feat: compress test results in cli fix test command (#8343)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-12-14 11:57:48 +00:00 · 2023-09-12 08:46:35 +02:00 · 2023-09-12 08:46:35 +02:00 · 029a62a504
commit 029a62a504
parent e21da49d5b
12 changed files with 127 additions and 179 deletions
--- a/cmd/cli/kubectl-kyverno/commands/fix/test/command.go
+++ b/cmd/cli/kubectl-kyverno/commands/fix/test/command.go
@ -5,6 +5,8 @@ import (
 	"os"
 	"path/filepath"

+	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+	testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
 	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command"
 	"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test"
 	"github.com/spf13/cobra"
@ -14,6 +16,7 @@ import (
 func Command() *cobra.Command {
 	var fileName string
 	var save bool
+	var compress bool
 	cmd := &cobra.Command{
 		Use:     "test [folder]...",
 		Short:   command.FormatDescription(true, websiteUrl, true, description...),
@ -70,6 +73,41 @@ func Command() *cobra.Command {
 						needsSave = true
 					}
 				}
+				if compress {
+					compressed := map[key][]string{}
+					for _, result := range test.Results {
+						k := key{
+							Policy:                      result.Policy,
+							Rule:                        result.Rule,
+							IsValidatingAdmissionPolicy: result.IsValidatingAdmissionPolicy,
+							Result:                      result.Result,
+							Kind:                        result.Kind,
+							Namespace:                   result.Namespace,
+							PatchedResource:             result.PatchedResource,
+							GeneratedResource:           result.GeneratedResource,
+							CloneSourceResource:         result.CloneSourceResource,
+						}
+						compressed[k] = append(compressed[k], result.Resources...)
+					}
+					if len(compressed) != len(test.Results) {
+						needsSave = true
+					}
+					test.Results = nil
+					for k, v := range compressed {
+						test.Results = append(test.Results, testapi.TestResults{
+							Policy:                      k.Policy,
+							Rule:                        k.Rule,
+							IsValidatingAdmissionPolicy: k.IsValidatingAdmissionPolicy,
+							Result:                      k.Result,
+							Kind:                        k.Kind,
+							Namespace:                   k.Namespace,
+							PatchedResource:             k.PatchedResource,
+							GeneratedResource:           k.GeneratedResource,
+							CloneSourceResource:         k.CloneSourceResource,
+							Resources:                   v,
+						})
+					}
+				}
 				if save && needsSave {
 					fmt.Printf("  Saving test file (%s)...", testCase.Path)
 					fmt.Println()
@ -94,5 +132,18 @@ func Command() *cobra.Command {
 	}
 	cmd.Flags().StringVarP(&fileName, "file-name", "f", "kyverno-test.yaml", "Test filename")
 	cmd.Flags().BoolVar(&save, "save", false, "Save fixed file")
+	cmd.Flags().BoolVar(&compress, "compress", false, "Compress test results")
 	return cmd
 }
+
+type key struct {
+	Policy                      string
+	Rule                        string
+	IsValidatingAdmissionPolicy bool
+	Result                      policyreportv1alpha2.PolicyResult
+	Kind                        string
+	Namespace                   string
+	PatchedResource             string
+	GeneratedResource           string
+	CloneSourceResource         string
+}
