Implements TestNamedspacedServiceAccounts with and without overlap

2026-05-17 18:25:26 +00:00 · 2022-06-21 23:07:54 +01:00
parent 7e0fd02783
commit 86d48b2a95
1 changed files with 212 additions and 0 deletions
--- a/api/krusty/namedspacedserviceaccounts_test.go
+++ b/api/krusty/namedspacedserviceaccounts_test.go
@@ -0,0 +1,212 @@
+// Copyright 2022 The Kubernetes Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+package krusty_test
+
+import (
+	"testing"
+
+	kusttest_test "sigs.k8s.io/kustomize/api/testutils/kusttest"
+)
+
+func TestNamedspacedServiceAccountsWithoutOverlap(t *testing.T) {
+	th := kusttest_test.MakeHarness(t)
+
+	th.WriteF("a/a.yaml", `
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sa-a
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crb-a
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cr-a
+subjects:
+  - kind: ServiceAccount
+    name: sa-a
+`)
+
+	th.WriteK("a/", `
+namespace: a
+resources:
+- a.yaml
+`)
+
+	th.WriteF("b/b.yaml", `
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sa-b
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crb-b
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cr-b
+subjects:
+  - kind: ServiceAccount
+    name: sa-b
+`)
+
+	th.WriteK("b/", `
+namespace: b
+resources:
+- b.yaml
+`)
+
+	th.WriteK(".", `
+resources:
+- a
+- b
+`)
+
+	m := th.Run(".", th.MakeDefaultOptions())
+	th.AssertActualEqualsExpected(m, `
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sa-a
+  namespace: a
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crb-a
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cr-a
+subjects:
+- kind: ServiceAccount
+  name: sa-a
+  namespace: a
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sa-b
+  namespace: b
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crb-b
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cr-b
+subjects:
+- kind: ServiceAccount
+  name: sa-b
+  namespace: b
+`)
+}
+
+func TestNamedspacedServiceAccountsWithOverlap(t *testing.T) {
+	th := kusttest_test.MakeHarness(t)
+
+	th.WriteF("a/a.yaml", `
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sa
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crb-a
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cr-a
+subjects:
+  - kind: ServiceAccount
+    name: sa
+`)
+
+	th.WriteK("a/", `
+namespace: a
+resources:
+- a.yaml
+`)
+
+	th.WriteF("b/b.yaml", `
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sa
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crb-b
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cr-b
+subjects:
+  - kind: ServiceAccount
+    name: sa
+`)
+
+	th.WriteK("b/", `
+namespace: b
+resources:
+- b.yaml
+`)
+
+	th.WriteK(".", `
+resources:
+- a
+- b
+`)
+
+	m := th.Run(".", th.MakeDefaultOptions())
+	th.AssertActualEqualsExpected(m, `
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sa
+  namespace: a
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crb-a
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cr-a
+subjects:
+- kind: ServiceAccount
+  name: sa
+  namespace: a
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sa
+  namespace: b
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: crb-b
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cr-b
+subjects:
+- kind: ServiceAccount
+  name: sa
+  namespace: a
+`)
+}