kyverno/pkg/utils/admission/policy_test.go

package admission

import (
	"encoding/json"
	"reflect"
	"testing"

	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
	admissionv1 "k8s.io/api/admission/v1"
	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/runtime"
)

func TestUnmarshalPolicy(t *testing.T) {
	tests := []struct {
		name string
		kind string
		raw  []byte
	}{
		{
			name: "Policy",
			kind: "Policy",
			raw:  []byte(`{"field":"value"}`),
		},
		{
			name: "ClusterPolicy",
			kind: "ClusterPolicy",
			raw:  []byte(`{"field":"value"}`),
		},
		{
			name: "InvalidKind",
			kind: "InvalidKind",
			raw:  []byte(`{"field":"value"}`),
		},
	}
	for _, test := range tests {
		t.Run(test.name, func(t *testing.T) {
			policy, err := UnmarshalPolicy(test.kind, test.raw)
			switch test.kind {
			case "ClusterPolicy":
				var expectedPolicy *kyvernov1.ClusterPolicy
				if err != nil {
					t.Errorf("Unexpected error: %v", err)
				}
				if err := json.Unmarshal(test.raw, &expectedPolicy); err != nil {
					expectedPolicy = nil
				}
				if !reflect.DeepEqual(policy, expectedPolicy) {
					t.Errorf("Expected policy %+v, got %+v", expectedPolicy, policy)
				}
			case "Policy":
				var expectedPolicy *kyvernov1.Policy
				if err != nil {
					t.Errorf("Unexpected error: %v", err)
				}
				if err := json.Unmarshal(test.raw, &expectedPolicy); err != nil {
					expectedPolicy = nil
				}
				if !reflect.DeepEqual(policy, expectedPolicy) {
					t.Errorf("Expected policy %+v, got %+v", expectedPolicy, policy)
				}
			default:
				if !reflect.DeepEqual(policy, nil) {
					t.Errorf("Expected policy %+v, got %+v", nil, policy)
				}
			}
		})
	}
}

func TestGetPolicy(t *testing.T) {
	type args struct {
		request admissionv1.AdmissionRequest
	}
	tests := []struct {
		name string
		args args
	}{{
		name: "CleanupPolicy",
		args: args{
			request: admissionv1.AdmissionRequest{
				Kind: v1.GroupVersionKind{
					Kind: "CleanupPolicy",
				},
				Object: runtime.RawExtension{
					Raw: []byte(`{"field":"value"}`),
				},
			},
		},
	}, {
		name: "ClusterPolicy",
		args: args{
			request: admissionv1.AdmissionRequest{
				Kind: v1.GroupVersionKind{
					Kind: "ClusterPolicy",
				},
				Object: runtime.RawExtension{
					Raw: []byte(`{"field":"value"}`),
				},
			},
		},
	}, {
		name: "InvalidKind1",
		args: args{
			request: admissionv1.AdmissionRequest{
				Kind: v1.GroupVersionKind{
					Kind: "InvalidKind1",
				},
				Object: runtime.RawExtension{
					Raw: []byte(`{"field":"value"}`),
				},
			},
		},
	}, {
		name: "InvalidKind2",
		args: args{
			request: admissionv1.AdmissionRequest{
				Kind: v1.GroupVersionKind{
					Kind: "InvalidKind2",
				},
				Object: runtime.RawExtension{
					Raw: []byte(`{"field":"value"}`),
				},
			},
		},
	}}
	for _, test := range tests {
		t.Run(test.name, func(t *testing.T) {
			policy, _ := GetPolicy(test.args.request)
			expectedPolicy, _ := UnmarshalPolicy(test.args.request.Kind.Kind, test.args.request.Object.Raw)
			if !reflect.DeepEqual(policy, expectedPolicy) {
				t.Errorf("Expected policies %+v, got %+v", expectedPolicy, policy)
			}
		})
	}
}

