kyverno/pkg/utils/yaml/loadpolicy_test.go

package yaml

import (
	"testing"

	"github.com/stretchr/testify/assert"
)

func TestGetPolicy(t *testing.T) {
	type args struct {
		bytes []byte
	}
	type policy struct {
		kind      string
		namespace string
	}
	tests := []struct {
		name                        string
		args                        args
		wantPolicies                []policy
		validatingAdmissionPolicies []policy
		wantErr                     bool
	}{{
		name: "policy",
		args: args{
			[]byte(`
apiVersion: kyverno.io/v1
kind: Policy
metadata:
  name: generate-policy
  namespace: ns-1
spec:
  rules:
  - name: copy-game-demo
    match:
      resources:
        kinds:
        - Namespace
    exclude:
      resources:
        namespaces:
        - kube-system
        - default
        - kube-public
        - kyverno
    generate:
      kind: ConfigMap
      name: game-demo
      namespace: "{{request.object.metadata.name}}"
      synchronize: true
      clone:
        namespace: default
        name: game-demo
`),
		},
		wantPolicies: []policy{
			{"Policy", "ns-1"},
		},
		wantErr: false,
	}, {
		name: "policy without ns",
		args: args{
			[]byte(`
apiVersion: kyverno.io/v1
kind: Policy
metadata:
  name: generate-policy
spec:
  rules:
  - name: copy-game-demo
    match:
      resources:
        kinds:
        - Namespace
    exclude:
      resources:
        namespaces:
        - kube-system
        - default
        - kube-public
        - kyverno
    generate:
      kind: ConfigMap
      name: game-demo
      namespace: "{{request.object.metadata.name}}"
      synchronize: true
      clone:
        namespace: default
        name: game-demo
`),
		},
		wantPolicies: []policy{
			{"Policy", "default"},
		},
		wantErr: false,
	}, {
		name: "cluster policy",
		args: args{
			[]byte(`
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: generate-policy
spec:
  rules:
  - name: copy-game-demo
    match:
      resources:
        kinds:
        - Namespace
    exclude:
      resources:
        namespaces:
        - kube-system
        - default
        - kube-public
        - kyverno
    generate:
      kind: ConfigMap
      name: game-demo
      namespace: "{{request.object.metadata.name}}"
      synchronize: true
      clone:
        namespace: default
        name: game-demo
`),
		},
		wantPolicies: []policy{
			{"ClusterPolicy", ""},
		},
		wantErr: false,
	}, {
		name: "cluster policy with ns",
		args: args{
			[]byte(`
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: generate-policy
  namespace: ns-1
spec:
  rules:
  - name: copy-game-demo
    match:
      resources:
        kinds:
        - Namespace
    exclude:
      resources:
        namespaces:
        - kube-system
        - default
        - kube-public
        - kyverno
    generate:
      kind: ConfigMap
      name: game-demo
      namespace: "{{request.object.metadata.name}}"
      synchronize: true
      clone:
        namespace: default
        name: game-demo
`),
		},
		wantPolicies: []policy{
			{"ClusterPolicy", ""},
		},
		wantErr: false,
	}, {
		name: "policy and cluster policy",
		args: args{
			[]byte(`
apiVersion: kyverno.io/v1
kind: Policy
metadata:
  name: generate-policy
  namespace: ns-1
spec:
  rules:
  - name: copy-game-demo
    match:
      resources:
        kinds:
        - Namespace
    exclude:
      resources:
        namespaces:
        - kube-system
        - default
        - kube-public
        - kyverno
    generate:
      kind: ConfigMap
      name: game-demo
      namespace: "{{request.object.metadata.name}}"
      synchronize: true
      clone:
        namespace: default
        name: game-demo
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: generate-policy
spec:
  rules:
  - name: copy-game-demo
    match:
      resources:
        kinds:
        - Namespace
    exclude:
      resources:
        namespaces:
