mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-10 01:46:55 +00:00
Code Activity
kyverno/cmd/cli/kubectl-kyverno/validate/commmand_test.go

381 lines
7 KiB
Go
Raw Normal View History

added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-04-23 01:15:45 +05:30
package validate
import (
"encoding/json"
"fmt"
"testing"
Restructure project to follow standards (#2632) Signed-off-by: Jose Armesto <github@armesto.net>
2021-10-29 18:13:20 +02:00
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-04-23 01:15:45 +05:30
"gotest.tools/assert"
)
func Test_validateUsingPolicyCRD(t *testing.T) {
type TestCase struct {
rawPolicy []byte
errorDetail string
Removing additionalProperties from policy schema (#1891) * removed additionalProperties from policy schema Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-05-07 22:55:26 +05:30
detail string
added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-04-23 01:15:45 +05:30
}
testcases := []TestCase{
{
rawPolicy: []byte(`
{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "add-requests"
},
"spec": {
"rules": [
{
"name": "Set memory and/or cpu requests for all pods in namespaces labeled 'myprivatelabel'",
"match": {
"resources": {
"kinds": [
"Pod"
]
}
},
"mutate": {
"overlay": {
"spec": {
"containers": [
{
"(name)": "*",
"resources": {
"requests": {
"cpu": "1000m"
}
}
}
]
}
}
}
}
]
}
}
`),
update cosign to 1.5.0 and fix issuer and subject for keyless (#3089) * update cosign to 1.5.0 and add checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix subject and issuer checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-01-27 21:13:23 -08:00
errorDetail: "spec.rules[0].name in body should be at most 63 chars long",
Removing additionalProperties from policy schema (#1891) * removed additionalProperties from policy schema Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-05-07 22:55:26 +05:30
detail: "Test: char count for rule name",
added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-04-23 01:15:45 +05:30
},
Removing additionalProperties from policy schema (#1891) * removed additionalProperties from policy schema Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-05-07 22:55:26 +05:30
added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-04-23 01:15:45 +05:30
{
rawPolicy: []byte(`
{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "min-replicas-clusterpolicy"
},
"spec": {
"validationFailureAction": "audit",
"rules": [
{
"name": "check-min-replicas",
"match": {
"resources": {
"kinds": [
"Deployment"
]
}
},
"validate": {
"message": "should have at least 2 replicas",
"pattern": {
"spec": {
"replicas": 2
}
}
}
}
]
}
}
`),
errorDetail: "",
Removing additionalProperties from policy schema (#1891) * removed additionalProperties from policy schema Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-05-07 22:55:26 +05:30
detail: "Test: basic vaild policy",
},
{
rawPolicy: []byte(`
{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "disallow-singleton"
},
"spec": {
"validationFailureAction": "audit",
"rules": [
{
"name": "validate-replicas",
"match": {
"resources": {
"kinds": [
"Deployment"
],
"annotations": {
"singleton": "true"
}
}
},
"validate": {
"message": "Replicasets require at least 2 replicas.",
"pattern": {
"spec": {
"replicas": ">1"
}
}
}
}
]
}
}
`),
errorDetail: "",
detail: "Test: schema validation for spec.rules.match.resources.annotations",
},
{
rawPolicy: []byte(`
{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "disallow-singleton"
},
"spec": {
"validationFailureAction": "audit",
"rules": [
{
"name": "validate-replicas",
"match": {
"resources": {
"kinds": [
"Deployment"
]
}
},
"exclude": {
"resources": {
"annotations": {
"singleton": "true"
}
}
},
"validate": {
"message": "Replicasets require at least 2 replicas.",
"pattern": {
"spec": {
"replicas": ">1"
}
}
}
}
]
}
}
`),
errorDetail: "",
detail: "Test: schema validation for spec.rules.exclude.resources.annotations",
},
{
rawPolicy: []byte(`
{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "enforce-pod-name"
},
"spec": {
"validationFailureAction": "audit",
"background": true,
"rules": [
{
"name": "validate-name",
"match": {
"resources": {
"kinds": [
"Pod"
],
"namespaceSelector": {
"matchLabels": {
"app-namespace": "true"
}
}
}
},
"validate": {
"message": "The Pod must end with -nginx",
"pattern": {
"metadata": {
"name": "*-nginx"
}
}
}
}
]
}
}
`),
errorDetail: "",
detail: "Test: schema validation for spec.rules.match.resources.namespaceSelector.matchLabels",
},
{
rawPolicy: []byte(`
{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "enforce-pod-name"
},
"spec": {
"validationFailureAction": "audit",
"background": true,
"rules": [
{
"name": "validate-name",
"match": {
"resources": {
"kinds": [
"Pod"
]
}
},
"exclude": {
"resources": {
"namespaceSelector": {
"matchLabels": {
"app-namespace": "true"
}
}
}
},
"validate": {
"message": "The Pod must end with -nginx",
"pattern": {
"metadata": {
"name": "*-nginx"
}
}
}
}
]
}
}
`),
errorDetail: "",
detail: "Test: schema validation for spec.rules.exclude.resources.namespaceSelector.matchLabels",
},
{
rawPolicy: []byte(`
{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "enforce-pod-name"
},
"spec": {
"validationFailureAction": "audit",
"background": true,
"rules": [
{
"name": "validate-name",
"match": {
"resources": {
"kinds": [
"Pod"
],
"selector": {
"matchLabels": {
"app-namespace": "true"
}
}
}
},
"validate": {
"message": "The Pod must end with -nginx",
"pattern": {
"metadata": {
"name": "*-nginx"
}
}
}
}
]
}
}
`),
errorDetail: "",
detail: "Test: schema validation for spec.rules.match.resources.selector.matchLabels",
},
{
rawPolicy: []byte(`
{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "enforce-pod-name"
},
"spec": {
"validationFailureAction": "audit",
"background": true,
"rules": [
{
"name": "validate-name",
"match": {
"resources": {
"kinds": [
"Pod"
]
}
},
"exclude": {
"resources": {
"selector": {
"matchLabels": {
"app-namespace": "true"
}
}
}
},
"validate": {
"message": "The Pod must end with -nginx",
"pattern": {
"metadata": {
"name": "*-nginx"
}
}
}
}
]
}
}
`),
errorDetail: "",
detail: "Test: schema validation for spec.rules.exclude.resources.selector.matchLabels",
added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-04-23 01:15:45 +05:30
},
}
v1crd, err := getPolicyCRD()
assert.NilError(t, err)
var policy kyverno.ClusterPolicy
for _, tc := range testcases {
err = json.Unmarshal(tc.rawPolicy, &policy)
assert.NilError(t, err)
_, errorList := validatePolicyAccordingToPolicyCRD(&policy, v1crd)
Removing additionalProperties from policy schema (#1891) * removed additionalProperties from policy schema Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-05-07 22:55:26 +05:30
fmt.Println(tc.detail)
added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
2021-04-23 01:15:45 +05:30
for _, e := range errorList {
assert.Assert(t, tc.errorDetail == e.Detail)
}
}
}
Copy permalink