--- a/docs/user/cli/kyverno_fix_test.md
+++ b/docs/user/cli/kyverno_fix_test.md
@ -28,6 +28,7 @@ kyverno fix test [folder]... [flags]
 ### Options

 ```
+      --compress           Compress test results
  -f, --file-name string   Test filename (default "kyverno-test.yaml")
  -h, --help               help for test
      --save               Save fixed file
--- a/test/cli/registry/kyverno-test.yaml
+++ b/test/cli/registry/kyverno-test.yaml
@ -8,11 +8,6 @@ results:
  policy: images
  resources:
  - test-pod-with-non-root-user-image
-  result: pass
-  rule: only-allow-trusted-images
- kind: Pod
-  policy: images
-  resources:
  - test-pod-with-trusted-registry
  result: pass
  rule: only-allow-trusted-images
--- a/test/cli/test-mutate/global-anchor/kyverno-test.yaml
+++ b/test/cli/test-mutate/global-anchor/kyverno-test.yaml
@ -8,6 +8,7 @@ results:
  policy: add-safe-to-evict
  resources:
  - pod-without-emptydir-hostpath
+  - pod-without-emptydir-hostpath-1
  result: skip
  rule: annotate-empty-dir
 - kind: Pod
@ -24,9 +25,3 @@ results:
  - pod-with-emptydir-hostpath-1
  result: pass
  rule: annotate-empty-dir
- kind: Pod
-  policy: add-safe-to-evict
-  resources:
-  - pod-without-emptydir-hostpath-1
-  result: skip
-  rule: annotate-empty-dir
--- a/test/cli/test/admission_user_info/kyverno-test.yaml
+++ b/test/cli/test/admission_user_info/kyverno-test.yaml
@ -8,17 +8,7 @@ results:
  policy: disallow-latest-tag
  resources:
  - myapp-pod1
-  result: pass
-  rule: require-image-tag
- kind: Pod
-  policy: disallow-latest-tag
-  resources:
  - myapp-pod2
-  result: pass
-  rule: require-image-tag
- kind: Pod
-  policy: disallow-latest-tag
-  resources:
  - myapp-pod3
  result: pass
  rule: require-image-tag
@ -26,17 +16,7 @@ results:
  policy: disallow-latest-tag
  resources:
  - myapp-pod1
-  result: pass
-  rule: validate-image-tag
- kind: Pod
-  policy: disallow-latest-tag
-  resources:
  - myapp-pod2
-  result: pass
-  rule: validate-image-tag
- kind: Pod
-  policy: disallow-latest-tag
-  resources:
  - myapp-pod3
  result: pass
  rule: validate-image-tag
--- a/test/cli/test/anypattern_skip_error/kyverno-test.yaml
+++ b/test/cli/test/anypattern_skip_error/kyverno-test.yaml
@ -8,11 +8,6 @@ results:
  policy: validate-service-loadbalancer
  resources:
  - service-public-pass
-  result: pass
-  rule: check-loadbalancer-public
- kind: Service
-  policy: validate-service-loadbalancer
-  resources:
  - service-public-2-pass
  result: pass
  rule: check-loadbalancer-public
--- a/test/cli/test/container_reorder/kyverno-test.yaml
+++ b/test/cli/test/container_reorder/kyverno-test.yaml
@ -8,11 +8,6 @@ results:
  policy: check-image
  resources:
  - signed-first
-  result: fail
-  rule: verify-signature
- kind: Pod
-  policy: check-image
-  resources:
  - unsigned-first
  result: fail
  rule: verify-signature
--- a/test/cli/test/deny-modify-platform-label/kyverno-test.yaml
+++ b/test/cli/test/deny-modify-platform-label/kyverno-test.yaml
@ -1,12 +1,13 @@
 name: modify_with_master_access
 policies:
-  - deny-modify-platform-label.yaml
+- deny-modify-platform-label.yaml
 resources:
-  - resource.yaml
-variables: variables.yaml
+- resource.yaml
 results:
-  - policy: deny-modify-platform-label
-    rule: deny-modify-platform-role
-    resource: my-role-with-platform
-    kind: Role
-    result: skip