        - kube-system
        - default
        - kube-public
        - kyverno
    generate:
      kind: ConfigMap
      name: game-demo
      namespace: "{{request.object.metadata.name}}"
      synchronize: true
      clone:
        namespace: default
        name: game-demo
`),
		},
		wantPolicies: []policy{
			{"Policy", "ns-1"},
			{"ClusterPolicy", ""},
		},
		wantErr: false,
	}, {
		name: "policy and cluster policy in list",
		args: args{
			[]byte(`
apiVersion: v1
kind: List
items:
  - apiVersion: kyverno.io/v1
    kind: Policy
    metadata:
      name: generate-policy
      namespace: ns-1
    spec:
      rules:
        - name: copy-game-demo
          match:
            resources:
              kinds:
                - Namespace
          exclude:
            resources:
              namespaces:
                - kube-system
                - default
                - kube-public
                - kyverno
          generate:
            kind: ConfigMap
            name: game-demo
            namespace: "{{request.object.metadata.name}}"
            synchronize: true
            clone:
              namespace: default
              name: game-demo
  - apiVersion: kyverno.io/v1
    kind: ClusterPolicy
    metadata:
      name: generate-policy
    spec:
      rules:
        - name: copy-game-demo
          match:
            resources:
              kinds:
                - Namespace
          exclude:
            resources:
              namespaces:
                - kube-system
                - default
                - kube-public
                - kyverno
          generate:
            kind: ConfigMap
            name: game-demo
            namespace: "{{request.object.metadata.name}}"
            synchronize: true
            clone:
              namespace: default
              name: game-demo
`),
		},
		wantPolicies: []policy{
			{"Policy", "ns-1"},
			{"ClusterPolicy", ""},
		},
		wantErr: false,
	}, {
		name: "ValidatingAdmissionPolicy",
		args: args{
			[]byte(`
apiVersion: admissionregistration.k8s.io/v1alpha1
kind: ValidatingAdmissionPolicy
metadata:
  name: "demo-policy.example.com"
spec:
  failurePolicy: Fail
  matchConstraints:
    resourceRules:
      - apiGroups:   ["apps"]
        apiVersions: ["v1"]
        operations:  ["CREATE", "UPDATE"]
        resources:   ["deployments"]
    validations:
      - expression: "object.spec.replicas <= 5"
`),
		}, validatingAdmissionPolicies: []policy{
			{"ValidatingAdmissionPolicy", ""},
		},
		wantErr: false,
	}, {
		name: "ValidatingAdmissionPolicy and Policy",
		args: args{
			[]byte(`
apiVersion: admissionregistration.k8s.io/v1alpha1
kind: ValidatingAdmissionPolicy
metadata:
  name: "demo-policy.example.com"
spec:
  failurePolicy: Fail
  matchConstraints:
    resourceRules:
      - apiGroups:   ["apps"]
        apiVersions: ["v1"]
        operations:  ["CREATE", "UPDATE"]
        resources:   ["deployments"]
    validations:
      - expression: "object.spec.replicas <= 5"
---
apiVersion: kyverno.io/v1
kind: Policy
metadata:
  name: generate-policy
  namespace: ns-1
spec:
  rules:
  - name: copy-game-demo
    match:
      resources:
        kinds:
        - Namespace
    exclude:
      resources:
        namespaces:
        - kube-system
        - default
        - kube-public
        - kyverno
    generate:
      kind: ConfigMap
      name: game-demo
      namespace: "{{request.object.metadata.name}}"
      synchronize: true
      clone:
        namespace: default
        name: game-demo
`),
		}, wantPolicies: []policy{
			{"Policy", "ns-1"},
		},
		validatingAdmissionPolicies: []policy{
			{"ValidatingAdmissionPolicy", ""},
		},
		wantErr: false,
	}, {
		name: "ValidatingAdmissionPolicy and ClusterPolicy",
		args: args{
			[]byte(`
apiVersion: admissionregistration.k8s.io/v1alpha1
kind: ValidatingAdmissionPolicy
metadata:
  name: "demo-policy.example.com"
