mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-10 01:46:55 +00:00
Code Activity
kyverno/test/e2e/mutate/config.go

138 lines
4.4 KiB
Go
Raw Normal View History

Add e2e test for mutation (#1761) Signed-off-by: MarcelMue <marcel.mueller1@rwth-aachen.de> Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
2021-04-09 01:14:08 +02:00
package mutate
add new test; remove unnecessary anchors (#2217) * add new test; remove unnecessary anchors Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added several test to e2e Signed-off-by: Max Goncharenko <kacejot@fex.net> * remove unused variable Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added comment to expected result Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
2021-09-09 18:55:20 +03:00
import (
"k8s.io/apimachinery/pkg/runtime/schema"
)
Add e2e test for mutation (#1761) Signed-off-by: MarcelMue <marcel.mueller1@rwth-aachen.de> Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
2021-04-09 01:14:08 +02:00
// MutateTests is E2E Test Config for mutation
var MutateTests = []struct {
//TestName - Name of the Test
TestName string
// Data - The Yaml file of the ClusterPolicy
Data []byte
e2e test cases for generate (#1835) * added sample test Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when creating the new namespace without the label, there should not have any generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when adding the matched label to the namespace, the target resource should be generated Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removing comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * trying to check updated network policy Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when synchronize flag is set to true in the policy, one cannot delete the generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * trying to check updated generate policy Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: change synchronize to false in the policy, the label in generated resource should be updated to policy.kyverno.io/synchronize: disable Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when changing the content in generate.data, the change should be synced to the generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: with synchronize==false, one should be able to delete the generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * handling error Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added retrying Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * minor e2e fixes Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * e2e fixes Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added logs of mutate error Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * printing configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * printing configmap using BY Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removing print statements Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * print configmap name Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * printing complete configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-06-03 00:18:28 +05:30
// ResourceNamespace - Namespace of the Resource
ResourceNamespace string
added policy name for mutate policies Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-06-21 21:35:43 +05:30
// PolicyName - Name of the Policy
PolicyName string
Add e2e test for mutation (#1761) Signed-off-by: MarcelMue <marcel.mueller1@rwth-aachen.de> Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
2021-04-09 01:14:08 +02:00
}{
{
e2e test cases for generate (#1835) * added sample test Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when creating the new namespace without the label, there should not have any generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when adding the matched label to the namespace, the target resource should be generated Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removing comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * trying to check updated network policy Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when synchronize flag is set to true in the policy, one cannot delete the generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * trying to check updated generate policy Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: change synchronize to false in the policy, the label in generated resource should be updated to policy.kyverno.io/synchronize: disable Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when changing the content in generate.data, the change should be synced to the generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: with synchronize==false, one should be able to delete the generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * handling error Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added retrying Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * minor e2e fixes Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * e2e fixes Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added logs of mutate error Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * printing configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * printing configmap using BY Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removing print statements Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * print configmap name Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * printing complete configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-06-03 00:18:28 +05:30
TestName: "test-mutate-with-context",
Data: configMapMutationYaml,
ResourceNamespace: "test-mutate",
added policy name for mutate policies Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-06-21 21:35:43 +05:30
PolicyName: "mutate-policy",
Add e2e test for mutation (#1761) Signed-off-by: MarcelMue <marcel.mueller1@rwth-aachen.de> Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
2021-04-09 01:14:08 +02:00
},
{
e2e test cases for generate (#1835) * added sample test Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when creating the new namespace without the label, there should not have any generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when adding the matched label to the namespace, the target resource should be generated Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removing comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * trying to check updated network policy Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when synchronize flag is set to true in the policy, one cannot delete the generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * trying to check updated generate policy Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: change synchronize to false in the policy, the label in generated resource should be updated to policy.kyverno.io/synchronize: disable Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when changing the content in generate.data, the change should be synced to the generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: with synchronize==false, one should be able to delete the generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * handling error Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added retrying Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * minor e2e fixes Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * e2e fixes Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added logs of mutate error Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * printing configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * printing configmap using BY Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removing print statements Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * print configmap name Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * printing complete configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-06-03 00:18:28 +05:30
TestName: "test-mutate-with-logic-in-context",
Data: configMapMutationWithContextLogicYaml,
ResourceNamespace: "test-mutate",
added policy name for mutate policies Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-06-21 21:35:43 +05:30
PolicyName: "mutate-policy",
Add e2e test for mutation (#1761) Signed-off-by: MarcelMue <marcel.mueller1@rwth-aachen.de> Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
2021-04-09 01:14:08 +02:00
},
Add e2e test with nested jmesPath in context (#1786) Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
2021-04-26 23:02:52 +02:00
{
e2e test cases for generate (#1835) * added sample test Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when creating the new namespace without the label, there should not have any generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when adding the matched label to the namespace, the target resource should be generated Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removing comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * trying to check updated network policy Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when synchronize flag is set to true in the policy, one cannot delete the generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * trying to check updated generate policy Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: change synchronize to false in the policy, the label in generated resource should be updated to policy.kyverno.io/synchronize: disable Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: when changing the content in generate.data, the change should be synced to the generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * case: with synchronize==false, one should be able to delete the generated resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * handling error Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added retrying Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * minor e2e fixes Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * e2e fixes Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added logs of mutate error Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * printing configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * printing configmap using BY Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removing print statements Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * print configmap name Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * printing complete configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-06-03 00:18:28 +05:30
TestName: "test-mutate-with-context-label-selection",
Data: configMapMutationWithContextLabelSelectionYaml,
ResourceNamespace: "test-mutate",
added policy name for mutate policies Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-06-21 21:35:43 +05:30
PolicyName: "mutate-policy",
Add e2e test with nested jmesPath in context (#1786) Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
2021-04-26 23:02:52 +02:00
},
Add e2e test for mutation (#1761) Signed-off-by: MarcelMue <marcel.mueller1@rwth-aachen.de> Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
2021-04-09 01:14:08 +02:00
}
Update to use gvk to store OpenAPI schema (#1906) * bump swagger doc to 1.21.0 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * stores openapi schema by gvk Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix schema validation in CLI Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add missing resource lists Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add e2e tests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address review doc comments Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-05-13 12:03:13 -07:00
add new test; remove unnecessary anchors (#2217) * add new test; remove unnecessary anchors Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added several test to e2e Signed-off-by: Max Goncharenko <kacejot@fex.net> * remove unused variable Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added comment to expected result Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
2021-09-09 18:55:20 +03:00
// Note: sometimes deleting namespaces takes time.
// Using different names for namespaces prevents collisions.
var tests = []struct {
//TestDescription - Description of the Test
TestDescription string
// PolicyName - Name of the Policy
PolicyName string
// PolicyRaw - The Yaml file of the ClusterPolicy
PolicyRaw []byte
// ResourceName - Name of the Resource
ResourceName string
// ResourceNamespace - Namespace of the Resource
ResourceNamespace string
// ResourceGVR - GVR of the Resource
ResourceGVR schema.GroupVersionResource
// ResourceRaw - The Yaml file of the ClusterPolicy
ResourceRaw []byte
// ExpectedPatternRaw - The Yaml file that contains validate pattern for the expected result
// This is not the final result. It is just used to validate the result from the engine.
