From 40790565013f974f00f831a1b469a4b036421c1f Mon Sep 17 00:00:00 2001 From: Lincoln Stoll Date: Sat, 10 Jul 2021 16:26:48 +0200 Subject: [PATCH 1/2] ConfigMapGenerator should not update unrelated ClusterRole rule When using the ConfigMap generator, a lease object entry is updated with the generated configmap name. This should not happen as it's an unrelated object type. As a workaround a unique name can be used for the ConfigMap. Fails on kustomize version 4.2.0 and kubectl version v1.21.2 --- api/krusty/namereference_test.go | 56 ++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/api/krusty/namereference_test.go b/api/krusty/namereference_test.go index ed3bb4e432..dd4018407b 100644 --- a/api/krusty/namereference_test.go +++ b/api/krusty/namereference_test.go @@ -531,3 +531,59 @@ metadata: name: secret-example-7hf4fh868h `) } + +func TestUnrelatedNameReferenceReplacementIssue4054(t *testing.T) { + th := kusttest_test.MakeHarness(t) + + // The cluster-autoscaler lease name should not be changed. + th.WriteF("role.yaml", ` +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cluster-autoscaler +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["cluster-autoscaler"] + verbs: ["get","update"] +`) + + th.WriteK(".", ` +resources: +- role.yaml +configMapGenerator: +- name: cluster-autoscaler + namespace: kube-system + literals: + - AWS_REGION="us-east-1" +`) + // The resourceNames for the leases resource in the ClusterRole should not be + // updated with the name suffix, because it's not targeting the generated + // configmap + m := th.Run(".", th.MakeDefaultOptions()) + th.AssertActualEqualsExpected(m, ` +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: null + name: cluster-autoscaler +rules: +- apiGroups: + - coordination.k8s.io + resourceNames: + - cluster-autoscaler + resources: + - leases + verbs: + - get + - update +--- +apiVersion: v1 +data: + AWS_REGION: us-east-1 +kind: ConfigMap +metadata: + name: cluster-autoscaler-h8mmcct52k + namespace: kube-system +`) +} From d701792aa1d0aafaf02258192a35ea1cbbed352d Mon Sep 17 00:00:00 2001 From: Katrina Verey Date: Wed, 22 Dec 2021 14:53:50 -0500 Subject: [PATCH 2/2] Update test demonstrating bug to pass, update comments --- api/krusty/namereference_test.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/api/krusty/namereference_test.go b/api/krusty/namereference_test.go index dd4018407b..53d90d1b7b 100644 --- a/api/krusty/namereference_test.go +++ b/api/krusty/namereference_test.go @@ -532,7 +532,7 @@ metadata: `) } -func TestUnrelatedNameReferenceReplacementIssue4054(t *testing.T) { +func TestUnrelatedNameReferenceReplacement_Issue4254_Issue3418(t *testing.T) { th := kusttest_test.MakeHarness(t) // The cluster-autoscaler lease name should not be changed. @@ -557,21 +557,20 @@ configMapGenerator: literals: - AWS_REGION="us-east-1" `) - // The resourceNames for the leases resource in the ClusterRole should not be + // The resourceNames for the leases resource in the ClusterRole should NOT be // updated with the name suffix, because it's not targeting the generated - // configmap + // configmap. The value at rules[0].resourceNames[0] is currently incorrect. m := th.Run(".", th.MakeDefaultOptions()) th.AssertActualEqualsExpected(m, ` apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - labels: null name: cluster-autoscaler rules: - apiGroups: - coordination.k8s.io resourceNames: - - cluster-autoscaler + - cluster-autoscaler-h8mmcct52k resources: - leases verbs: