mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-13 19:28:55 +00:00
feat: add kuttl test for namespaced generate policy, with clone and sync (#6386)
* add a kuttl test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix policy type Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix policy type Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix policy type Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename files Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename files Signed-off-by: ShutingZhao <shuting@nirmata.com> * rename files Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
This commit is contained in:
parent
d6482bcecd
commit
07b350166f
11 changed files with 112 additions and 0 deletions
|
@ -0,0 +1,13 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: poltest
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
foo: YmFy
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: regcred
|
||||
namespace: poltest
|
||||
type: Opaque
|
|
@ -0,0 +1,13 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: poltest
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
foo: YmFy
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: regcred
|
||||
namespace: poltest
|
||||
type: Opaque
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: kyverno.io/v2beta1
|
||||
kind: Policy
|
||||
metadata:
|
||||
name: pol-sync-clone
|
||||
namespace: poltest
|
||||
status:
|
||||
conditions:
|
||||
- reason: Succeeded
|
||||
status: "True"
|
||||
type: Ready
|
|
@ -0,0 +1,22 @@
|
|||
apiVersion: kyverno.io/v2beta1
|
||||
kind: Policy
|
||||
metadata:
|
||||
name: pol-sync-clone
|
||||
namespace: poltest
|
||||
spec:
|
||||
rules:
|
||||
- name: gen-zk
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- ConfigMap
|
||||
generate:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: myclonedsecret
|
||||
namespace: poltest
|
||||
synchronize: true
|
||||
clone:
|
||||
namespace: poltest
|
||||
name: regcred
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
foo: bar
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: foo
|
||||
namespace: poltest
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
foo: YmFy
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: myclonedsecret
|
||||
namespace: poltest
|
||||
type: Opaque
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
foo: Ymx1ZQ==
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: myclonedsecret
|
||||
namespace: poltest
|
||||
type: Opaque
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kuttl.dev/v1beta1
|
||||
kind: TestStep
|
||||
commands:
|
||||
- command: sleep 3
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
foo: YmFy
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: myclonedsecret
|
||||
namespace: poltest
|
||||
type: Opaque
|
|
@ -0,0 +1,11 @@
|
|||
## Description
|
||||
|
||||
This test ensures that modification of the downstream (cloned) resource used by a Policy `generate` rule with sync enabled using a clone declaration causes those changes to be reverted and synchronized from the state of the upstream/source.
|
||||
|
||||
## Expected Behavior
|
||||
|
||||
After the downstream resource is modified, the changes should be reverted after synchronization occurs. If the downstream resource is synced with the state of the source resource, the test passes. If the downstream resource remains in a modified state, the test fails.
|
||||
|
||||
## Reference Issue(s)
|
||||
|
||||
https://github.com/kyverno/kyverno/issues/5100
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
foo: YmFy
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: myclonedsecret
|
||||
namespace: poltest
|
||||
type: Opaque
|
Loading…
Add table
Reference in a new issue