ci: Check if RBAC rules are in sync #319
Conversation
krnowak
force-pushed
the
krnowak/rbac-check
branch
3 times, most recently
from
ab38258
to
2dd829c
Compare
|
The failure will go away when #317 is merged. |
krnowak
force-pushed
the
krnowak/rbac-check
branch
2 times, most recently
from
00459f5
to
4fef5a0
Compare
hack/rbac-check.sh
Outdated
|
|
||
| set -euo pipefail | ||
|
|
||
| dir=$(dirname "${BASH_SOURCE[0]}") |
There was a problem hiding this comment.
Nitpick: Marking this as readonly may be a good idea.
There was a problem hiding this comment.
Yeah, probably. Will do.
| do | ||
| # strip the newline | ||
| line="${line%\\n}" | ||
| if [[ -z "${line}" ]] |
There was a problem hiding this comment.
Why have this check at all if you don't want to do anything here? 🤔
There was a problem hiding this comment.
That prevents the code from other branches in the if else cascade to be executed. Did it that way to avoid adding yet another indentation level. There are several ways of doing that:
if [[ -z "${line}" ]]; then
:
elsif …
then
…
fi
or
if [[ -n "${line}" ]]; then # note that it is -n, not -z
if …
then
…
fi
fi
or
if [[ -z "${line}" ]]; then
continue # will work only if we are in a loop
fi
if …
then
…
fi
hack/rbac-check.sh
Outdated
| test_rules="$(read_rules "${dir}/../${test_path}")" | ||
|
|
||
| # rely on transitivity, if example == chart and chart == test then | ||
| # example == test |
There was a problem hiding this comment.
Just wanted to say that I like this. 😃
There was a problem hiding this comment.
Was reading "Elements of programming" and "From mathematics to generic programming" so I guess they bent my brain a bit.
| then | ||
| # rules begin from the next line | ||
| ignore=0 | ||
| elif [[ "${line}" =~ '{{' ]] |
There was a problem hiding this comment.
Same answer here. :P
Signed-off-by: Krzesimir Nowak <krzesimir@kinvolk.io>
Some of the steps are always executed or are executed on failure. Those steps require some things to be set up. But if some test fails before those things are set up, then we get spurious error messages from these steps too. This may happen when RBAC rules are not in sync, so the tests will fail before setting up the cluster and pushing the docker image to container registry, so there will be no cluster to get the logs from (even likely there won't be even a kubectl binary to use) and to delete nor images to remove from the registry. Signed-off-by: Krzesimir Nowak <krzesimir@kinvolk.io>
krnowak
force-pushed
the
krnowak/rbac-check
branch
from
4fef5a0
to
58de2ff
Compare
|
Updated and rebased on top of current master, so the test should pass now. |
Signed-off-by: Krzesimir Nowak krzesimir@kinvolk.io
Fixes #250.