Merge pull request #4055 from lstoll/lstoll-unrelated-name-reference

ConfigMapGenerator should not update unrelated ClusterRole rule

api/krusty/namereference_test.go

@@ -531,3 +531,58 @@ metadata:
   name: secret-example-7hf4fh868h
 `)
 }
+
+func TestUnrelatedNameReferenceReplacement_Issue4254_Issue3418(t *testing.T) {
+	th := kusttest_test.MakeHarness(t)
+
+	// The cluster-autoscaler lease name should not be changed.
+	th.WriteF("role.yaml", `
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cluster-autoscaler
+rules:
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  resourceNames: ["cluster-autoscaler"]
+  verbs: ["get","update"]
+`)
+
+	th.WriteK(".", `
+resources:
+- role.yaml
+configMapGenerator:
+- name: cluster-autoscaler
+  namespace: kube-system
+  literals:
+  - AWS_REGION="us-east-1"
+`)
+	// The resourceNames for the leases resource in the ClusterRole should NOT be
+	// updated with the name suffix, because it's not targeting the generated
+	// configmap. The value at rules[0].resourceNames[0] is currently incorrect.
+	m := th.Run(".", th.MakeDefaultOptions())
+	th.AssertActualEqualsExpected(m, `
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cluster-autoscaler
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - cluster-autoscaler-h8mmcct52k
+  resources:
+  - leases
+  verbs:
+  - get
+  - update
+---
+apiVersion: v1
+data:
+  AWS_REGION: us-east-1
+kind: ConfigMap
+metadata:
+  name: cluster-autoscaler-h8mmcct52k
+  namespace: kube-system
+`)
+}