[toran414] Fix Extra Role Rules

Merge pull request #42 from toran414/patch/fix-extra-role-rules Fixed adding additional RBAC rules.
CircleCI-Public · Mar 21, 2024 · 33b22b6 · 33b22b6
2 parents c47661e + 4828153
commit 33b22b6
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 3 deletions.
diff --git a/Chart.yaml b/Chart.yaml
@@ -4,5 +4,5 @@ description: For deploying a CircleCI Container Agent
 icon: https://raw.githubusercontent.com/circleci/media/master/logo/build/horizontal_dark.1.png
 type: application
 
-version: "101.0.20"
+version: "101.0.21"
 appVersion: "3"
diff --git a/changelog.md b/changelog.md
@@ -1,6 +1,8 @@
 # Container Agent Helm Chart Changelog
 
 This is the Container Agent Helm Chart changelog
+# 101.0.21
+- [#42](https://github.com/CircleCI-Public/container-runner-helm-chart/pull/42) Fix formatting bug when adding role and logging role rules
 
 # 101.0.20
 

diff --git a/templates/role.yaml b/templates/role.yaml
@@ -27,7 +27,7 @@ rules:
   {{- end }} # if .Values.agent.ssh.enabled
 
 {{- if $role.rules }}
-  {{- toYaml $role.rules | indent 2 }}
+  {{- toYaml $role.rules | nindent 2 }}
 {{- end }} # if $role.rules
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -63,7 +63,7 @@ rules:
     resources: ["pods/log"]
     verbs: ["get"]
 {{- if $loggingRole.rules }}
-  {{- toYaml $loggingRole.rules | indent 2 }}
+  {{- toYaml $loggingRole.rules | nindent 2 }}
 {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1

diff --git a/tests/roles_test.yaml b/tests/roles_test.yaml
@@ -0,0 +1,45 @@
+suite: test roles
+tests:
+  - it: should format additional roles correctly
+    template: templates/role.yaml
+    set:
+      rbac.role.create: true
+      rbac.role.rules:
+        - apiGroups: [""]
+          resources: ["configmaps"]
+          verbs: ["get"]
+      logging.rbc.create: true
+      logging.rbac.role.rules:
+        - apiGroups: [""]
+          resources: ["configmaps"]
+          verbs: ["get"]
+    asserts:
+      - equal:
+          path: rules
+          value:
+            - apiGroups: [""]
+              resources: ["pods", "pods/exec", "pods/log"]
+              verbs: ["get", "watch", "list", "create", "delete"]
+            - apiGroups: [""]
+              resources: ["secrets"]
+              verbs: ["get", "list", "create", "delete"]
+            - apiGroups: ["", "events.k8s.io/v1"]
+              resources: ["events"]
+              verbs: ["watch"]
+            - apiGroups: [""]
+              resources: ["configmaps"]
+              verbs: ["get"]
+        documentIndex: 0
+      - equal:
+          path: rules
+          value:
+            - apiGroups: [""]
+              resources: ["pods"]
+              verbs: ["watch"]
+            - apiGroups: [""]
+              resources: ["pods/log"]
+              verbs: ["get"]
+            - apiGroups: [""]
+              resources: ["configmaps"]
+              verbs: ["get"]
+        documentIndex: 2