pepr 0.46.1 → 0.46.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.github/workflows/pepr-excellent-examples-matrix.d.ts +2 -0
- package/dist/.github/workflows/pepr-excellent-examples-matrix.d.ts.map +1 -0
- package/dist/cli.js +2 -2
- package/dist/commitlint.config.d.ts +4 -0
- package/dist/commitlint.config.d.ts.map +1 -0
- package/dist/controller.js +1 -1
- package/dist/integration/helpers/cmd.d.ts +22 -0
- package/dist/integration/helpers/cmd.d.ts.map +1 -0
- package/dist/integration/helpers/pepr.d.ts +5 -0
- package/dist/integration/helpers/pepr.d.ts.map +1 -0
- package/dist/integration/helpers/resource.d.ts +18 -0
- package/dist/integration/helpers/resource.d.ts.map +1 -0
- package/dist/integration/helpers/time.d.ts +4 -0
- package/dist/integration/helpers/time.d.ts.map +1 -0
- package/dist/integration/helpers/workdir.d.ts +12 -0
- package/dist/integration/helpers/workdir.d.ts.map +1 -0
- package/dist/lib.js +27 -24
- package/dist/lib.js.map +4 -4
- package/dist/scripts/set-version.d.ts +2 -0
- package/dist/scripts/set-version.d.ts.map +1 -0
- package/dist/src/cli/banner.d.ts.map +1 -0
- package/dist/src/cli/build.d.ts.map +1 -0
- package/dist/src/cli/build.helpers.d.ts.map +1 -0
- package/dist/src/cli/deploy.d.ts.map +1 -0
- package/dist/src/cli/dev.d.ts.map +1 -0
- package/dist/src/cli/format.d.ts.map +1 -0
- package/dist/src/cli/format.helpers.d.ts.map +1 -0
- package/dist/src/cli/init/enums.d.ts.map +1 -0
- package/dist/src/cli/init/index.d.ts.map +1 -0
- package/dist/{cli → src/cli}/init/templates.d.ts +5 -0
- package/dist/src/cli/init/templates.d.ts.map +1 -0
- package/dist/src/cli/init/utils.d.ts.map +1 -0
- package/dist/src/cli/init/walkthrough.d.ts.map +1 -0
- package/dist/src/cli/kfc.d.ts.map +1 -0
- package/dist/src/cli/monitor.d.ts.map +1 -0
- package/dist/src/cli/root.d.ts.map +1 -0
- package/dist/src/cli/types.d.ts.map +1 -0
- package/dist/src/cli/update.d.ts.map +1 -0
- package/dist/src/cli/uuid.d.ts.map +1 -0
- package/dist/src/cli.d.ts.map +1 -0
- package/dist/{fixtures → src/fixtures}/loader.d.ts +1 -1
- package/dist/src/fixtures/loader.d.ts.map +1 -0
- package/dist/src/lib/assets/assets.d.ts.map +1 -0
- package/dist/src/lib/assets/defaultTestObjects.d.ts +29 -0
- package/dist/src/lib/assets/defaultTestObjects.d.ts.map +1 -0
- package/dist/src/lib/assets/deploy.d.ts.map +1 -0
- package/dist/src/lib/assets/destroy.d.ts.map +1 -0
- package/dist/src/lib/assets/helm.d.ts.map +1 -0
- package/dist/src/lib/assets/index.d.ts.map +1 -0
- package/dist/src/lib/assets/loader.d.ts.map +1 -0
- package/dist/src/lib/assets/networking.d.ts.map +1 -0
- package/dist/src/lib/assets/pods.d.ts.map +1 -0
- package/dist/src/lib/assets/rbac.d.ts.map +1 -0
- package/dist/src/lib/assets/store.d.ts.map +1 -0
- package/dist/src/lib/assets/webhooks.d.ts.map +1 -0
- package/dist/src/lib/assets/yaml/generateAllYaml.d.ts.map +1 -0
- package/dist/src/lib/assets/yaml/generateZarfYaml.d.ts.map +1 -0
- package/dist/{lib → src/lib}/assets/yaml/overridesFile.d.ts +1 -2
- package/dist/src/lib/assets/yaml/overridesFile.d.ts.map +1 -0
- package/dist/src/lib/common-types.d.ts +81 -0
- package/dist/src/lib/common-types.d.ts.map +1 -0
- package/dist/{lib → src/lib}/controller/index.d.ts +1 -1
- package/dist/src/lib/controller/index.d.ts.map +1 -0
- package/dist/{lib → src/lib}/controller/index.util.d.ts +2 -1
- package/dist/src/lib/controller/index.util.d.ts.map +1 -0
- package/dist/src/lib/controller/store.d.ts.map +1 -0
- package/dist/src/lib/controller/storeCache.d.ts.map +1 -0
- package/dist/src/lib/core/capability.d.ts.map +1 -0
- package/dist/src/lib/core/envChecks.d.ts.map +1 -0
- package/dist/src/lib/core/module.d.ts.map +1 -0
- package/dist/src/lib/core/queue.d.ts.map +1 -0
- package/dist/src/lib/core/schedule.d.ts.map +1 -0
- package/dist/src/lib/core/storage.d.ts.map +1 -0
- package/dist/src/lib/deploymentChecks.d.ts.map +1 -0
- package/dist/src/lib/enums.d.ts.map +1 -0
- package/dist/src/lib/errors.d.ts.map +1 -0
- package/dist/src/lib/filesystemService.d.ts.map +1 -0
- package/dist/{lib → src/lib}/filter/adjudicators/admissionRequest.d.ts +1 -1
- package/dist/src/lib/filter/adjudicators/admissionRequest.d.ts.map +1 -0
- package/dist/src/lib/filter/adjudicators/binding.d.ts.map +1 -0
- package/dist/{lib → src/lib}/filter/adjudicators/defaultTestObjects.d.ts +2 -1
- package/dist/src/lib/filter/adjudicators/defaultTestObjects.d.ts.map +1 -0
- package/dist/src/lib/filter/adjudicators/kubernetesObject.d.ts.map +1 -0