func TestGetPolicies(t *testing.T) {
	type args struct {
		request admissionv1.AdmissionRequest
	}
	tests := []struct {
		name string
		args args
	}{{
		name: "Policy",
		args: args{
			request: admissionv1.AdmissionRequest{
				Kind: v1.GroupVersionKind{
					Kind: "Policy",
				},
				Object: runtime.RawExtension{
					Raw: []byte(`{"field":"value"}`),
				},
				OldObject: runtime.RawExtension{
					Raw: []byte(`{"field":"value"}`),
				},
				Operation: "CREATE",
			},
		},
	}, {
		name: "ClusterPolicy",
		args: args{
			request: admissionv1.AdmissionRequest{
				Kind: v1.GroupVersionKind{
					Kind: "ClusterPolicy",
				},
				Object: runtime.RawExtension{
					Raw: []byte(`{"field":"value"}`),
				},
				OldObject: runtime.RawExtension{
					Raw: []byte(`{"field":"value"}`),
				},
				Operation: "UPDATE",
			},
		},
	}, {
		name: "InvalidKind1",
		args: args{
			request: admissionv1.AdmissionRequest{
				Kind: v1.GroupVersionKind{
					Kind: "InvalidKind1",
				},
				Object: runtime.RawExtension{
					Raw: []byte(`{"field":"value"}`),
				},
				OldObject: runtime.RawExtension{
					Raw: []byte(`{"field":"value"}`),
				},
				Operation: "DELETE",
			},
		},
	}, {
		name: "InvalidKind2",
		args: args{
			request: admissionv1.AdmissionRequest{
				Kind: v1.GroupVersionKind{
					Kind: "InvalidKind2",
				},
				Object: runtime.RawExtension{
					Raw: []byte(`{"field":"value"}`),
				},
				OldObject: runtime.RawExtension{
					Raw: []byte(`{"field":"value"}`),
				},
				Operation: "CONNECT",
			},
		},
	}}
	for _, test := range tests {
		t.Run(test.name, func(t *testing.T) {
			p1, p2, _ := GetPolicies(test.args.request)
			expectedP1, err := UnmarshalPolicy(test.args.request.Kind.Kind, test.args.request.Object.Raw)
			if err != nil {
				if !reflect.DeepEqual(expectedP1, p1) || !reflect.DeepEqual(nil, p2) {
					t.Errorf("Expected policies %+v and %+v , got %+v and %+v ", expectedP1, nil, p1, p2)
				}
			} else if test.args.request.Operation == admissionv1.Update {
				expectedP2, err := UnmarshalPolicy(test.args.request.Kind.Kind, test.args.request.Object.Raw)
				if err != nil {
					t.Errorf("Unexpected error: %v", err)
				}
				if !reflect.DeepEqual(expectedP1, p1) || !reflect.DeepEqual(expectedP2, p2) {
					t.Errorf("Expected policies %+v and %+v , got %+v and %+v ", expectedP1, expectedP2, p1, p2)
				}
			} else {
				if err != nil {
					t.Errorf("Unexpected error: %v", err)
				}
				if !reflect.DeepEqual(expectedP1, p1) || !reflect.DeepEqual(nil, p2) {
					t.Errorf("Expected policies %+v and %+v , got %+v and %+v ", expectedP1, nil, p1, p2)
				}
			}
		})
	}
}
test: added test for pkg/utils/admission/policy.go (#9520) Signed-off-by: sivasathyaseeelan <dnsiva.sathyaseelan.chy21@iitbhu.ac.in> 2024-01-26 13:10:37 +00:00			`package admission`

			`import (`
			`"encoding/json"`
			`"reflect"`
			`"testing"`

			`kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"`
			`admissionv1 "k8s.io/api/admission/v1"`
			`v1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
			`"k8s.io/apimachinery/pkg/runtime"`
			`)`

