kyverno/test/ConfigMapGenerator-SecretGenerator/policy-namespace-patch-cmgCG-sgCG.yaml

# This is a test-policy with patch, configMapGenerator with and without "copyFrom" option,
# secretGenerator with and without "copyFrom" option.
# To apply this policy you need to create secret and configMap in "default" namespace 
# and then create a namespace

apiVersion : kubepolicy.nirmata.io/v1alpha1
kind : Policy
metadata :
  name : "policy-ns-patch-cmg-sg"
spec :
  rules:
  - name: "patchNamespace2"
    resource :
      kinds : 
      - Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
    mutate:
      patches:
        - path: "/metadata/labels/isMutatedByPolicy"
          op: add
          value: "true"

  - name: "copyCM"
    resource :
      kinds : 
      - Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
    generate :
    - kind: ConfigMap
      name : copied-cm
      copyFrom :
        namespace : default
        name : game-config
      data :
        secretData: "data from cmg"
       
  - name: "generateCM"
    resource :
      kinds : 
      - Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
    generate :
    - kind: ConfigMap
      name : generated-cm
      data :
        secretData: "very sensitive data from cmg"
        database: mongodb
        database_uri: mongodb://localhost:27017
  
        keys: | 
          image.public.key=771 
          rsa.public.key=42
  
  - name: "generateSecret"
    resource :
      kinds : 
      - Namespace
      name: ns2
    generate :
    - kind: Secret
      name : generated-secrets
      data :
        foo : bar
        app.properties : /
          foo1=bar1
          foo2=bar2
        ui.properties : /
          foo1=bar1
          foo2=bar2

  - name: "copySecret"
    resource :
      kinds : 
      - Namespace
      name: ns2
    generate :
    - kind: Secret
      name : copied-secrets
      copyFrom :
        namespace : default
        name : mysecret
      data :
        foo : bar
        secretData: "data from sg"
NK-14: Updated documentation, added examples. 2019-03-19 14:06:12 +02:00			`# This is a test-policy with patch, configMapGenerator with and without "copyFrom" option,`
			`# secretGenerator with and without "copyFrom" option.`
			`# To apply this policy you need to create secret and configMap in "default" namespace`
			`# and then create a namespace`

PR code review changes 2019-05-21 09:27:04 -07:00			`apiVersion : kubepolicy.nirmata.io/v1alpha1`
NK-14: Updated documentation, added examples. 2019-03-19 14:06:12 +02:00			`kind : Policy`
			`metadata :`
			`name : "policy-ns-patch-cmg-sg"`
			`spec :`
			`rules:`
PR code review changes 2019-05-21 09:27:04 -07:00			`- name: "patchNamespace2"`
			`resource :`
support list of kind in resource, update the CRD openapischema & adapt the test and examples for the change 2019-05-21 15:43:43 -07:00			`kinds :`
			`- Namespace`
NK-14: Updated documentation, added examples. 2019-03-19 14:06:12 +02:00			`selector:`
			`matchLabels:`
			`LabelForSelector : "namespace2"`
PR code review changes 2019-05-21 09:27:04 -07:00			`mutate:`
			`patches:`
			`- path: "/metadata/labels/isMutatedByPolicy"`
			`op: add`
			`value: "true"`
NK-14: Updated documentation, added examples. 2019-03-19 14:06:12 +02:00
PR code review changes 2019-05-21 09:27:04 -07:00			`- name: "copyCM"`
			`resource :`
support list of kind in resource, update the CRD openapischema & adapt the test and examples for the change 2019-05-21 15:43:43 -07:00			`kinds :`
			`- Namespace`
NK-14: Updated documentation, added examples. 2019-03-19 14:06:12 +02:00			`selector:`
			`matchLabels:`
			`LabelForSelector : "namespace2"`
PR code review changes 2019-05-21 09:27:04 -07:00			`generate :`
support list of kind in resource, update the CRD openapischema & adapt the test and examples for the change 2019-05-21 15:43:43 -07:00			`- kind: ConfigMap`
NK-14: Updated documentation, added examples. 2019-03-19 14:06:12 +02:00			`name : copied-cm`
			`copyFrom :`
			`namespace : default`
			`name : game-config`
			`data :`
			`secretData: "data from cmg"`
PR code review changes 2019-05-21 09:27:04 -07:00
			`- name: "generateCM"`
			`resource :`
support list of kind in resource, update the CRD openapischema & adapt the test and examples for the change 2019-05-21 15:43:43 -07:00			`kinds :`
			`- Namespace`
NK-14: Updated documentation, added examples. 2019-03-19 14:06:12 +02:00			`selector:`
			`matchLabels:`
			`LabelForSelector : "namespace2"`
PR code review changes 2019-05-21 09:27:04 -07:00			`generate :`
support list of kind in resource, update the CRD openapischema & adapt the test and examples for the change 2019-05-21 15:43:43 -07:00			`- kind: ConfigMap`
NK-14: Updated documentation, added examples. 2019-03-19 14:06:12 +02:00			`name : generated-cm`
			`data :`
			`secretData: "very sensitive data from cmg"`
			`database: mongodb`
			`database_uri: mongodb://localhost:27017`

			`keys: \|`
			`image.public.key=771`
			`rsa.public.key=42`

PR code review changes 2019-05-21 09:27:04 -07:00			`- name: "generateSecret"`
			`resource :`
support list of kind in resource, update the CRD openapischema & adapt the test and examples for the change 2019-05-21 15:43:43 -07:00			`kinds :`
			`- Namespace`
PR code review changes 2019-05-21 09:27:04 -07:00			`name: ns2`
			`generate :`
support list of kind in resource, update the CRD openapischema & adapt the test and examples for the change 2019-05-21 15:43:43 -07:00			`- kind: Secret`
NK-14: Updated documentation, added examples. 2019-03-19 14:06:12 +02:00			`name : generated-secrets`
			`data :`
			`foo : bar`
			`app.properties : /`
			`foo1=bar1`
			`foo2=bar2`
			`ui.properties : /`
			`foo1=bar1`
			`foo2=bar2`

PR code review changes 2019-05-21 09:27:04 -07:00			`- name: "copySecret"`
			`resource :`
support list of kind in resource, update the CRD openapischema & adapt the test and examples for the change 2019-05-21 15:43:43 -07:00			`kinds :`
			`- Namespace`
PR code review changes 2019-05-21 09:27:04 -07:00			`name: ns2`
			`generate :`
support list of kind in resource, update the CRD openapischema & adapt the test and examples for the change 2019-05-21 15:43:43 -07:00			`- kind: Secret`
NK-14: Updated documentation, added examples. 2019-03-19 14:06:12 +02:00			`name : copied-secrets`
			`copyFrom :`
			`namespace : default`
			`name : mysecret`
			`data :`
			`foo : bar`
			`secretData: "data from sg"`