- package/dist/{lib → src/lib}/filter/adjudicators/mismatch.d.ts +2 -1
- package/dist/src/lib/filter/adjudicators/mismatch.d.ts.map +1 -0
- package/dist/src/lib/filter/adjudicators/postCollection.d.ts.map +1 -0
- package/dist/{lib → src/lib}/filter/filter.d.ts +2 -1
- package/dist/src/lib/filter/filter.d.ts.map +1 -0
- package/dist/src/lib/finalizer.d.ts.map +1 -0
- package/dist/src/lib/helpers.d.ts.map +1 -0
- package/dist/src/lib/included-files.d.ts.map +1 -0
- package/dist/src/lib/k8s.d.ts.map +1 -0
- package/dist/{lib → src/lib}/mutate-request.d.ts +2 -1
- package/dist/src/lib/mutate-request.d.ts.map +1 -0
- package/dist/src/lib/processors/decode-utils.d.ts +8 -0
- package/dist/src/lib/processors/decode-utils.d.ts.map +1 -0
- package/dist/{lib → src/lib}/processors/mutate-processor.d.ts +2 -6
- package/dist/src/lib/processors/mutate-processor.d.ts.map +1 -0
- package/dist/{lib → src/lib}/processors/validate-processor.d.ts +2 -1
- package/dist/src/lib/processors/validate-processor.d.ts.map +1 -0
- package/dist/src/lib/processors/watch-processor.d.ts.map +1 -0
- package/dist/src/lib/telemetry/logger.d.ts.map +1 -0
- package/dist/src/lib/telemetry/metrics.d.ts.map +1 -0
- package/dist/src/lib/telemetry/timeUtils.d.ts.map +1 -0
- package/dist/src/lib/telemetry/webhookTimeouts.d.ts.map +1 -0
- package/dist/src/lib/tls.d.ts.map +1 -0
- package/dist/{lib → src/lib}/types.d.ts +3 -79
- package/dist/src/lib/types.d.ts.map +1 -0
- package/dist/src/lib/utils.d.ts.map +1 -0
- package/dist/{lib → src/lib}/validate-request.d.ts +1 -2
- package/dist/src/lib/validate-request.d.ts.map +1 -0
- package/dist/src/lib.d.ts.map +1 -0
- package/dist/{runtime → src/runtime}/controller.d.ts.map +1 -1
- package/dist/src/sdk/cosign.d.ts.map +1 -0
- package/dist/src/sdk/heredoc.d.ts.map +1 -0
- package/dist/src/sdk/sdk.d.ts.map +1 -0
- package/package.json +12 -7
- package/src/cli/dev.ts +1 -1
- package/src/fixtures/loader.ts +1 -1
- package/src/lib/assets/defaultTestObjects.ts +137 -516
- package/src/lib/assets/yaml/overridesFile.ts +1 -1
- package/src/lib/common-types.ts +103 -0
- package/src/lib/controller/index.ts +1 -1
- package/src/lib/controller/index.util.ts +2 -1
- package/src/lib/core/module.ts +1 -1
- package/src/lib/filter/adjudicators/admissionRequest.ts +1 -1
- package/src/lib/filter/adjudicators/defaultTestObjects.ts +2 -1
- package/src/lib/filter/adjudicators/kubernetesObject.ts +5 -0
- package/src/lib/filter/adjudicators/mismatch.ts +6 -5
- package/src/lib/filter/filter.ts +2 -1
- package/src/lib/finalizer.ts +2 -1
- package/src/lib/mutate-request.ts +2 -1
- package/src/lib/processors/decode-utils.ts +31 -0
- package/src/lib/processors/mutate-processor.ts +44 -66
- package/src/lib/processors/validate-processor.ts +2 -1
- package/src/lib/telemetry/metrics.ts +0 -2
- package/src/lib/types.ts +3 -100
- package/src/lib/validate-request.ts +1 -2
- package/dist/cli/banner.d.ts.map +0 -1
- package/dist/cli/build.d.ts.map +0 -1
- package/dist/cli/build.helpers.d.ts.map +0 -1
- package/dist/cli/deploy.d.ts.map +0 -1
- package/dist/cli/dev.d.ts.map +0 -1
- package/dist/cli/format.d.ts.map +0 -1
- package/dist/cli/format.helpers.d.ts.map +0 -1
- package/dist/cli/init/enums.d.ts.map +0 -1
- package/dist/cli/init/index.d.ts.map +0 -1
- package/dist/cli/init/templates.d.ts.map +0 -1
- package/dist/cli/init/utils.d.ts.map +0 -1
- package/dist/cli/init/walkthrough.d.ts.map +0 -1
- package/dist/cli/kfc.d.ts.map +0 -1
- package/dist/cli/monitor.d.ts.map +0 -1
- package/dist/cli/root.d.ts.map +0 -1
- package/dist/cli/types.d.ts.map +0 -1
- package/dist/cli/update.d.ts.map +0 -1
- package/dist/cli/uuid.d.ts.map +0 -1
- package/dist/cli.d.ts.map +0 -1
- package/dist/fixtures/loader.d.ts.map +0 -1
- package/dist/lib/assets/assets.d.ts.map +0 -1
- package/dist/lib/assets/defaultTestObjects.d.ts +0 -3
- package/dist/lib/assets/defaultTestObjects.d.ts.map +0 -1
- package/dist/lib/assets/deploy.d.ts.map +0 -1
- package/dist/lib/assets/destroy.d.ts.map +0 -1
- package/dist/lib/assets/helm.d.ts.map +0 -1
- package/dist/lib/assets/index.d.ts.map +0 -1
- package/dist/lib/assets/loader.d.ts.map +0 -1
- package/dist/lib/assets/networking.d.ts.map +0 -1
- package/dist/lib/assets/pods.d.ts.map +0 -1
- package/dist/lib/assets/rbac.d.ts.map +0 -1
- package/dist/lib/assets/store.d.ts.map +0 -1
- package/dist/lib/assets/webhooks.d.ts.map +0 -1
- package/dist/lib/assets/yaml/generateAllYaml.d.ts.map +0 -1
