kyverno/pkg/policystore/policystore_test.go

package policystore

import (
	"encoding/json"
	"reflect"
	"testing"

	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
	"github.com/nirmata/kyverno/pkg/client/clientset/versioned/fake"
	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/labels"
	"k8s.io/apimachinery/pkg/runtime"
	"k8s.io/client-go/kubernetes/scheme"
)

func Test_Operations(t *testing.T) {
	rawPolicy1 := []byte(`
	{
		"apiVersion": "kyverno.io/v1",
		"kind": "ClusterPolicy",
		"metadata": {
		  "name": "test-policy1"
		},
		"spec": {
		  "rules": [
			{
			  "name": "r1",
			  "match": {
				"resources": {
				  "kinds": [
					"Pod"
				  ]
				}
			  },
			  "mutate": {
				"overlay": "temp"
			  }
			},
			{
			  "name": "r2",
			  "match": {
				"resources": {
				  "kinds": [
					"Pod",
					"Deployment"
				  ]
				}
			  },
			  "mutate": {
				"overlay": "temp"
			  }
			},
			{
			  "name": "r3",
			  "match": {
				"resources": {
				  "kinds": [
					"Pod",
					"Deployment"
				  ],
				  "namespaces": [
					"n1"
				  ]
				}
			  },
			  "mutate": {
				"overlay": "temp"
			  }
			},
			{
			  "name": "r4",
			  "match": {
				"resources": {
				  "kinds": [
					"Pod",
					"Deployment"
				  ],
				  "namespaces": [
					"n1",
					"n2"
				  ]
				}
			  },
			  "validate": {
				"pattern": "temp"
			  }
			}
		  ]
		}
	  }
	`)

	rawPolicy2 := []byte(`
	{
		"apiVersion": "kyverno.io/v1",
		"kind": "ClusterPolicy",
		"metadata": {
		  "name": "test-policy2"
		},
		"spec": {
		  "rules": [
			{
			  "name": "r1",
			  "match": {
				"resources": {
				  "kinds": [
					"Pod"
				  ]
				}
			  },
			  "mutate": {
				"overlay": "temp"
			  }
			},
			{
			  "name": "r2",
			  "match": {
				"resources": {
				  "kinds": [
					"Pod"
				  ],
				  "namespaces": [
					"n4"
				  ]
				}
			  },
			  "mutate": {
				"overlay": "temp"
			  }
			},
			{
			  "name": "r2",
			  "match": {
				"resources": {
				  "kinds": [
					"Pod"
				  ],
				  "namespaces": [
					"n4",
					"n5",
					"n6"
				  ]
				}
			  },
			  "validate": {
				"pattern": "temp"
			  }
			}
		  ]
		}
	  }`)

	rawPolicy3 := []byte(`
	{
		"apiVersion": "kyverno.io/v1",
		"kind": "ClusterPolicy",
		"metadata": {
		  "name": "test-policy3"
		},
		"spec": {
		  "rules": [
			{
			  "name": "r4",
			  "match": {
				"resources": {
				  "kinds": [
					"Service"
				  ]
				}
			  },
			  "mutate": {
				"overlay": "temp"
			  }
			}
		  ]
		}
	  }`)
	var policy1 kyverno.ClusterPolicy
	json.Unmarshal(rawPolicy1, &policy1)
	var policy2 kyverno.ClusterPolicy
	json.Unmarshal(rawPolicy2, &policy2)
	var policy3 kyverno.ClusterPolicy
	json.Unmarshal(rawPolicy3, &policy3)
	scheme.Scheme.AddKnownTypes(kyverno.SchemeGroupVersion,
		&kyverno.ClusterPolicy{},
	)
	var obj runtime.Object
	var err error
	var retPolicies []kyverno.ClusterPolicy
	polices := []runtime.Object{}
	// list of runtime objects
	decode := scheme.Codecs.UniversalDeserializer().Decode
	obj, _, err = decode(rawPolicy1, nil, nil)
	if err != nil {
		t.Error(err)
	}
	polices = append(polices, obj)
	obj, _, err = decode(rawPolicy2, nil, nil)
	if err != nil {
		t.Error(err)
	}
	polices = append(polices, obj)
	obj, _, err = decode(rawPolicy3, nil, nil)
	if err != nil {
		t.Error(err)
	}
	polices = append(polices, obj)
	// Mock Lister
	client := fake.NewSimpleClientset(polices...)
	fakeLister := &FakeLister{client: client}
	store := NewPolicyStore(fakeLister)
	// Test Operations
	// Add
	store.Register(policy1)
	// Add
	store.Register(policy2)
	// Add
	store.Register(policy3)
	// Lookup
	retPolicies, err = store.LookUp("Pod", "")
	if err != nil {
		t.Error(err)
	}
	if !reflect.DeepEqual(retPolicies, []kyverno.ClusterPolicy{policy1, policy2}) {
		t.Error("not matching")
	}

