kyverno/pkg/validation/exception/validate_test.go

package exception

import (
	"context"
	"testing"

	"github.com/kyverno/kyverno/pkg/logging"
	admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
	"gotest.tools/assert"
)

func Test_Validate(t *testing.T) {
	type args struct {
		opts     ValidationOptions
		resource []byte
	}
	tc := []struct {
		name string
		args args
		want int
	}{
		{
			name: "PolicyExceptions disabled.",
			args: args{
				opts: ValidationOptions{
					Enabled:   false,
					Namespace: "kyverno",
				},
				resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"delta"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
			},
			want: 1,
		},
		{
			name: "PolicyExceptions enabled. Defined namespace doesn't match namespace passed.",
			args: args{
				opts: ValidationOptions{
					Enabled:   true,
					Namespace: "kyverno",
				},
				resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"delta"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
			},
			want: 1,
		},
		{
			name: "PolicyExceptions enabled. Defined namespace matches namespace passed",
			args: args{
				opts: ValidationOptions{
					Enabled:   true,
					Namespace: "kyverno",
				},
				resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"kyverno"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
			},
			want: 0,
		},
		{
			name: "PolicyExceptions enabled. No namespace defined",
			args: args{
				opts: ValidationOptions{
					Enabled:   true,
					Namespace: "",
				},
				resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"kyverno"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
			},
			want: 0,
		},
	}
	for _, c := range tc {
		t.Run(c.name, func(t *testing.T) {
			polex, err := admissionutils.UnmarshalPolicyException(c.args.resource)
			assert.NilError(t, err)
			warnings, err := Validate(context.Background(), logging.GlobalLogger(), polex, c.args.opts)
			assert.NilError(t, err)
			assert.Assert(t, len(warnings) == c.want)
		})
	}
}
validate polex activation and namespace (#6046) * validate polex activation and namespace Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * pass polex options to handler Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * replace pointer Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove exceptionoption argument Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove nested if Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * revert change Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix line Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * pass polex options differently Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push update Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * move struct Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * Update pkg/validation/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * fix Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add unit test Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove lines Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix error Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2023-01-23 10:48:54 +01:00			`package exception`

			`import (`
			`"context"`
			`"testing"`

			`"github.com/kyverno/kyverno/pkg/logging"`
			`admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"`
			`"gotest.tools/assert"`
			`)`

			`func Test_Validate(t *testing.T) {`
			`type args struct {`
			`opts ValidationOptions`
			`resource []byte`
			`}`
			`tc := []struct {`
			`name string`
			`args args`
			`want int`
			`}{`
			`{`
			`name: "PolicyExceptions disabled.",`
			`args: args{`
			`opts: ValidationOptions{`
			`Enabled: false,`
			`Namespace: "kyverno",`
			`},`
fix: set v2beta1 of exceptions the storage version (#9254) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2023-12-22 12:13:58 +02:00			resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"delta"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
validate polex activation and namespace (#6046) * validate polex activation and namespace Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * pass polex options to handler Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * replace pointer Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove exceptionoption argument Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove nested if Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * revert change Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix line Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * pass polex options differently Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push update Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * move struct Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * Update pkg/validation/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * fix Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add unit test Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove lines Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix error Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2023-01-23 10:48:54 +01:00			`},`
			`want: 1,`
			`},`
			`{`
			`name: "PolicyExceptions enabled. Defined namespace doesn't match namespace passed.",`
			`args: args{`
			`opts: ValidationOptions{`
			`Enabled: true,`
			`Namespace: "kyverno",`
			`},`
fix: set v2beta1 of exceptions the storage version (#9254) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2023-12-22 12:13:58 +02:00			resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"delta"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
validate polex activation and namespace (#6046) * validate polex activation and namespace Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * pass polex options to handler Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * replace pointer Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove exceptionoption argument Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove nested if Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * revert change Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix line Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * pass polex options differently Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push update Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * move struct Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * Update pkg/validation/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * fix Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add unit test Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove lines Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix error Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2023-01-23 10:48:54 +01:00			`},`
			`want: 1,`
			`},`
			`{`
			`name: "PolicyExceptions enabled. Defined namespace matches namespace passed",`
			`args: args{`
			`opts: ValidationOptions{`
			`Enabled: true,`
			`Namespace: "kyverno",`
			`},`
fix: set v2beta1 of exceptions the storage version (#9254) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2023-12-22 12:13:58 +02:00			resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"kyverno"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
validate polex activation and namespace (#6046) * validate polex activation and namespace Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * pass polex options to handler Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * replace pointer Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove exceptionoption argument Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove nested if Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * revert change Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix line Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * pass polex options differently Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push update Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * move struct Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * Update pkg/validation/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * fix Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add unit test Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove lines Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix error Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2023-01-23 10:48:54 +01:00			`},`
			`want: 0,`
			`},`
			`{`
			`name: "PolicyExceptions enabled. No namespace defined",`
			`args: args{`
			`opts: ValidationOptions{`
			`Enabled: true,`
			`Namespace: "",`
			`},`
fix: set v2beta1 of exceptions the storage version (#9254) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2023-12-22 12:13:58 +02:00			resource: []byte(`{"apiVersion":"kyverno.io/v2beta1","kind":"PolicyException","metadata":{"name":"enforce-label-exception","namespace":"kyverno"},"spec":{"exceptions":[{"policyName":"enforce-label","ruleNames":["enforce-label"]}],"match":{"any":[{"resources":{"kinds":["Pod"]}}]}}}`),
validate polex activation and namespace (#6046) * validate polex activation and namespace Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push updates Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * pass polex options to handler Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * replace pointer Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove exceptionoption argument Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove nested if Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * revert change Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix line Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * pass polex options differently Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * push update Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * move struct Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * Update pkg/validation/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * Update pkg/webhooks/exception/validate.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> * fix Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add unit test Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * remove lines Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix error Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: yinka <damilola.olayinka@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2023-01-23 10:48:54 +01:00			`},`
			`want: 0,`
			`},`
			`}`
			`for _, c := range tc {`
			`t.Run(c.name, func(t *testing.T) {`
			`polex, err := admissionutils.UnmarshalPolicyException(c.args.resource)`
			`assert.NilError(t, err)`
			`warnings, err := Validate(context.Background(), logging.GlobalLogger(), polex, c.args.opts)`
			`assert.NilError(t, err)`
			`assert.Assert(t, len(warnings) == c.want)`
			`})`
			`}`
			`}`