From 05fcb439822344c55bafe09d20a952190aa87222 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charles.edouard@nirmata.com>
Date: Mon, 18 Dec 2023 21:47:27 +0100
Subject: [PATCH] chore: add cli update test (#9192)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* chore: add cli update test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* update

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 test/cli/test/update/kyverno-test.yaml | 16 +++++++++++++++
 test/cli/test/update/policy.yaml       | 27 ++++++++++++++++++++++++++
 test/cli/test/update/resources.yaml    | 11 +++++++++++
 test/cli/test/update/values.yaml       |  7 +++++++
 4 files changed, 61 insertions(+)
 create mode 100644 test/cli/test/update/kyverno-test.yaml
 create mode 100644 test/cli/test/update/policy.yaml
 create mode 100644 test/cli/test/update/resources.yaml
 create mode 100644 test/cli/test/update/values.yaml

diff --git a/test/cli/test/update/kyverno-test.yaml b/test/cli/test/update/kyverno-test.yaml
new file mode 100644
index 0000000000..54f1288795
--- /dev/null
+++ b/test/cli/test/update/kyverno-test.yaml
@@ -0,0 +1,16 @@
+apiVersion: cli.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: update
+policies:
+- policy.yaml
+resources:
+- resources.yaml
+results:
+- kind: Deployment
+  policy: block-update-no-label-change
+  resources:
+  - my-ns/deployment
+  result: pass
+  rule: check-label-change
+variables: values.yaml
diff --git a/test/cli/test/update/policy.yaml b/test/cli/test/update/policy.yaml
new file mode 100644
index 0000000000..6eaa67aca9
--- /dev/null
+++ b/test/cli/test/update/policy.yaml
@@ -0,0 +1,27 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: block-update-no-label-change
+spec:
+  validationFailureAction: Audit
+  background: false
+  rules:
+    - name: check-label-change
+      match:
+        all:
+          - resources:
+              kinds:
+                - Deployment
+      preconditions:
+        all:
+          - key: "{{ request.operation || '' }}"
+            operator: Equals
+            value: UPDATE
+      validate:
+        message: Pass only if labels are different
+        deny:
+          conditions:
+            any:
+              - key: "{{ request.object.metadata.labels || `{}` }}"
+                operator: Equals
+                value: "{{ request.oldObject.metadata.labels || `{}` }}"
diff --git a/test/cli/test/update/resources.yaml b/test/cli/test/update/resources.yaml
new file mode 100644
index 0000000000..bdb83063a3
--- /dev/null
+++ b/test/cli/test/update/resources.yaml
@@ -0,0 +1,11 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deployment
+  namespace: my-ns
+  annotations:
+    existing-annotation: existing-value
+  labels:
+    existing-label: existing-value
+spec:
+  replicas: 1
diff --git a/test/cli/test/update/values.yaml b/test/cli/test/update/values.yaml
new file mode 100644
index 0000000000..320e78b36f
--- /dev/null
+++ b/test/cli/test/update/values.yaml
@@ -0,0 +1,7 @@
+apiVersion: cli.kyverno.io/v1alpha1
+kind: Value
+metadata:
+  name: values
+globalValues:
+  request.operation: UPDATE
+  request.oldObject.metadata.labels.existing-label: foo
\ No newline at end of file