@@ -22,6 +22,16 @@ func TestGenerateRBAC(t *testing.T) {
2222 {
2323 description : "Generate RBAC struct for pods datagatherer" ,
2424 dataGatherers : []agent.DataGatherer {
25+ {
26+ Name : "k8s/pods" ,
27+ Kind : "k8s-dynamic" ,
28+ Config : & k8s.ConfigDynamic {
29+ GroupVersionResource : schema.GroupVersionResource {
30+ Version : "v1" ,
31+ Resource : "pods" ,
32+ },
33+ },
34+ },
2535 {
2636 Name : "k8s/secrets" ,
2737 Kind : "k8s-dynamic" ,
@@ -32,8 +42,35 @@ func TestGenerateRBAC(t *testing.T) {
3242 },
3343 },
3444 },
45+ {
46+ Name : "k8s/awspcaissuer" ,
47+ Kind : "k8s-dynamic" ,
48+ Config : & k8s.ConfigDynamic {
49+ GroupVersionResource : schema.GroupVersionResource {
50+ Group : "awspca.cert-manager.io" ,
51+ Version : "v1" ,
52+ Resource : "awspcaissuers" ,
53+ },
54+ },
55+ },
3556 },
3657 expectedClusterRoles : []rbac.ClusterRole {
58+ {
59+ TypeMeta : metav1.TypeMeta {
60+ Kind : "ClusterRole" ,
61+ APIVersion : "rbac.authorization.k8s.io/v1" ,
62+ },
63+ ObjectMeta : metav1.ObjectMeta {
64+ Name : "jetstack-secure-agent-pods-reader" ,
65+ },
66+ Rules : []rbac.PolicyRule {
67+ {
68+ Verbs : []string {"get" , "list" , "watch" },
69+ APIGroups : []string {"" },
70+ Resources : []string {"pods" },
71+ },
72+ },
73+ },
3774 {
3875 TypeMeta : metav1.TypeMeta {
3976 Kind : "ClusterRole" ,
@@ -50,6 +87,22 @@ func TestGenerateRBAC(t *testing.T) {
5087 },
5188 },
5289 },
90+ {
91+ TypeMeta : metav1.TypeMeta {
92+ Kind : "ClusterRole" ,
93+ APIVersion : "rbac.authorization.k8s.io/v1" ,
94+ },
95+ ObjectMeta : metav1.ObjectMeta {
96+ Name : "jetstack-secure-agent-awspcaissuers-reader" ,
97+ },
98+ Rules : []rbac.PolicyRule {
99+ {
100+ Verbs : []string {"get" , "list" , "watch" },
101+ APIGroups : []string {"awspca.cert-manager.io" },
102+ Resources : []string {"awspcaissuers" },
103+ },
104+ },
105+ },
53106 },
54107 expectedClusterRoleBindings : []rbac.ClusterRoleBinding {
55108 {
@@ -58,7 +111,28 @@ func TestGenerateRBAC(t *testing.T) {
58111 APIVersion : "rbac.authorization.k8s.io/v1" ,
59112 },
60113 ObjectMeta : metav1.ObjectMeta {
61- Name : "jetstack-secure-agent-ClusterRole-reader" ,
114+ Name : "jetstack-secure-agent-pods-reader" ,
115+ },
116+ Subjects : []rbac.Subject {
117+ {
118+ Kind : "ServiceAccount" ,
119+ Name : "agent" ,
120+ Namespace : "jetstack-secure" ,
121+ },
122+ },
123+ RoleRef : rbac.RoleRef {
124+ Kind : "ClusterRole" ,
125+ Name : "jetstack-secure-agent-pods-reader" ,
126+ APIGroup : "rbac.authorization.k8s.io" ,
127+ },
128+ },
129+ {
130+ TypeMeta : metav1.TypeMeta {
131+ Kind : "ClusterRoleBinding" ,
132+ APIVersion : "rbac.authorization.k8s.io/v1" ,
133+ },
134+ ObjectMeta : metav1.ObjectMeta {
135+ Name : "jetstack-secure-agent-secrets-reader" ,
62136 },
63137 Subjects : []rbac.Subject {
64138 {
@@ -73,16 +147,36 @@ func TestGenerateRBAC(t *testing.T) {
73147 APIGroup : "rbac.authorization.k8s.io" ,
74148 },
75149 },
150+ {
151+ TypeMeta : metav1.TypeMeta {
152+ Kind : "ClusterRoleBinding" ,
153+ APIVersion : "rbac.authorization.k8s.io/v1" ,
154+ },
155+ ObjectMeta : metav1.ObjectMeta {
156+ Name : "jetstack-secure-agent-awspcaissuers-reader" ,
157+ },
158+ Subjects : []rbac.Subject {
159+ {
160+ Kind : "ServiceAccount" ,
161+ Name : "agent" ,
162+ Namespace : "jetstack-secure" ,
163+ },
164+ },
165+ RoleRef : rbac.RoleRef {
166+ Kind : "ClusterRole" ,
167+ Name : "jetstack-secure-agent-awspcaissuers-reader" ,
168+ APIGroup : "rbac.authorization.k8s.io" ,
169+ },
170+ },
76171 },
77172 },
78- // Try adding more test cases
79173 }
80174
81175 for _ , input := range testCases {
82176 gotClusterRoles := GenerateClusterRoles (input .dataGatherers )
83177 gotClusterRoleBindings := GenerateClusterRoleBindings (gotClusterRoles )
84178
85- td .Cmp (t , input .expectedClusterRoleBindings , gotClusterRoleBindings )
86179 td .Cmp (t , input .expectedClusterRoles , gotClusterRoles )
180+ td .Cmp (t , input .expectedClusterRoleBindings , gotClusterRoleBindings )
87181 }
88182}
0 commit comments