+- kind: Role
+  policy: deny-modify-platform-label
+  resources:
+  - my-role-with-platform
+  result: skip
+  rule: deny-modify-platform-role
+variables: variables.yaml
--- a/test/cli/test/foreach/kyverno-test.yaml
+++ b/test/cli/test/foreach/kyverno-test.yaml
@ -8,11 +8,6 @@ results:
  policy: validate-empty-dir-mountpath
  resources:
  - test-pod
-  result: pass
-  rule: check-mount-paths
- kind: Pod
-  policy: validate-empty-dir-mountpath
-  resources:
  - test-pod2
  result: pass
  rule: check-mount-paths
@ -20,11 +15,6 @@ results:
  policy: validate-empty-dir-resources
  resources:
  - test-pod-bad-mount
-  result: fail
-  rule: check-resources
- kind: Pod
-  policy: validate-empty-dir-resources
-  resources:
  - test-pod
  result: fail
  rule: check-resources
@ -32,6 +22,7 @@ results:
  policy: validate-empty-dir-resources
  resources:
  - test-pod-with-resources
+  - test-pod-with-resources-multiple-ctnrs
  result: pass
  rule: check-resources
 - kind: Pod
@ -40,21 +31,10 @@ results:
  - test-pod-with-gke-vol
  result: skip
  rule: check-resources
- kind: Pod
-  policy: validate-empty-dir-resources
-  resources:
-  - test-pod-with-resources-multiple-ctnrs
-  result: pass
-  rule: check-resources
 - kind: Pod
  policy: validate-image-list
  resources:
  - test-pod
-  result: fail
-  rule: check-image
- kind: Pod
-  policy: validate-image-list
-  resources:
  - test-pod-ghcr
  result: fail
  rule: check-image
--- a/test/cli/test/jmespath-brackets/kyverno-test.yaml
+++ b/test/cli/test/jmespath-brackets/kyverno-test.yaml
@ -8,17 +8,7 @@ results:
  policy: test-jmespath
  resources:
  - test-valid1
-  result: pass
-  rule: test-jmespath
- kind: Pod
-  policy: test-jmespath
-  resources:
  - test-valid2
-  result: pass
-  rule: test-jmespath
- kind: Pod
-  policy: test-jmespath
-  resources:
  - test-valid3
  result: pass
  rule: test-jmespath
--- a/test/cli/test/simple/kyverno-test.yaml
+++ b/test/cli/test/simple/kyverno-test.yaml
@ -4,41 +4,6 @@ policies:
 resources:
 - resources.yaml
 results:
- kind: Pod
-  namespace: test
-  policy: disallow-latest-tag
-  resources:
-  - test-require-image-tag-pass
-  result: pass
-  rule: require-image-tag
- kind: Pod
-  namespace: test
-  policy: disallow-latest-tag
-  resources:
-  - test-require-image-tag-fail
-  result: fail
-  rule: require-image-tag
-# TODO CEB FIX
-# - kind: Pod
-#   policy: disallow-latest-tag
-#   resources:
-#   - test-validate-image-tag-ignore
-#   result: skip
-#   rule: validate-image-tag
- kind: Pod
-  namespace: test
-  policy: disallow-latest-tag
-  resources:
-  - test-validate-image-tag-fail
-  result: fail
-  rule: validate-image-tag
- kind: Pod
-  namespace: test
-  policy: disallow-latest-tag
-  resources:
-  - test-validate-image-tag-pass
-  result: pass
-  rule: validate-image-tag
 - kind: Pod
  namespace: test
  policy: duration-test
@ -60,6 +25,44 @@ results:
  - test-lifetime-fail
  result: fail
  rule: greater-equal-than
+- kind: Pod
+  namespace: test
+  policy: restrict-pod-counts
+  resources:
+  - test-require-image-tag-pass
+  - test-require-image-tag-fail
+  - test-validate-image-tag-fail
+  - test-validate-image-tag-pass
+  result: fail
+  rule: restrict-pod-count
+- kind: Pod
+  namespace: test
+  policy: disallow-latest-tag
+  resources:
+  - test-require-image-tag-pass
+  result: pass
