From 195f0f7432bf5180418cf97e3566792ec7a3a036 Mon Sep 17 00:00:00 2001 From: facchettos Date: Tue, 17 Sep 2024 16:36:12 +0200 Subject: [PATCH] added clusterrole rule for eso and webhook --- chart/templates/clusterrole.yaml | 2 +- chart/tests/clusterrole_test.yaml | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/chart/templates/clusterrole.yaml b/chart/templates/clusterrole.yaml index e54c4c8d9..cdae14f8c 100644 --- a/chart/templates/clusterrole.yaml +++ b/chart/templates/clusterrole.yaml @@ -112,7 +112,7 @@ rules: resources: ["nodes"] verbs: ["get", "list"] {{- end }} - {{- if and .Values.integrations.kubeVirt.enabled .Values.integrations.kubeVirt.webhook.enabled }} + {{- if or (and .Values.integrations.kubeVirt.enabled .Values.integrations.kubeVirt.webhook.enabled) (and .Values.integrations.externalSecrets.enabled .Values.integrations.externalSecrets.webhook.enabled ) }} - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch"] diff --git a/chart/tests/clusterrole_test.yaml b/chart/tests/clusterrole_test.yaml index 9d8240735..cf5db04a1 100644 --- a/chart/tests/clusterrole_test.yaml +++ b/chart/tests/clusterrole_test.yaml @@ -302,6 +302,8 @@ tests: integrations: externalSecrets: enabled: true + webhook: + enabled: false release: name: my-release namespace: my-namespace @@ -400,6 +402,8 @@ tests: integrations: externalSecrets: enabled: true + webhook: + enabled: true sync: clusterStores: enabled: true @@ -409,9 +413,15 @@ tests: asserts: - hasDocuments: count: 1 + - contains: + path: rules + content: + apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch"] - contains: path: rules content: apiGroups: [ "external-secrets.io" ] resources: [ "clustersecretstores" ] - verbs: [ "get", "list", "watch" ] + verbs: ["get", "list", "watch"]