1- // Copyright (C) 2025 The Falco Authors
1+ // Copyright (C) 2026 The Falco Authors
22//
33// Licensed under the Apache License, Version 2.0 (the "License");
44// you may not use this file except in compliance with the License.
@@ -74,19 +74,26 @@ func TestGenerateClusterRole(t *testing.T) {
7474 wantErr : false ,
7575 },
7676 {
77- name : "ClusterRole with empty namespace" ,
77+ name : "ClusterRole with empty namespace still has valid rules " ,
7878 falco : & instancev1alpha1.Falco {
7979 ObjectMeta : metav1.ObjectMeta {
8080 Name : "test-falco" ,
8181 },
8282 },
8383 verify : func (t * testing.T , obj * unstructured.Unstructured ) {
8484 assert .Equal (t , "test-falco--" , obj .GetName ())
85+ // Verify rules are still present even with empty namespace
86+ rules , found , err := unstructured .NestedSlice (obj .Object , "rules" )
87+ require .NoError (t , err )
88+ require .True (t , found )
89+ require .Len (t , rules , 1 )
90+ rule0 := rules [0 ].(map [string ]interface {})
91+ assert .Equal (t , []interface {}{"nodes" }, rule0 ["resources" ])
8592 },
8693 wantErr : false ,
8794 },
8895 {
89- name : "ClusterRole with no labels" ,
96+ name : "ClusterRole propagates nil labels correctly " ,
9097 falco : & instancev1alpha1.Falco {
9198 ObjectMeta : metav1.ObjectMeta {
9299 Name : "test-falco" ,
@@ -96,6 +103,9 @@ func TestGenerateClusterRole(t *testing.T) {
96103 verify : func (t * testing.T , obj * unstructured.Unstructured ) {
97104 labels := obj .GetLabels ()
98105 assert .Empty (t , labels )
106+ // Verify ClusterRole is still valid and has correct structure
107+ assert .Equal (t , "ClusterRole" , obj .GetKind ())
108+ assert .Equal (t , "test-falco--default" , obj .GetName ())
99109 },
100110 wantErr : false ,
101111 },
0 commit comments