- package/dist/lib/assets/yaml/generateZarfYaml.d.ts.map +0 -1
- package/dist/lib/assets/yaml/overridesFile.d.ts.map +0 -1
- package/dist/lib/controller/index.d.ts.map +0 -1
- package/dist/lib/controller/index.util.d.ts.map +0 -1
- package/dist/lib/controller/store.d.ts.map +0 -1
- package/dist/lib/controller/storeCache.d.ts.map +0 -1
- package/dist/lib/core/capability.d.ts.map +0 -1
- package/dist/lib/core/envChecks.d.ts.map +0 -1
- package/dist/lib/core/module.d.ts.map +0 -1
- package/dist/lib/core/queue.d.ts.map +0 -1
- package/dist/lib/core/schedule.d.ts.map +0 -1
- package/dist/lib/core/storage.d.ts.map +0 -1
- package/dist/lib/deploymentChecks.d.ts.map +0 -1
- package/dist/lib/enums.d.ts.map +0 -1
- package/dist/lib/errors.d.ts.map +0 -1
- package/dist/lib/filesystemService.d.ts.map +0 -1
- package/dist/lib/filter/adjudicators/admissionRequest.d.ts.map +0 -1
- package/dist/lib/filter/adjudicators/binding.d.ts.map +0 -1
- package/dist/lib/filter/adjudicators/defaultTestObjects.d.ts.map +0 -1
- package/dist/lib/filter/adjudicators/kubernetesObject.d.ts.map +0 -1
- package/dist/lib/filter/adjudicators/mismatch.d.ts.map +0 -1
- package/dist/lib/filter/adjudicators/postCollection.d.ts.map +0 -1
- package/dist/lib/filter/filter.d.ts.map +0 -1
- package/dist/lib/finalizer.d.ts.map +0 -1
- package/dist/lib/helpers.d.ts.map +0 -1
- package/dist/lib/included-files.d.ts.map +0 -1
- package/dist/lib/k8s.d.ts.map +0 -1
- package/dist/lib/mutate-request.d.ts.map +0 -1
- package/dist/lib/processors/mutate-processor.d.ts.map +0 -1
- package/dist/lib/processors/validate-processor.d.ts.map +0 -1
- package/dist/lib/processors/watch-processor.d.ts.map +0 -1
- package/dist/lib/telemetry/logger.d.ts.map +0 -1
- package/dist/lib/telemetry/metrics.d.ts.map +0 -1
- package/dist/lib/telemetry/timeUtils.d.ts.map +0 -1
- package/dist/lib/telemetry/webhookTimeouts.d.ts.map +0 -1
- package/dist/lib/tls.d.ts.map +0 -1
- package/dist/lib/types.d.ts.map +0 -1
- package/dist/lib/utils.d.ts.map +0 -1
- package/dist/lib/validate-request.d.ts.map +0 -1
- package/dist/lib.d.ts.map +0 -1
- package/dist/sdk/cosign.d.ts.map +0 -1
- package/dist/sdk/heredoc.d.ts.map +0 -1
- package/dist/sdk/sdk.d.ts.map +0 -1
- /package/dist/{cli → src/cli}/banner.d.ts +0 -0
- /package/dist/{cli → src/cli}/build.d.ts +0 -0
- /package/dist/{cli → src/cli}/build.helpers.d.ts +0 -0
- /package/dist/{cli → src/cli}/deploy.d.ts +0 -0
- /package/dist/{cli → src/cli}/dev.d.ts +0 -0
- /package/dist/{cli → src/cli}/format.d.ts +0 -0
- /package/dist/{cli → src/cli}/format.helpers.d.ts +0 -0
- /package/dist/{cli → src/cli}/init/enums.d.ts +0 -0
- /package/dist/{cli → src/cli}/init/index.d.ts +0 -0
- /package/dist/{cli → src/cli}/init/utils.d.ts +0 -0
- /package/dist/{cli → src/cli}/init/walkthrough.d.ts +0 -0
- /package/dist/{cli → src/cli}/kfc.d.ts +0 -0
- /package/dist/{cli → src/cli}/monitor.d.ts +0 -0
- /package/dist/{cli → src/cli}/root.d.ts +0 -0
- /package/dist/{cli → src/cli}/types.d.ts +0 -0
- /package/dist/{cli → src/cli}/update.d.ts +0 -0
- /package/dist/{cli → src/cli}/uuid.d.ts +0 -0
- /package/dist/{cli.d.ts → src/cli.d.ts} +0 -0
- /package/dist/{lib → src/lib}/assets/assets.d.ts +0 -0
- /package/dist/{lib → src/lib}/assets/deploy.d.ts +0 -0
- /package/dist/{lib → src/lib}/assets/destroy.d.ts +0 -0
- /package/dist/{lib → src/lib}/assets/helm.d.ts +0 -0
- /package/dist/{lib → src/lib}/assets/index.d.ts +0 -0
- /package/dist/{lib → src/lib}/assets/loader.d.ts +0 -0
- /package/dist/{lib → src/lib}/assets/networking.d.ts +0 -0
- /package/dist/{lib → src/lib}/assets/pods.d.ts +0 -0
- /package/dist/{lib → src/lib}/assets/rbac.d.ts +0 -0
- /package/dist/{lib → src/lib}/assets/store.d.ts +0 -0
- /package/dist/{lib → src/lib}/assets/webhooks.d.ts +0 -0
- /package/dist/{lib → src/lib}/assets/yaml/generateAllYaml.d.ts +0 -0
- /package/dist/{lib → src/lib}/assets/yaml/generateZarfYaml.d.ts +0 -0
- /package/dist/{lib → src/lib}/controller/store.d.ts +0 -0
- /package/dist/{lib → src/lib}/controller/storeCache.d.ts +0 -0
- /package/dist/{lib → src/lib}/core/capability.d.ts +0 -0
- /package/dist/{lib → src/lib}/core/envChecks.d.ts +0 -0
- /package/dist/{lib → src/lib}/core/module.d.ts +0 -0
- /package/dist/{lib → src/lib}/core/queue.d.ts +0 -0
- /package/dist/{lib → src/lib}/core/schedule.d.ts +0 -0
- /package/dist/{lib → src/lib}/core/storage.d.ts +0 -0
- /package/dist/{lib → src/lib}/deploymentChecks.d.ts +0 -0
