kyverno/pkg/utils/kube/image_test.go

package kube

import (
	"testing"

	"github.com/kyverno/kyverno/pkg/engine/utils"
	"github.com/kyverno/kyverno/pkg/utils/image"
	imageutils "github.com/kyverno/kyverno/pkg/utils/image"
	"gotest.tools/assert"
)

func Test_extractImageInfo(t *testing.T) {
	tests := []struct {
		extractionConfig ImageExtractorConfigs
		raw              []byte
		images           map[string]map[string]imageutils.ImageInfo
	}{
		{
			raw: []byte(`{"apiVersion": "v1","kind": "Pod","metadata": {"name": "myapp"},"spec": {"initContainers": [{"name": "init","image": "index.docker.io/busybox:v1.2.3"}],"containers": [{"name": "nginx","image": "nginx:latest"}], "ephemeralContainers": [{"name": "ephemeral", "image":"test/nginx:latest"}]}}`),
			images: map[string]map[string]image.ImageInfo{
				"initContainers": {
					"init": {Registry: "index.docker.io", Name: "busybox", Path: "busybox", Tag: "v1.2.3", Pointer: "/spec/initContainers/0/image"},
				},
				"containers": {
					"nginx": {Registry: "docker.io", Name: "nginx", Path: "nginx", Tag: "latest", Pointer: "/spec/containers/0/image"},
				},
				"ephemeralContainers": {
					"ephemeral": {Registry: "docker.io", Name: "nginx", Path: "test/nginx", Tag: "latest", Pointer: "/spec/ephemeralContainers/0/image"},
				},
			},
		},
		{
			raw: []byte(`{"apiVersion": "v1","kind": "Pod","metadata": {"name": "myapp"},"spec": {"containers": [{"name": "nginx","image": "test/nginx:latest"}]}}`),
			images: map[string]map[string]imageutils.ImageInfo{
				"containers": {
					"nginx": {Registry: "docker.io", Name: "nginx", Path: "test/nginx", Tag: "latest", Pointer: "/spec/containers/0/image"},
				},
			},
		},
		{
			raw: []byte(`{"apiVersion": "apps/v1","kind": "Deployment","metadata": {"name": "myapp"},"spec": {"selector": {"matchLabels": {"app": "myapp"}},"template": {"metadata": {"labels": {"app": "myapp"}},"spec": {"initContainers": [{"name": "init","image": "fictional.registry.example:10443/imagename:tag@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"}],"containers": [{"name": "myapp","image": "fictional.registry.example:10443/imagename"}],"ephemeralContainers": [{"name": "ephemeral","image": "fictional.registry.example:10443/imagename:tag@sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"}] }}}}`),
			images: map[string]map[string]imageutils.ImageInfo{
				"initContainers": {
					"init": {Registry: "fictional.registry.example:10443", Name: "imagename", Path: "imagename", Tag: "tag", Digest: "sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", Pointer: "/spec/template/spec/initContainers/0/image"},
				},
				"containers": {
					"myapp": {Registry: "fictional.registry.example:10443", Name: "imagename", Path: "imagename", Tag: "latest", Pointer: "/spec/template/spec/containers/0/image"},
				},
				"ephemeralContainers": {
					"ephemeral": {Registry: "fictional.registry.example:10443", Name: "imagename", Path: "imagename", Tag: "tag", Digest: "sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee", Pointer: "/spec/template/spec/ephemeralContainers/0/image"},
				},
			},
		},
		{
