From 67ff5eb3140d5268177216bf5c7409c66494720e Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Thu, 8 Aug 2024 16:19:25 +0200
Subject: [PATCH] set if condition on etr user secret rbac
---
.../templates/elstertransfer_user_cr.yaml | 24 ++++++++++++
...tertransfer_operator_secret_read_role.yaml | 5 ++-
...ertransfer_operator_secret_write_role.yaml | 5 ++-
.../helm/elster_transfer_user_cr_test.yaml | 1 -
...ansfer_operator_secret_read_role_test.yaml | 39 ++++++++++++++++++-
...nsfer_operator_secret_write_role_test.yaml | 38 +++++++++++++++++-
6 files changed, 107 insertions(+), 5 deletions(-)
diff --git a/src/main/helm/templates/elstertransfer_user_cr.yaml b/src/main/helm/templates/elstertransfer_user_cr.yaml
index 72fbb43ab..7e4a0aa9a 100644
--- a/src/main/helm/templates/elstertransfer_user_cr.yaml
+++ b/src/main/helm/templates/elstertransfer_user_cr.yaml
@@ -1,5 +1,29 @@
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
{{- if and (((.Values.ozgcloud).muk).enabled) (((.Values.ozgcloud).muk).authEnabled) -}}
+---
apiVersion: operator.ozgcloud.de/v1
kind: OzgCloudElsterTransferUser
metadata:
diff --git a/src/main/helm/templates/ozgcloud_elstertransfer_operator_secret_read_role.yaml b/src/main/helm/templates/ozgcloud_elstertransfer_operator_secret_read_role.yaml
index 5ec9fccd6..41f71936e 100644
--- a/src/main/helm/templates/ozgcloud_elstertransfer_operator_secret_read_role.yaml
+++ b/src/main/helm/templates/ozgcloud_elstertransfer_operator_secret_read_role.yaml
@@ -21,7 +21,8 @@
# Die sprachspezifischen Genehmigungen und Beschränkungen
# unter der Lizenz sind dem Lizenztext zu entnehmen.
#
-
+{{- if and (((.Values.ozgcloud).muk).enabled) (((.Values.ozgcloud).muk).authEnabled) }}
+---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -35,6 +36,7 @@ roleRef:
kind: Role
name: ozgcloud-elster-transfer-operator-secret-read-role
apiGroup: rbac.authorization.k8s.io
+
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
@@ -46,3 +48,4 @@ rules:
resources: ["secrets"]
verbs: ["get", "list"]
resourceNames: ["muk-user-secret"]
+{{- end -}}
diff --git a/src/main/helm/templates/ozgcloud_elstertransfer_operator_secret_write_role.yaml b/src/main/helm/templates/ozgcloud_elstertransfer_operator_secret_write_role.yaml
index e39569b12..174bdd8e3 100644
--- a/src/main/helm/templates/ozgcloud_elstertransfer_operator_secret_write_role.yaml
+++ b/src/main/helm/templates/ozgcloud_elstertransfer_operator_secret_write_role.yaml
@@ -21,7 +21,8 @@
# Die sprachspezifischen Genehmigungen und Beschränkungen
# unter der Lizenz sind dem Lizenztext zu entnehmen.
#
-
+{{- if and (((.Values.ozgcloud).muk).enabled) (((.Values.ozgcloud).muk).authEnabled) -}}
+---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -35,6 +36,7 @@ roleRef:
kind: Role
name: ozgcloud-elster-transfer-operator-secret-write-role
apiGroup: rbac.authorization.k8s.io
+
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
@@ -45,3 +47,4 @@ rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create", "update", "delete"]
+{{- end }}
diff --git a/src/test/helm/elster_transfer_user_cr_test.yaml b/src/test/helm/elster_transfer_user_cr_test.yaml
index a7acebb33..10c105e4a 100644
--- a/src/test/helm/elster_transfer_user_cr_test.yaml
+++ b/src/test/helm/elster_transfer_user_cr_test.yaml
@@ -18,7 +18,6 @@ tests:
of: operator.ozgcloud.de/v1
- it: should contain basic info
set:
- disableOzgElsterTransferOperator: false
ozgcloud:
muk:
enabled: true
diff --git a/src/test/helm/ozgcloud_elstertransfer_operator_secret_read_role_test.yaml b/src/test/helm/ozgcloud_elstertransfer_operator_secret_read_role_test.yaml
index 8d63baeff..3e1a28872 100644
--- a/src/test/helm/ozgcloud_elstertransfer_operator_secret_read_role_test.yaml
+++ b/src/test/helm/ozgcloud_elstertransfer_operator_secret_read_role_test.yaml