- /package/dist/{lib → src/lib}/enums.d.ts +0 -0
- /package/dist/{lib → src/lib}/errors.d.ts +0 -0
- /package/dist/{lib → src/lib}/filesystemService.d.ts +0 -0
- /package/dist/{lib → src/lib}/filter/adjudicators/binding.d.ts +0 -0
- /package/dist/{lib → src/lib}/filter/adjudicators/kubernetesObject.d.ts +0 -0
- /package/dist/{lib → src/lib}/filter/adjudicators/postCollection.d.ts +0 -0
- /package/dist/{lib → src/lib}/finalizer.d.ts +0 -0
- /package/dist/{lib → src/lib}/helpers.d.ts +0 -0
- /package/dist/{lib → src/lib}/included-files.d.ts +0 -0
- /package/dist/{lib → src/lib}/k8s.d.ts +0 -0
- /package/dist/{lib → src/lib}/processors/watch-processor.d.ts +0 -0
- /package/dist/{lib → src/lib}/telemetry/logger.d.ts +0 -0
- /package/dist/{lib → src/lib}/telemetry/metrics.d.ts +0 -0
- /package/dist/{lib → src/lib}/telemetry/timeUtils.d.ts +0 -0
- /package/dist/{lib → src/lib}/telemetry/webhookTimeouts.d.ts +0 -0
- /package/dist/{lib → src/lib}/tls.d.ts +0 -0
- /package/dist/{lib → src/lib}/utils.d.ts +0 -0
- /package/dist/{lib.d.ts → src/lib.d.ts} +0 -0
- /package/dist/{runtime → src/runtime}/controller.d.ts +0 -0
- /package/dist/{sdk → src/sdk}/cosign.d.ts +0 -0
- /package/dist/{sdk → src/sdk}/heredoc.d.ts +0 -0
- /package/dist/{sdk → src/sdk}/sdk.d.ts +0 -0
|
@@ -1,533 +1,154 @@
|
|
|
1
|
-
import { GenericClass } from "kubernetes-fluent-client";
|
|
1
|
+
import { GenericClass, GroupVersionKind } from "kubernetes-fluent-client";
|
|
2
2
|
import { Event } from "../enums";
|
|
3
|
-
import { CapabilityExport } from "../types";
|
|
4
|
-
import {
|
|
3
|
+
import { Binding, CapabilityExport } from "../types";
|
|
4
|
+
import { defaultFilters } from "../filter/adjudicators/defaultTestObjects";
|
|
5
5
|
import { V1PolicyRule as PolicyRule } from "@kubernetes/client-node";
|
|
6
|
-
import
|
|
7
|
-
import {
|
|
8
|
-
|
|
6
|
+
import { AdmissionRequest, GroupVersionResource } from "../common-types";
|
|
7
|
+
import { Operation } from "../enums";
|
|
8
|
+
|
|
9
|
+
export const createMockAdmissionRequest = (
|
|
10
|
+
kind: GroupVersionKind = { kind: "kind", group: "group", version: "version" },
|
|
11
|
+
resource: GroupVersionResource = { group: "group", version: "version", resource: "resource" },
|
|
12
|
+
object: { metadata: { name: string } } = { metadata: { name: "create-me" } },
|
|
13
|
+
operation: Operation = Operation.CREATE,
|
|
14
|
+
): AdmissionRequest => ({
|
|
15
|
+
uid: "uid",
|
|
16
|
+
kind,
|
|
17
|
+
resource,
|
|
18
|
+
name: "",
|
|
19
|
+
object,
|
|
20
|
+
operation,
|
|
21
|
+
userInfo: {},
|
|
22
|
+
});
|
|
23
|
+
|
|
24
|
+
export const createMockRbacRule = (
|
|
25
|
+
apiGroups: string[] = ["pepr.dev"],
|
|
26
|
+
resources: string[] = ["peprstores"],
|
|
27
|
+
verbs: string[] = ["create", "get", "patch", "watch"],
|
|
28
|
+
): PolicyRule => ({
|
|
29
|
+
apiGroups,
|
|
30
|
+
resources,
|
|
31
|
+
verbs,
|
|
32
|
+
});
|
|
33
|
+
|
|
34
|
+
export const createMockBinding = (
|
|
35
|
+
kindDetails: { group?: string; version?: string; kind?: string; plural?: string } = {},
|
|
36
|
+
options: { isWatch?: boolean; event?: Event; isFinalize?: boolean } = {},
|
|
37
|
+
): Binding => {
|
|
38
|
+
const { group = "pepr.dev", version = "v1", kind = "peprstore", plural = "peprstores" } = kindDetails;
|
|
39
|
+
|
|
40
|
+
const { isWatch = false, event = Event.CREATE, isFinalize } = options;
|
|
41
|
+
|
|
42
|
+
return {
|
|
43
|
+
kind: { group, version, kind, plural },
|
|
44
|
+
isWatch,
|
|
45
|
+
...(isFinalize !== undefined && { isFinalize }),
|
|
46
|
+
event,
|
|
47
|
+
model: {} as GenericClass,
|
|
48
|
+
filters: { ...defaultFilters, regexName: "" },
|
|
49
|
+
};
|
|
50
|
+
};
|
|
51
|
+
|
|
52
|
+
export const createMockCapability = (
|
|
53
|
+
rbacRules = [createMockRbacRule()],
|
|
54
|
+
bindings = [createMockBinding()],
|
|
55
|
+
): CapabilityExport => ({
|
|
56
|
+
name: "",
|
|
57
|
+
hasSchedule: false,
|
|
58
|
+
description: "",
|
|
59
|
+
rbac: rbacRules,
|
|
60
|
+
bindings,
|
|
61
|
+
});
|
|
9
62
|
|
|
10
63
|
export const mockCapabilities: CapabilityExport[] = [
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
},
|
|
18
|
-
],
|
|
19
|
-
bindings: [
|
|
20
|
-
{
|
|
21
|
-
kind: { group: "pepr.dev", version: "v1", kind: "peprstore", plural: "peprstores" },
|
|
22
|
-
isWatch: false,
|
|
23
|
-
event: Event.CREATE,
|
|
24
|
-
model: {} as GenericClass,
|
|
25
|
-
filters: {
|
|
26
|
-
name: "",
|
|
27
|
-
regexName: "",
|
|
28
|