+  rule: require-image-tag
+- kind: Pod
+  namespace: test
+  policy: disallow-latest-tag
+  resources:
+  - test-require-image-tag-fail
+  result: fail
+  rule: require-image-tag
+- kind: Pod
+  namespace: test
+  policy: disallow-latest-tag
+  resources:
+  - test-validate-image-tag-pass
+  result: pass
+  rule: validate-image-tag
+- kind: Pod
+  namespace: test
+  policy: disallow-latest-tag
+  resources:
+  - test-validate-image-tag-fail
+  result: fail
+  rule: validate-image-tag
 - kind: Pod
  namespace: test
  policy: duration-test
@ -71,40 +74,7 @@ results:
  policy: restrict-pod-counts
  resources:
  - myapp-pod
-  result: fail
-  rule: restrict-pod-count
- kind: Pod
-  namespace: test
-  policy: restrict-pod-counts
-  resources:
-  - test-require-image-tag-pass
-  result: fail
-  rule: restrict-pod-count
- kind: Pod
-  namespace: test
-  policy: restrict-pod-counts
-  resources:
-  - test-require-image-tag-fail
-  result: fail
-  rule: restrict-pod-count
- kind: Pod
-  policy: restrict-pod-counts
-  resources:
  - test-validate-image-tag-ignore
  result: fail
  rule: restrict-pod-count
- kind: Pod
-  namespace: test
-  policy: restrict-pod-counts
-  resources:
-  - test-validate-image-tag-fail
-  result: fail
-  rule: restrict-pod-count
- kind: Pod
-  namespace: test
-  policy: restrict-pod-counts
-  resources:
-  - test-validate-image-tag-pass
-  result: fail
-  rule: restrict-pod-count
 variables: values.yaml
--- a/test/cli/test/variables/kyverno-test.yaml
+++ b/test/cli/test/variables/kyverno-test.yaml
@ -10,17 +10,12 @@ resources:
 - resources.yaml
 results:
 - kind: Pod
-  policy: cm-multiple-example
+  policy: images
  resources:
-  - test-env-test
+  - test-pod-with-non-root-user-image
+  - test-pod-with-trusted-registry
  result: pass
-  rule: example-configmap-lookup
- kind: Pod
-  policy: cm-multiple-example
-  resources:
-  - test-env-dev
-  result: fail
-  rule: example-configmap-lookup
+  rule: only-allow-trusted-images
 - kind: Pod
  policy: cm-variable-example
  resources:
@ -48,14 +43,32 @@ results:
 - kind: Pod
  policy: cm-blk-scalar-example
  resources:
-  - test-blk-web
-  result: fail
+  - test-blk-app
+  result: pass
  rule: validate-blk-role-annotation
+- kind: Pod
+  policy: images
+  resources:
+  - test-pod-with-non-trusted-registry
+  result: fail
+  rule: only-allow-trusted-images
+- kind: Pod
+  policy: cm-multiple-example
+  resources:
+  - test-env-test
+  result: pass
+  rule: example-configmap-lookup
+- kind: Pod
+  policy: cm-multiple-example
+  resources:
+  - test-env-dev
+  result: fail
+  rule: example-configmap-lookup
 - kind: Pod
  policy: cm-blk-scalar-example
  resources:
-  - test-blk-app
-  result: pass
+  - test-blk-web
+  result: fail
  rule: validate-blk-role-annotation
 - kind: Pod
  policy: cm-globalval-example
@ -69,22 +82,4 @@ results:
  - test-global-prod
  result: fail
  rule: validate-mode
- kind: Pod
-  policy: images
-  resources:
-  - test-pod-with-non-root-user-image
-  result: pass
-  rule: only-allow-trusted-images
- kind: Pod
-  policy: images
-  resources:
-  - test-pod-with-trusted-registry
-  result: pass
-  rule: only-allow-trusted-images
- kind: Pod
-  policy: images
-  resources:
-  - test-pod-with-non-trusted-registry
-  result: fail
-  rule: only-allow-trusted-images
 variables: variables.yaml