ExpectedPatternRaw []byte
}{
{
TestDescription: "checks that runAsNonRoot is added to security context and containers elements security context",
PolicyName: "set-runasnonroot-true",
PolicyRaw: setRunAsNonRootTrue,
ResourceName: "foo",
ResourceNamespace: "test-mutate",
ResourceGVR: podGVR,
ResourceRaw: podWithContainers,
ExpectedPatternRaw: podWithContainersPattern,
},
{
TestDescription: "checks that runAsNonRoot is added to security context and containers elements security context and initContainers elements security context",
PolicyName: "set-runasnonroot-true",
PolicyRaw: setRunAsNonRootTrue,
ResourceName: "foo",
ResourceNamespace: "test-mutate1",
ResourceGVR: podGVR,
ResourceRaw: podWithContainersAndInitContainers,
ExpectedPatternRaw: podWithContainersAndInitContainersPattern,
},
Substitute vars in map keys (#2344) * substitute vars in map keys Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * add test for 2316 issue case Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
2021-09-11 00:08:47 +03:00
{
TestDescription: "checks that variables in the keys are working correctly",
PolicyName: "structured-logs-sidecar",
PolicyRaw: kyverno_2316_policy,
ResourceName: "busybox",
ResourceNamespace: "test-mutate2",
ResourceGVR: deploymentGVR,
ResourceRaw: kyverno_2316_resource,
ExpectedPatternRaw: kyverno_2316_pattern,
},
Fix variable substitution for foreach preconditions (#2993) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-01-16 05:33:34 +00:00
{
TestDescription: "checks that preconditions are substituted correctly",
PolicyName: "replace-docker-hub",
PolicyRaw: kyverno_2971_policy,
ResourceName: "nginx",
ResourceNamespace: "test-mutate",
ResourceGVR: podGVR,
ResourceRaw: kyverno_2971_resource,
ExpectedPatternRaw: kyverno_2971_pattern,
},
add new test; remove unnecessary anchors (#2217) * add new test; remove unnecessary anchors Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added several test to e2e Signed-off-by: Max Goncharenko <kacejot@fex.net> * remove unused variable Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com> * added comment to expected result Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
2021-09-09 18:55:20 +03:00
}
Update to use gvk to store OpenAPI schema (#1906) * bump swagger doc to 1.21.0 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * stores openapi schema by gvk Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix schema validation in CLI Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add missing resource lists Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add e2e tests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address review doc comments Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-05-13 12:03:13 -07:00
var ingressTests = struct {
testNamesapce string
cpol []byte
added policy name for mutate policies Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-06-21 21:35:43 +05:30
policyName string
Update to use gvk to store OpenAPI schema (#1906) * bump swagger doc to 1.21.0 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * stores openapi schema by gvk Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix schema validation in CLI Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add missing resource lists Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add e2e tests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address review doc comments Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-05-13 12:03:13 -07:00
tests []struct {
testName string
group, version, rsc, resourceName string
resource []byte
}
}{
testNamesapce: "test-ingress",
cpol: mutateIngressCpol,
added policy name for mutate policies Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-06-21 21:35:43 +05:30
policyName: "mutate-ingress-host",
Update to use gvk to store OpenAPI schema (#1906) * bump swagger doc to 1.21.0 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * stores openapi schema by gvk Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix schema validation in CLI Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add missing resource lists Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add e2e tests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address review doc comments Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-05-13 12:03:13 -07:00
tests: []struct {
testName string
group, version, rsc, resourceName string
resource []byte
}{
{
testName: "test-networking-v1-ingress",
group: "networking.k8s.io",
version: "v1",
rsc: "ingresses",
resourceName: "kuard-v1",
resource: ingressNetworkingV1,
},
tighten and clarify Kyverno roles and permissions (#2799) * update roles and rolebindings Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert label and fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * restrict role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix whitespace Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove ingress extensions/v1beta1 Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix chart Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * tighten and clarify Kyverno roles and permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fake commit to trigger workflows Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert tests and update test role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add newlines Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove update role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove invalid param Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cleanup roles in Helm templates Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove `mutate` cluster role binding Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2021-12-09 20:34:06 -08:00
// the following test can be removed after 1.22 cluster
Update to use gvk to store OpenAPI schema (#1906) * bump swagger doc to 1.21.0 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * stores openapi schema by gvk Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix schema validation in CLI Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add missing resource lists Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add e2e tests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address review doc comments Signed-off-by: Shuting Zhao <shutting06@gmail.com>
2021-05-13 12:03:13 -07:00
{
testName: "test-networking-v1beta1-ingress",
group: "networking.k8s.io",
version: "v1beta1",
rsc: "ingresses",
resourceName: "kuard-v1beta1",
resource: ingressNetworkingV1beta1,
},
},
}
Copy permalink