	// Remove
	store.UnRegister(policy1)
	retPolicies, err = store.LookUp("Pod", "")
	if err != nil {
		t.Error(err)
	}
	// Lookup
	if !reflect.DeepEqual(retPolicies, []kyverno.ClusterPolicy{policy2}) {
		t.Error("not matching")
	}
	// Add
	store.Register(policy1)
	retPolicies, err = store.LookUp("Pod", "")
	if err != nil {
		t.Error(err)
	}

	if len(retPolicies) != len([]kyverno.ClusterPolicy{policy1, policy2}) {
		// checking length as the order of polcies might be different
		t.Error("not matching")
	}

	retPolicies, err = store.LookUp("Service", "")
	if err != nil {
		t.Error(err)
	}
	if !reflect.DeepEqual(retPolicies, []kyverno.ClusterPolicy{policy3}) {
		t.Error("not matching")
	}

}

type FakeLister struct {
	client *fake.Clientset
}

func (fk *FakeLister) List(selector labels.Selector) (ret []*kyverno.ClusterPolicy, err error) {
	return nil, nil
}

func (fk *FakeLister) Get(name string) (*kyverno.ClusterPolicy, error) {
	return fk.client.KyvernoV1().ClusterPolicies().Get(name, v1.GetOptions{})
}

func (fk *FakeLister) GetPolicyForPolicyViolation(pv *kyverno.ClusterPolicyViolation) ([]*kyverno.ClusterPolicy, error) {
	return nil, nil
}
func (fk *FakeLister) ListResources(selector labels.Selector) (ret []*kyverno.ClusterPolicy, err error) {
	return nil, nil
}

func (fk *FakeLister) GetPolicyForNamespacedPolicyViolation(pv *kyverno.NamespacedPolicyViolation) ([]*kyverno.ClusterPolicy, error) {
	return nil, nil
}
introduce policy store 2019-11-11 11:10:25 -08:00			`package policystore`

			`import (`
			`"encoding/json"`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`"reflect"`
introduce policy store 2019-11-11 11:10:25 -08:00			`"testing"`

update api in tests 2019-11-13 13:56:07 -08:00			`kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`"github.com/nirmata/kyverno/pkg/client/clientset/versioned/fake"`
			`v1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
			`"k8s.io/apimachinery/pkg/labels"`
			`"k8s.io/apimachinery/pkg/runtime"`
			`"k8s.io/client-go/kubernetes/scheme"`
introduce policy store 2019-11-11 11:10:25 -08:00			`)`

introduce policy violation generator 2019-11-12 14:41:29 -08:00			`func Test_Operations(t *testing.T) {`
introduce policy store 2019-11-11 11:10:25 -08:00			rawPolicy1 := []byte(`
			`{`
update api in tests 2019-11-13 13:56:07 -08:00			`"apiVersion": "kyverno.io/v1",`
introduce policy store 2019-11-11 11:10:25 -08:00			`"kind": "ClusterPolicy",`
			`"metadata": {`
fix tests 2019-11-13 08:07:11 -08:00			`"name": "test-policy1"`
introduce policy store 2019-11-11 11:10:25 -08:00			`},`
			`"spec": {`
			`"rules": [`
			`{`
			`"name": "r1",`
			`"match": {`
			`"resources": {`
			`"kinds": [`
			`"Pod"`
			`]`
			`}`
			`},`
			`"mutate": {`
			`"overlay": "temp"`
			`}`
			`},`
			`{`
			`"name": "r2",`
			`"match": {`
			`"resources": {`
			`"kinds": [`
			`"Pod",`
			`"Deployment"`
			`]`
			`}`
			`},`
			`"mutate": {`
			`"overlay": "temp"`
			`}`
			`},`
			`{`
			`"name": "r3",`
			`"match": {`
			`"resources": {`
			`"kinds": [`
			`"Pod",`
			`"Deployment"`
			`],`
			`"namespaces": [`
			`"n1"`
			`]`
			`}`
			`},`
			`"mutate": {`
			`"overlay": "temp"`
			`}`
			`},`
			`{`
			`"name": "r4",`
			`"match": {`
			`"resources": {`
			`"kinds": [`
			`"Pod",`
			`"Deployment"`
			`],`
			`"namespaces": [`
			`"n1",`
			`"n2"`
			`]`
			`}`
			`},`
			`"validate": {`
			`"pattern": "temp"`
			`}`
			`}`
			`]`
			`}`
			`}`
			`)

