fix and test template

control-plane/roles/gardener/defaults/main/gardener.yaml

@@ -41,11 +41,7 @@ gardener_soil_name: "{{ metal_control_plane_stage_name }}"
 gardener_soil_kubeconfig_file_path: "{{ lookup('env', 'KUBECONFIG') }}"
 gardener_soil_vertical_pod_autoscaler_enabled: false
 gardener_soil_project_owner_name: admin
-gardener_soil_project_members:
-  - name: admin
-    role: admin
-    roles:
-    - owner
+gardener_soil_project_members: []
 
 gardener_gardenlet_shoot_concurrent_syncs: 20
 gardener_gardenlet_shoot_reconcile_in_maintenance_only: false

control-plane/roles/gardener/templates/gardener-soil-project.yaml.j2

@@ -21,12 +21,21 @@ spec:
     kind: User
     name: "{{ gardener_soil_project_owner_name }}"
   members:
-    apiGroup: rbac.authorization.k8s.io
-    kind: User
-    name: "{{ user.name }}"
-    role: "{{ user.role }}"
-    roles:
-      loop: "{{ user.roles }}"
-    loop: "{{ gardener_soil_project_members }}"
-    loop_control:
-      loop_var: user
+    - apiGroup: rbac.authorization.k8s.io
+      kind: User
+      name: "{{ gardener_soil_project_owner_name }}"
+      role: admin
+      roles:
+        - owner
+{% for member in gardener_soil_project_members %}
+    - apiGroup: rbac.authorization.k8s.io
+      kind: User
+      name: "{{ member.name }}"
+      role: "{{ member.role }}"
+{% if member.roles is defined %}
+      roles:
+{% for role in member.roles %}
+        - "{{ role }}"
+{% endfor %}
+{% endif %}
+{% endfor %}

control-plane/roles/gardener/test/gardener_soil_project_template_test.py

@@ -0,0 +1,38 @@
+import unittest
+import sys
+import yaml
+
+from test import FILTER_PLUGINS_PATH,read_template_file,read_mock_file
+
+from ansible.template import Templar
+
+sys.path.insert(0, FILTER_PLUGINS_PATH)
+
+class GardenerSoilProjectTemplate(unittest.TestCase):
+    def test_gardener_soil_project_template(self):
+        t = read_template_file("gardener-soil-project.yaml.j2")
+
+        templar = Templar(loader=None, variables={
+            "gardener_soil_name": "test-project",
+            "gardener_soil_project_owner_name": "test-owner",
+            "gardener_soil_project_members": [
+                {
+                    "name": "test-member1",
+                    "role": "viewer",
+                },
+                {
+                    "name": "test-member2",
+                    "role": "admin",
+                    "roles": [
+                        "editor",
+                        "owner",
+                    ],
+                },
+            ],
+        })
+
+        res = templar.template(t)
+        expected = read_mock_file("gardener_soil_project.yaml")
+
+        self.maxDiff = None
+        self.assertDictEqual(yaml.safe_load(expected), yaml.safe_load(res))

control-plane/roles/gardener/test/mock/gardener_soil_project.yaml

@@ -0,0 +1,40 @@
+apiVersion: core.gardener.cloud/v1beta1
+kind: Project
+metadata:
+  name: test-project
+  labels:
+    gardener.cloud/role: project
+    project.gardener.cloud/name: test-project
+spec:
+  namespace: garden
+  tolerations:
+    defaults:
+      - key: seed.gardener.cloud/protected
+      - key: seed.gardener.cloud/invisible
+      - key: seed.gardener.cloud/disable-capacity-reservation
+    whitelist:
+      - key: seed.gardener.cloud/protected
+      - key: seed.gardener.cloud/invisible
+      - key: seed.gardener.cloud/disable-capacity-reservation
+  owner:
+    apiGroup: rbac.authorization.k8s.io
+    kind: User
+    name: test-owner
+  members:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: User
+    name: test-owner
+    role: admin
+    roles:
+    - owner
+  - apiGroup: rbac.authorization.k8s.io
+    kind: User
+    name: test-member1
+    role: viewer
+  - apiGroup: rbac.authorization.k8s.io
+    kind: User
+    name: test-member2
+    role: admin
+    roles:
+      - editor
+      - owner