From 55e9e83916217a23bfca3b6a87a0b458acc0291c Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Wed, 20 Dec 2023 12:24:21 +0100
Subject: [PATCH] OZG-4453 add rbac for elasticsearch admin secret, cleanup
---
...earch_operator_admin_secret_view_role.yaml | 38 +++++++++++
...perator_admin_secret_view_rolebinding.yaml | 37 ++++++++++
...oud_elasticsearch_operator_edit_role.yaml} | 8 +--
...sticsearch_operator_edit_rolebinding.yaml} | 0
...lasticsearch_operator_serviceaccount.yaml} | 0
...oud_elasticsearch_operator_view_role.yaml} | 8 +--
...sticsearch_operator_view_rolebinding.yaml} | 0
.../src/main/helm/values.yaml | 3 +
.../helm/deployment_pull_secret_test.yaml | 2 +-
..._operator_admin_secret_view_role_test.yaml | 68 +++++++++++++++++++
...or_admin_secret_view_rolebinding_test.yaml | 64 +++++++++++++++++
...lasticsearch_operator_edit_role_test.yaml} | 20 ++----
...earch_operator_edit_rolebinding_test.yaml} | 2 +-
...csearch_operator_serviceaccount_test.yaml} | 4 +-
...lasticsearch_operator_view_role_test.yaml} | 20 ++----
...earch_operator_view_rolebinding_test.yaml} | 2 +-
...l => keycloak_admin_secret_read_test.yaml} | 0
17 files changed, 233 insertions(+), 43 deletions(-)
create mode 100644 ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml
create mode 100644 ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding.yaml
rename ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/{elasticsearch_edit_role.yaml => ozgcloud_elasticsearch_operator_edit_role.yaml} (62%)
rename ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/{elasticsearch_edit_rolebinding.yaml => ozgcloud_elasticsearch_operator_edit_rolebinding.yaml} (100%)
rename ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/{serviceaccount.yaml => ozgcloud_elasticsearch_operator_serviceaccount.yaml} (100%)
rename ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/{elasticsearch_view_role.yaml => ozgcloud_elasticsearch_operator_view_role.yaml} (60%)
rename ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/{elasticsearch_view_rolebinding.yaml => ozgcloud_elasticsearch_operator_view_rolebinding.yaml} (100%)
create mode 100644 ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role_test.yaml
create mode 100644 ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding_test.yaml
rename ozgcloud-elasticsearch-operator/src/test/helm/rbac/{elasticsearch_edit_role_test.yaml => ozgcloud_elasticsearch_operator_edit_role_test.yaml} (76%)
rename ozgcloud-elasticsearch-operator/src/test/helm/rbac/{elasticsearch_edit_rolebinding_test.yaml => ozgcloud_elasticsearch_operator_edit_rolebinding_test.yaml} (92%)
rename ozgcloud-elasticsearch-operator/src/test/helm/rbac/{serviceaccount_test.yaml => ozgcloud_elasticsearch_operator_serviceaccount_test.yaml} (90%)
rename ozgcloud-elasticsearch-operator/src/test/helm/rbac/{elasticsearch_view_role_test.yaml => ozgcloud_elasticsearch_operator_view_role_test.yaml} (75%)
rename ozgcloud-elasticsearch-operator/src/test/helm/rbac/{elasticsearch_view_rolebinding_test.yaml => ozgcloud_elasticsearch_operator_view_rolebinding_test.yaml} (92%)
rename ozgcloud-keycloak-operator/src/test/helm/rbacs/{keycloak_admin_secret_read.yaml => keycloak_admin_secret_read_test.yaml} (100%)
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml
new file mode 100644
index 0000000..f5bfed6
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml
@@ -0,0 +1,38 @@
+#
+# Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozgcloud-elasticsearch-operator-admin-secret-view-role
+ namespace: {{ required "elasticsearch.namespace must be set" (.Values.elasticsearch).namespace }}
+rules:
+ - apiGroups:
+ - ""
+ resourceNames:
+ - {{ required "elasticsearch.adminSecretName must be set" (.Values.elasticsearch).adminSecretName }}
+ resources:
+ - secrets
+ verbs:
+ - get
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding.yaml
new file mode 100644
index 0000000..f17704d
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding.yaml
@@ -0,0 +1,37 @@
+#
+# Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: ozgcloud-elasticsearch-operator-admin-secret-view-role-binding
+ namespace: {{ required "elasticsearch.namespace must be set" (.Values.elasticsearch).namespace }}
+subjects:
+ - kind: ServiceAccount