-
namespaces: [],
|
|
29
|
-
regexNamespaces: [],
|
|
30
|
-
labels: {},
|
|
31
|
-
annotations: {},
|
|
32
|
-
deletionTimestamp: false,
|
|
33
|
-
},
|
|
34
|
-
},
|
|
35
|
-
],
|
|
36
|
-
hasSchedule: false,
|
|
37
|
-
name: "",
|
|
38
|
-
description: "",
|
|
39
|
-
},
|
|
40
|
-
{
|
|
41
|
-
rbac: [
|
|
42
|
-
{
|
|
43
|
-
apiGroups: ["apiextensions.k8s.io"],
|
|
44
|
-
resources: ["customresourcedefinitions"],
|
|
45
|
-
verbs: ["patch", "create"],
|
|
46
|
-
},
|
|
47
|
-
],
|
|
48
|
-
bindings: [
|
|
49
|
-
{
|
|
50
|
-
kind: {
|
|
64
|
+
createMockCapability(),
|
|
65
|
+
createMockCapability(
|
|
66
|
+
[createMockRbacRule(["apiextensions.k8s.io"], ["customresourcedefinitions"], ["patch", "create"])],
|
|
67
|
+
[
|
|
68
|
+
createMockBinding(
|
|
69
|
+
{
|
|
51
70
|
group: "apiextensions.k8s.io",
|
|
52
71
|
version: "v1",
|
|
53
72
|
kind: "customresourcedefinition",
|
|
54
73
|
plural: "customresourcedefinitions",
|
|
55
74
|
},
|
|
56
|
-
isWatch: false,
|
|
57
|
-
|
|
58
|
-
event: Event.CREATE,
|
|
59
|
-
model: {} as GenericClass,
|
|
60
|
-
filters: {
|
|
61
|
-
name: "",
|
|
62
|
-
regexName: "",
|
|
63
|
-
namespaces: [],
|
|
64
|
-
regexNamespaces: [],
|
|
65
|
-
labels: {},
|
|
66
|
-
annotations: {},
|
|
67
|
-
deletionTimestamp: false,
|
|
68
|
-
},
|
|
69
|
-
},
|
|
75
|
+
{ isWatch: false, event: Event.CREATE, isFinalize: false },
|
|
76
|
+
),
|
|
70
77
|
],
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
resources: ["namespaces"],
|
|
80
|
-
verbs: ["watch"],
|
|
81
|
-
},
|
|
78
|
+
),
|
|
79
|
+
createMockCapability(
|
|
80
|
+
[createMockRbacRule([""], ["namespaces"], ["watch"])],
|
|
81
|
+
[
|
|
82
|
+
createMockBinding(
|
|
83
|
+
{ group: "", version: "v1", kind: "namespace", plural: "namespaces" },
|
|
84
|
+
{ isWatch: true, event: Event.CREATE, isFinalize: false },
|
|
85
|
+
),
|
|
82
86
|
],
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
name: "",
|
|
92
|
-
regexName: "",
|
|
93
|
-
namespaces: [],
|
|
94
|
-
regexNamespaces: [],
|
|
95
|
-
labels: {},
|
|
96
|
-
annotations: {},
|
|
97
|
-
deletionTimestamp: false,
|
|
98
|
-
},
|
|
99
|
-
},
|
|
100
|
-
],
|
|
101
|
-
hasSchedule: false,
|
|
102
|
-
name: "",
|
|
103
|
-
description: "",
|
|
104
|
-
},
|
|
105
|
-
{
|
|
106
|
-
rbac: [
|
|
107
|
-
{
|
|
108
|
-
apiGroups: [""],
|
|
109
|
-
resources: ["configmaps"],
|
|
110
|
-
verbs: ["watch"],
|
|
111
|
-
},
|
|
112
|
-
],
|
|
113
|
-
bindings: [
|
|
114
|
-
{
|
|
115
|
-
kind: { group: "", version: "v1", kind: "configmap", plural: "configmaps" },
|
|
116
|
-
isWatch: true,
|
|
117
|
-
isFinalize: false,
|
|
118
|
-
event: Event.CREATE,
|
|
119
|
-
model: {} as GenericClass,
|
|
120
|
-
filters: {
|
|
121
|
-
name: "",
|
|
122
|
-
regexName: "",
|
|
123
|
-
namespaces: [],
|
|
124
|
-
regexNamespaces: [],
|
|
125
|
-
labels: {},
|
|
126
|
-
annotations: {},
|
|
127
|
-
deletionTimestamp: false,
|
|
128
|
-
},
|
|
129
|
-
},
|
|
87
|
+
),
|
|
88
|
+
createMockCapability(
|
|
89
|
+
[createMockRbacRule([""], ["configmaps"], ["watch"])],
|
|
90
|
+
[
|
|
91
|
+
createMockBinding(
|
|
92
|
+
{ group: "", version: "v1", kind: "configmap", plural: "configmaps" },
|
|
93
|
+
{ isWatch: true, event: Event.CREATE, isFinalize: false },
|
|
94
|
+
),
|
|
130
95
|
],
|
|
131
|
-
|
|
132
|
-
name: "",
|
|
133
|
-
description: "",
|
|
134
|
-
},
|
|
96
|
+
),
|
|
135
97
|
];
|
|
136
|
-
describe("RBAC generation", () => {
|
|
137
|
-
beforeEach(() => {
|
|
138
|
-
jest.clearAllMocks();
|
|
139
|
-
const mockPackageJsonRBAC = {};
|
|
140
|
-
|
|
141
|
-
jest.spyOn(fs, "readFileSync").mockImplementation((path: unknown) => {
|
|
142
|
-
if (typeof path === "string" && path.includes("package.json")) {
|
|
143
|
-
return JSON.stringify({ rbac: mockPackageJsonRBAC });
|
|
144
|
-
}
|
|
145
|
-
return "{}";
|
|
146
|
-
});
|
|
147
|
-
});
|
|
148
|
-
|
|
149
|
-
it("should generate correct ClusterRole rules in scoped mode", () => {
|
|
150
|
-
const result = clusterRole("test-role", mockCapabilities, "scoped", []);
|
|
151
|
-
|
|
152
|
-
expect(result.rules).toEqual([
|
|
153
|
-
{
|
|
154
|
-
apiGroups: ["pepr.dev"],
|
|
155
|
-
resources: ["peprstores"],
|
|
156
|
-
verbs: ["create", "get", "patch", "watch"],
|
|
157
|
-
},
|
|
158
|
-
{
|
|
159
|
-
apiGroups: ["apiextensions.k8s.io"],
|
|
160
|
-
resources: ["customresourcedefinitions"],
|
|
161
|
-
verbs: ["patch", "create"],
|
|
162
|
-
},
|
|
163
|
-
{
|
|
164
|
-
apiGroups: [""],
|