			`func TestUnmarshalPolicy(t *testing.T) {`
			`tests := []struct {`
			`name string`
			`kind string`
			`raw []byte`
			`}{`
			`{`
			`name: "Policy",`
			`kind: "Policy",`
			raw: []byte(`{"field":"value"}`),
			`},`
			`{`
			`name: "ClusterPolicy",`
			`kind: "ClusterPolicy",`
			raw: []byte(`{"field":"value"}`),
			`},`
			`{`
			`name: "InvalidKind",`
			`kind: "InvalidKind",`
			raw: []byte(`{"field":"value"}`),
			`},`
			`}`
			`for _, test := range tests {`
			`t.Run(test.name, func(t *testing.T) {`
			`policy, err := UnmarshalPolicy(test.kind, test.raw)`
			`switch test.kind {`
			`case "ClusterPolicy":`
			`var expectedPolicy *kyvernov1.ClusterPolicy`
			`if err != nil {`
			`t.Errorf("Unexpected error: %v", err)`
			`}`
			`if err := json.Unmarshal(test.raw, &expectedPolicy); err != nil {`
			`expectedPolicy = nil`
			`}`
			`if !reflect.DeepEqual(policy, expectedPolicy) {`
			`t.Errorf("Expected policy %+v, got %+v", expectedPolicy, policy)`
			`}`
			`case "Policy":`
			`var expectedPolicy *kyvernov1.Policy`
			`if err != nil {`
			`t.Errorf("Unexpected error: %v", err)`
			`}`
			`if err := json.Unmarshal(test.raw, &expectedPolicy); err != nil {`
			`expectedPolicy = nil`
			`}`
			`if !reflect.DeepEqual(policy, expectedPolicy) {`
			`t.Errorf("Expected policy %+v, got %+v", expectedPolicy, policy)`
			`}`
			`default:`
			`if !reflect.DeepEqual(policy, nil) {`
			`t.Errorf("Expected policy %+v, got %+v", nil, policy)`
			`}`
			`}`
			`})`
			`}`
			`}`

			`func TestGetPolicy(t *testing.T) {`
			`type args struct {`
			`request admissionv1.AdmissionRequest`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`}{{`
			`name: "CleanupPolicy",`
			`args: args{`
			`request: admissionv1.AdmissionRequest{`
			`Kind: v1.GroupVersionKind{`
			`Kind: "CleanupPolicy",`
			`},`
			`Object: runtime.RawExtension{`
			Raw: []byte(`{"field":"value"}`),
			`},`
			`},`
			`},`
			`}, {`
			`name: "ClusterPolicy",`
			`args: args{`
			`request: admissionv1.AdmissionRequest{`
			`Kind: v1.GroupVersionKind{`
			`Kind: "ClusterPolicy",`
			`},`
			`Object: runtime.RawExtension{`
			Raw: []byte(`{"field":"value"}`),
			`},`
			`},`
			`},`
			`}, {`
			`name: "InvalidKind1",`
			`args: args{`
			`request: admissionv1.AdmissionRequest{`
			`Kind: v1.GroupVersionKind{`
			`Kind: "InvalidKind1",`
			`},`
			`Object: runtime.RawExtension{`
			Raw: []byte(`{"field":"value"}`),
			`},`
			`},`
			`},`
			`}, {`
			`name: "InvalidKind2",`
			`args: args{`
			`request: admissionv1.AdmissionRequest{`
			`Kind: v1.GroupVersionKind{`
			`Kind: "InvalidKind2",`
			`},`
			`Object: runtime.RawExtension{`
			Raw: []byte(`{"field":"value"}`),
			`},`
			`},`
			`},`
			`}}`
			`for _, test := range tests {`
			`t.Run(test.name, func(t *testing.T) {`
			`policy, _ := GetPolicy(test.args.request)`
			`expectedPolicy, _ := UnmarshalPolicy(test.args.request.Kind.Kind, test.args.request.Object.Raw)`
			`if !reflect.DeepEqual(policy, expectedPolicy) {`
			`t.Errorf("Expected policies %+v, got %+v", expectedPolicy, policy)`
			`}`
			`})`
			`}`
			`}`