@@ -35,12 +35,17 @@ tests:
set:
elsterTransferOperator:
namespace: etr-operator
+ ozgcloud:
+ muk:
+ enabled: true
+ authEnabled: true
asserts:
- isKind:
of: RoleBinding
documentIndex: 0
- isAPIVersion:
of: rbac.authorization.k8s.io/v1
+ documentIndex: 0
- equal:
path: metadata.name
value: ozgcloud-elster-transfer-operator-secret-read-role-binding
@@ -50,6 +55,10 @@ tests:
set:
elsterTransferOperator:
namespace: etr-operator
+ ozgcloud:
+ muk:
+ enabled: true
+ authEnabled: true
asserts:
- contains:
path: subjects
@@ -62,6 +71,10 @@ tests:
set:
elsterTransferOperator:
namespace: etr-operator
+ ozgcloud:
+ muk:
+ enabled: true
+ authEnabled: true
asserts:
- equal:
path: roleRef
@@ -75,12 +88,17 @@ tests:
set:
elsterTransferOperator:
namespace: etr-operator
+ ozgcloud:
+ muk:
+ enabled: true
+ authEnabled: true
asserts:
- isKind:
of: Role
documentIndex: 1
- isAPIVersion:
of: rbac.authorization.k8s.io/v1
+ documentIndex: 1
- equal:
path: metadata.name
value: ozgcloud-elster-transfer-operator-secret-read-role
@@ -90,6 +108,10 @@ tests:
set:
elsterTransferOperator:
namespace: etr-operator
+ ozgcloud:
+ muk:
+ enabled: true
+ authEnabled: true
asserts:
- contains:
path: rules
@@ -105,6 +127,21 @@ tests:
- list
documentIndex: 1
- it: test eltertransferOperator namespace must be set msg
+ set:
+ ozgcloud:
+ muk:
+ enabled: true
+ authEnabled: true
asserts:
- failedTemplate:
- errorMessage: elsterTransferOperator.namespace must be set
\ No newline at end of file
+ errorMessage: elsterTransferOperator.namespace must be set
+ documentIndex: 0
+
+ - it: RBAC not created by default
+ asserts:
+ - hasDocuments:
+ count: 0
+ documentIndex: 1
+ - hasDocuments:
+ count: 0
+ documentIndex: 0
\ No newline at end of file
diff --git a/src/test/helm/ozgcloud_elstertransfer_operator_secret_write_role_test.yaml b/src/test/helm/ozgcloud_elstertransfer_operator_secret_write_role_test.yaml
index 0c85a9b66..eb2be4bb9 100644
--- a/src/test/helm/ozgcloud_elstertransfer_operator_secret_write_role_test.yaml
+++ b/src/test/helm/ozgcloud_elstertransfer_operator_secret_write_role_test.yaml
@@ -35,12 +35,17 @@ tests:
set:
elsterTransferOperator:
namespace: etr-operator
+ ozgcloud:
+ muk:
+ enabled: true
+ authEnabled: true
asserts:
- isKind:
of: RoleBinding
documentIndex: 0
- isAPIVersion:
of: rbac.authorization.k8s.io/v1
+ documentIndex: 0
- equal:
path: metadata.name
value: ozgcloud-elster-transfer-operator-secret-write-role-binding
@@ -50,6 +55,10 @@ tests:
set:
elsterTransferOperator:
namespace: etr-operator
+ ozgcloud:
+ muk:
+ enabled: true
+ authEnabled: true
asserts:
- contains:
path: subjects
@@ -62,6 +71,10 @@ tests:
set:
elsterTransferOperator:
namespace: etr-operator
+ ozgcloud:
+ muk:
+ enabled: true
+ authEnabled: true
asserts:
- equal:
path: roleRef
@@ -75,12 +88,17 @@ tests:
set:
elsterTransferOperator:
namespace: etr-operator
+ ozgcloud:
+ muk:
+ enabled: true
+ authEnabled: true
asserts:
- isKind:
of: Role
documentIndex: 1
- isAPIVersion:
of: rbac.authorization.k8s.io/v1
+ documentIndex: 1
- equal:
path: metadata.name
value: ozgcloud-elster-transfer-operator-secret-write-role
@@ -90,6 +108,10 @@ tests:
set:
elsterTransferOperator:
namespace: etr-operator
+ ozgcloud:
+ muk:
+ enabled: true
+ authEnabled: true
asserts:
- contains:
path: rules
@@ -104,6 +126,20 @@ tests:
- delete
documentIndex: 1
- it: test eltertransferOperator namespace must be set msg
+ set:
+ ozgcloud:
+ muk:
+ enabled: true
+ authEnabled: true
asserts:
- failedTemplate:
- errorMessage: elsterTransferOperator.namespace must be set
\ No newline at end of file
+ errorMessage: elsterTransferOperator.namespace must be set
+
+ - it: RBAC not created by default
+ asserts:
+ - hasDocuments:
+ count: 0
+ documentIndex: 1
+ - hasDocuments:
+ count: 0
+ documentIndex: 0
\ No newline at end of file
--
GitLab