feat: add kuttl test for namespaced generate policy, with clone and sync (#6386)

* add a kuttl test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix policy type Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix policy type Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix policy type Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename files Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename files Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename files Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-03-13 19:28:55 +00:00 · 2023-02-24 19:36:19 +08:00 · 2023-02-24 19:36:19 +08:00 · 07b350166f
commit 07b350166f
parent d6482bcecd
11 changed files with 112 additions and 0 deletions
--- a/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/01-assert.yaml
+++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/01-assert.yaml
@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: poltest
+---
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: regcred
+  namespace: poltest
+type: Opaque
--- a/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/01-manifests.yaml
+++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/01-manifests.yaml
@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: poltest
+---
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: regcred
+  namespace: poltest
+type: Opaque
--- a/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/02-assert.yaml
+++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/02-assert.yaml
@ -0,0 +1,10 @@
+apiVersion: kyverno.io/v2beta1
+kind: Policy
+metadata:
+  name: pol-sync-clone
+  namespace: poltest
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
--- a/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/02-policy.yaml
+++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/02-policy.yaml
@ -0,0 +1,22 @@
+apiVersion: kyverno.io/v2beta1
+kind: Policy
+metadata:
+  name: pol-sync-clone
+  namespace: poltest
+spec:
+  rules:
+  - name: gen-zk
+    match:
+      any:
+      - resources:
+          kinds:
+          - ConfigMap
+    generate:
+      apiVersion: v1
+      kind: Secret
+      name: myclonedsecret
+      namespace: poltest
+      synchronize: true
+      clone:
+        namespace: poltest
+        name: regcred
--- a/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/03-trigger.yaml
+++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/03-trigger.yaml
@ -0,0 +1,7 @@
+apiVersion: v1
+data:
+  foo: bar
+kind: ConfigMap
+metadata:
+  name: foo
+  namespace: poltest
--- a/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/04-assert.yaml
+++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/04-assert.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: myclonedsecret
+  namespace: poltest
+type: Opaque
--- a/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/05-modify.yaml
+++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/05-modify.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  foo: Ymx1ZQ==
+kind: Secret
+metadata:
+  name: myclonedsecret
+  namespace: poltest
+type: Opaque
--- a/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/06-sleep.yaml
+++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/06-sleep.yaml
@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: sleep 3
--- a/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/07-assert.yaml
+++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/07-assert.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: myclonedsecret
+  namespace: poltest
+type: Opaque
--- a/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/README.md
+++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/README.md
@ -0,0 +1,11 @@
+## Description
+
+This test ensures that modification of the downstream (cloned) resource used by a Policy `generate` rule with sync enabled using a clone declaration causes those changes to be reverted and synchronized from the state of the upstream/source.
+
+## Expected Behavior
+
+After the downstream resource is modified, the changes should be reverted after synchronization occurs. If the downstream resource is synced with the state of the source resource, the test passes. If the downstream resource remains in a modified state, the test fails.
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/issues/5100
--- a/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/downstream.yaml
+++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/downstream.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: myclonedsecret
+  namespace: poltest
+type: Opaque