add explicit cr and crb

nammn · nammn · commit b13fdd0776c5 · 2025-09-02T11:44:18.000+02:00
diff --git a/helm_chart/templates/operator-roles-webhook.yaml b/helm_chart/templates/operator-roles-webhook.yaml
@@ -1,7 +1,8 @@
 
 {{/* This cluster role and binding is necessary to allow the operator to automatically register ValidatingWebhookConfiguration. */}}
 {{- if and .Values.operator.webhook.registerConfiguration .Values.operator.webhook.installClusterRole }}
-{{- $webhookClusterRoleName := printf "%s-%s-webhook" .Values.operator.name (include "mongodb-kubernetes-operator.namespace" .) }}
+{{- $webhookClusterRoleName := printf "%s-%s-webhook-cr" .Values.operator.name (include "mongodb-kubernetes-operator.namespace" .) }}
+{{- $webhookClusterRoleBindingName := printf "%s-%s-webhook-crb" .Values.operator.name (include "mongodb-kubernetes-operator.namespace" .) }}
 {{- if not (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" $webhookClusterRoleName) }}
 ---
 kind: ClusterRole
@@ -35,7 +36,7 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: {{ .Values.operator.name }}-{{ include "mongodb-kubernetes-operator.namespace" . }}-webhook-binding
+  name: {{ $webhookClusterRoleBindingName }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
diff --git a/helm_chart/tests/webhook_clusterrole_test.yaml b/helm_chart/tests/webhook_clusterrole_test.yaml
@@ -1,4 +1,4 @@
-suite: test webhook consistent clusterrole and binding namecomm
+suite: test webhook consistent clusterrole and binding
 templates:
   - operator-roles-webhook.yaml
 tests:
@@ -15,14 +15,17 @@ tests:
       - isKind:
           of: ClusterRoleBinding
         documentIndex: 1
-      # The key fix: both should use the same dynamic name
       - equal:
           path: metadata.name
-          value: mongodb-kubernetes-operator-NAMESPACE-webhook
+          value: mongodb-kubernetes-operator-NAMESPACE-webhook-cr
         documentIndex: 0
+      - equal:
+          path: metadata.name
+          value: mongodb-kubernetes-operator-NAMESPACE-webhook-crb
+        documentIndex: 1
       - equal:
           path: roleRef.name
-          value: mongodb-kubernetes-operator-NAMESPACE-webhook
+          value: mongodb-kubernetes-operator-NAMESPACE-webhook-cr
         documentIndex: 1
 
   # Test that different installations get unique names (prevents conflicts)
@@ -35,12 +38,15 @@ tests:
     release:
       namespace: custom-ns
     asserts:
-      # Verify the naming pattern: {operator.name}-{namespace}-webhook
       - equal:
           path: metadata.name
-          value: my-operator-custom-ns-webhook
+          value: my-operator-custom-ns-webhook-cr
         documentIndex: 0
+      - equal:
+          path: metadata.name
+          value: my-operator-custom-ns-webhook-crb
+        documentIndex: 1
       - equal:
           path: roleRef.name
-          value: my-operator-custom-ns-webhook
+          value: my-operator-custom-ns-webhook-cr
         documentIndex: 1