+ name: ozgcloud-elasticsearch-operator-serviceaccount
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: Role
+ name: ozgcloud-elasticsearch-operator-admin-secret-view-role
+ apiGroup: rbac.authorization.k8s.io
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_role.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_edit_role.yaml
similarity index 62%
rename from ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_role.yaml
rename to ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_edit_role.yaml
index 10db7d0..c481864 100644
--- a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_role.yaml
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_edit_role.yaml
@@ -3,11 +3,9 @@ kind: ClusterRole
metadata:
name: ozgcloud-elasticsearch-operator-edit-role
labels:
- app.kubernetes.io/name: clusterrole
- app.kubernetes.io/instance: elasticsearch-edit-role
- app.kubernetes.io/component: rbac
- app.kubernetes.io/created-by: ozgcloud-operator
- app.kubernetes.io/part-of: ozgcloud-operator
+ app.kubernetes.io/name: {{ .Release.Name }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: ozgcloud-elasticsearch-operator
rules:
- apiGroups:
- api.ozgcloud-stack.de
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_rolebinding.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_edit_rolebinding.yaml
similarity index 100%
rename from ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_edit_rolebinding.yaml
rename to ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_edit_rolebinding.yaml
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/serviceaccount.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_serviceaccount.yaml
similarity index 100%
rename from ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/serviceaccount.yaml
rename to ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_serviceaccount.yaml
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_role.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_view_role.yaml
similarity index 60%
rename from ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_role.yaml
rename to ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_view_role.yaml
index be09c64..e0f3734 100644
--- a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_role.yaml
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_view_role.yaml
@@ -3,11 +3,9 @@ kind: ClusterRole
metadata:
name: ozgcloud-elasticsearch-operator-view-role
labels:
- app.kubernetes.io/name: clusterrole
- app.kubernetes.io/instance: elasticsearch-view-role
- app.kubernetes.io/component: rbac
- app.kubernetes.io/created-by: ozgcloud-operator
- app.kubernetes.io/part-of: ozgcloud-operator
+ app.kubernetes.io/name: {{ .Release.Name }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/component: ozgcloud-elasticsearch-operator
rules:
- apiGroups:
- api.ozgcloud-stack.de
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_rolebinding.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_view_rolebinding.yaml
similarity index 100%
rename from ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/elasticsearch_view_rolebinding.yaml
rename to ozgcloud-elasticsearch-operator/src/main/helm/templates/rbac/ozgcloud_elasticsearch_operator_view_rolebinding.yaml
diff --git a/ozgcloud-elasticsearch-operator/src/main/helm/values.yaml b/ozgcloud-elasticsearch-operator/src/main/helm/values.yaml
index f35d5cb..d041f12 100644
--- a/ozgcloud-elasticsearch-operator/src/main/helm/values.yaml
+++ b/ozgcloud-elasticsearch-operator/src/main/helm/values.yaml
@@ -2,3 +2,6 @@
image:
repo: docker.ozg-sh.de
+elasticsearch:
+ namespace: elastic-system
+ adminSecretName: ozg-search-cluster-es-elastic-user
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/deployment_pull_secret_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/deployment_pull_secret_test.yaml
index 86f4bbc..983d275 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/deployment_pull_secret_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/deployment_pull_secret_test.yaml
@@ -24,7 +24,7 @@
suite: deployment pull secret
release:
- name: ozgcloud-keycloak-operator
+ name: ozgcloud-elasticsearch-operator
namespace: sh-helm-test
templates:
- deployment.yaml
