Sort dependent RBAC role and binding kinds

During installation and uninstallation, handle the RBAC-related ClusterRole, ClusterRoleBinding, Role, and RoleBinding kinds in an order that respects their potential referential integrity, namely that ClusterRoleBindings can refer to ClusterRoles and ServiceAccounts, and RoleBindings can refer to ClusterRoles, Roles, and ServiceAccounts. Fixes #2199.

Sort dependent RBAC role and binding kinds
During installation and uninstallation, handle the RBAC-related ClusterRole, ClusterRoleBinding, Role, and RoleBinding kinds in an order that respects their potential referential integrity, namely that ClusterRoleBindings can refer to ClusterRoles and ServiceAccounts, and RoleBindings can refer to ClusterRoles, Roles, and ServiceAccounts. Fixes #2199.
7ccfc6d7 · Steven E. Harris · b7af2e21 · 7ccfc6d7 · 7ccfc6d7
Commit 7ccfc6d7 authored Mar 29, 2017 by Steven E. Harris
Show whitespace changes
Inline Side-by-side

Showing with 92 additions and 26 deletions

kind_sorter.go pkg/tiller/kind_sorter.go +40 -4

kind_sorter_test.go pkg/tiller/kind_sorter_test.go +52 -22

No files found.
--- a/pkg/tiller/kind_sorter.go
+++ b/pkg/tiller/kind_sorter.go
@@ -23,11 +23,47 @@ import (
 // SortOrder is an ordering of Kinds.
 type SortOrder []string
-// InstallOrder is the order in which manifests should be installed (by Kind)
+// InstallOrder is the order in which manifests should be installed (by Kind).
-var InstallOrder SortOrder = []string{"Namespace", "Secret", "ConfigMap", "PersistentVolume", "PersistentVolumeClaim", "ServiceAccount", "Service", "Pod", "ReplicationController", "Deployment", "DaemonSet", "Ingress", "Job"}
+var InstallOrder SortOrder = []string{
+	"Namespace",
+	"Secret",
+	"ConfigMap",
+	"PersistentVolume",
+	"PersistentVolumeClaim",
+	"ServiceAccount",
+	"ClusterRole",
+	"ClusterRoleBinding",
+	"Role",
+	"RoleBinding",
+	"Service",
+	"Pod",
+	"ReplicationController",
+	"Deployment",
+	"DaemonSet",
+	"Ingress",
+	"Job",
+}
-// UninstallOrder is the order in which manifests should be uninstalled (by Kind)
+// UninstallOrder is the order in which manifests should be uninstalled (by Kind).
-var UninstallOrder SortOrder = []string{"Service", "Pod", "ReplicationController", "Deployment", "DaemonSet", "ConfigMap", "Secret", "PersistentVolumeClaim", "PersistentVolume", "ServiceAccount", "Ingress", "Job", "Namespace"}
+var UninstallOrder SortOrder = []string{
+	"Service",
+	"Pod",
+	"ReplicationController",
+	"Deployment",
+	"DaemonSet",
+	"ConfigMap",
+	"Secret",
+	"PersistentVolumeClaim",
+	"PersistentVolume",
+	"RoleBinding",
+	"Role",
+	"ClusterRoleBinding",
+	"ClusterRole",
+	"ServiceAccount",
+	"Ingress",
+	"Job",
+	"Namespace",
+}
 // sortByKind does an in-place sort of manifests by Kind.
 //

--- a/pkg/tiller/kind_sorter_test.go
+++ b/pkg/tiller/kind_sorter_test.go
@@ -17,6 +17,7 @@ limitations under the License.
 package tiller
 import (
+	"bytes"
 	"testing"
 	util "k8s.io/helm/pkg/releaseutil"
@@ -27,48 +28,77 @@ func TestKindSorter(t *testing.T) {
 		{
 			name:    "m",
 			content: "",
-			head:    &util.SimpleHead{Kind: "Deployment"},
+			head:    &util.SimpleHead{Kind: "ClusterRole"},
 		},
 		{
-			name:    "l",
+			name:    " ",
 			content: "",
-			head:    &util.SimpleHead{Kind: "Service"},
+			head:    &util.SimpleHead{Kind: "ClusterRoleBinding"},
+		},
+		{
+			name:    "e",
+			content: "",
+			head:    &util.SimpleHead{Kind: "ConfigMap"},
+		},
+		{
+			name:    "k",
+			content: "",
+			head:    &util.SimpleHead{Kind: "Deployment"},
 		},
 		{
 			name:    "!",
 			content: "",
 			head:    &util.SimpleHead{Kind: "HonkyTonkSet"},
 		},
+		{
+			name:    "s",
+			content: "",
+			head:    &util.SimpleHead{Kind: "Job"},
+		},
 		{
 			name:    "h",
 			content: "",
 			head:    &util.SimpleHead{Kind: "Namespace"},
 		},
 		{
-			name:    "e",
+			name:    "w",
 			content: "",
-			head:    &util.SimpleHead{Kind: "ConfigMap"},
+			head:    &util.SimpleHead{Kind: "Role"},
+		},
+		{
+			name:    "o",
+			content: "",
+			head:    &util.SimpleHead{Kind: "RoleBinding"},
+		},
+		{
+			name:    "r",
+			content: "",
+			head:    &util.SimpleHead{Kind: "Service"},
+		},
+		{
+			name:    "l",
+			content: "",
+			head:    &util.SimpleHead{Kind: "ServiceAccount"},
 		},
 	}
-	res := sortByKind(manifests, InstallOrder)
+	for _, test := range []struct {
-	got := ""
+		description string
-	expect := "helm!"
+		order       SortOrder
-	for _, r := range res {
+		expected    string
-		got += r.name
+	}{
+		{"install", InstallOrder, "helm works!"},
+		{"uninstall", UninstallOrder, "rkeow mlsh!"},
+	} {
+		var buf bytes.Buffer
+		t.Run(test.description, func(t *testing.T) {
+			defer buf.Reset()
+			for _, r := range sortByKind(manifests, test.order) {
+				buf.WriteString(r.name)
 			}
-	if got != expect {
+			if got := buf.String(); got != test.expected {
-		t.Errorf("Expected %q, got %q", expect, got)
+				t.Errorf("Expected %q, got %q", test.expected, got)
 			}
+		})
-	expect = "lmeh!"
-	got = ""
-	res = sortByKind(manifests, UninstallOrder)
-	for _, r := range res {
-		got += r.name
-	}
-	if got != expect {
-		t.Errorf("Expected %q, got %q", expect, got)
 	}
 }