From 9944b0d84f7072c4efa9f438571cc592d7fda6b4 Mon Sep 17 00:00:00 2001 From: portdirect Date: Thu, 28 Dec 2017 21:00:01 -0500 Subject: [PATCH] RBAC: add rules to all remaing helm test pods This PS adds RBAC rules for all remaining helm test pods in OpenStack-Helm. Change-Id: Ib44d5fdc8c147f2cbecec51cc4767116f3adb6b2 --- barbican/templates/pod-test.yaml | 5 +++++ congress/templates/pod-test.yaml | 4 ++++ glance/templates/pod-rally-test.yaml | 5 +++++ keystone/templates/pod-rally-test.yaml | 5 +++++ neutron/templates/pod-rally-test.yaml | 5 +++++ nova/templates/pod-rally-test.yaml | 5 +++++ 6 files changed, 29 insertions(+) diff --git a/barbican/templates/pod-test.yaml b/barbican/templates/pod-test.yaml index 582729ad61..0715557e5d 100644 --- a/barbican/templates/pod-test.yaml +++ b/barbican/templates/pod-test.yaml @@ -16,8 +16,12 @@ limitations under the License. {{- $envAll := . }} {{- $dependencies := .Values.dependencies.tests }} + {{- $mounts_barbican_tests := .Values.pod.mounts.barbican_tests.barbican_tests }} {{- $mounts_barbican_tests_init := .Values.pod.mounts.barbican_tests.init_container }} + +{{- $serviceAccountName := print .Release.Name "-test" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: v1 kind: Pod @@ -26,6 +30,7 @@ metadata: annotations: "helm.sh/hook": test-success spec: + serviceAccountName: {{ $serviceAccountName }} restartPolicy: Never initContainers: {{ tuple $envAll $dependencies $mounts_barbican_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} diff --git a/congress/templates/pod-test.yaml b/congress/templates/pod-test.yaml index b8e655c816..19e96e15e4 100644 --- a/congress/templates/pod-test.yaml +++ b/congress/templates/pod-test.yaml @@ -16,6 +16,9 @@ limitations under the License. {{- $envAll := . }} {{- $dependencies := .Values.dependencies.tests }} + +{{- $serviceAccountName := print .Release.Name "-test" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: v1 kind: Pod @@ -24,6 +27,7 @@ metadata: annotations: "helm.sh/hook": test-success spec: + serviceAccountName: {{ $serviceAccountName }} restartPolicy: Never containers: - name: {{.Release.Name}}-congress-test diff --git a/glance/templates/pod-rally-test.yaml b/glance/templates/pod-rally-test.yaml index 0675caab3a..e8415eb5f3 100644 --- a/glance/templates/pod-rally-test.yaml +++ b/glance/templates/pod-rally-test.yaml @@ -17,8 +17,12 @@ limitations under the License. {{- if .Values.manifests.pod_rally_test }} {{- $envAll := . }} {{- $dependencies := .Values.dependencies.tests }} + {{- $mounts_glance_tests := .Values.pod.mounts.glance_tests.glance_tests }} {{- $mounts_glance_tests_init := .Values.pod.mounts.glance_tests.init_container }} + +{{- $serviceAccountName := print .Release.Name "-test" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: v1 kind: Pod @@ -27,6 +31,7 @@ metadata: annotations: "helm.sh/hook": test-success spec: + serviceAccountName: {{ $serviceAccountName }} restartPolicy: Never initContainers: {{ tuple $envAll $dependencies $mounts_glance_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} diff --git a/keystone/templates/pod-rally-test.yaml b/keystone/templates/pod-rally-test.yaml index 9895b10c6f..6863cfede7 100644 --- a/keystone/templates/pod-rally-test.yaml +++ b/keystone/templates/pod-rally-test.yaml @@ -17,8 +17,12 @@ limitations under the License. {{- if .Values.manifests.pod_rally_test }} {{- $envAll := . }} {{- $dependencies := .Values.dependencies.tests }} + {{- $mounts_keystone_tests := .Values.pod.mounts.keystone_tests.keystone_tests }} {{- $mounts_keystone_tests_init := .Values.pod.mounts.keystone_tests.init_container }} + +{{- $serviceAccountName := print .Release.Name "-test" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: v1 kind: Pod @@ -27,6 +31,7 @@ metadata: annotations: "helm.sh/hook": test-success spec: + serviceAccountName: {{ $serviceAccountName }} restartPolicy: Never initContainers: {{ tuple $envAll $dependencies $mounts_keystone_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} diff --git a/neutron/templates/pod-rally-test.yaml b/neutron/templates/pod-rally-test.yaml index b7f5d49d15..4f12c37bb6 100644 --- a/neutron/templates/pod-rally-test.yaml +++ b/neutron/templates/pod-rally-test.yaml @@ -17,8 +17,12 @@ limitations under the License. {{- if .Values.manifests.pod_rally_test }} {{- $envAll := . }} {{- $dependencies := .Values.dependencies.tests }} + {{- $mounts_neutron_tests := .Values.pod.mounts.neutron_tests.neutron_tests }} {{- $mounts_neutron_tests_init := .Values.pod.mounts.neutron_tests.init_container }} + +{{- $serviceAccountName := print .Release.Name "-test" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: v1 kind: Pod @@ -27,6 +31,7 @@ metadata: annotations: "helm.sh/hook": test-success spec: + serviceAccountName: {{ $serviceAccountName }} restartPolicy: Never initContainers: {{ tuple $envAll $dependencies $mounts_neutron_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} diff --git a/nova/templates/pod-rally-test.yaml b/nova/templates/pod-rally-test.yaml index c020471b75..96d527844f 100644 --- a/nova/templates/pod-rally-test.yaml +++ b/nova/templates/pod-rally-test.yaml @@ -17,8 +17,12 @@ limitations under the License. {{- if .Values.manifests.pod_rally_test }} {{- $envAll := . }} {{- $dependencies := .Values.dependencies.tests }} + {{- $mounts_nova_tests := .Values.pod.mounts.nova_tests.nova_tests }} {{- $mounts_nova_tests_init := .Values.pod.mounts.nova_tests.init_container }} + +{{- $serviceAccountName := print .Release.Name "-test" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: v1 kind: Pod @@ -27,6 +31,7 @@ metadata: annotations: "helm.sh/hook": test-success spec: + serviceAccountName: {{ $serviceAccountName }} restartPolicy: Never initContainers: {{ tuple $envAll $dependencies $mounts_nova_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}