			raw: []byte(`{"apiVersion": "batch/v1beta1","kind": "CronJob","metadata": {"name": "hello"},"spec": {"schedule": "*/1 * * * *","jobTemplate": {"spec": {"template": {"spec": {"containers": [{"name": "hello","image": "test.example.com/test/my-app:v2"}]}}}}}}`),
			images: map[string]map[string]imageutils.ImageInfo{
				"containers": {
					"hello": {Registry: "test.example.com", Name: "my-app", Path: "test/my-app", Tag: "v2", Pointer: "/spec/jobTemplate/spec/template/spec/containers/0/image"},
				},
			},
		},
		{
			extractionConfig: ImageExtractorConfigs{
				"Task": []*ImageExtractorConfig{
					{Path: "/spec/steps/*/image"},
				},
			},
			raw: []byte(`{"apiVersion":"tekton.dev/v1beta1","kind":"Task","metadata":{"name":"example-task-name"},"spec":{"params":[{"name":"pathToDockerFile","type":"string","description":"The path to the dockerfile to build","default":"/workspace/workspace/Dockerfile"}],"resources":{"inputs":[{"name":"workspace","type":"git"}],"outputs":[{"name":"builtImage","type":"image"}]},"steps":[{"name":"ubuntu-example","image":"ubuntu","args":["ubuntu-build-example","SECRETS-example.md"]},{"image":"gcr.io/example-builders/build-example","command":["echo"],"args":["$(params.pathToDockerFile)"]},{"name":"dockerfile-pushexample","image":"gcr.io/example-builders/push-example","args":["push","$(resources.outputs.builtImage.url)"],"volumeMounts":[{"name":"docker-socket-example","mountPath":"/var/run/docker.sock"}]}],"volumes":[{"name":"example-volume","emptyDir":{}}]}}`),
			images: map[string]map[string]imageutils.ImageInfo{
				"custom": {
					"/spec/steps/0/image": {
						Registry: "docker.io",
						Name:     "ubuntu",
						Path:     "ubuntu",
						Tag:      "latest",
						Pointer:  "/spec/steps/0/image",
					},
					"/spec/steps/1/image": {
						Registry: "gcr.io",
						Name:     "build-example",
						Path:     "example-builders/build-example",
						Tag:      "latest",
						Pointer:  "/spec/steps/1/image",
					},
					"/spec/steps/2/image": {
						Registry: "gcr.io",
						Name:     "push-example",
						Path:     "example-builders/push-example",
						Tag:      "latest",
						Pointer:  "/spec/steps/2/image",
					},
				},
			},
		},
		{
			extractionConfig: ImageExtractorConfigs{
				"Task": []*ImageExtractorConfig{
					{Name: "steps", Path: "/spec/steps/*", Value: "image", Key: "name"},
				},
			}, raw: []byte(`{"apiVersion":"tekton.dev/v1beta1","kind":"Task","metadata":{"name":"example-task-name"},"spec":{"steps":[{"name":"ubuntu-example","image":"ubuntu","args":["ubuntu-build-example","SECRETS-example.md"]},{"name":"dockerfile-pushexample","image":"gcr.io/example-builders/push-example","args":["push","$(resources.outputs.builtImage.url)"]}]}}`),
			images: map[string]map[string]imageutils.ImageInfo{
				"steps": {
					"dockerfile-pushexample": {
						Registry: "gcr.io",
						Name:     "push-example",
						Path:     "example-builders/push-example",
						Tag:      "latest",
						Pointer:  "/spec/steps/1/image",
					},
					"ubuntu-example": {
						Registry: "docker.io",
						Name:     "ubuntu",
						Path:     "ubuntu",
						Tag:      "latest",
						Pointer:  "/spec/steps/0/image",
					},
				},
			},
		},
	}

