kyverno/pkg/webhooks/admission_test.go

package webhooks_test

import (
	"gotest.tools/assert"
	"testing"

	types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"
	"github.com/nirmata/kube-policy/webhooks"
	v1beta1 "k8s.io/api/admission/v1beta1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func TestAdmissionIsRequired(t *testing.T) {
	var request v1beta1.AdmissionRequest
	request.Kind.Kind = "ConfigMap"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "CronJob"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "DaemonSet"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "Deployment"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "Endpoints"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "HorizontalPodAutoscaler"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "Ingress"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "Job"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "LimitRange"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "Namespace"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "NetworkPolicy"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "PersistentVolumeClaim"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "PodDisruptionBudget"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "PodTemplate"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "ResourceQuota"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "Secret"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "Service"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
	request.Kind.Kind = "StatefulSet"
	assert.Assert(t, webhooks.AdmissionIsRequired(&request))
}

func TestIsRuleResourceFitsRequest_Kind(t *testing.T) {
	resourceName := "test-config-map"
	resource := types.PolicyResource{
		Kind: "ConfigMap",
		Name: &resourceName,
	}
	request := v1beta1.AdmissionRequest{
		Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},
	}

	objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
	request.Object.Raw = objectByteArray

	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
	resource.Kind = "Deployment"
	assert.Assert(t, false == webhooks.IsRuleApplicableToRequest(resource, &request))
}

func TestIsRuleResourceFitsRequest_Name(t *testing.T) {
	resourceName := "test-config-map"
	resource := types.PolicyResource{
		Kind: "ConfigMap",
		Name: &resourceName,
	}
	request := v1beta1.AdmissionRequest{
		Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},
	}

	objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
	request.Object.Raw = objectByteArray
	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
	resourceName = "test-config-map-new"
	assert.Assert(t, false == webhooks.IsRuleApplicableToRequest(resource, &request))

	objectByteArray = []byte(`{"metadata":{"name":"test-config-map-new","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
	request.Object.Raw = objectByteArray
	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))

	objectByteArray = []byte(`{"metadata":{"name":"","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
	request.Object.Raw = objectByteArray
	assert.Assert(t, false == webhooks.IsRuleApplicableToRequest(resource, &request))
}

func TestIsRuleResourceFitsRequest_MatchExpressions(t *testing.T) {
	request := v1beta1.AdmissionRequest{
		Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},
	}

	resource := types.PolicyResource{
		Kind: "ConfigMap",
		Selector: &metav1.LabelSelector{
			MatchLabels: nil,
			MatchExpressions: []metav1.LabelSelectorRequirement{
				metav1.LabelSelectorRequirement{
					Key:      "label2",
					Operator: "NotIn",
					Values: []string{
						"sometest1",
					},
				},
				metav1.LabelSelectorRequirement{
					Key:      "label1",
					Operator: "In",
					Values: []string{
						"test1",
						"test8",
						"test201",
					},
				},
				metav1.LabelSelectorRequirement{
					Key:      "label3",
					Operator: "DoesNotExist",
					Values:   nil,
				},
			},
		},
	}

	objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
	request.Object.Raw = objectByteArray

	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
}

func TestIsRuleResourceFitsRequest_MatchLabels(t *testing.T) {
	resource := types.PolicyResource{
		Kind: "ConfigMap",
		Selector: &metav1.LabelSelector{
			MatchLabels: map[string]string{
				"label1": "test1",
				"label2": "test2",
			},
			MatchExpressions: nil,
		},
	}

	request := v1beta1.AdmissionRequest{
		Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},
	}

	objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
	request.Object.Raw = objectByteArray
	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))

	objectByteArray = []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label3":"test1","label2":"test2"}}}`)
	request.Object.Raw = objectByteArray
	assert.Assert(t, false == webhooks.IsRuleApplicableToRequest(resource, &request))

	resource = types.PolicyResource{
		Kind: "ConfigMap",
		Selector: &metav1.LabelSelector{
			MatchLabels: map[string]string{
				"label3": "test1",
				"label2": "test2",
			},
			MatchExpressions: nil,
		},
	}

	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
}

func TestIsRuleResourceFitsRequest_MatchLabelsAndMatchExpressions(t *testing.T) {
	request := v1beta1.AdmissionRequest{
		Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},
	}

	resource := types.PolicyResource{
		Kind: "ConfigMap",
		Selector: &metav1.LabelSelector{
			MatchLabels: map[string]string{
				"label1": "test1",
			},
			MatchExpressions: []metav1.LabelSelectorRequirement{
				metav1.LabelSelectorRequirement{
					Key:      "label2",
					Operator: "In",
					Values: []string{
						"test2",
					},
				},
			},
		},
	}

	objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
	request.Object.Raw = objectByteArray