			rawPolicy2 := []byte(`
			`{`
update api in tests 2019-11-13 13:56:07 -08:00			`"apiVersion": "kyverno.io/v1",`
introduce policy store 2019-11-11 11:10:25 -08:00			`"kind": "ClusterPolicy",`
			`"metadata": {`
fix tests 2019-11-13 08:07:11 -08:00			`"name": "test-policy2"`
introduce policy store 2019-11-11 11:10:25 -08:00			`},`
			`"spec": {`
			`"rules": [`
			`{`
			`"name": "r1",`
			`"match": {`
			`"resources": {`
			`"kinds": [`
			`"Pod"`
			`]`
			`}`
			`},`
			`"mutate": {`
			`"overlay": "temp"`
			`}`
			`},`
			`{`
			`"name": "r2",`
			`"match": {`
			`"resources": {`
			`"kinds": [`
			`"Pod"`
			`],`
			`"namespaces": [`
			`"n4"`
			`]`
			`}`
			`},`
			`"mutate": {`
			`"overlay": "temp"`
			`}`
			`},`
			`{`
			`"name": "r2",`
			`"match": {`
			`"resources": {`
			`"kinds": [`
			`"Pod"`
			`],`
			`"namespaces": [`
			`"n4",`
			`"n5",`
			`"n6"`
			`]`
			`}`
			`},`
			`"validate": {`
			`"pattern": "temp"`
			`}`
			`}`
			`]`
			`}`
			}`)
introduce policy violation generator 2019-11-12 14:41:29 -08:00
			rawPolicy3 := []byte(`
			`{`
update api in tests 2019-11-13 13:56:07 -08:00			`"apiVersion": "kyverno.io/v1",`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`"kind": "ClusterPolicy",`
			`"metadata": {`
			`"name": "test-policy3"`
			`},`
			`"spec": {`
			`"rules": [`
			`{`
			`"name": "r4",`
			`"match": {`
			`"resources": {`
			`"kinds": [`
			`"Service"`
			`]`
			`}`
			`},`
			`"mutate": {`
			`"overlay": "temp"`
			`}`
			`}`
			`]`
			`}`
			}`)
update api in tests 2019-11-13 13:56:07 -08:00			`var policy1 kyverno.ClusterPolicy`
introduce policy store 2019-11-11 11:10:25 -08:00			`json.Unmarshal(rawPolicy1, &policy1)`
update api in tests 2019-11-13 13:56:07 -08:00			`var policy2 kyverno.ClusterPolicy`
introduce policy store 2019-11-11 11:10:25 -08:00			`json.Unmarshal(rawPolicy2, &policy2)`
update api in tests 2019-11-13 13:56:07 -08:00			`var policy3 kyverno.ClusterPolicy`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`json.Unmarshal(rawPolicy3, &policy3)`
update api in tests 2019-11-13 13:56:07 -08:00			`scheme.Scheme.AddKnownTypes(kyverno.SchemeGroupVersion,`
			`&kyverno.ClusterPolicy{},`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`)`
			`var obj runtime.Object`
			`var err error`
update api in tests 2019-11-13 13:56:07 -08:00			`var retPolicies []kyverno.ClusterPolicy`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`polices := []runtime.Object{}`
			`// list of runtime objects`
			`decode := scheme.Codecs.UniversalDeserializer().Decode`
			`obj, _, err = decode(rawPolicy1, nil, nil)`
			`if err != nil {`
			`t.Error(err)`
			`}`
			`polices = append(polices, obj)`
			`obj, _, err = decode(rawPolicy2, nil, nil)`
			`if err != nil {`
			`t.Error(err)`
			`}`
			`polices = append(polices, obj)`
			`obj, _, err = decode(rawPolicy3, nil, nil)`
			`if err != nil {`
			`t.Error(err)`
			`}`
			`polices = append(polices, obj)`
			`// Mock Lister`
			`client := fake.NewSimpleClientset(polices...)`
			`fakeLister := &FakeLister{client: client}`
			`store := NewPolicyStore(fakeLister)`
			`// Test Operations`
introduce policy store 2019-11-11 11:10:25 -08:00			`// Add`
			`store.Register(policy1)`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`// Add`
introduce policy store 2019-11-11 11:10:25 -08:00			`store.Register(policy2)`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`// Add`
			`store.Register(policy3)`
			`// Lookup`
			`retPolicies, err = store.LookUp("Pod", "")`
			`if err != nil {`
			`t.Error(err)`
			`}`
update api in tests 2019-11-13 13:56:07 -08:00			`if !reflect.DeepEqual(retPolicies, []kyverno.ClusterPolicy{policy1, policy2}) {`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`t.Error("not matching")`
			`}`