	for _, test := range tests {
		resource, err := utils.ConvertToUnstructured(test.raw)
		assert.NilError(t, err)
		images, err := ExtractImagesFromResource(*resource, test.extractionConfig)
		assert.DeepEqual(t, test.images, images)
	}
}
Refactor image extraction to allow extracting custom resources (#3572) * refactor: image extraction Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * Refactor image extraction to allow extracting custom resources Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-04-11 10:30:38 +01:00			`package kube`

			`import (`
			`"testing"`

			`"github.com/kyverno/kyverno/pkg/engine/utils"`
			`"github.com/kyverno/kyverno/pkg/utils/image"`
			`imageutils "github.com/kyverno/kyverno/pkg/utils/image"`
			`"gotest.tools/assert"`
			`)`

			`func Test_extractImageInfo(t *testing.T) {`
			`tests := []struct {`
Add support for custom image extractors (#3596) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> 2022-04-14 17:08:30 +01:00			`extractionConfig ImageExtractorConfigs`
			`raw []byte`
			`images map[string]map[string]imageutils.ImageInfo`
Refactor image extraction to allow extracting custom resources (#3572) * refactor: image extraction Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * Refactor image extraction to allow extracting custom resources Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-04-11 10:30:38 +01:00			`}{`
			`{`
			raw: []byte(`{"apiVersion": "v1","kind": "Pod","metadata": {"name": "myapp"},"spec": {"initContainers": [{"name": "init","image": "index.docker.io/busybox:v1.2.3"}],"containers": [{"name": "nginx","image": "nginx:latest"}], "ephemeralContainers": [{"name": "ephemeral", "image":"test/nginx:latest"}]}}`),
			`images: map[string]map[string]image.ImageInfo{`
			`"initContainers": {`
			`"init": {Registry: "index.docker.io", Name: "busybox", Path: "busybox", Tag: "v1.2.3", Pointer: "/spec/initContainers/0/image"},`
			`},`
			`"containers": {`
			`"nginx": {Registry: "docker.io", Name: "nginx", Path: "nginx", Tag: "latest", Pointer: "/spec/containers/0/image"},`
			`},`
			`"ephemeralContainers": {`
			`"ephemeral": {Registry: "docker.io", Name: "nginx", Path: "test/nginx", Tag: "latest", Pointer: "/spec/ephemeralContainers/0/image"},`
			`},`
			`},`
			`},`
			`{`
			raw: []byte(`{"apiVersion": "v1","kind": "Pod","metadata": {"name": "myapp"},"spec": {"containers": [{"name": "nginx","image": "test/nginx:latest"}]}}`),
			`images: map[string]map[string]imageutils.ImageInfo{`
			`"containers": {`
			`"nginx": {Registry: "docker.io", Name: "nginx", Path: "test/nginx", Tag: "latest", Pointer: "/spec/containers/0/image"},`
			`},`
			`},`
			`},`
			`{`
			raw: []byte(`{"apiVersion": "apps/v1","kind": "Deployment","metadata": {"name": "myapp"},"spec": {"selector": {"matchLabels": {"app": "myapp"}},"template": {"metadata": {"labels": {"app": "myapp"}},"spec": {"initContainers": [{"name": "init","image": "fictional.registry.example:10443/imagename:tag@sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"}],"containers": [{"name": "myapp","image": "fictional.registry.example:10443/imagename"}],"ephemeralContainers": [{"name": "ephemeral","image": "fictional.registry.example:10443/imagename:tag@sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"}] }}}}`),
			`images: map[string]map[string]imageutils.ImageInfo{`
			`"initContainers": {`
			`"init": {Registry: "fictional.registry.example:10443", Name: "imagename", Path: "imagename", Tag: "tag", Digest: "sha256:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", Pointer: "/spec/template/spec/initContainers/0/image"},`
			`},`
			`"containers": {`
			`"myapp": {Registry: "fictional.registry.example:10443", Name: "imagename", Path: "imagename", Tag: "latest", Pointer: "/spec/template/spec/containers/0/image"},`
			`},`
			`"ephemeralContainers": {`
			`"ephemeral": {Registry: "fictional.registry.example:10443", Name: "imagename", Path: "imagename", Tag: "tag", Digest: "sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee", Pointer: "/spec/template/spec/ephemeralContainers/0/image"},`
			`},`
			`},`
			`},`
			`{`