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role_test.yaml
new file mode 100644
index 0000000..ced2580
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role_test.yaml
@@ -0,0 +1,68 @@
+#
+# Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: Elasticsearch admin secret view role test
+release:
+ name: ozgcloud-elasticsearch-operator
+ namespace: test-namespace
+templates:
+ - templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_role.yaml
+tests:
+ - it: should have apiVersion
+ asserts:
+ - equal:
+ path: apiVersion
+ value: rbac.authorization.k8s.io/v1
+ - it: should have isKind of
+ asserts:
+ - isKind:
+ of: Role
+
+ - it: should have metadata name
+ asserts:
+ - equal:
+ path: metadata.name
+ value: ozgcloud-elasticsearch-operator-admin-secret-view-role
+ - it: should have metadata namespace
+ asserts:
+ - equal:
+ path: metadata.namespace
+ value: elastic-system
+
+
+ - it: should have rules for ozgcloudelasticsearches resource
+ asserts:
+ - equal:
+ path: rules
+ value:
+ - apiGroups:
+ - ""
+ resourceNames:
+ - ozg-search-cluster-es-elastic-user
+ resources:
+ - secrets
+ verbs:
+ - get
+
+
\ No newline at end of file
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding_test.yaml
new file mode 100644
index 0000000..9cde6cc
--- /dev/null
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding_test.yaml
@@ -0,0 +1,64 @@
+#
+# Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: Elasticsearch admin secret view rolebinding test
+release:
+ name: ozgcloud-elasticsearch-operator
+ namespace: sh-helm-test
+templates:
+ - templates/rbac/ozgcloud_elasticsearch_operator_admin_secret_view_rolebinding.yaml
+tests:
+ - it: should have apiVersion
+ asserts:
+ - equal:
+ path: apiVersion
+ value: rbac.authorization.k8s.io/v1
+ - it: should have isKind of
+ asserts:
+ - isKind:
+ of: RoleBinding
+
+ - it: should have metadata name
+ asserts:
+ - equal:
+ path: metadata.name
+ value: ozgcloud-elasticsearch-operator-admin-secret-view-role-binding
+
+ - it: should have subjects
+ asserts:
+ - equal:
+ path: subjects
+ value:
+ - kind: ServiceAccount
+ name: ozgcloud-elasticsearch-operator-serviceaccount
+ namespace: sh-helm-test
+
+ - it: should have roleRef
+ asserts:
+ - equal:
+ path: roleRef
+ value:
+ kind: Role
+ name: ozgcloud-elasticsearch-operator-admin-secret-view-role
+ apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_role_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_edit_role_test.yaml
similarity index 76%
rename from ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_role_test.yaml
rename to ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_edit_role_test.yaml
index f1f673e..45c38cb 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_role_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_edit_role_test.yaml
@@ -1,6 +1,8 @@
suite: elasticsearch_edit_role test
+release:
+ name: release-name
templates:
- - templates/rbac/elasticsearch_edit_role.yaml
+ - templates/rbac/ozgcloud_elasticsearch_operator_edit_role.yaml
tests:
- it: should have apiVersion
asserts:
@@ -21,27 +23,17 @@ tests:
asserts:
- equal:
path: metadata.labels.[app.kubernetes.io/name]
- value: clusterrole
+ value: release-name
- it: should have metadata labels instance
asserts:
- equal:
path: metadata.labels.[app.kubernetes.io/instance]
- value: elasticsearch-edit-role
+ value: release-name
- it: should have metadata labels component
asserts:
- equal:
path: metadata.labels.[app.kubernetes.io/component]
- value: rbac
- - it: should have metadata labels created-by
- asserts:
- - equal:
- path: metadata.labels.[app.kubernetes.io/created-by]
- value: ozgcloud-operator
- - it: should have metadata labels part-of
- asserts:
- - equal:
- path: metadata.labels.[app.kubernetes.io/part-of]
- value: ozgcloud-operator
+ value: ozgcloud-elasticsearch-operator
- it: should have rules for ozgcloudelasticsearches resource
asserts:
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_rolebinding_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_edit_rolebinding_test.yaml
similarity index 92%
rename from ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_rolebinding_test.yaml
rename to ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_edit_rolebinding_test.yaml