			`// Remove`
introduce policy store 2019-11-11 11:10:25 -08:00			`store.UnRegister(policy1)`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`retPolicies, err = store.LookUp("Pod", "")`
			`if err != nil {`
			`t.Error(err)`
			`}`
			`// Lookup`
update api in tests 2019-11-13 13:56:07 -08:00			`if !reflect.DeepEqual(retPolicies, []kyverno.ClusterPolicy{policy2}) {`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`t.Error("not matching")`
			`}`
			`// Add`
introduce policy store 2019-11-11 11:10:25 -08:00			`store.Register(policy1)`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`retPolicies, err = store.LookUp("Pod", "")`
			`if err != nil {`
			`t.Error(err)`
			`}`
fix tests 2019-11-13 08:07:11 -08:00
update api in tests 2019-11-13 13:56:07 -08:00			`if len(retPolicies) != len([]kyverno.ClusterPolicy{policy1, policy2}) {`
fix tests 2019-11-13 08:07:11 -08:00			`// checking length as the order of polcies might be different`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`t.Error("not matching")`
			`}`

			`retPolicies, err = store.LookUp("Service", "")`
			`if err != nil {`
			`t.Error(err)`
			`}`
update api in tests 2019-11-13 13:56:07 -08:00			`if !reflect.DeepEqual(retPolicies, []kyverno.ClusterPolicy{policy3}) {`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`t.Error("not matching")`
			`}`

			`}`

			`type FakeLister struct {`
			`client *fake.Clientset`
			`}`

update api in tests 2019-11-13 13:56:07 -08:00			`func (fk FakeLister) List(selector labels.Selector) (ret []kyverno.ClusterPolicy, err error) {`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`return nil, nil`
			`}`

update api in tests 2019-11-13 13:56:07 -08:00			`func (fk FakeLister) Get(name string) (kyverno.ClusterPolicy, error) {`
update apiversion to v1 in code 2019-11-13 13:41:08 -08:00			`return fk.client.KyvernoV1().ClusterPolicies().Get(name, v1.GetOptions{})`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`}`

update api in tests 2019-11-13 13:56:07 -08:00			`func (fk FakeLister) GetPolicyForPolicyViolation(pv kyverno.ClusterPolicyViolation) ([]*kyverno.ClusterPolicy, error) {`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`return nil, nil`
			`}`
update api in tests 2019-11-13 13:56:07 -08:00			`func (fk FakeLister) ListResources(selector labels.Selector) (ret []kyverno.ClusterPolicy, err error) {`
introduce policy violation generator 2019-11-12 14:41:29 -08:00			`return nil, nil`
introduce policy store 2019-11-11 11:10:25 -08:00			`}`
fix test 2019-11-13 10:21:33 -08:00
update api in tests 2019-11-13 13:56:07 -08:00			`func (fk FakeLister) GetPolicyForNamespacedPolicyViolation(pv kyverno.NamespacedPolicyViolation) ([]*kyverno.ClusterPolicy, error) {`
fix test 2019-11-13 10:21:33 -08:00			`return nil, nil`
			`}`