|
165
|
-
resources: ["namespaces"],
|
|
166
|
-
verbs: ["watch"],
|
|
167
|
-
},
|
|
168
|
-
{
|
|
169
|
-
apiGroups: [""],
|
|
170
|
-
resources: ["configmaps"],
|
|
171
|
-
verbs: ["watch"],
|
|
172
|
-
},
|
|
173
|
-
]);
|
|
174
|
-
});
|
|
175
|
-
|
|
176
|
-
it("should generate a ClusterRole with wildcard rules when not in scoped mode", () => {
|
|
177
|
-
const expectedWildcardRules = [
|
|
178
|
-
{
|
|
179
|
-
apiGroups: ["*"],
|
|
180
|
-
resources: ["*"],
|
|
181
|
-
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"],
|
|
182
|
-
},
|
|
183
|
-
];
|
|
184
|
-
|
|
185
|
-
const result = clusterRole("test-role", mockCapabilities, "admin", []);
|
|
186
|
-
|
|
187
|
-
expect(result.rules).toEqual(expectedWildcardRules);
|
|
188
|
-
});
|
|
189
|
-
|
|
190
|
-
it("should return an empty rules array when capabilities are empty in scoped mode", () => {
|
|
191
|
-
const result = clusterRole("test-role", [], "scoped", []);
|
|
192
|
-
|
|
193
|
-
expect(result.rules).toEqual([]);
|
|
194
|
-
});
|
|
195
|
-
|
|
196
|
-
it("should include finalize verbs if isFinalize is true in scoped mode", () => {
|
|
197
|
-
const capabilitiesWithFinalize: CapabilityExport[] = [
|
|
198
|
-
{
|
|
199
|
-
rbac: [
|
|
200
|
-
{
|
|
201
|
-
apiGroups: ["pepr.dev"],
|
|
202
|
-
resources: ["peprstores"],
|
|
203
|
-
verbs: ["patch"],
|
|
204
|
-
},
|
|
205
|
-
],
|
|
206
|
-
bindings: [
|
|
207
|
-
{
|
|
208
|
-
kind: { group: "pepr.dev", version: "v1", kind: "peprstore", plural: "peprstores" },
|
|
209
|
-
isWatch: false,
|
|
210
|
-
isFinalize: true,
|
|
211
|
-
event: Event.CREATE,
|
|
212
|
-
model: {} as GenericClass,
|
|
213
|
-
filters: {
|
|
214
|
-
name: "",
|
|
215
|
-
regexName: "",
|
|
216
|
-
namespaces: [],
|
|
217
|
-
regexNamespaces: [],
|
|
218
|
-
labels: {},
|
|
219
|
-
annotations: {},
|
|
220
|
-
deletionTimestamp: false,
|
|
221
|
-
},
|
|
222
|
-
},
|
|
223
|
-
],
|
|
224
|
-
hasSchedule: false,
|
|
225
|
-
name: "",
|
|
226
|
-
description: "",
|
|
227
|
-
},
|
|
228
|
-
];
|
|
229
|
-
|
|
230
|
-
const result = clusterRole(
|
|
231
|
-
"test-role",
|
|
232
|
-
capabilitiesWithFinalize,
|
|
233
|
-
"scoped",
|
|
234
|
-
capabilitiesWithFinalize.flatMap(c => c.rbac).filter((rule): rule is PolicyRule => rule !== undefined),
|
|
235
|
-
);
|
|
236
|
-
|
|
237
|
-
expect(result.rules).toEqual([
|
|
238
|
-
{
|
|
239
|
-
apiGroups: ["pepr.dev"],
|
|
240
|
-
resources: ["peprstores"],
|
|
241
|
-
verbs: ["patch"],
|
|
242
|
-
},
|
|
243
|
-
{
|
|
244
|
-
apiGroups: ["apiextensions.k8s.io"],
|
|
245
|
-
resources: ["customresourcedefinitions"],
|
|
246
|
-
verbs: ["patch", "create"],
|
|
247
|
-
},
|
|
248
|
-
]);
|
|
249
|
-
});
|
|
250
|
-
|
|
251
|
-
it("should deduplicate verbs and resources in rules", () => {
|
|
252
|
-
const capabilitiesWithDuplicates: CapabilityExport[] = [
|
|
253
|
-
{
|
|
254
|
-
rbac: [
|
|
255
|
-
{
|
|
256
|
-
apiGroups: ["pepr.dev"],
|
|
257
|
-
resources: ["peprstores"],
|
|
258
|
-
verbs: ["create", "get"],
|
|
259
|
-
},
|
|
260
|
-
],
|
|
261
|
-
bindings: [
|
|
262
|
-
{
|
|
263
|
-
kind: { group: "pepr.dev", version: "v1", kind: "peprlog", plural: "peprlogs" },
|
|
264
|
-
isWatch: false,
|
|
265
|
-
event: Event.CREATE,
|
|
266
|
-
model: {} as GenericClass,
|
|
267
|
-
filters: {
|
|
268
|
-
name: "",
|
|
269
|
-
regexName: "",
|
|
270
|
-
namespaces: [],
|
|
271
|
-
regexNamespaces: [],
|
|
272
|
-
labels: {},
|
|
273
|
-
annotations: {},
|
|
274
|
-
deletionTimestamp: false,
|
|
275
|
-
},
|
|
276
|
-
},
|
|
277
|
-
],
|
|
278
|
-
hasSchedule: false,
|
|
279
|
-
name: "",
|
|
280
|
-
description: "",
|
|
281
|
-
},
|
|
282
|
-
{
|
|
283
|
-
rbac: [
|
|
284
|
-
{
|
|
285
|
-
apiGroups: ["pepr.dev"],
|
|
286
|
-
resources: ["peprstores"],
|
|
287
|
-
verbs: ["get", "patch"],
|
|
288
|
-
},
|
|
289
|
-
],
|
|
290
|
-
bindings: [
|
|
291
|
-
{
|
|
292
|
-
kind: { group: "pepr.dev", version: "v1", kind: "peprlog", plural: "peprlogs" },
|
|
293
|
-
isWatch: false,
|
|
294
|
-
event: Event.CREATE,
|
|
295
|
-
model: {} as GenericClass,
|
|
296
|
-
filters: {
|
|
297
|
-
name: "",
|
|
298
|
-
regexName: "",
|
|
299
|
-
namespaces: [],
|
|
300
|
-
regexNamespaces: [],
|
|
301
|
-
labels: {},
|
|
302
|
-
annotations: {},
|
|
303
|
-
deletionTimestamp: false,
|
|
304
|
-
},
|
|
305
|
-
},
|
|
306
|
-
],
|
|
307
|
-
hasSchedule: false,
|
|
308
|
-
name: "",
|
|
309
|
-
description: "",
|
|
310
|
-
},
|
|
311
|
-
];
|
|
312
|
-
|
|
313
|
-
