fix(helm): agent RBAC — block-style resources, strengthen test assertions

Author: syscod3

charts/imp/templates/agent/clusterrole.yaml

@@ -6,17 +6,22 @@ metadata:
     {{- include "imp.labels" . | nindent 4 }}
 rules:
 - apiGroups: ["imp.dev"]
-  resources: [impvms]
+  resources:
+    - impvms
   verbs: [get, list, watch, update, patch]
 - apiGroups: ["imp.dev"]
-  resources: [impvms/status]
+  resources:
+    - impvms/status
   verbs: [get, update, patch]
 - apiGroups: ["imp.dev"]
-  resources: [impvmclasses]
+  resources:
+    - impvmclasses
   verbs: [get]
 - apiGroups: ["imp.dev"]
-  resources: [impnetworks]
+  resources:
+    - impnetworks
   verbs: [get]
 - apiGroups: [""]
-  resources: [events]
+  resources:
+    - events
   verbs: [create, patch]

charts/imp/tests/agent-rbac_test.yaml

@@ -12,6 +12,9 @@ tests:
       - equal:
           path: metadata.name
           value: RELEASE-NAME-imp-agent
+      - equal:
+          path: metadata.namespace
+          value: NAMESPACE
 
   - it: creates agent ClusterRole with required rules
     template: templates/agent/clusterrole.yaml
@@ -42,6 +45,12 @@ tests:
             apiGroups: ["imp.dev"]
             resources: [impnetworks]
             verbs: [get]
+      - contains:
+          path: rules
+          content:
+            apiGroups: [""]
+            resources: [events]
+            verbs: [create, patch]
 
   - it: binds agent ClusterRole to agent ServiceAccount
     template: templates/agent/clusterrolebinding.yaml
@@ -55,3 +64,6 @@ tests:
       - equal:
           path: subjects[0].namespace
           value: NAMESPACE
+      - equal:
+          path: subjects[0].kind
+          value: ServiceAccount