			`func TestGetPolicies(t *testing.T) {`
			`type args struct {`
			`request admissionv1.AdmissionRequest`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`}{{`
			`name: "Policy",`
			`args: args{`
			`request: admissionv1.AdmissionRequest{`
			`Kind: v1.GroupVersionKind{`
			`Kind: "Policy",`
			`},`
			`Object: runtime.RawExtension{`
			Raw: []byte(`{"field":"value"}`),
			`},`
			`OldObject: runtime.RawExtension{`
			Raw: []byte(`{"field":"value"}`),
			`},`
			`Operation: "CREATE",`
			`},`
			`},`
			`}, {`
			`name: "ClusterPolicy",`
			`args: args{`
			`request: admissionv1.AdmissionRequest{`
			`Kind: v1.GroupVersionKind{`
			`Kind: "ClusterPolicy",`
			`},`
			`Object: runtime.RawExtension{`
			Raw: []byte(`{"field":"value"}`),
			`},`
			`OldObject: runtime.RawExtension{`
			Raw: []byte(`{"field":"value"}`),
			`},`
			`Operation: "UPDATE",`
			`},`
			`},`
			`}, {`
			`name: "InvalidKind1",`
			`args: args{`
			`request: admissionv1.AdmissionRequest{`
			`Kind: v1.GroupVersionKind{`
			`Kind: "InvalidKind1",`
			`},`
			`Object: runtime.RawExtension{`
			Raw: []byte(`{"field":"value"}`),
			`},`
			`OldObject: runtime.RawExtension{`
			Raw: []byte(`{"field":"value"}`),
			`},`
			`Operation: "DELETE",`
			`},`
			`},`
			`}, {`
			`name: "InvalidKind2",`
			`args: args{`
			`request: admissionv1.AdmissionRequest{`
			`Kind: v1.GroupVersionKind{`
			`Kind: "InvalidKind2",`
			`},`
			`Object: runtime.RawExtension{`
			Raw: []byte(`{"field":"value"}`),
			`},`
			`OldObject: runtime.RawExtension{`
			Raw: []byte(`{"field":"value"}`),
			`},`
			`Operation: "CONNECT",`
			`},`
			`},`
			`}}`
			`for _, test := range tests {`
			`t.Run(test.name, func(t *testing.T) {`
			`p1, p2, _ := GetPolicies(test.args.request)`
			`expectedP1, err := UnmarshalPolicy(test.args.request.Kind.Kind, test.args.request.Object.Raw)`
			`if err != nil {`
			`if !reflect.DeepEqual(expectedP1, p1) \|\| !reflect.DeepEqual(nil, p2) {`
			`t.Errorf("Expected policies %+v and %+v , got %+v and %+v ", expectedP1, nil, p1, p2)`
			`}`
			`} else if test.args.request.Operation == admissionv1.Update {`
			`expectedP2, err := UnmarshalPolicy(test.args.request.Kind.Kind, test.args.request.Object.Raw)`
			`if err != nil {`
			`t.Errorf("Unexpected error: %v", err)`
			`}`
			`if !reflect.DeepEqual(expectedP1, p1) \|\| !reflect.DeepEqual(expectedP2, p2) {`
			`t.Errorf("Expected policies %+v and %+v , got %+v and %+v ", expectedP1, expectedP2, p1, p2)`
			`}`
			`} else {`
			`if err != nil {`
			`t.Errorf("Unexpected error: %v", err)`
			`}`
			`if !reflect.DeepEqual(expectedP1, p1) \|\| !reflect.DeepEqual(nil, p2) {`
			`t.Errorf("Expected policies %+v and %+v , got %+v and %+v ", expectedP1, nil, p1, p2)`
			`}`
			`}`
			`})`
			`}`
			`}`