const result = clusterRole(
|
|
314
|
-
"test-role",
|
|
315
|
-
capabilitiesWithDuplicates,
|
|
316
|
-
"scoped",
|
|
317
|
-
capabilitiesWithDuplicates.flatMap(c => c.rbac).filter((rule): rule is PolicyRule => rule !== undefined),
|
|
318
|
-
);
|
|
319
|
-
|
|
320
|
-
// Filter out only the rules for 'pepr.dev' and 'peprstores'
|
|
321
|
-
const filteredRules = result.rules?.filter(
|
|
322
|
-
rule => rule.apiGroups?.includes("pepr.dev") && rule.resources?.includes("peprstores"),
|
|
323
|
-
);
|
|
324
98
|
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
jest.mock("./rbac", () => ({
|
|
337
|
-
...(jest.requireActual("./rbac") as object),
|
|
338
|
-
readRBACFromPackageJson: jest.fn(() => null),
|
|
339
|
-
}));
|
|
340
|
-
|
|
341
|
-
// Mocking createRBACMap to isolate the behavior of clusterRole function
|
|
342
|
-
jest.mock("../helpers", () => ({
|
|
343
|
-
...(jest.requireActual("../helpers") as object),
|
|
344
|
-
createRBACMap: jest.fn(),
|
|
345
|
-
}));
|
|
346
|
-
|
|
347
|
-
beforeEach(() => {
|
|
348
|
-
jest.clearAllMocks();
|
|
349
|
-
jest.restoreAllMocks();
|
|
350
|
-
});
|
|
351
|
-
|
|
352
|
-
it("should handle keys with less than 3 segments and set group to an empty string", () => {
|
|
353
|
-
jest.spyOn(helpers, "createRBACMap").mockReturnValue({
|
|
354
|
-
nodes: {
|
|
355
|
-
plural: "nodes",
|
|
356
|
-
verbs: ["get"],
|
|
357
|
-
},
|
|
358
|
-
});
|
|
359
|
-
|
|
360
|
-
const capabilitiesWithShortKey: CapabilityExport[] = [
|
|
361
|
-
{
|
|
362
|
-
rbac: [
|
|
363
|
-
{
|
|
364
|
-
apiGroups: [""],
|
|
365
|
-
resources: ["nodes"],
|
|
366
|
-
verbs: ["get"],
|
|
367
|
-
},
|
|
368
|
-
],
|
|
369
|
-
bindings: [
|
|
370
|
-
{
|
|
371
|
-
kind: { group: "", version: "v1", kind: "node", plural: "nodes" },
|
|
372
|
-
isWatch: false,
|
|
373
|
-
event: Event.CREATE,
|
|
374
|
-
model: {} as GenericClass,
|
|
375
|
-
filters: {
|
|
376
|
-
name: "",
|
|
377
|
-
regexName: "",
|
|
378
|
-
namespaces: [],
|
|
379
|
-
regexNamespaces: [],
|
|
380
|
-
labels: {},
|
|
381
|
-
annotations: {},
|
|
382
|
-
deletionTimestamp: false,
|
|
383
|
-
},
|
|
384
|
-
},
|
|
385
|
-
],
|
|
386
|
-
hasSchedule: false,
|
|
387
|
-
name: "",
|
|
388
|
-
description: "",
|
|
389
|
-
},
|
|
390
|
-
];
|
|
391
|
-
|
|
392
|
-
const result = clusterRole(
|
|
393
|
-
"test-role",
|
|
394
|
-
capabilitiesWithShortKey,
|
|
395
|
-
"scoped",
|
|
396
|
-
capabilitiesWithShortKey.flatMap(c => c.rbac).filter((rule): rule is PolicyRule => rule !== undefined),
|
|
397
|
-
);
|
|
398
|
-
|
|
399
|
-
expect(result.rules).toEqual([
|
|
400
|
-
{
|
|
401
|
-
apiGroups: [""],
|
|
402
|
-
resources: ["nodes"],
|
|
403
|
-
verbs: ["get"],
|
|
404
|
-
},
|
|
405
|
-
]);
|
|
406
|
-
});
|
|
407
|
-
|
|
408
|
-
it("should handle keys with 3 or more segments and set group correctly", () => {
|
|
409
|
-
jest.spyOn(helpers, "createRBACMap").mockReturnValue({
|
|
410
|
-
"apps/v1/deployments": {
|
|
411
|
-
plural: "deployments",
|
|
412
|
-
verbs: ["create"],
|
|
413
|
-
},
|
|
414
|
-
});
|
|
415
|
-
|
|
416
|
-
const capabilitiesWithLongKey: CapabilityExport[] = [
|
|
417
|
-
{
|
|
418
|
-
rbac: [
|
|
419
|
-
{
|
|
420
|
-
apiGroups: ["apps"],
|
|
421
|
-
resources: ["deployments"],
|
|
422
|
-
verbs: ["create"],
|
|
423
|
-
},
|
|
424
|
-
],
|
|
425
|
-
bindings: [
|
|
426
|
-
{
|
|
427
|
-
kind: { group: "apps", version: "v1", kind: "deployment", plural: "deployments" },
|
|
428
|
-
isWatch: false,
|
|
429
|
-
event: Event.CREATE,
|
|
430
|
-
model: {} as GenericClass,
|
|
431
|
-
filters: {
|
|
432
|
-
name: "",
|
|
433
|
-
regexName: "",
|
|
434
|
-
namespaces: [],
|
|
435
|
-
regexNamespaces: [],
|
|
436
|
-
labels: {},
|
|
437
|
-
annotations: {},
|
|
438
|
-
deletionTimestamp: false,
|
|
439
|
-
},
|
|
440
|
-
},
|
|
441
|
-
],
|
|
442
|
-
hasSchedule: false,
|
|
443
|
-
name: "",
|
|
444
|
-
description: "",
|
|
445
|
-
},
|
|
446
|
-
];
|
|
447
|
-
|
|
448
|
-
const result = clusterRole(
|
|
449
|
-
"test-role",
|
|
450
|
-
capabilitiesWithLongKey,
|
|
451
|
-
"scoped",
|
|
452
|
-
capabilitiesWithLongKey.flatMap(c => c.rbac).filter((rule): rule is PolicyRule => rule !== undefined),
|
|
453
|
-
);
|
|
454
|
-
|
|
455
|
-
expect(result.rules).toEqual([
|
|
456
|
-
{
|
|
457
|
-
apiGroups: ["apps"],
|
|
458
|
-
resources: ["deployments"],
|
|
459
|
-
verbs: ["create"],
|
|
460
|
-
},
|
|
461
|
-
]);
|
|
462
|
-
});
|
|
463
|
-
|
|
464
|
-
