2021-04-09 01:14:08 +02:00
package mutate
2021-09-09 18:55:20 +03:00
import (
2022-02-23 15:52:08 +00:00
"github.com/blang/semver/v4"
"github.com/kyverno/kyverno/test/e2e/common"
2021-09-09 18:55:20 +03:00
"k8s.io/apimachinery/pkg/runtime/schema"
)
2021-04-09 01:14:08 +02:00
// MutateTests is E2E Test Config for mutation
var MutateTests = [ ] struct {
//TestName - Name of the Test
TestName string
// Data - The Yaml file of the ClusterPolicy
Data [ ] byte
2021-06-03 00:18:28 +05:30
// ResourceNamespace - Namespace of the Resource
ResourceNamespace string
2021-06-21 21:35:43 +05:30
// PolicyName - Name of the Policy
PolicyName string
2021-04-09 01:14:08 +02:00
} {
{
2021-06-03 00:18:28 +05:30
TestName : "test-mutate-with-context" ,
Data : configMapMutationYaml ,
ResourceNamespace : "test-mutate" ,
2021-06-21 21:35:43 +05:30
PolicyName : "mutate-policy" ,
2021-04-09 01:14:08 +02:00
} ,
{
2021-06-03 00:18:28 +05:30
TestName : "test-mutate-with-logic-in-context" ,
Data : configMapMutationWithContextLogicYaml ,
ResourceNamespace : "test-mutate" ,
2021-06-21 21:35:43 +05:30
PolicyName : "mutate-policy" ,
2021-04-09 01:14:08 +02:00
} ,
2021-04-26 23:02:52 +02:00
{
2021-06-03 00:18:28 +05:30
TestName : "test-mutate-with-context-label-selection" ,
Data : configMapMutationWithContextLabelSelectionYaml ,
ResourceNamespace : "test-mutate" ,
2021-06-21 21:35:43 +05:30
PolicyName : "mutate-policy" ,
2021-04-26 23:02:52 +02:00
} ,
2021-04-09 01:14:08 +02:00
}
2021-05-13 12:03:13 -07:00
2021-09-09 18:55:20 +03:00
// Note: sometimes deleting namespaces takes time.
// Using different names for namespaces prevents collisions.
var tests = [ ] struct {
//TestDescription - Description of the Test
TestDescription string
// PolicyName - Name of the Policy
PolicyName string
// PolicyRaw - The Yaml file of the ClusterPolicy
PolicyRaw [ ] byte
// ResourceName - Name of the Resource
ResourceName string
// ResourceNamespace - Namespace of the Resource
ResourceNamespace string
// ResourceGVR - GVR of the Resource
ResourceGVR schema . GroupVersionResource
// ResourceRaw - The Yaml file of the ClusterPolicy
ResourceRaw [ ] byte
// ExpectedPatternRaw - The Yaml file that contains validate pattern for the expected result
// This is not the final result. It is just used to validate the result from the engine.
ExpectedPatternRaw [ ] byte
} {
{
TestDescription : "checks that runAsNonRoot is added to security context and containers elements security context" ,
PolicyName : "set-runasnonroot-true" ,
PolicyRaw : setRunAsNonRootTrue ,
ResourceName : "foo" ,
ResourceNamespace : "test-mutate" ,
ResourceGVR : podGVR ,
ResourceRaw : podWithContainers ,
ExpectedPatternRaw : podWithContainersPattern ,
} ,
{
TestDescription : "checks that runAsNonRoot is added to security context and containers elements security context and initContainers elements security context" ,
PolicyName : "set-runasnonroot-true" ,
PolicyRaw : setRunAsNonRootTrue ,
ResourceName : "foo" ,
ResourceNamespace : "test-mutate1" ,
ResourceGVR : podGVR ,
ResourceRaw : podWithContainersAndInitContainers ,
ExpectedPatternRaw : podWithContainersAndInitContainersPattern ,
} ,
2021-09-11 00:08:47 +03:00
{
TestDescription : "checks that variables in the keys are working correctly" ,
PolicyName : "structured-logs-sidecar" ,
PolicyRaw : kyverno_2316_policy ,
ResourceName : "busybox" ,
ResourceNamespace : "test-mutate2" ,
ResourceGVR : deploymentGVR ,
ResourceRaw : kyverno_2316_resource ,
ExpectedPatternRaw : kyverno_2316_pattern ,
} ,
2022-02-10 10:48:26 +05:30
{
TestDescription : "checks that policy mutate env variables of an array with specific index numbers" ,
PolicyName : "add-image-as-env-var" ,
PolicyRaw : kyverno_mutate_json_patch ,
ResourceName : "foo" ,
ResourceNamespace : "test-mutate-env-array" ,
ResourceGVR : podGVR ,
ResourceRaw : podWithEnvVar ,
ExpectedPatternRaw : podWithEnvVarPattern ,
} ,
2022-01-16 05:33:34 +00:00
{
TestDescription : "checks that preconditions are substituted correctly" ,
PolicyName : "replace-docker-hub" ,
PolicyRaw : kyverno_2971_policy ,
ResourceName : "nginx" ,
2022-02-23 15:52:08 +00:00
ResourceNamespace : "test-mutate-img" ,
2022-01-16 05:33:34 +00:00
ResourceGVR : podGVR ,
ResourceRaw : kyverno_2971_resource ,
ExpectedPatternRaw : kyverno_2971_pattern ,
} ,
2021-09-09 18:55:20 +03:00
}
2021-05-13 12:03:13 -07:00
var ingressTests = struct {
2022-02-23 15:52:08 +00:00
testNamespace string
2021-05-13 12:03:13 -07:00
cpol [ ] byte
2021-06-21 21:35:43 +05:30
policyName string
2021-05-13 12:03:13 -07:00
tests [ ] struct {
testName string
group , version , rsc , resourceName string
resource [ ] byte
2022-02-23 15:52:08 +00:00
skip bool
2021-05-13 12:03:13 -07:00
}
} {
2022-02-23 15:52:08 +00:00
testNamespace : "test-ingress" ,
2021-05-13 12:03:13 -07:00
cpol : mutateIngressCpol ,
2021-06-21 21:35:43 +05:30
policyName : "mutate-ingress-host" ,
2021-05-13 12:03:13 -07:00
tests : [ ] struct {
testName string
group , version , rsc , resourceName string
resource [ ] byte
2022-02-23 15:52:08 +00:00
skip bool
2021-05-13 12:03:13 -07:00
} {
{
testName : "test-networking-v1-ingress" ,
group : "networking.k8s.io" ,
version : "v1" ,
rsc : "ingresses" ,
resourceName : "kuard-v1" ,
resource : ingressNetworkingV1 ,
2022-02-23 15:52:08 +00:00
skip : common . GetKubernetesVersion ( ) . LT ( semver . MustParse ( "1.19.0" ) ) ,
2021-05-13 12:03:13 -07:00
} ,
2021-12-09 20:34:06 -08:00
// the following test can be removed after 1.22 cluster
2021-05-13 12:03:13 -07:00
{
testName : "test-networking-v1beta1-ingress" ,
group : "networking.k8s.io" ,
version : "v1beta1" ,
rsc : "ingresses" ,
resourceName : "kuard-v1beta1" ,
resource : ingressNetworkingV1beta1 ,
2022-02-23 15:52:08 +00:00
skip : common . GetKubernetesVersion ( ) . GTE ( semver . MustParse ( "1.22.0" ) ) ,
2021-05-13 12:03:13 -07:00
} ,
} ,
}
