diff --git a/pkg/engine/overlay_test.go b/pkg/engine/overlay_test.go index c0d670054e..d81e349403 100644 --- a/pkg/engine/overlay_test.go +++ b/pkg/engine/overlay_test.go @@ -65,8 +65,8 @@ func TestApplyOverlay_NestedListWithAnchor(t *testing.T) { json.Unmarshal(resourceRaw, &resource) json.Unmarshal(overlayRaw, &overlay) - patches, res := applyOverlay(resource, overlay, "/") - assert.NilError(t, res.ToError()) + patches, err := applyOverlay(resource, overlay, "/") + assert.NilError(t, err) assert.Assert(t, patches != nil) patch := JoinPatches(patches) @@ -165,8 +165,8 @@ func TestApplyOverlay_InsertIntoArray(t *testing.T) { json.Unmarshal(resourceRaw, &resource) json.Unmarshal(overlayRaw, &overlay) - patches, res := applyOverlay(resource, overlay, "/") - assert.NilError(t, res.ToError()) + patches, err := applyOverlay(resource, overlay, "/") + assert.NilError(t, err) assert.Assert(t, patches != nil) patch := JoinPatches(patches) @@ -286,8 +286,8 @@ func TestApplyOverlay_TestInsertToArray(t *testing.T) { json.Unmarshal(resourceRaw, &resource) json.Unmarshal(overlayRaw, &overlay) - patches, res := applyOverlay(resource, overlay, "/") - assert.NilError(t, res.ToError()) + patches, err := applyOverlay(resource, overlay, "/") + assert.NilError(t, err) assert.Assert(t, patches != nil) patch := JoinPatches(patches) @@ -369,8 +369,8 @@ func TestApplyOverlay_ImagePullPolicy(t *testing.T) { json.Unmarshal(resourceRaw, &resource) json.Unmarshal(overlayRaw, &overlay) - patches, res := applyOverlay(resource, overlay, "/") - assert.NilError(t, res.ToError()) + patches, err := applyOverlay(resource, overlay, "/") + assert.NilError(t, err) assert.Assert(t, len(patches) != 0) doc, err := ApplyPatches(resourceRaw, patches) @@ -455,8 +455,8 @@ func TestApplyOverlay_AddingAnchor(t *testing.T) { json.Unmarshal(resourceRaw, &resource) json.Unmarshal(overlayRaw, &overlay) - patches, res := applyOverlay(resource, overlay, "/") - assert.NilError(t, res.ToError()) + patches, err := applyOverlay(resource, overlay, "/") + assert.NilError(t, err) assert.Assert(t, len(patches) != 0) doc, err := ApplyPatches(resourceRaw, patches) @@ -540,8 +540,8 @@ func TestApplyOverlay_AddingAnchorInsideListElement(t *testing.T) { json.Unmarshal(resourceRaw, &resource) json.Unmarshal(overlayRaw, &overlay) - patches, res := applyOverlay(resource, overlay, "/") - assert.NilError(t, res.ToError()) + patches, err := applyOverlay(resource, overlay, "/") + assert.NilError(t, err) assert.Assert(t, len(patches) != 0) doc, err := ApplyPatches(resourceRaw, patches) diff --git a/pkg/engine/patches.go b/pkg/engine/patches.go index 31ab31b42e..578023f2c0 100644 --- a/pkg/engine/patches.go +++ b/pkg/engine/patches.go @@ -4,6 +4,8 @@ import ( "encoding/json" "errors" + "github.com/golang/glog" + jsonpatch "github.com/evanphx/json-patch" kubepolicy "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1" ) @@ -14,7 +16,7 @@ type PatchBytes []byte // ProcessPatches Returns array from separate patches that can be applied to the document // Returns error ONLY in case when creation of resource should be denied. func ProcessPatches(rule kubepolicy.Rule, resource []byte) (allPatches []PatchBytes, errs []error) { - if len(resource) == 0 { + if len(resource) == 0 || rule.Mutation == nil { errs = append(errs, errors.New("Source document for patching is empty")) return nil, errs } @@ -27,6 +29,11 @@ func ProcessPatches(rule kubepolicy.Rule, resource []byte) (allPatches []PatchBy } patchedDocument, err = applyPatch(patchedDocument, patchRaw) + // TODO: continue on error if one of the patches fails, will add the failure event in such case + if patch.Operation == "remove" { + glog.Info(err) + continue + } if err != nil { errs = append(errs, err) continue diff --git a/pkg/engine/patches_test.go b/pkg/engine/patches_test.go index 251b3b1ee2..0f6bbcfe1b 100644 --- a/pkg/engine/patches_test.go +++ b/pkg/engine/patches_test.go @@ -35,8 +35,8 @@ const endpointsDocument string = `{ func TestProcessPatches_EmptyPatches(t *testing.T) { var emptyRule = types.Rule{} - patches, res := ProcessPatches(emptyRule, []byte(endpointsDocument)) - assert.NilError(t, res.ToError()) + patches, err := ProcessPatches(emptyRule, []byte(endpointsDocument)) + assert.Check(t, len(err) == 1) assert.Assert(t, len(patches) == 0) } @@ -64,15 +64,15 @@ func makeRuleWithPatches(patches []types.Patch) types.Rule { func TestProcessPatches_EmptyDocument(t *testing.T) { rule := makeRuleWithPatch(makeAddIsMutatedLabelPatch()) - patchesBytes, res := ProcessPatches(rule, nil) - assert.Assert(t, res.ToError() != nil) + patchesBytes, err := ProcessPatches(rule, nil) + assert.Assert(t, err != nil) assert.Assert(t, len(patchesBytes) == 0) } func TestProcessPatches_AllEmpty(t *testing.T) { emptyRule := types.Rule{} - patchesBytes, res := ProcessPatches(emptyRule, nil) - assert.NilError(t, res.ToError()) + patchesBytes, err := ProcessPatches(emptyRule, nil) + assert.Check(t, len(err) == 1) assert.Assert(t, len(patchesBytes) == 0) } @@ -80,16 +80,16 @@ func TestProcessPatches_AddPathDoesntExist(t *testing.T) { patch := makeAddIsMutatedLabelPatch() patch.Path = "/metadata/additional/is-mutated" rule := makeRuleWithPatch(patch) - patchesBytes, res := ProcessPatches(rule, []byte(endpointsDocument)) - assert.NilError(t, res.ToError()) + patchesBytes, err := ProcessPatches(rule, []byte(endpointsDocument)) + assert.Check(t, len(err) == 1) assert.Assert(t, len(patchesBytes) == 0) } func TestProcessPatches_RemovePathDoesntExist(t *testing.T) { patch := types.Patch{Path: "/metadata/labels/is-mutated", Operation: "remove"} rule := makeRuleWithPatch(patch) - patchesBytes, res := ProcessPatches(rule, []byte(endpointsDocument)) - assert.NilError(t, res.ToError()) + patchesBytes, err := ProcessPatches(rule, []byte(endpointsDocument)) + assert.Check(t, len(err) == 0) assert.Assert(t, len(patchesBytes) == 0) } @@ -97,8 +97,8 @@ func TestProcessPatches_AddAndRemovePathsDontExist_EmptyResult(t *testing.T) { patch1 := types.Patch{Path: "/metadata/labels/is-mutated", Operation: "remove"} patch2 := types.Patch{Path: "/spec/labels/label3", Operation: "add", Value: "label3Value"} rule := makeRuleWithPatches([]types.Patch{patch1, patch2}) - patchesBytes, res := ProcessPatches(rule, []byte(endpointsDocument)) - assert.NilError(t, res.ToError()) + patchesBytes, err := ProcessPatches(rule, []byte(endpointsDocument)) + assert.Check(t, len(err) == 1) assert.Assert(t, len(patchesBytes) == 0) } @@ -107,17 +107,17 @@ func TestProcessPatches_AddAndRemovePathsDontExist_ContinueOnError_NotEmptyResul patch2 := types.Patch{Path: "/spec/labels/label2", Operation: "remove", Value: "label2Value"} patch3 := types.Patch{Path: "/metadata/labels/label3", Operation: "add", Value: "label3Value"} rule := makeRuleWithPatches([]types.Patch{patch1, patch2, patch3}) - patchesBytes, res := ProcessPatches(rule, []byte(endpointsDocument)) - assert.NilError(t, res.ToError()) - assert.Assert(t, len(patchesBytes) == 1) + patchesBytes, err := ProcessPatches(rule, []byte(endpointsDocument)) + assert.Check(t, len(err) == 0) + assert.Assert(t, len(patchesBytes) != 0) assertEqStringAndData(t, `{"path":"/metadata/labels/label3","op":"add","value":"label3Value"}`, patchesBytes[0]) } func TestProcessPatches_RemovePathDoesntExist_EmptyResult(t *testing.T) { patch := types.Patch{Path: "/metadata/labels/is-mutated", Operation: "remove"} rule := makeRuleWithPatch(patch) - patchesBytes, res := ProcessPatches(rule, []byte(endpointsDocument)) - assert.NilError(t, res.ToError()) + patchesBytes, err := ProcessPatches(rule, []byte(endpointsDocument)) + assert.Check(t, len(err) == 0) assert.Assert(t, len(patchesBytes) == 0) } @@ -125,8 +125,8 @@ func TestProcessPatches_RemovePathDoesntExist_NotEmptyResult(t *testing.T) { patch1 := types.Patch{Path: "/metadata/labels/is-mutated", Operation: "remove"} patch2 := types.Patch{Path: "/metadata/labels/label2", Operation: "add", Value: "label2Value"} rule := makeRuleWithPatches([]types.Patch{patch1, patch2}) - patchesBytes, res := ProcessPatches(rule, []byte(endpointsDocument)) - assert.NilError(t, res.ToError()) + patchesBytes, err := ProcessPatches(rule, []byte(endpointsDocument)) + assert.Check(t, len(err) == 0) assert.Assert(t, len(patchesBytes) == 1) assertEqStringAndData(t, `{"path":"/metadata/labels/label2","op":"add","value":"label2Value"}`, patchesBytes[0]) } diff --git a/pkg/engine/validation.go b/pkg/engine/validation.go index b3992d1bd4..8210f6e609 100644 --- a/pkg/engine/validation.go +++ b/pkg/engine/validation.go @@ -34,7 +34,7 @@ func Validate(policy kubepolicy.Policy, rawResource []byte, gvk metav1.GroupVers ok := ResourceMeetsDescription(rawResource, rule.ResourceDescription, gvk) if !ok { - glog.V(3).Info("Not applicable on specified resource kind%s", gvk.Kind) + glog.V(3).Infof("Not applicable on specified resource kind%s", gvk.Kind) continue } diff --git a/pkg/engine/validation_test.go b/pkg/engine/validation_test.go index 155e46aed1..de1117ebf2 100644 --- a/pkg/engine/validation_test.go +++ b/pkg/engine/validation_test.go @@ -289,8 +289,8 @@ func TestValidateMap(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateMap(resource, pattern, pattern, "/") - assert.NilError(t, res.ToError()) + err := validateMap(resource, pattern, pattern, "/") + assert.NilError(t, err) } func TestValidateMap_AsteriskForInt(t *testing.T) { @@ -384,8 +384,8 @@ func TestValidateMap_AsteriskForInt(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateMap(resource, pattern, pattern, "/") - assert.NilError(t, res.ToError()) + err := validateMap(resource, pattern, pattern, "/") + assert.NilError(t, err) } func TestValidateMap_AsteriskForMap(t *testing.T) { @@ -476,8 +476,8 @@ func TestValidateMap_AsteriskForMap(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateMap(resource, pattern, pattern, "/") - assert.NilError(t, res.ToError()) + err := validateMap(resource, pattern, pattern, "/") + assert.NilError(t, err) } func TestValidateMap_AsteriskForArray(t *testing.T) { @@ -563,8 +563,8 @@ func TestValidateMap_AsteriskForArray(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateMap(resource, pattern, pattern, "/") - assert.NilError(t, res.ToError()) + err := validateMap(resource, pattern, pattern, "/") + assert.NilError(t, err) } func TestValidateMap_AsteriskFieldIsMissing(t *testing.T) { @@ -653,8 +653,8 @@ func TestValidateMap_AsteriskFieldIsMissing(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateMap(resource, pattern, pattern, "/") - assert.Assert(t, res.ToError() != nil) + err := validateMap(resource, pattern, pattern, "/") + assert.Assert(t, err != nil) } func TestValidateMap_livenessProbeIsNull(t *testing.T) { @@ -743,8 +743,8 @@ func TestValidateMap_livenessProbeIsNull(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateMap(resource, pattern, pattern, "/") - assert.NilError(t, res.ToError()) + err := validateMap(resource, pattern, pattern, "/") + assert.NilError(t, err) } func TestValidateMap_livenessProbeIsMissing(t *testing.T) { @@ -832,8 +832,8 @@ func TestValidateMap_livenessProbeIsMissing(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateMap(resource, pattern, pattern, "/") - assert.NilError(t, res.ToError()) + err := validateMap(resource, pattern, pattern, "/") + assert.NilError(t, err) } func TestValidateMapElement_TwoElementsInArrayOnePass(t *testing.T) { @@ -873,8 +873,8 @@ func TestValidateMapElement_TwoElementsInArrayOnePass(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateResourceElement(resource, pattern, pattern, "/") - assert.NilError(t, res.ToError()) + err := validateResourceElement(resource, pattern, pattern, "/") + assert.NilError(t, err) } func TestValidateMapElement_OneElementInArrayPass(t *testing.T) { @@ -905,8 +905,8 @@ func TestValidateMapElement_OneElementInArrayPass(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateResourceElement(resource, pattern, pattern, "/") - assert.NilError(t, res.ToError()) + err := validateResourceElement(resource, pattern, pattern, "/") + assert.NilError(t, err) } func TestValidateMap_CorrectRelativePathInConfig(t *testing.T) { @@ -958,8 +958,8 @@ func TestValidateMap_CorrectRelativePathInConfig(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateResourceElement(resource, pattern, pattern, "/") - assert.NilError(t, res.ToError()) + err := validateResourceElement(resource, pattern, pattern, "/") + assert.NilError(t, err) } func TestValidateMap_RelativePathDoesNotExists(t *testing.T) { @@ -1011,8 +1011,8 @@ func TestValidateMap_RelativePathDoesNotExists(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateResourceElement(resource, pattern, pattern, "/") - assert.Assert(t, res.ToError() != nil) + err := validateResourceElement(resource, pattern, pattern, "/") + assert.Assert(t, err != nil) } func TestValidateMap_OnlyAnchorsInPath(t *testing.T) { @@ -1064,8 +1064,8 @@ func TestValidateMap_OnlyAnchorsInPath(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateResourceElement(resource, pattern, pattern, "/") - assert.Assert(t, res.ToError() != nil) + err := validateResourceElement(resource, pattern, pattern, "/") + assert.Assert(t, err != nil) } func TestValidateMap_MalformedReferenceOnlyDolarMark(t *testing.T) { @@ -1117,8 +1117,8 @@ func TestValidateMap_MalformedReferenceOnlyDolarMark(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateResourceElement(resource, pattern, pattern, "/") - assert.Assert(t, res.ToError() != nil) + err := validateResourceElement(resource, pattern, pattern, "/") + assert.Assert(t, err != nil) } func TestValidateMap_RelativePathWithParentheses(t *testing.T) { @@ -1170,8 +1170,8 @@ func TestValidateMap_RelativePathWithParentheses(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateResourceElement(resource, pattern, pattern, "/") - assert.NilError(t, res.ToError()) + err := validateResourceElement(resource, pattern, pattern, "/") + assert.NilError(t, err) } func TestValidateMap_MalformedPath(t *testing.T) { @@ -1223,8 +1223,8 @@ func