it("should handle non-array custom RBAC by defaulting to an empty array", () => {
|
|
465
|
-
// Mock readRBACFromPackageJson to return a non-array value
|
|
466
|
-
jest.spyOn(fs, "readFileSync").mockImplementation(() => {
|
|
467
|
-
return JSON.stringify({
|
|
468
|
-
pepr: {
|
|
469
|
-
rbac: "not-an-array", // Simulate invalid RBAC structure
|
|
470
|
-
},
|
|
471
|
-
});
|
|
472
|
-
});
|
|
473
|
-
|
|
474
|
-
const result = clusterRole(
|
|
475
|
-
"test-role",
|
|
476
|
-
mockCapabilities,
|
|
477
|
-
"scoped",
|
|
478
|
-
mockCapabilities.flatMap(c => c.rbac).filter((rule): rule is PolicyRule => rule !== undefined),
|
|
479
|
-
);
|
|
480
|
-
|
|
481
|
-
// The result should only contain rules from the capabilities, not from the invalid custom RBAC
|
|
482
|
-
expect(result.rules).toEqual([
|
|
483
|
-
{
|
|
484
|
-
apiGroups: ["pepr.dev"],
|
|
485
|
-
resources: ["peprstores"],
|
|
486
|
-
verbs: ["create", "get", "patch", "watch"],
|
|
487
|
-
},
|
|
488
|
-
{
|
|
489
|
-
apiGroups: ["apiextensions.k8s.io"],
|
|
490
|
-
resources: ["customresourcedefinitions"],
|
|
491
|
-
verbs: ["patch", "create"],
|
|
492
|
-
},
|
|
493
|
-
{
|
|
494
|
-
apiGroups: [""],
|
|
495
|
-
resources: ["namespaces"],
|
|
496
|
-
verbs: ["watch"],
|
|
497
|
-
},
|
|
498
|
-
{
|
|
499
|
-
apiGroups: [""],
|
|
500
|
-
resources: ["configmaps"],
|
|
501
|
-
verbs: ["watch"],
|
|
502
|
-
},
|
|
503
|
-
]);
|
|
504
|
-
});
|
|
505
|
-
|
|
506
|
-
it("should default to an empty verbs array if rule.verbs is undefined", () => {
|
|
507
|
-
// Simulate a custom RBAC rule with empty verbs
|
|
508
|
-
const customRbacWithNoVerbs: PolicyRule[] = [
|
|
509
|
-
{
|
|
510
|
-
apiGroups: ["pepr.dev"],
|
|
511
|
-
resources: ["customresources"],
|
|
512
|
-
verbs: [], // Set verbs to an empty array to satisfy the V1PolicyRule type
|
|
513
|
-
},
|
|
514
|
-
];
|
|
99
|
+
export const capabilityWithFinalize: CapabilityExport[] = [
|
|
100
|
+
createMockCapability(
|
|
101
|
+
[createMockRbacRule(["pepr.dev"], ["peprstores"], ["patch"])],
|
|
102
|
+
[
|
|
103
|
+
createMockBinding(
|
|
104
|
+
{ group: "pepr.dev", version: "v1", kind: "peprstore", plural: "peprstores" },
|
|
105
|
+
{ isWatch: false, event: Event.CREATE, isFinalize: true },
|
|
106
|
+
),
|
|
107
|
+
],
|
|
108
|
+
),
|
|
109
|
+
];
|
|
515
110
|
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
|
|
522
|
-
|
|
111
|
+
export const capabilityWithDuplicates: CapabilityExport[] = [
|
|
112
|
+
createMockCapability(
|
|
113
|
+
[createMockRbacRule(["pepr.dev"], ["peprstores"], ["create", "get"])],
|
|
114
|
+
[
|
|
115
|
+
createMockBinding(
|
|
116
|
+
{ group: "pepr.dev", version: "v1", kind: "peprlog", plural: "peprlogs" },
|
|
117
|
+
{ isWatch: false, event: Event.CREATE },
|
|
118
|
+
),
|
|
119
|
+
],
|
|
120
|
+
),
|
|
121
|
+
createMockCapability(
|
|
122
|
+
[createMockRbacRule(["pepr.dev"], ["peprstores"], ["get", "patch"])],
|
|
123
|
+
[
|
|
124
|
+
createMockBinding(
|
|
125
|
+
{ group: "pepr.dev", version: "v1", kind: "peprlog", plural: "peprlogs" },
|
|
126
|
+
{ isWatch: false, event: Event.CREATE },
|
|
127
|
+
),
|
|
128
|
+
],
|
|
129
|
+
),
|
|
130
|
+
];
|
|
523
131
|
|
|
524
|
-
|
|
132
|
+
export const capabilityWithShortKey: CapabilityExport[] = [
|
|
133
|
+
createMockCapability(
|
|
134
|
+
[createMockRbacRule([""], ["nodes"], ["get"])],
|
|
135
|
+
[
|
|
136
|
+
createMockBinding(
|
|
137
|
+
{ group: "", version: "v1", kind: "node", plural: "nodes" },
|
|
138
|
+
{ isWatch: false, event: Event.CREATE },
|
|
139
|
+
),
|
|
140
|
+
],
|
|
141
|
+
),
|
|
142
|
+
];
|
|
525
143
|
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
530
|
-
|
|
531
|
-
|
|
532
|
-
|
|
533
|
-
|
|
144
|
+
export const capabilityWithLongKey: CapabilityExport[] = [
|
|
145
|
+
createMockCapability(
|
|
146
|
+
[createMockRbacRule(["apps"], ["deployments"], ["create"])],
|
|
147
|
+
[
|
|
148
|
+
createMockBinding(
|
|
149
|
+
{ group: "apps", version: "v1", kind: "deployment", plural: "deployments" },
|
|
150
|
+
{ isWatch: false, event: Event.CREATE },
|
|
151
|
+
),
|
|
152
|
+
],
|
|
153
|
+
),
|
|
154
|
+
];
|
|
@@ -5,7 +5,7 @@ import { dumpYaml } from "@kubernetes/client-node";
|
|
|
5
5
|
import { clusterRole } from "../rbac";
|
|
6
6
|
import { promises as fs } from "fs";
|
|
7
7
|
|
|
8
|
-
type ChartOverrides = {
|
|
8
|
+
export type ChartOverrides = {
|
|
9
9
|
apiPath: string;
|
|
10
10
|
capabilities: CapabilityExport[];
|
|
11
11
|
config: ModuleConfig;
|