spec:
  failurePolicy: Fail
  matchConstraints:
    resourceRules:
      - apiGroups:   ["apps"]
        apiVersions: ["v1"]
        operations:  ["CREATE", "UPDATE"]
        resources:   ["deployments"]
    validations:
      - expression: "object.spec.replicas <= 5"
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: generate-policy
spec:
  rules:
  - name: copy-game-demo
    match:
      resources:
        kinds:
        - Namespace
    exclude:
      resources:
        namespaces:
        - kube-system
        - default
        - kube-public
        - kyverno
    generate:
      kind: ConfigMap
      name: game-demo
      namespace: "{{request.object.metadata.name}}"
      synchronize: true
      clone:
        namespace: default
        name: game-demo
`),
		}, wantPolicies: []policy{
			{"ClusterPolicy", ""},
		},
		validatingAdmissionPolicies: []policy{
			{"ValidatingAdmissionPolicy", ""},
		},
		wantErr: false,
	}}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			gotPolicies, gotValidatingAdmissionPolicies, err := GetPolicy(tt.args.bytes)
			if tt.wantErr {
				assert.Error(t, err)
			} else {
				assert.NoError(t, err)
				if assert.Equal(t, len(tt.wantPolicies), len(gotPolicies)) {
					for i := range tt.wantPolicies {
						assert.Equal(t, tt.wantPolicies[i].kind, gotPolicies[i].GetKind())
						assert.Equal(t, tt.wantPolicies[i].namespace, gotPolicies[i].GetNamespace())
					}
				}

				if assert.Equal(t, len(tt.validatingAdmissionPolicies), len(gotValidatingAdmissionPolicies)) {
					for i := range tt.validatingAdmissionPolicies {
						assert.Equal(t, tt.validatingAdmissionPolicies[i].kind, gotValidatingAdmissionPolicies[i].Kind)
					}
				}

			}
		})
	}
}
fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-09-06 17:16:44 +02:00			`package yaml`

			`import (`
			`"testing"`

			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestGetPolicy(t *testing.T) {`
			`type args struct {`
			`bytes []byte`
			`}`
			`type policy struct {`
			`kind string`
			`namespace string`
			`}`
			`tests := []struct {`
Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Supporting ValidatingAdmissionPolicy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.26.3 to v0.27.0-rc.0 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno test Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * refactoring Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding kyverno apply tests for validating admission policy Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * running codegen-all Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding IsVap field in TestResults Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.27.0-rc.0 to v0.27.1 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Fix vap in engine response Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2023-05-10 11:12:53 +03:00			`name string`
			`args args`
			`wantPolicies []policy`
			`validatingAdmissionPolicies []policy`
			`wantErr bool`
fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-09-06 17:16:44 +02:00			`}{{`
			`name: "policy",`
			`args: args{`
			[]byte(`
			`apiVersion: kyverno.io/v1`
			`kind: Policy`
			`metadata:`
			`name: generate-policy`
			`namespace: ns-1`
			`spec:`
			`rules:`
			`- name: copy-game-demo`
			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
			`exclude:`
			`resources:`
			`namespaces:`
			`- kube-system`
			`- default`
			`- kube-public`
			`- kyverno`
			`generate:`
			`kind: ConfigMap`
			`name: game-demo`
			`namespace: "{{request.object.metadata.name}}"`
			`synchronize: true`
			`clone:`
			`namespace: default`
			`name: game-demo`
			`),
			`},`
			`wantPolicies: []policy{`
			`{"Policy", "ns-1"},`
			`},`
			`wantErr: false,`
			`}, {`
			`name: "policy without ns",`
			`args: args{`
			[]byte(`
			`apiVersion: kyverno.io/v1`
			`kind: Policy`
			`metadata:`
