2021-07-02 08:56:50 +03:00
|
|
|
package validate
|
|
|
|
|
|
2021-09-08 22:33:41 +03:00
|
|
|
import (
|
|
|
|
|
"github.com/kyverno/kyverno/test/e2e"
|
|
|
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// FluxValidateTests is E2E Test Config for validation
|
|
|
|
|
var FluxValidateTests = []struct {
|
2021-07-02 08:56:50 +03:00
|
|
|
//TestName - Name of the Test
|
|
|
|
|
TestName string
|
2021-08-21 00:44:19 +03:00
|
|
|
// PolicyRaw - The Yaml file of the ClusterPolicy
|
|
|
|
|
PolicyRaw []byte
|
|
|
|
|
// ResourceRaw - The Yaml file of the ClusterPolicy
|
|
|
|
|
ResourceRaw []byte
|
2021-07-02 08:56:50 +03:00
|
|
|
// ResourceNamespace - Namespace of the Resource
|
|
|
|
|
ResourceNamespace string
|
2021-08-21 00:44:19 +03:00
|
|
|
// MustSucceed declares if test case must fail on validation
|
|
|
|
|
MustSucceed bool
|
2021-07-02 08:56:50 +03:00
|
|
|
}{
|
|
|
|
|
{
|
2021-08-21 00:44:19 +03:00
|
|
|
TestName: "test-validate-with-flux-and-variable-substitution-2043",
|
|
|
|
|
PolicyRaw: kyverno_2043_policy,
|
|
|
|
|
ResourceRaw: kyverno_2043_FluxKustomization,
|
2021-07-02 08:56:50 +03:00
|
|
|
ResourceNamespace: "test-validate",
|
2021-08-21 00:44:19 +03:00
|
|
|
MustSucceed: false,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
TestName: "test-validate-with-flux-and-variable-substitution-2241",
|
|
|
|
|
PolicyRaw: kyverno_2241_policy,
|
|
|
|
|
ResourceRaw: kyverno_2241_FluxKustomization,
|
|
|
|
|
ResourceNamespace: "test-validate",
|
|
|
|
|
MustSucceed: true,
|
2021-07-02 08:56:50 +03:00
|
|
|
},
|
|
|
|
|
}
|
2021-09-08 22:33:41 +03:00
|
|
|
|
|
|
|
|
var podGVR = e2e.GetGVR("", "v1", "pods")
|
|
|
|
|
|
|
|
|
|
var ValidateTests = []struct {
|
|
|
|
|
//TestDescription - Description of the Test
|
|
|
|
|
TestDescription string
|
|
|
|
|
// PolicyName - Name of the Policy
|
|
|
|
|
PolicyName string
|
|
|
|
|
// PolicyRaw - The Yaml file of the ClusterPolicy
|
|
|
|
|
PolicyRaw []byte
|
|
|
|
|
// ResourceName - Name of the Resource
|
|
|
|
|
ResourceName string
|
|
|
|
|
// ResourceNamespace - Namespace of the Resource
|
|
|
|
|
ResourceNamespace string
|
|
|
|
|
// ResourceGVR - GVR of the Resource
|
|
|
|
|
ResourceGVR schema.GroupVersionResource
|
|
|
|
|
// ResourceRaw - The Yaml file of the ClusterPolicy
|
|
|
|
|
ResourceRaw []byte
|
|
|
|
|
// MustSucceed - indicates if validation must succeed
|
|
|
|
|
MustSucceed bool
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
// Case for https://github.com/kyverno/kyverno/issues/2345 issue
|
|
|
|
|
TestDescription: "checks that contains function works properly with string list",
|
|
|
|
|
PolicyName: "drop-cap-net-raw",
|
|
|
|
|
PolicyRaw: kyverno_2345_policy,
|
|
|
|
|
ResourceName: "test",
|
|
|
|
|
ResourceNamespace: "test-validate1",
|
|
|
|
|
ResourceGVR: podGVR,
|
|
|
|
|
ResourceRaw: kyverno_2345_resource,
|
|
|
|
|
MustSucceed: false,
|
|
|
|
|
},
|
2021-10-21 05:25:55 +05:30
|
|
|
{
|
|
|
|
|
// Case for https://github.com/kyverno/kyverno/issues/2390 issue
|
|
|
|
|
TestDescription: "checks that policy contains global anchor fields",
|
|
|
|
|
PolicyName: "check-image-pull-secret",
|
|
|
|
|
PolicyRaw: kyverno_global_anchor_validate_policy,
|
|
|
|
|
ResourceName: "pod-with-nginx-allowed-registory",
|
|
|
|
|
ResourceNamespace: "",
|
|
|
|
|
ResourceGVR: podGVR,
|
|
|
|
|
ResourceRaw: kyverno_global_anchor_validate_resource_1,
|
|
|
|
|
MustSucceed: true,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
// Case for https://github.com/kyverno/kyverno/issues/2390 issue
|
|
|
|
|
TestDescription: "checks that policy contains global anchor fields",
|
|
|
|
|
PolicyName: "check-image-pull-secret",
|
|
|
|
|
PolicyRaw: kyverno_global_anchor_validate_policy,
|
|
|
|
|
ResourceName: "pod-with-nginx-disallowed-registory",
|
|
|
|
|
ResourceNamespace: "",
|
|
|
|
|
ResourceGVR: podGVR,
|
|
|
|
|
ResourceRaw: kyverno_global_anchor_validate_resource_2,
|
|
|
|
|
MustSucceed: false,
|
|
|
|
|
},
|
2021-09-08 22:33:41 +03:00
|
|
|
}
|
