolebinding.[noNs]: `+
`wrong node kind: expected ScalarNode but got SequenceNode: node contents:
- kind: ServiceAccount
name: default
namespace: other
- kind: ServiceAccount
name: default
namespace: "test"
- kind: ServiceAccount
name: default
namespace: test
- kind: ServiceAccount
name: another
namespace: random
`)
})
}