			`name: generate-policy`
			`spec:`
			`rules:`
			`- name: copy-game-demo`
			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
			`exclude:`
			`resources:`
			`namespaces:`
			`- kube-system`
			`- default`
			`- kube-public`
			`- kyverno`
			`generate:`
			`kind: ConfigMap`
			`name: game-demo`
			`namespace: "{{request.object.metadata.name}}"`
			`synchronize: true`
			`clone:`
			`namespace: default`
			`name: game-demo`
			`),
			`},`
			`wantPolicies: []policy{`
			`{"Policy", "default"},`
			`},`
			`wantErr: false,`
			`}, {`
			`name: "cluster policy",`
			`args: args{`
			[]byte(`
			`apiVersion: kyverno.io/v1`
			`kind: ClusterPolicy`
			`metadata:`
			`name: generate-policy`
			`spec:`
			`rules:`
			`- name: copy-game-demo`
			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
			`exclude:`
			`resources:`
			`namespaces:`
			`- kube-system`
			`- default`
			`- kube-public`
			`- kyverno`
			`generate:`
			`kind: ConfigMap`
			`name: game-demo`
			`namespace: "{{request.object.metadata.name}}"`
			`synchronize: true`
			`clone:`
			`namespace: default`
			`name: game-demo`
			`),
			`},`
			`wantPolicies: []policy{`
			`{"ClusterPolicy", ""},`
			`},`
			`wantErr: false,`
			`}, {`
			`name: "cluster policy with ns",`
			`args: args{`
			[]byte(`
			`apiVersion: kyverno.io/v1`
			`kind: ClusterPolicy`
			`metadata:`
			`name: generate-policy`
			`namespace: ns-1`
			`spec:`
			`rules:`
			`- name: copy-game-demo`
			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
			`exclude:`
			`resources:`
			`namespaces:`
			`- kube-system`
			`- default`
			`- kube-public`
			`- kyverno`
			`generate:`
			`kind: ConfigMap`
			`name: game-demo`
			`namespace: "{{request.object.metadata.name}}"`
			`synchronize: true`
			`clone:`
			`namespace: default`
			`name: game-demo`
			`),
			`},`
			`wantPolicies: []policy{`
			`{"ClusterPolicy", ""},`
			`},`
			`wantErr: false,`
			`}, {`
			`name: "policy and cluster policy",`
			`args: args{`
			[]byte(`
			`apiVersion: kyverno.io/v1`
			`kind: Policy`
			`metadata:`
			`name: generate-policy`
			`namespace: ns-1`
			`spec:`
			`rules:`
			`- name: copy-game-demo`
			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
			`exclude:`
			`resources:`
			`namespaces:`
			`- kube-system`
			`- default`
			`- kube-public`
			`- kyverno`
			`generate:`
			`kind: ConfigMap`
			`name: game-demo`
			`namespace: "{{request.object.metadata.name}}"`
			`synchronize: true`
			`clone:`
			`namespace: default`
			`name: game-demo`
			`---`
			`apiVersion: kyverno.io/v1`
			`kind: ClusterPolicy`
			`metadata:`
			`name: generate-policy`
			`spec:`
			`rules:`
			`- name: copy-game-demo`
			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
			`exclude:`
			`resources:`
			`namespaces:`
			`- kube-system`
			`- default`
			`- kube-public`
			`- kyverno`
			`generate:`
			`kind: ConfigMap`
			`name: game-demo`
			`namespace: "{{request.object.metadata.name}}"`
			`synchronize: true`
			`clone:`
			`namespace: default`
			`name: game-demo`
allow list with policies in test (#5227) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: shuting <shuting@nirmata.com> 2022-11-11 16:18:17 +01:00			`),
			`},`
			`wantPolicies: []policy{`
			`{"Policy", "ns-1"},`
			`{"ClusterPolicy", ""},`
			`},`
			`wantErr: false,`
			`}, {`
			`name: "policy and cluster policy in list",`
			`args: args{`
			[]byte(`
			`apiVersion: v1`
			`kind: List`
			`items:`
			`- apiVersion: kyverno.io/v1`
			`kind: Policy`
			`metadata:`
			`name: generate-policy`
			`namespace: ns-1`
			`spec:`
			`rules:`
			`- name: copy-game-demo`
			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
			`exclude:`
			`resources:`
			`namespaces:`
			`- kube-system`
			`- default`
			`- kube-public`
			`- kyverno`
			`generate:`
			`kind: ConfigMap`
			`name: game-demo`
			`namespace: "{{request.object.metadata.name}}"`