	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))

	resource = types.PolicyResource{
		Kind: "ConfigMap",
		Selector: &metav1.LabelSelector{
			MatchLabels: map[string]string{
				"label1": "test1",
			},
			MatchExpressions: []metav1.LabelSelectorRequirement{
				metav1.LabelSelectorRequirement{
					Key:      "label2",
					Operator: "NotIn",
					Values: []string{
						"sometest1",
					},
				},
			},
		},
	}

	objectByteArray = []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
	request.Object.Raw = objectByteArray

	assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))
}
NK-10: Refactored policy types, used patch operation struct from there instead of internal struct. Implemented checking of incoming request to correspond the policy rule, added tests. Implemented generation of JSON patches according to patches in policy object, added tests. Implemented base version of Mutate function as a wrapper for all mutation functions. 2019-02-22 18:12:14 +02:00			`package webhooks_test`

			`import (`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`"gotest.tools/assert"`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`"testing"`
NK-10: Refactored policy types, used patch operation struct from there instead of internal struct. Implemented checking of incoming request to correspond the policy rule, added tests. Implemented generation of JSON patches according to patches in policy object, added tests. Implemented base version of Mutate function as a wrapper for all mutation functions. 2019-02-22 18:12:14 +02:00
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`types "github.com/nirmata/kube-policy/pkg/apis/policy/v1alpha1"`
			`"github.com/nirmata/kube-policy/webhooks"`
			`v1beta1 "k8s.io/api/admission/v1beta1"`
			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
NK-10: Refactored policy types, used patch operation struct from there instead of internal struct. Implemented checking of incoming request to correspond the policy rule, added tests. Implemented generation of JSON patches according to patches in policy object, added tests. Implemented base version of Mutate function as a wrapper for all mutation functions. 2019-02-22 18:12:14 +02:00			`)`

			`func TestAdmissionIsRequired(t *testing.T) {`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`var request v1beta1.AdmissionRequest`
			`request.Kind.Kind = "ConfigMap"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "CronJob"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "DaemonSet"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "Deployment"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "Endpoints"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "HorizontalPodAutoscaler"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "Ingress"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "Job"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "LimitRange"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "Namespace"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "NetworkPolicy"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "PersistentVolumeClaim"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "PodDisruptionBudget"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "PodTemplate"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "ResourceQuota"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "Secret"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "Service"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request.Kind.Kind = "StatefulSet"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.AdmissionIsRequired(&request))`
NK-10: Refactored policy types, used patch operation struct from there instead of internal struct. Implemented checking of incoming request to correspond the policy rule, added tests. Implemented generation of JSON patches according to patches in policy object, added tests. Implemented base version of Mutate function as a wrapper for all mutation functions. 2019-02-22 18:12:14 +02:00			`}`

			`func TestIsRuleResourceFitsRequest_Kind(t *testing.T) {`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`resourceName := "test-config-map"`
			`resource := types.PolicyResource{`
			`Kind: "ConfigMap",`
			`Name: &resourceName,`
			`}`
			`request := v1beta1.AdmissionRequest{`
			`Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},`
			`}`

			objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
			`request.Object.Raw = objectByteArray`

NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`resource.Kind = "Deployment"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, false == webhooks.IsRuleApplicableToRequest(resource, &request))`
NK-10: Refactored policy types, used patch operation struct from there instead of internal struct. Implemented checking of incoming request to correspond the policy rule, added tests. Implemented generation of JSON patches according to patches in policy object, added tests. Implemented base version of Mutate function as a wrapper for all mutation functions. 2019-02-22 18:12:14 +02:00			`}`

			`func TestIsRuleResourceFitsRequest_Name(t *testing.T) {`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`resourceName := "test-config-map"`
			`resource := types.PolicyResource{`
			`Kind: "ConfigMap",`
			`Name: &resourceName,`
			`}`
			`request := v1beta1.AdmissionRequest{`
			`Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},`
			`}`

			objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
			`request.Object.Raw = objectByteArray`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`resourceName = "test-config-map-new"`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, false == webhooks.IsRuleApplicableToRequest(resource, &request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00
			objectByteArray = []byte(`{"metadata":{"name":"test-config-map-new","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
			`request.Object.Raw = objectByteArray`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00
			objectByteArray = []byte(`{"metadata":{"name":"","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
			`request.Object.Raw = objectByteArray`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, false == webhooks.IsRuleApplicableToRequest(resource, &request))`
NK-10: Refactored policy types, used patch operation struct from there instead of internal struct. Implemented checking of incoming request to correspond the policy rule, added tests. Implemented generation of JSON patches according to patches in policy object, added tests. Implemented base version of Mutate function as a wrapper for all mutation functions. 2019-02-22 18:12:14 +02:00			`}`
NK-21: Added checking request by selector. Added tests for this logic. Added test policy file for selectors. 2019-02-26 20:05:07 +02:00
NK-22: Fixed build error with Selector pointer. Added comments. Changed tab to 4 spaces identation. Added unit tests for LabelSelector. 2019-03-01 14:16:20 +02:00			`func TestIsRuleResourceFitsRequest_MatchExpressions(t *testing.T) {`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request := v1beta1.AdmissionRequest{`
			`Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},`
			`}`

