suite: pod service account name test templates: - common.yaml tests: - it: should assign serviceAccount to primary pod set: workload: workload-name1: enabled: true primary: true type: CronJob schedule: "* * * * *" podSpec: restartPolicy: Never workload-name2: enabled: true primary: false type: Deployment podSpec: {} serviceAccount: sa-name1: enabled: true primary: true asserts: - documentIndex: &cronJobDoc 1 isKind: of: CronJob - documentIndex: *cronJobDoc equal: path: metadata.name value: release-name-common-test - documentIndex: *cronJobDoc equal: path: spec.jobTemplate.spec.template.spec.serviceAccountName value: release-name-common-test - documentIndex: &otherDeploymentDoc 2 isKind: of: Deployment - documentIndex: *otherDeploymentDoc equal: path: spec.template.spec.serviceAccountName value: default - it: should assign serviceAccount to all pods set: workload: workload-name1: enabled: true primary: true type: Deployment podSpec: {} workload-name2: enabled: true primary: false type: Deployment podSpec: {} serviceAccount: sa-name1: enabled: true primary: true targetSelectAll: true asserts: - documentIndex: &deploymentDoc 1 isKind: of: Deployment - documentIndex: *deploymentDoc equal: path: spec.template.spec.serviceAccountName value: release-name-common-test - documentIndex: &otherDeploymentDoc 2 isKind: of: Deployment - documentIndex: *otherDeploymentDoc equal: path: spec.template.spec.serviceAccountName value: release-name-common-test - it: should assign serviceAccount to selected pods set: workload: workload-name1: enabled: true primary: true type: Deployment podSpec: {} workload-name2: enabled: true primary: false type: Deployment podSpec: {} serviceAccount: sa-name1: enabled: true primary: true targetSelector: - workload-name1 sa-name2: enabled: true primary: false targetSelector: - workload-name2 asserts: - documentIndex: &deploymentDoc 2 isKind: of: Deployment - documentIndex: *deploymentDoc equal: path: spec.template.spec.serviceAccountName value: release-name-common-test - documentIndex: &otherDeploymentDoc 3 isKind: of: Deployment - documentIndex: *otherDeploymentDoc equal: path: spec.template.spec.serviceAccountName value: release-name-common-test-sa-name2 - it: should assign serviceAccount to selected pods set: workload: workload-name1: enabled: true primary: true type: Deployment podSpec: {} workload-name2: enabled: true primary: false type: Deployment podSpec: {} serviceAccount: sa-name1: enabled: true primary: true targetSelector: - workload-name1 - workload-name2 asserts: - documentIndex: &deploymentDoc 1 isKind: of: Deployment - documentIndex: *deploymentDoc equal: path: spec.template.spec.serviceAccountName value: release-name-common-test - documentIndex: &otherDeploymentDoc 2 isKind: of: Deployment - documentIndex: *otherDeploymentDoc equal: path: spec.template.spec.serviceAccountName value: release-name-common-test # Failures - it: should fail with more than 1 SA assigned to a pod set: workload: workload-name1: enabled: true primary: true type: Deployment podSpec: {} serviceAccount: sa-name1: enabled: true primary: true targetSelector: - workload-name1 sa-name2: enabled: true targetSelector: - workload-name1 asserts: - failedTemplate: errorMessage: Expected at most 1 ServiceAccount to be assigned on a pod [workload-name1]. But [2] were assigned