index 3f81f9c..25e7418 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_edit_rolebinding_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_edit_rolebinding_test.yaml
@@ -4,7 +4,7 @@ suite: elasticsearch_view_rolebinding test
release:
namespace: sh-helm-test
templates:
- - templates/rbac/elasticsearch_view_rolebinding.yaml
+ - templates/rbac/ozgcloud_elasticsearch_operator_view_rolebinding.yaml
tests:
- it: should have apiVersion
asserts:
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/serviceaccount_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_serviceaccount_test.yaml
similarity index 90%
rename from ozgcloud-elasticsearch-operator/src/test/helm/rbac/serviceaccount_test.yaml
rename to ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_serviceaccount_test.yaml
index ee12d82..c2a93ca 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/serviceaccount_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_serviceaccount_test.yaml
@@ -1,5 +1,5 @@
#
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
# Ministerpräsidenten des Landes Schleswig-Holstein
# Staatskanzlei
# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
@@ -27,7 +27,7 @@ release:
name: ozgcloud-elasticsearch-operator
namespace: test-namespace
templates:
- - templates/rbac/serviceaccount.yaml
+ - templates/rbac/ozgcloud_elasticsearch_operator_serviceaccount.yaml
tests:
- it: test metadata
asserts:
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_role_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_view_role_test.yaml
similarity index 75%
rename from ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_role_test.yaml
rename to ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_view_role_test.yaml
index b82cdab..62daf73 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_role_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_view_role_test.yaml
@@ -1,6 +1,8 @@
suite: elasticsearch_view_role test
+release:
+ name: release-name
templates:
- - templates/rbac/elasticsearch_view_role.yaml
+ - templates/rbac/ozgcloud_elasticsearch_operator_view_role.yaml
tests:
- it: should have apiVersion
asserts:
@@ -21,27 +23,17 @@ tests:
asserts:
- equal:
path: metadata.labels.[app.kubernetes.io/name]
- value: clusterrole
+ value: release-name
- it: should have metadata labels instance
asserts:
- equal:
path: metadata.labels.[app.kubernetes.io/instance]
- value: elasticsearch-view-role
+ value: release-name
- it: should have metadata labels component
asserts:
- equal:
path: metadata.labels.[app.kubernetes.io/component]
- value: rbac
- - it: should have metadata labels created-by
- asserts:
- - equal:
- path: metadata.labels.[app.kubernetes.io/created-by]
- value: ozgcloud-operator
- - it: should have metadata labels part-of
- asserts:
- - equal:
- path: metadata.labels.[app.kubernetes.io/part-of]
- value: ozgcloud-operator
+ value: ozgcloud-elasticsearch-operator
- it: should have rules for ozgcloudelasticsearches resource
asserts:
diff --git a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_rolebinding_test.yaml b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_view_rolebinding_test.yaml
similarity index 92%
rename from ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_rolebinding_test.yaml
rename to ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_view_rolebinding_test.yaml
index cb9d61a..e5191b1 100644
--- a/ozgcloud-elasticsearch-operator/src/test/helm/rbac/elasticsearch_view_rolebinding_test.yaml
+++ b/ozgcloud-elasticsearch-operator/src/test/helm/rbac/ozgcloud_elasticsearch_operator_view_rolebinding_test.yaml
@@ -4,7 +4,7 @@ suite: elasticsearch_edit_rolebinding test
release:
namespace: sh-helm-test
templates:
- - templates/rbac/elasticsearch_edit_rolebinding.yaml
+ - templates/rbac/ozgcloud_elasticsearch_operator_edit_rolebinding.yaml
tests:
- it: should have apiVersion
asserts:
diff --git a/ozgcloud-keycloak-operator/src/test/helm/rbacs/keycloak_admin_secret_read.yaml b/ozgcloud-keycloak-operator/src/test/helm/rbacs/keycloak_admin_secret_read_test.yaml
similarity index 100%
rename from ozgcloud-keycloak-operator/src/test/helm/rbacs/keycloak_admin_secret_read.yaml
rename to ozgcloud-keycloak-operator/src/test/helm/rbacs/keycloak_admin_secret_read_test.yaml
--
GitLab