			`resource := types.PolicyResource{`
			`Kind: "ConfigMap",`
			`Selector: &metav1.LabelSelector{`
			`MatchLabels: nil,`
			`MatchExpressions: []metav1.LabelSelectorRequirement{`
			`metav1.LabelSelectorRequirement{`
			`Key: "label2",`
			`Operator: "NotIn",`
			`Values: []string{`
			`"sometest1",`
			`},`
			`},`
			`metav1.LabelSelectorRequirement{`
			`Key: "label1",`
			`Operator: "In",`
			`Values: []string{`
			`"test1",`
			`"test8",`
			`"test201",`
			`},`
			`},`
			`metav1.LabelSelectorRequirement{`
			`Key: "label3",`
			`Operator: "DoesNotExist",`
			`Values: nil,`
			`},`
			`},`
			`},`
			`}`

			objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
			`request.Object.Raw = objectByteArray`

NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))`
NK-22: Fixed build error with Selector pointer. Added comments. Changed tab to 4 spaces identation. Added unit tests for LabelSelector. 2019-03-01 14:16:20 +02:00			`}`

			`func TestIsRuleResourceFitsRequest_MatchLabels(t *testing.T) {`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`resource := types.PolicyResource{`
			`Kind: "ConfigMap",`
			`Selector: &metav1.LabelSelector{`
			`MatchLabels: map[string]string{`
			`"label1": "test1",`
			`"label2": "test2",`
			`},`
			`MatchExpressions: nil,`
			`},`
			`}`

			`request := v1beta1.AdmissionRequest{`
			`Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},`
			`}`

			objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
			`request.Object.Raw = objectByteArray`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00
			objectByteArray = []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label3":"test1","label2":"test2"}}}`)
			`request.Object.Raw = objectByteArray`
NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, false == webhooks.IsRuleApplicableToRequest(resource, &request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00
			`resource = types.PolicyResource{`
			`Kind: "ConfigMap",`
			`Selector: &metav1.LabelSelector{`
			`MatchLabels: map[string]string{`
			`"label3": "test1",`
			`"label2": "test2",`
			`},`
			`MatchExpressions: nil,`
			`},`
			`}`

NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))`
NK-22: Fixed build error with Selector pointer. Added comments. Changed tab to 4 spaces identation. Added unit tests for LabelSelector. 2019-03-01 14:16:20 +02:00			`}`

			`func TestIsRuleResourceFitsRequest_MatchLabelsAndMatchExpressions(t *testing.T) {`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00			`request := v1beta1.AdmissionRequest{`
			`Kind: metav1.GroupVersionKind{Kind: "ConfigMap"},`
			`}`

			`resource := types.PolicyResource{`
			`Kind: "ConfigMap",`
			`Selector: &metav1.LabelSelector{`
			`MatchLabels: map[string]string{`
			`"label1": "test1",`
			`},`
			`MatchExpressions: []metav1.LabelSelectorRequirement{`
			`metav1.LabelSelectorRequirement{`
			`Key: "label2",`
			`Operator: "In",`
			`Values: []string{`
			`"test2",`
			`},`
			`},`
			`},`
			`},`
			`}`

			objectByteArray := []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
			`request.Object.Raw = objectByteArray`

NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))`
NK-31: Fixed supporting policies for Endpoints 2019-03-11 16:17:58 +02:00
			`resource = types.PolicyResource{`
			`Kind: "ConfigMap",`
			`Selector: &metav1.LabelSelector{`
			`MatchLabels: map[string]string{`
			`"label1": "test1",`
			`},`
			`MatchExpressions: []metav1.LabelSelectorRequirement{`
			`metav1.LabelSelectorRequirement{`
			`Key: "label2",`
			`Operator: "NotIn",`
			`Values: []string{`
			`"sometest1",`
			`},`
			`},`
			`},`
			`},`
			`}`

			objectByteArray = []byte(`{"metadata":{"name":"test-config-map","namespace":"default","creationTimestamp":null,"labels":{"label1":"test1","label2":"test2"}}}`)
			`request.Object.Raw = objectByteArray`

NK-31: used gotest.tools/assert package instead of utils in admission_test 2019-03-11 19:27:22 +02:00			`assert.Assert(t, webhooks.IsRuleApplicableToRequest(resource, &request))`
NK-22: Fixed build error with Selector pointer. Added comments. Changed tab to 4 spaces identation. Added unit tests for LabelSelector. 2019-03-01 14:16:20 +02:00			`}`