gitea_admin/application
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
785f5d9076e8aeba3255595031c8fb39141b92d2
application/backing-services/vcluster/tests/clusterrole_test.yaml
Ybehrooz 38e4d749ad add helm charts
2025-11-09 13:22:40 +03:30

429 lines
10 KiB
YAML
Raw Blame History

suite: ClusterRoleBinding
templates:
- clusterrole.yaml
tests:
- it: disable by default
asserts:
- hasDocuments:
count: 0
- it: force enable
set:
rbac:
clusterRole:
enabled: true
asserts:
- hasDocuments:
count: 1
- it: force disable
set:
rbac:
clusterRole:
enabled: false
extraRules:
- apiGroups: [""]
resources: ["test123"]
verbs: ["test123"]
overwriteRules:
- apiGroups: [""]
resources: ["test"]
verbs: ["test"]
asserts:
- hasDocuments:
count: 0
- it: enable isolated control plane
set:
experimental:
isolatedControlPlane:
enabled: true
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "get", "watch", "list" ]
- it: enable scheduler
set:
controlPlane:
advanced:
virtualScheduler:
enabled: true
asserts:
- hasDocuments:
count: 1
- contains:
path: rules
content:
apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses", "csinodes", "csidrivers", "csistoragecapacities" ]
verbs: [ "get", "watch", "list" ]
- it: enable csinodes
set:
sync:
fromHost:
csiNodes:
enabled: true
asserts:
- hasDocuments:
count: 1
- contains:
path: rules
content:
apiGroups: [ "storage.k8s.io" ]
resources: [ "csinodes" ]
verbs: [ "get", "watch", "list" ]
- it: enable by multi namespace mode
set:
rbac:
clusterRole:
enabled: auto
experimental:
multiNamespaceMode:
enabled: true
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "namespaces", "serviceaccounts" ]
verbs: [ "create", "delete", "patch", "update", "get", "watch", "list" ]
- it: override rules
set:
rbac:
clusterRole:
extraRules:
- apiGroups: [""]
resources: ["test123"]
verbs: ["test123"]
overwriteRules:
- apiGroups: [""]
resources: ["test"]
verbs: ["test"]
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "test" ]
verbs: [ "test" ]
- it: extra rules
set:
sync:
toHost:
priorityClasses:
enabled: true
rbac:
clusterRole:
extraRules:
- apiGroups: [ "" ]
resources: [ "test123" ]
verbs: [ "test123" ]
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 2
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "test123" ]
verbs: [ "test123" ]
- it: plugin rules
set:
plugin:
myTest:
rbac:
clusterRole:
extraRules:
- apiGroups: [ "" ]
resources: [ "test123" ]
verbs: [ "test123" ]
plugins:
myTest2:
rbac:
clusterRole:
extraRules:
- apiGroups: [ "" ]
resources: [ "test1234" ]
verbs: [ "test1234" ]
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 2
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "test123" ]
verbs: [ "test123" ]
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "test1234" ]
verbs: [ "test1234" ]
- it: replicate services
set:
networking:
replicateServices:
fromHost:
- from: test
to: other-test
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "services", "endpoints" ]
verbs: [ "get", "watch", "list" ]
- it: real nodes
set:
sync:
fromHost:
nodes:
enabled: true
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "pods", "nodes", "nodes/status", "nodes/metrics", "nodes/stats", "nodes/proxy" ]
verbs: [ "get", "watch", "list" ]
- it: virtual scheduler
set:
controlPlane:
advanced:
virtualScheduler:
enabled: true
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: ["storage.k8s.io"]
resources: ["storageclasses", "csinodes", "csidrivers", "csistoragecapacities"]
verbs: ["get", "watch", "list"]
- it: legacy pro
set:
pro: true
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 3
- contains:
path: rules
content:
apiGroups: [ "" ]
resources: [ "pods", "nodes", "nodes/status", "nodes/metrics", "nodes/stats", "nodes/proxy" ]
verbs: [ "get", "watch", "list" ]
- contains:
path: rules
content:
apiGroups: [ "cluster.loft.sh", "storage.loft.sh" ]
resources: [ "features", "virtualclusters" ]
verbs: [ "get", "list", "watch" ]
- contains:
path: rules
content:
apiGroups: ["management.loft.sh"]
resources: ["virtualclusterinstances"]
verbs: ["get"]
- it: metrics proxy
set:
integrations:
metricsServer:
enabled: true
nodes: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- contains:
path: rules
content:
apiGroups: [ "metrics.k8s.io" ]
resources: [ "nodes" ]
verbs: [ "get", "list" ]
- it: externalSecrets
set:
integrations:
externalSecrets:
enabled: true
webhook:
enabled: false
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch"]
- it: kubeVirt
set:
integrations:
kubeVirt:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 2
- contains:
path: rules
content:
apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch"]
- contains:
path: rules
content:
apiGroups: ["admissionregistration.k8s.io"]
resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
verbs: ["get", "list", "watch"]
- it: crd sync to host
set:
sync:
toHost:
customResources:
test.test-group:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 1
- contains:
path: rules
content:
apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: [ "get", "list", "watch" ]
- it: crd sync from host
set:
sync:
fromHost:
customResources:
test.test-group:
enabled: true
scope: Cluster
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- lengthEqual:
path: rules
count: 2
- contains:
path: rules
content:
apiGroups: [ "test-group" ]
resources: [ "test" ]
verbs: [ "get", "list", "watch" ]
- contains:
path: rules
content:
apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: [ "get", "list", "watch" ]
- it: eso clusterstore sync
set:
integrations:
externalSecrets:
enabled: true
webhook:
enabled: true
sync:
clusterStores:
enabled: true
release:
name: my-release
namespace: my-namespace
asserts:
- hasDocuments:
count: 1
- contains:
path: rules
content:
apiGroups: ["admissionregistration.k8s.io"]
resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
verbs: ["get", "list", "watch"]
- contains:
path: rules
content:
apiGroups: [ "external-secrets.io" ]
resources: [ "clustersecretstores" ]
verbs: ["get", "list", "watch"]
Reference in New Issue View Git Blame Copy Permalink