			`synchronize: true`
			`clone:`
			`namespace: default`
			`name: game-demo`
			`- apiVersion: kyverno.io/v1`
			`kind: ClusterPolicy`
			`metadata:`
			`name: generate-policy`
			`spec:`
			`rules:`
			`- name: copy-game-demo`
			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
			`exclude:`
			`resources:`
			`namespaces:`
			`- kube-system`
			`- default`
			`- kube-public`
			`- kyverno`
			`generate:`
			`kind: ConfigMap`
			`name: game-demo`
			`namespace: "{{request.object.metadata.name}}"`
			`synchronize: true`
			`clone:`
			`namespace: default`
			`name: game-demo`
fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-09-06 17:16:44 +02:00			`),
			`},`
			`wantPolicies: []policy{`
			`{"Policy", "ns-1"},`
			`{"ClusterPolicy", ""},`
			`},`
			`wantErr: false,`
Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Supporting ValidatingAdmissionPolicy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.26.3 to v0.27.0-rc.0 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno test Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * refactoring Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding kyverno apply tests for validating admission policy Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * running codegen-all Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding IsVap field in TestResults Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.27.0-rc.0 to v0.27.1 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Fix vap in engine response Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2023-05-10 11:12:53 +03:00			`}, {`
			`name: "ValidatingAdmissionPolicy",`
			`args: args{`
			[]byte(`
			`apiVersion: admissionregistration.k8s.io/v1alpha1`
			`kind: ValidatingAdmissionPolicy`
			`metadata:`
			`name: "demo-policy.example.com"`
			`spec:`
			`failurePolicy: Fail`
			`matchConstraints:`
			`resourceRules:`
			`- apiGroups: ["apps"]`
			`apiVersions: ["v1"]`
			`operations: ["CREATE", "UPDATE"]`
			`resources: ["deployments"]`
			`validations:`
			`- expression: "object.spec.replicas <= 5"`
			`),
			`}, validatingAdmissionPolicies: []policy{`
			`{"ValidatingAdmissionPolicy", ""},`
			`},`
			`wantErr: false,`
			`}, {`
			`name: "ValidatingAdmissionPolicy and Policy",`
			`args: args{`
			[]byte(`
			`apiVersion: admissionregistration.k8s.io/v1alpha1`
			`kind: ValidatingAdmissionPolicy`
			`metadata:`
			`name: "demo-policy.example.com"`
			`spec:`
			`failurePolicy: Fail`
			`matchConstraints:`
			`resourceRules:`
			`- apiGroups: ["apps"]`
			`apiVersions: ["v1"]`
			`operations: ["CREATE", "UPDATE"]`
			`resources: ["deployments"]`
			`validations:`
			`- expression: "object.spec.replicas <= 5"`
			`---`
			`apiVersion: kyverno.io/v1`
			`kind: Policy`
			`metadata:`
			`name: generate-policy`
			`namespace: ns-1`
			`spec:`
			`rules:`
			`- name: copy-game-demo`
			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
			`exclude:`
			`resources:`
			`namespaces:`
			`- kube-system`
			`- default`
			`- kube-public`
			`- kyverno`
			`generate:`
			`kind: ConfigMap`
			`name: game-demo`
			`namespace: "{{request.object.metadata.name}}"`
			`synchronize: true`
			`clone:`
			`namespace: default`
			`name: game-demo`
			`),
			`}, wantPolicies: []policy{`
			`{"Policy", "ns-1"},`
			`},`
			`validatingAdmissionPolicies: []policy{`
			`{"ValidatingAdmissionPolicy", ""},`
			`},`
			`wantErr: false,`
			`}, {`
			`name: "ValidatingAdmissionPolicy and ClusterPolicy",`
			`args: args{`
			[]byte(`
			`apiVersion: admissionregistration.k8s.io/v1alpha1`
			`kind: ValidatingAdmissionPolicy`
			`metadata:`
			`name: "demo-policy.example.com"`
			`spec:`
			`failurePolicy: Fail`
			`matchConstraints:`
			`resourceRules:`
			`- apiGroups: ["apps"]`
			`apiVersions: ["v1"]`
			`operations: ["CREATE", "UPDATE"]`
			`resources: ["deployments"]`
			`validations:`
