Skip to content

Commit

Permalink
Merge pull request #32520 from Sgitario/31797
Browse files Browse the repository at this point in the history
Use list with an empty string by default in generated Role/ClusterRole
  • Loading branch information
Sgitario authored Apr 11, 2023
2 parents ce39894 + 34dd1cb commit 0c7eece
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ public class KubernetesCommonHelper {
private static final String[] PROMETHEUS_ANNOTATION_TARGETS = { "Service",
"Deployment", "DeploymentConfig" };
private static final String DEFAULT_ROLE_NAME_VIEW = "view";
private static final List<String> LIST_WITH_EMPTY = List.of("");

public static Optional<Project> createProject(ApplicationInfoBuildItem app,
Optional<CustomProjectRootBuildItem> customProjectRoot, OutputTargetBuildItem outputTarget,
Expand Down Expand Up @@ -1011,7 +1012,7 @@ private static List<PolicyRule> toPolicyRulesList(Map<String, PolicyRuleConfig>
return policyRules.values()
.stream()
.map(it -> new PolicyRuleBuilder()
.withApiGroups(it.apiGroups.orElse(null))
.withApiGroups(it.apiGroups.orElse(LIST_WITH_EMPTY))
.withNonResourceURLs(it.nonResourceUrls.orElse(null))
.withResourceNames(it.resourceNames.orElse(null))
.withResources(it.resources.orElse(null))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ public void assertGeneratedResources() throws IOException {
Role podWriterRole = getRoleByName(kubernetesList, "pod-writer");
assertEquals(APP_NAMESPACE, podWriterRole.getMetadata().getNamespace());
assertThat(podWriterRole.getRules()).satisfiesOnlyOnce(r -> {
assertThat(r.getApiGroups()).containsExactly("");
assertThat(r.getResources()).containsExactly("pods");
assertThat(r.getVerbs()).containsExactly("update");
});
Expand All @@ -69,13 +70,15 @@ public void assertGeneratedResources() throws IOException {
Role podReaderRole = getRoleByName(kubernetesList, "pod-reader");
assertEquals("projectb", podReaderRole.getMetadata().getNamespace());
assertThat(podReaderRole.getRules()).satisfiesOnlyOnce(r -> {
assertThat(r.getApiGroups()).containsExactly("");
assertThat(r.getResources()).containsExactly("pods");
assertThat(r.getVerbs()).containsExactly("get", "watch", "list");
});

// secret-reader assertions
ClusterRole secretReaderRole = getClusterRoleByName(kubernetesList, "secret-reader");
assertThat(secretReaderRole.getRules()).satisfiesOnlyOnce(r -> {
assertThat(r.getApiGroups()).containsExactly("");
assertThat(r.getResources()).containsExactly("secrets");
assertThat(r.getVerbs()).containsExactly("get", "watch", "list");
});
Expand Down

0 comments on commit 0c7eece

Please sign in to comment.