kyverno/pkg/policy/utils_test.go

package policy

import (
	"fmt"
	"testing"

	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
	kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
	"gotest.tools/assert"
	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)

func Test_fetchUniqueKinds(t *testing.T) {

	tests := []struct {
		name string
		rule kyverno.Rule
		want []string
	}{
		{
			name: "Unique MatchResource kinds",
			rule: kyverno.Rule{
				MatchResources: kyverno.MatchResources{
					ResourceDescription: kyverno.ResourceDescription{
						Kinds: []string{"kind1", "kind2"},
					},
				},
			},
			want: []string{"kind1", "kind2"},
		},

		{
			name: "Any with same kind are valid",
			rule: kyverno.Rule{
				MatchResources: kyverno.MatchResources{
					Any: []kyverno.ResourceFilter{
						{
							ResourceDescription: kyverno.ResourceDescription{
								Kinds: []string{"kind1", "kind2"},
							},
						},
						{
							ResourceDescription: kyverno.ResourceDescription{
								Kinds: []string{"kind1", "kind3"},
							},
						},
					},
				},
			},
			want: []string{"kind1", "kind2", "kind3"},
		},
		{
			name: "Match with All and Any kind",
			rule: kyverno.Rule{
				MatchResources: kyverno.MatchResources{
					All: []kyverno.ResourceFilter{
						{
							ResourceDescription: kyverno.ResourceDescription{
								Kinds: []string{"kind1"},
							},
						},
					},
					Any: []kyverno.ResourceFilter{
						{
							ResourceDescription: kyverno.ResourceDescription{
								Kinds: []string{"kind1", "kind2"},
							},
						},
					},
				},
			},
			want: []string{"kind1", "kind2"},
		},
		{
			name: "Match with different All and Any kind",
			rule: kyverno.Rule{
				MatchResources: kyverno.MatchResources{
					All: []kyverno.ResourceFilter{
						{
							ResourceDescription: kyverno.ResourceDescription{
								Kinds: []string{"kind4", "kind5"},
							},
						},
					},
					Any: []kyverno.ResourceFilter{
						{
							ResourceDescription: kyverno.ResourceDescription{
								Kinds: []string{"kind1", "kind2"},
							},
						},
					},
				},
			},
			want: []string{"kind1", "kind2", "kind4", "kind5"},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			kinds := fetchUniqueKinds(tt.rule)
			for _, want := range tt.want {
				if !kubeutils.ContainsKind(kinds, want) {
					assert.Error(t, fmt.Errorf("%s fails, expected %s", tt.name, want), "")
				}
			}
		})
	}
}

func Test_convertlist(t *testing.T) {
	tests := []struct {
		name   string
		ulists []unstructured.Unstructured
		want   []*unstructured.Unstructured
	}{
		{
			name: "Convert list",
			ulists: []unstructured.Unstructured{
				{
					Object: map[string]interface{}{
						"kind": "kind1",
					},
				},
				{
					Object: map[string]interface{}{
						"namespace": "ns-1",
					},
				},
			},
			want: []*unstructured.Unstructured{
				{
					Object: map[string]interface{}{
						"kind": "kind1",
					},
				},
				{
					Object: map[string]interface{}{
						"namespace": "ns-1",
					},
				},
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			assert.DeepEqual(t, convertlist(tt.ulists), tt.want)
		})
	}
}
tests: add unit tests for utils functions (#3857) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> 2022-05-10 19:15:48 +05:30			`package policy`

			`import (`
fix: Delete downstream objects on precondition fail (#7496) * fix: Delete downstream objects on precondition fail When a rule fails the match in a generate rule, the downstream resource gets deleted. This will now also happen if the rule is skipped due to a precondition. Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> * add debug command Signed-off-by: ShutingZhao <shuting@nirmata.com> * sync trigger updates to downstream Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix bgscan fetching trigger Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: Move rbac change into tests for better isolation Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> * fix unit test Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2023-06-15 16:32:19 +01:00			`"fmt"`
tests: add unit tests for utils functions (#3857) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> 2022-05-10 19:15:48 +05:30			`"testing"`

			`kyverno "github.com/kyverno/kyverno/api/kyverno/v1"`
fix: Delete downstream objects on precondition fail (#7496) * fix: Delete downstream objects on precondition fail When a rule fails the match in a generate rule, the downstream resource gets deleted. This will now also happen if the rule is skipped due to a precondition. Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> * add debug command Signed-off-by: ShutingZhao <shuting@nirmata.com> * sync trigger updates to downstream Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix bgscan fetching trigger Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: Move rbac change into tests for better isolation Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> * fix unit test Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2023-06-15 16:32:19 +01:00			`kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"`
tests: add unit tests for utils functions (#3857) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> 2022-05-10 19:15:48 +05:30			`"gotest.tools/assert"`
			`"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"`
			`)`