			raw: []byte(`{"apiVersion": "batch/v1beta1","kind": "CronJob","metadata": {"name": "hello"},"spec": {"schedule": "/1 * * *","jobTemplate": {"spec": {"template": {"spec": {"containers": [{"name": "hello","image": "test.example.com/test/my-app:v2"}]}}}}}}`),
			`images: map[string]map[string]imageutils.ImageInfo{`
			`"containers": {`
			`"hello": {Registry: "test.example.com", Name: "my-app", Path: "test/my-app", Tag: "v2", Pointer: "/spec/jobTemplate/spec/template/spec/containers/0/image"},`
			`},`
			`},`
			`},`
Add support for custom image extractors (#3596) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> 2022-04-14 17:08:30 +01:00			`{`
			`extractionConfig: ImageExtractorConfigs{`
			`"Task": []*ImageExtractorConfig{`
			`{Path: "/spec/steps/*/image"},`
			`},`
			`},`
			raw: []byte(`{"apiVersion":"tekton.dev/v1beta1","kind":"Task","metadata":{"name":"example-task-name"},"spec":{"params":[{"name":"pathToDockerFile","type":"string","description":"The path to the dockerfile to build","default":"/workspace/workspace/Dockerfile"}],"resources":{"inputs":[{"name":"workspace","type":"git"}],"outputs":[{"name":"builtImage","type":"image"}]},"steps":[{"name":"ubuntu-example","image":"ubuntu","args":["ubuntu-build-example","SECRETS-example.md"]},{"image":"gcr.io/example-builders/build-example","command":["echo"],"args":["$(params.pathToDockerFile)"]},{"name":"dockerfile-pushexample","image":"gcr.io/example-builders/push-example","args":["push","$(resources.outputs.builtImage.url)"],"volumeMounts":[{"name":"docker-socket-example","mountPath":"/var/run/docker.sock"}]}],"volumes":[{"name":"example-volume","emptyDir":{}}]}}`),
			`images: map[string]map[string]imageutils.ImageInfo{`
			`"custom": {`
			`"/spec/steps/0/image": {`
			`Registry: "docker.io",`
			`Name: "ubuntu",`
			`Path: "ubuntu",`
			`Tag: "latest",`
			`Pointer: "/spec/steps/0/image",`
			`},`
			`"/spec/steps/1/image": {`
			`Registry: "gcr.io",`
			`Name: "build-example",`
			`Path: "example-builders/build-example",`
			`Tag: "latest",`
			`Pointer: "/spec/steps/1/image",`
			`},`
			`"/spec/steps/2/image": {`
			`Registry: "gcr.io",`
			`Name: "push-example",`
			`Path: "example-builders/push-example",`
			`Tag: "latest",`
			`Pointer: "/spec/steps/2/image",`
			`},`
			`},`
			`},`
			`},`
			`{`
			`extractionConfig: ImageExtractorConfigs{`
			`"Task": []*ImageExtractorConfig{`
			`{Name: "steps", Path: "/spec/steps/*", Value: "image", Key: "name"},`
			`},`
			}, raw: []byte(`{"apiVersion":"tekton.dev/v1beta1","kind":"Task","metadata":{"name":"example-task-name"},"spec":{"steps":[{"name":"ubuntu-example","image":"ubuntu","args":["ubuntu-build-example","SECRETS-example.md"]},{"name":"dockerfile-pushexample","image":"gcr.io/example-builders/push-example","args":["push","$(resources.outputs.builtImage.url)"]}]}}`),
			`images: map[string]map[string]imageutils.ImageInfo{`
			`"steps": {`
			`"dockerfile-pushexample": {`
			`Registry: "gcr.io",`
			`Name: "push-example",`
			`Path: "example-builders/push-example",`
			`Tag: "latest",`
			`Pointer: "/spec/steps/1/image",`
			`},`
			`"ubuntu-example": {`
			`Registry: "docker.io",`
			`Name: "ubuntu",`
			`Path: "ubuntu",`
			`Tag: "latest",`
			`Pointer: "/spec/steps/0/image",`
			`},`
			`},`
			`},`
			`},`
Refactor image extraction to allow extracting custom resources (#3572) * refactor: image extraction Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * Refactor image extraction to allow extracting custom resources Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-04-11 10:30:38 +01:00			`}`

			`for _, test := range tests {`
			`resource, err := utils.ConvertToUnstructured(test.raw)`
			`assert.NilError(t, err)`
Add support for custom image extractors (#3596) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> 2022-04-14 17:08:30 +01:00			`images, err := ExtractImagesFromResource(*resource, test.extractionConfig)`
Refactor image extraction to allow extracting custom resources (#3572) * refactor: image extraction Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * Refactor image extraction to allow extracting custom resources Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> 2022-04-11 10:30:38 +01:00			`assert.DeepEqual(t, test.images, images)`
			`}`
			`}`