TestValidateMap_MalformedPath(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateResourceElement(resource, pattern, pattern, "/") - assert.Assert(t, res.ToError() != nil) + err := validateResourceElement(resource, pattern, pattern, "/") + assert.Assert(t, err != nil) } func TestValidateMap_AbosolutePathExists(t *testing.T) { @@ -1276,8 +1276,8 @@ func TestValidateMap_AbosolutePathExists(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateResourceElement(resource, pattern, pattern, "/") - assert.Assert(t, res.ToError() == nil) + err := validateResourceElement(resource, pattern, pattern, "/") + assert.Assert(t, err == nil) } func TestValidateMap_AbsolutePathToMetadata(t *testing.T) { @@ -1326,8 +1326,8 @@ func TestValidateMap_AbsolutePathToMetadata(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateResourceElement(resource, pattern, pattern, "/") - assert.Assert(t, res.ToError() == nil) + err := validateResourceElement(resource, pattern, pattern, "/") + assert.Assert(t, err == nil) } func TestValidateMap_AbosolutePathDoesNotExists(t *testing.T) { @@ -1379,8 +1379,8 @@ func TestValidateMap_AbosolutePathDoesNotExists(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateResourceElement(resource, pattern, pattern, "/") - assert.Assert(t, res.ToError() != nil) + err := validateResourceElement(resource, pattern, pattern, "/") + assert.Assert(t, err != nil) } func TestActualizePattern_GivenRelativePathThatExists(t *testing.T) { @@ -1409,9 +1409,9 @@ func TestActualizePattern_GivenRelativePathThatExists(t *testing.T) { json.Unmarshal(rawPattern, &pattern) - pattern, res := actualizePattern(pattern, referencePath, absolutePath) + pattern, err := actualizePattern(pattern, referencePath, absolutePath) - assert.Assert(t, res.ToError() == nil) + assert.Assert(t, err == nil) } func TestFormAbsolutePath_RelativePathExists(t *testing.T) { @@ -1480,8 +1480,8 @@ func TestValidateMapElement_OneElementInArrayNotPass(t *testing.T) { json.Unmarshal(rawPattern, &pattern) json.Unmarshal(rawMap, &resource) - res := validateResourceElement(resource, pattern, pattern, "/") - assert.Assert(t, res.ToError() != nil) + err := validateResourceElement(resource, pattern, pattern, "/") + assert.Assert(t, err != nil) } func TestValidate_ServiceTest(t *testing.T) { @@ -1573,8 +1573,8 @@ func TestValidate_ServiceTest(t *testing.T) { gvk := metav1.GroupVersionKind{ Kind: "Service", } - - assert.Assert(t, Validate(policy, rawResource, gvk) != nil) + _, err := Validate(policy, rawResource, gvk) + assert.Assert(t, err == nil) } func TestValidate_MapHasFloats(t *testing.T) { @@ -1672,6 +1672,6 @@ func TestValidate_MapHasFloats(t *testing.T) { Kind: "Deployment", } - res := Validate(policy, rawResource, gvk) - assert.NilError(t, res.ToError()) + _, err := Validate(policy, rawResource, gvk) + assert.NilError(t, err) } diff --git a/vendor/github.com/evanphx/json-patch/patch_test.go b/vendor/github.com/evanphx/json-patch/patch_test.go index 96bcef4942..5db2d9726b 100644 --- a/vendor/github.com/evanphx/json-patch/patch_test.go +++ b/vendor/github.com/evanphx/json-patch/patch_test.go @@ -470,7 +470,7 @@ func TestAllTest(t *testing.T) { } else if !c.result && err == nil { t.Errorf("Testing passed when it should have faild: %s", err) } else if !c.result { - expected := fmt.Sprintf("Testing value %s failed", c.failedPath) + expected := fmt.Sprintf("testing value %s failed: test failed", c.failedPath) if err.Error() != expected { t.Errorf("Testing failed as expected but invalid message: expected [%s], got [%s]", expected, err) }