Adjust E2E test

kyma-project · Jul 26, 2024 · 5bebf8f · 5bebf8f
1 parent dac4135
commit 5bebf8f
Showing 1 changed file with 58 additions and 28 deletions.
diff --git a/tests/e2e/rbac_privileges_test.go b/tests/e2e/rbac_privileges_test.go
@@ -1,9 +1,10 @@
 package e2e_test
 
 import (
+	apirbacv1 "k8s.io/api/rbac/v1"
+
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	apirbacv1 "k8s.io/api/rbac/v1"
 
 	. "github.com/kyma-project/lifecycle-manager/pkg/testutils"
 )
@@ -171,33 +172,62 @@ var _ = Describe("RBAC Privileges", func() {
 			Expect(GetRoleBindingwithClusterRolePolicyRules(ctx, controlPlaneClient, "klm-manager-role-manifest",
 				kcpSystemKlmRoleBindings)).To(Equal(manifestRoleRules))
 
-			// By("And KLM Service Account has the correct RoleBindings in istio-system namespaces")
-			// istioSystemKlmRoleBindings, err := ListKlmRoleBindings(controlPlaneClient, ctx, "klm-controller-manager",
-			// 	"istio-system")
-			// Expect(err).ToNot(HaveOccurred())
-			// Expect(istioSystemKlmRoleBindings.Items).To(HaveLen(1))
-			//
-			// Expect(GetRoleBindingwithClusterRolePolicyRules(ctx, controlPlaneClient, "klm-manager-role-istio-namespace",
-			// 	istioSystemKlmRoleBindings)).To(Equal(klmManagerRoleRules))
-			//
-			// By("And KLM Service Account has the correct RoleBindings in kyma-system namespaces")
-			// kymaSystemKlmRoleBindings, err := ListKlmRoleBindings(controlPlaneClient, ctx, "klm-controller-manager",
-			// 	"kyma-system")
-			// Expect(err).ToNot(HaveOccurred())
-			// Expect(kymaSystemKlmRoleBindings.Items).To(HaveLen(2))
-			//
-			// Expect(GetRoleBindingwithClusterRolePolicyRules(ctx, controlPlaneClient,
-			// 	"klm-manager-role-remote-namespace",
-			// 	kymaSystemKlmRoleBindings)).To(Equal(klmManagerRoleRules))
-			//
-			// metricsReaderRoleRules := []apirbacv1.PolicyRule{
-			// 	{
-			// 		NonResourceURLs: []string{"/metrics"},
-			// 		Verbs:           []string{"get"},
-			// 	},
-			// }
-			// Expect(GetRoleBindingwithClusterRolePolicyRules(ctx, controlPlaneClient, "klm-metrics-reader",
-			// 	kymaSystemKlmRoleBindings)).To(Equal(metricsReaderRoleRules))
+			By("And KLM Service Account has the correct RoleBindings in istio-system namespaces")
+			istioNamespaceRoleRules := []apirbacv1.PolicyRule{
+				{
+					APIGroups: []string{""},
+					Resources: []string{"secrets"},
+					Verbs:     []string{"list", "watch"},
+				},
+				{
+					APIGroups: []string{"cert-manager.io"},
+					Resources: []string{"certificates"},
+					Verbs:     []string{"patch", "list", "watch"},
+				},
+			}
+			istioSystemKlmRoleBindings, err := ListKlmRoleBindings(controlPlaneClient, ctx, "klm-controller-manager",
+				"istio-system")
+			Expect(err).ToNot(HaveOccurred())
+			Expect(istioSystemKlmRoleBindings.Items).To(HaveLen(1))
+
+			Expect(GetRoleBindingwithClusterRolePolicyRules(ctx, controlPlaneClient, "klm-manager-role-istio-namespace",
+				istioSystemKlmRoleBindings)).To(Equal(istioNamespaceRoleRules))
+
+			By("And KLM Service Account has the correct RoleBindings in kyma-system namespaces")
+			remoteNamespaceRoleRules := []apirbacv1.PolicyRule{
+				{
+					APIGroups: []string{""},
+					Resources: []string{"secrets"},
+					Verbs:     []string{"list", "watch"},
+				},
+				{
+					APIGroups: []string{"operator.kyma-project.io"},
+					Resources: []string{"kymas"},
+					Verbs:     []string{"list", "watch"},
+				},
+				{
+					APIGroups: []string{"operator.kyma-project.io"},
+					Resources: []string{"moduletemplates"},
+					Verbs:     []string{"list", "watch"},
+				},
+			}
+			kymaSystemKlmRoleBindings, err := ListKlmRoleBindings(controlPlaneClient, ctx, "klm-controller-manager",
+				"kyma-system")
+			Expect(err).ToNot(HaveOccurred())
+			Expect(kymaSystemKlmRoleBindings.Items).To(HaveLen(2))
+
+			Expect(GetRoleBindingwithClusterRolePolicyRules(ctx, controlPlaneClient,
+				"klm-manager-role-remote-namespace",
+				kymaSystemKlmRoleBindings)).To(Equal(remoteNamespaceRoleRules))
+
+			metricsReaderRoleRules := []apirbacv1.PolicyRule{
+				{
+					NonResourceURLs: []string{"/metrics"},
+					Verbs:           []string{"get"},
+				},
+			}
+			Expect(GetRoleBindingwithClusterRolePolicyRules(ctx, controlPlaneClient, "klm-metrics-reader",
+				kymaSystemKlmRoleBindings)).To(Equal(metricsReaderRoleRules))
 		})
 	})
 })