			`- expression: "object.spec.replicas <= 5"`
			`---`
			`apiVersion: kyverno.io/v1`
			`kind: ClusterPolicy`
			`metadata:`
			`name: generate-policy`
			`spec:`
			`rules:`
			`- name: copy-game-demo`
			`match:`
			`resources:`
			`kinds:`
			`- Namespace`
			`exclude:`
			`resources:`
			`namespaces:`
			`- kube-system`
			`- default`
			`- kube-public`
			`- kyverno`
			`generate:`
			`kind: ConfigMap`
			`name: game-demo`
			`namespace: "{{request.object.metadata.name}}"`
			`synchronize: true`
			`clone:`
			`namespace: default`
			`name: game-demo`
			`),
			`}, wantPolicies: []policy{`
			`{"ClusterPolicy", ""},`
			`},`
			`validatingAdmissionPolicies: []policy{`
			`{"ValidatingAdmissionPolicy", ""},`
			`},`
			`wantErr: false,`
fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-09-06 17:16:44 +02:00			`}}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Supporting ValidatingAdmissionPolicy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.26.3 to v0.27.0-rc.0 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno test Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * refactoring Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding kyverno apply tests for validating admission policy Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * running codegen-all Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding IsVap field in TestResults Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.27.0-rc.0 to v0.27.1 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Fix vap in engine response Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2023-05-10 11:12:53 +03:00			`gotPolicies, gotValidatingAdmissionPolicies, err := GetPolicy(tt.args.bytes)`
fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-09-06 17:16:44 +02:00			`if tt.wantErr {`
			`assert.Error(t, err)`
			`} else {`
			`assert.NoError(t, err)`
			`if assert.Equal(t, len(tt.wantPolicies), len(gotPolicies)) {`
			`for i := range tt.wantPolicies {`
			`assert.Equal(t, tt.wantPolicies[i].kind, gotPolicies[i].GetKind())`
			`assert.Equal(t, tt.wantPolicies[i].namespace, gotPolicies[i].GetNamespace())`
			`}`
			`}`
Supporting ValidatingAdmissionPolicy in kyverno cli (apply and test command) (#6656) * feat: add policy reporter to the dev lab Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: remove obsolete structs from CLI Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * more Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Supporting ValidatingAdmissionPolicy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.26.3 to v0.27.0-rc.0 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno apply Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Support validating admission policy in kyverno test Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * refactoring Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding kyverno apply tests for validating admission policy Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * running codegen-all Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Adding IsVap field in TestResults Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * chore: bump k8s from v0.27.0-rc.0 to v0.27.1 Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * fix Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * Fix vap in engine response Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2023-05-10 11:12:53 +03:00
			`if assert.Equal(t, len(tt.validatingAdmissionPolicies), len(gotValidatingAdmissionPolicies)) {`
			`for i := range tt.validatingAdmissionPolicies {`
			`assert.Equal(t, tt.validatingAdmissionPolicies[i].kind, gotValidatingAdmissionPolicies[i].Kind)`
			`}`
			`}`

fix: load policy and add tests (#4515) * fix: load policy and add tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix callers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> 2022-09-06 17:16:44 +02:00			`}`
			`})`
			`}`
			`}`