kubernetes-sigs/kustomize
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kustomize.git synced 2026-05-17 18:25:26 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity
Files
a8dacdaffc4c269ed19e878849942d64cbf808ad
kustomize/api/krusty/resourceconflict_test.go

369 lines
7.3 KiB
Go
Raw Blame History

// Copyright 2019 The Kubernetes Authors.
// SPDX-License-Identifier: Apache-2.0
package krusty_test
import (
"strings"
"testing"
kusttest_test "sigs.k8s.io/kustomize/api/testutils/kusttest"
)
func writeBase(th kusttest_test.Harness) {
th.WriteK("base", `
resources:
- serviceaccount.yaml
- rolebinding.yaml
- clusterrolebinding.yaml
- clusterrole.yaml
namePrefix: pfx-
nameSuffix: -sfx
`)
th.WriteF("base/serviceaccount.yaml", `
apiVersion: v1
kind: ServiceAccount
metadata:
name: serviceaccount
`)
th.WriteF("base/rolebinding.yaml", `
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: role
subjects:
- kind: ServiceAccount
name: serviceaccount
`)
th.WriteF("base/clusterrolebinding.yaml", `
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: role
subjects:
- kind: ServiceAccount
name: serviceaccount
`)
th.WriteF("base/clusterrole.yaml", `
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: role
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list"]
`)
}
func writeMidOverlays(th kusttest_test.Harness) {
// Mid-level overlays
th.WriteK("overlays/a", `
resources:
- ../../base
namePrefix: a-
nameSuffix: -suffixA
`)
th.WriteK("overlays/b", `
resources:
- ../../base
namePrefix: b-
nameSuffix: -suffixB
`)
}
func writeTopOverlay(th kusttest_test.Harness) {
// Top overlay, combining the mid-level overlays
th.WriteK("combined", `
resources:
- ../overlays/a
- ../overlays/b
`)
}
func TestBase(t *testing.T) {
th := kusttest_test.MakeHarness(t)
writeBase(th)
m := th.Run("base", th.MakeDefaultOptions())
th.AssertActualEqualsExpected(m, `
apiVersion: v1
kind: ServiceAccount
metadata:
name: pfx-serviceaccount-sfx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: pfx-rolebinding-sfx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pfx-role-sfx
subjects:
- kind: ServiceAccount
name: pfx-serviceaccount-sfx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: pfx-rolebinding-sfx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pfx-role-sfx
subjects:
- kind: ServiceAccount
name: pfx-serviceaccount-sfx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: pfx-role-sfx
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
- list
`)
}
func TestMidLevelA(t *testing.T) {
th := kusttest_test.MakeHarness(t)
writeBase(th)
writeMidOverlays(th)
m := th.Run("overlays/a", th.MakeDefaultOptions())
th.AssertActualEqualsExpected(m, `
apiVersion: v1
kind: ServiceAccount
metadata:
name: a-pfx-serviceaccount-sfx-suffixA
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: a-pfx-rolebinding-sfx-suffixA
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: a-pfx-role-sfx-suffixA
subjects:
- kind: ServiceAccount
name: a-pfx-serviceaccount-sfx-suffixA
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: a-pfx-rolebinding-sfx-suffixA
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: a-pfx-role-sfx-suffixA
subjects:
- kind: ServiceAccount
name: a-pfx-serviceaccount-sfx-suffixA
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: a-pfx-role-sfx-suffixA
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
- list
`)
}
func TestMidLevelB(t *testing.T) {
th := kusttest_test.MakeHarness(t)
writeBase(th)
writeMidOverlays(th)
m := th.Run("overlays/b", th.MakeDefaultOptions())
th.AssertActualEqualsExpected(m, `
apiVersion: v1
kind: ServiceAccount
metadata:
name: b-pfx-serviceaccount-sfx-suffixB
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: b-pfx-rolebinding-sfx-suffixB
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: b-pfx-role-sfx-suffixB
subjects:
- kind: ServiceAccount
name: b-pfx-serviceaccount-sfx-suffixB
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: b-pfx-rolebinding-sfx-suffixB
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: b-pfx-role-sfx-suffixB
subjects:
- kind: ServiceAccount
name: b-pfx-serviceaccount-sfx-suffixB
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: b-pfx-role-sfx-suffixB
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
- list
`)
}
func TestMultibasesNoConflict(t *testing.T) {
th := kusttest_test.MakeHarness(t)
writeBase(th)
writeMidOverlays(th)
writeTopOverlay(th)
m := th.Run("combined", th.MakeDefaultOptions())
th.AssertActualEqualsExpected(m, `
apiVersion: v1
kind: ServiceAccount
metadata:
name: a-pfx-serviceaccount-sfx-suffixA
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: a-pfx-rolebinding-sfx-suffixA
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: a-pfx-role-sfx-suffixA
subjects:
- kind: ServiceAccount
name: a-pfx-serviceaccount-sfx-suffixA
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: a-pfx-rolebinding-sfx-suffixA
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: a-pfx-role-sfx-suffixA
subjects:
- kind: ServiceAccount
name: a-pfx-serviceaccount-sfx-suffixA
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: a-pfx-role-sfx-suffixA
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
- list
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: b-pfx-serviceaccount-sfx-suffixB
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: b-pfx-rolebinding-sfx-suffixB
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: b-pfx-role-sfx-suffixB
subjects:
- kind: ServiceAccount
name: b-pfx-serviceaccount-sfx-suffixB
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: b-pfx-rolebinding-sfx-suffixB
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: b-pfx-role-sfx-suffixB
subjects:
- kind: ServiceAccount
name: b-pfx-serviceaccount-sfx-suffixB
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: b-pfx-role-sfx-suffixB
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
- list
`)
}
func TestMultibasesWithConflict(t *testing.T) {
th := kusttest_test.MakeHarness(t)
writeBase(th)
writeMidOverlays(th)
writeTopOverlay(th)
th.WriteK("overlays/a", `
namePrefix: a-
nameSuffix: -suffixA
resources:
- serviceaccount.yaml
- ../../base
`)
// Expect an error because this resource in the overlay
// matches a resource in the base.
th.WriteF("overlays/a/serviceaccount.yaml", `
apiVersion: v1
kind: ServiceAccount
metadata:
name: serviceaccount
`)
err := th.RunWithErr("combined", th.MakeDefaultOptions())
if err == nil {
t.Fatalf("expected error")
}
if !strings.Contains(err.Error(), "found multiple possible referrals") {
t.Fatalf("unexpected error %v", err)
}
}
Reference in New Issue View Git Blame Copy Permalink