Skip to content

Commit 58e0e70

Browse files
NVSHAS-9748 [Helm] NV helm update for supporting name referral for common groups in CRD
Adding nvgroupdefinitions.neuvector.com in crd chart Fixing API groups Changing unit test for new resource addition
1 parent e2e0bdf commit 58e0e70

File tree

7 files changed

+232
-3
lines changed

7 files changed

+232
-3
lines changed

charts/core/templates/clusterrole.yaml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,31 @@ rules:
9797

9898
---
9999

100+
{{- if $oc3 }}
101+
apiVersion: authorization.openshift.io/v1
102+
{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
103+
apiVersion: rbac.authorization.k8s.io/v1
104+
{{- else }}
105+
apiVersion: v1
106+
{{- end }}
107+
kind: ClusterRole
108+
metadata:
109+
name: neuvector-binding-nvgroupdefinitions
110+
labels:
111+
chart: {{ template "neuvector.chart" . }}
112+
release: {{ .Release.Name }}
113+
rules:
114+
- apiGroups:
115+
- neuvector.com
116+
resources:
117+
- nvgroupdefinitions
118+
verbs:
119+
- get
120+
- list
121+
- delete
122+
123+
---
124+
100125
{{- if $oc4 }}
101126
apiVersion: rbac.authorization.k8s.io/v1
102127
kind: ClusterRole

charts/core/templates/crd-role-least.yaml

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -400,4 +400,35 @@ userNames:
400400
- system:serviceaccount:{{ .Release.Namespace }}:controller
401401
{{- end }}
402402

403+
---
404+
405+
# ClusterRoleBinding for NeuVector to manage name referral for common groups
406+
{{- if $oc3 }}
407+
apiVersion: authorization.openshift.io/v1
408+
{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
409+
apiVersion: rbac.authorization.k8s.io/v1
410+
{{- else }}
411+
apiVersion: v1
412+
{{- end }}
413+
kind: ClusterRoleBinding
414+
metadata:
415+
name: neuvector-binding-nvgroupdefinitions
416+
labels:
417+
chart: {{ template "neuvector.chart" . }}
418+
release: {{ .Release.Name }}
419+
roleRef:
420+
{{- if not $oc3 }}
421+
apiGroup: rbac.authorization.k8s.io
422+
kind: ClusterRole
423+
{{- end }}
424+
name: neuvector-binding-nvgroupdefinitions
425+
subjects:
426+
- kind: ServiceAccount
427+
name: controller
428+
namespace: {{ .Release.Namespace }}
429+
{{- if $oc3 }}
430+
userNames:
431+
- system:serviceaccount:{{ .Release.Namespace }}:controller
432+
{{- end }}
433+
403434
{{- end }}

charts/core/templates/crd-role.yaml

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -400,4 +400,35 @@ userNames:
400400
- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
401401
{{- end }}
402402

403+
---
404+
405+
# Clusterrolebinding for Neuvector to manage name referral for common groups
406+
{{- if $oc3 }}
407+
apiVersion: authorization.openshift.io/v1
408+
{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
409+
apiVersion: rbac.authorization.k8s.io/v1
410+
{{- else }}
411+
apiVersion: v1
412+
{{- end }}
413+
kind: ClusterRoleBinding
414+
metadata:
415+
name: neuvector-binding-nvgroupdefinitions
416+
labels:
417+
chart: {{ template "neuvector.chart" . }}
418+
release: {{ .Release.Name }}
419+
roleRef:
420+
{{- if not $oc3 }}
421+
apiGroup: rbac.authorization.k8s.io
422+
kind: ClusterRole
423+
{{- end }}
424+
name: neuvector-binding-nvgroupdefinitions
425+
subjects:
426+
- kind: ServiceAccount
427+
name: {{ .Values.serviceAccount }}
428+
namespace: {{ .Release.Namespace }}
429+
{{- if $oc3 }}
430+
userNames:
431+
- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }}
432+
{{- end }}
433+
403434
{{- end }}

charts/core/templates/crd.yaml

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,8 @@ spec:
7272
type: array
7373
name:
7474
type: string
75+
name_referral:
76+
type: boolean
7577
original_name:
7678
type: string
7779
required:
@@ -143,6 +145,8 @@ spec:
143145
type: array
144146
name:
145147
type: string
148+
name_referral:
149+
type: boolean
146150
original_name:
147151
type: string
148152
required:
@@ -218,6 +222,8 @@ spec:
218222
type: array
219223
name:
220224
type: string
225+
name_referral:
226+
type: boolean
221227
original_name:
222228
type: string
223229
mon_metric:
@@ -351,6 +357,8 @@ spec:
351357
type: array
352358
name:
353359
type: string
360+
name_referral:
361+
type: boolean
354362
original_name:
355363
type: string
356364
required:
@@ -422,6 +430,8 @@ spec:
422430
type: array
423431
name:
424432
type: string
433+
name_referral:
434+
type: boolean
425435
original_name:
426436
type: string
427437
required:
@@ -497,6 +507,8 @@ spec:
497507
type: array
498508
name:
499509
type: string
510+
name_referral:
511+
type: boolean
500512
original_name:
501513
type: string
502514
mon_metric:
@@ -974,4 +986,63 @@ spec:
974986
type: object
975987
type: object
976988
{{- end }}
989+
---
990+
{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
991+
apiVersion: apiextensions.k8s.io/v1
992+
{{- else }}
993+
apiVersion: apiextensions.k8s.io/v1beta1
994+
{{- end }}
995+
kind: CustomResourceDefinition
996+
metadata:
997+
name: nvgroupdefinitions.neuvector.com
998+
spec:
999+
group: neuvector.com
1000+
names:
1001+
kind: NvGroupDefinition
1002+
listKind: NvGroupDefinitionList
1003+
plural: nvgroupdefinitions
1004+
singular: nvgroupdefinition
1005+
scope: Namespaced
1006+
{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
1007+
version: v1
1008+
{{- end }}
1009+
versions:
1010+
- name: v1
1011+
served: true
1012+
storage: true
1013+
{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
1014+
schema:
1015+
openAPIV3Schema:
1016+
properties:
1017+
spec:
1018+
properties:
1019+
selector:
1020+
properties:
1021+
comment:
1022+
type: string
1023+
criteria:
1024+
items:
1025+
properties:
1026+
key:
1027+
type: string
1028+
op:
1029+
type: string
1030+
value:
1031+
type: string
1032+
required:
1033+
- key
1034+
- op
1035+
- value
1036+
type: object
1037+
type: array
1038+
name:
1039+
type: string
1040+
required:
1041+
- name
1042+
type: object
1043+
required:
1044+
- selector
1045+
type: object
1046+
type: object
1047+
{{- end }}
9771048
{{- end }}