			`func Test_fetchUniqueKinds(t *testing.T) {`

			`tests := []struct {`
			`name string`
			`rule kyverno.Rule`
			`want []string`
			`}{`
			`{`
			`name: "Unique MatchResource kinds",`
			`rule: kyverno.Rule{`
			`MatchResources: kyverno.MatchResources{`
			`ResourceDescription: kyverno.ResourceDescription{`
			`Kinds: []string{"kind1", "kind2"},`
			`},`
			`},`
			`},`
			`want: []string{"kind1", "kind2"},`
			`},`

			`{`
			`name: "Any with same kind are valid",`
			`rule: kyverno.Rule{`
			`MatchResources: kyverno.MatchResources{`
			`Any: []kyverno.ResourceFilter{`
			`{`
			`ResourceDescription: kyverno.ResourceDescription{`
			`Kinds: []string{"kind1", "kind2"},`
			`},`
			`},`
			`{`
			`ResourceDescription: kyverno.ResourceDescription{`
			`Kinds: []string{"kind1", "kind3"},`
			`},`
			`},`
			`},`
			`},`
			`},`
			`want: []string{"kind1", "kind2", "kind3"},`
			`},`
			`{`
			`name: "Match with All and Any kind",`
			`rule: kyverno.Rule{`
			`MatchResources: kyverno.MatchResources{`
			`All: []kyverno.ResourceFilter{`
			`{`
			`ResourceDescription: kyverno.ResourceDescription{`
			`Kinds: []string{"kind1"},`
			`},`
			`},`
			`},`
			`Any: []kyverno.ResourceFilter{`
			`{`
			`ResourceDescription: kyverno.ResourceDescription{`
			`Kinds: []string{"kind1", "kind2"},`
			`},`
			`},`
			`},`
			`},`
			`},`
			`want: []string{"kind1", "kind2"},`
			`},`
			`{`
			`name: "Match with different All and Any kind",`
			`rule: kyverno.Rule{`
			`MatchResources: kyverno.MatchResources{`
			`All: []kyverno.ResourceFilter{`
			`{`
			`ResourceDescription: kyverno.ResourceDescription{`
			`Kinds: []string{"kind4", "kind5"},`
			`},`
			`},`
			`},`
			`Any: []kyverno.ResourceFilter{`
			`{`
			`ResourceDescription: kyverno.ResourceDescription{`
			`Kinds: []string{"kind1", "kind2"},`
			`},`
			`},`
			`},`
			`},`
			`},`
fix: Delete downstream objects on precondition fail (#7496) * fix: Delete downstream objects on precondition fail When a rule fails the match in a generate rule, the downstream resource gets deleted. This will now also happen if the rule is skipped due to a precondition. Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> * add debug command Signed-off-by: ShutingZhao <shuting@nirmata.com> * sync trigger updates to downstream Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix bgscan fetching trigger Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: Move rbac change into tests for better isolation Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> * fix unit test Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2023-06-15 16:32:19 +01:00			`want: []string{"kind1", "kind2", "kind4", "kind5"},`
tests: add unit tests for utils functions (#3857) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> 2022-05-10 19:15:48 +05:30			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
fix: Delete downstream objects on precondition fail (#7496) * fix: Delete downstream objects on precondition fail When a rule fails the match in a generate rule, the downstream resource gets deleted. This will now also happen if the rule is skipped due to a precondition. Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> * add debug command Signed-off-by: ShutingZhao <shuting@nirmata.com> * sync trigger updates to downstream Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix bgscan fetching trigger Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: Move rbac change into tests for better isolation Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> * fix unit test Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2023-06-15 16:32:19 +01:00			`kinds := fetchUniqueKinds(tt.rule)`
			`for _, want := range tt.want {`
			`if !kubeutils.ContainsKind(kinds, want) {`
			`assert.Error(t, fmt.Errorf("%s fails, expected %s", tt.name, want), "")`
			`}`
			`}`
tests: add unit tests for utils functions (#3857) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> 2022-05-10 19:15:48 +05:30			`})`
			`}`
			`}`

			`func Test_convertlist(t *testing.T) {`
			`tests := []struct {`
			`name string`
			`ulists []unstructured.Unstructured`
			`want []*unstructured.Unstructured`
			`}{`
			`{`
			`name: "Convert list",`
			`ulists: []unstructured.Unstructured{`
			`{`
			`Object: map[string]interface{}{`
			`"kind": "kind1",`
			`},`
			`},`
			`{`
			`Object: map[string]interface{}{`
			`"namespace": "ns-1",`
			`},`
			`},`
			`},`
			`want: []*unstructured.Unstructured{`
			`{`
			`Object: map[string]interface{}{`
			`"kind": "kind1",`
			`},`
			`},`
			`{`
			`Object: map[string]interface{}{`
			`"namespace": "ns-1",`
			`},`
			`},`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`assert.DeepEqual(t, convertlist(tt.ulists), tt.want)`
			`})`
			`}`
			`}`