charts/crd/templates/crd.yaml

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,8 @@ spec:
7474
type: string
7575
original_name:
7676
type: string
77+
name_referral:
78+
type: boolean
7779
required:
7880
- name
7981
type: object
@@ -143,6 +145,8 @@ spec:
143145
type: array
144146
name:
145147
type: string
148+
name_referral:
149+
type: boolean
146150
original_name:
147151
type: string
148152
required:
@@ -218,6 +222,8 @@ spec:
218222
type: array
219223
name:
220224
type: string
225+
name_referral:
226+
type: boolean
221227
original_name:
222228
type: string
223229
mon_metric:
@@ -352,6 +358,8 @@ spec:
352358
type: array
353359
name:
354360
type: string
361+
name_referral:
362+
type: boolean
355363
original_name:
356364
type: string
357365
required:
@@ -423,6 +431,8 @@ spec:
423431
type: array
424432
name:
425433
type: string
434+
name_referral:
435+
type: boolean
426436
original_name:
427437
type: string
428438
required:
@@ -498,6 +508,8 @@ spec:
498508
type: array
499509
name:
500510
type: string
511+
name_referral:
512+
type: boolean
501513
original_name:
502514
type: string
503515
mon_metric:
@@ -980,3 +992,62 @@ spec:
980992
type: object
981993
type: object
982994
{{- end }}
995+
---
996+
{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
997+
apiVersion: apiextensions.k8s.io/v1
998+
{{- else }}
999+
apiVersion: apiextensions.k8s.io/v1beta1
1000+
{{- end }}
1001+
kind: CustomResourceDefinition
1002+
metadata:
1003+
name: nvgroupdefinitions.neuvector.com
1004+
spec:
1005+
group: neuvector.com
1006+
names:
1007+
kind: NvGroupDefinition
1008+
listKind: NvGroupDefinitionList
1009+
plural: nvgroupdefinitions
1010+
singular: nvgroupdefinition
1011+
scope: Namespaced
1012+
{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
1013+
version: v1
1014+
{{- end }}
1015+
versions:
1016+
- name: v1
1017+
served: true
1018+
storage: true
1019+
{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
1020+
schema:
1021+
openAPIV3Schema:
1022+
properties:
1023+
spec:
1024+
properties:
1025+
selector:
1026+
properties:
1027+
comment:
1028+
type: string
1029+
criteria:
1030+
items:
1031+
properties:
1032+
key:
1033+
type: string
1034+
op:
1035+
type: string
1036+
value:
1037+
type: string
1038+
required:
1039+
- key
1040+
- op
1041+
- value
1042+
type: object
1043+
type: array
1044+
name:
1045+
type: string
1046+
required:
1047+
- name
1048+
type: object
1049+
required:
1050+
- selector
1051+
type: object
1052+
type: object
1053+
{{- end }}

test/crd_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ func TestCRD(t *testing.T) {
1717
out := helm.RenderTemplate(t, options, helmChartPath, nvRel, []string{"templates/crd.yaml"})
1818
outs := splitYaml(out)
1919

20-
if len(outs) != 7 {
20+
if len(outs) != 8 {
2121
t.Errorf("Resource count is wrong. count=%v\n", len(outs))
2222
}
2323
}
@@ -33,7 +33,7 @@ func TestCoreCRD(t *testing.T) {
3333
out := helm.RenderTemplate(t, options, helmChartPath, nvRel, []string{"templates/crd.yaml"})
3434
outs := splitYaml(out)
3535

36-
if len(outs) != 7 {
36+
if len(outs) != 8 {
3737
t.Errorf("Resource count is wrong. count=%v\n", len(outs))
3838
}
3939
}

test/role_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ func TestClusterRole(t *testing.T) {
3434
out := helm.RenderTemplate(t, options, helmChartPath, nvRel, []string{"templates/clusterrole.yaml"})
3535
outs := splitYaml(out)
3636

37-
if len(outs) != 3 {
37+
if len(outs) != 4 {
3838
t.Errorf("Resource count is wrong. count=%v\n", len(outs))
3939
}
4040
}

0 commit comments

Comments
 (0)