diff --git a/pkg/background/common/constants.go b/pkg/background/common/constants.go index 983d6caace..b278419d6f 100644 --- a/pkg/background/common/constants.go +++ b/pkg/background/common/constants.go @@ -1,11 +1,18 @@ package common const ( - GeneratePolicyLabel = "generate.kyverno.io/policy-name" - GeneratePolicyNamespaceLabel = "generate.kyverno.io/policy-namespace" - GenerateRuleLabel = "generate.kyverno.io/rule-name" - GenerateTriggerNameLabel = "generate.kyverno.io/trigger-name" - GenerateTriggerNSLabel = "generate.kyverno.io/trigger-namespace" - GenerateTriggerKindLabel = "generate.kyverno.io/trigger-kind" - GenerateTriggerAPIVersionLabel = "generate.kyverno.io/trigger-apiversion" + GeneratePolicyLabel = "generate.kyverno.io/policy-name" + GeneratePolicyNamespaceLabel = "generate.kyverno.io/policy-namespace" + GenerateRuleLabel = "generate.kyverno.io/rule-name" + GenerateTriggerNameLabel = "generate.kyverno.io/trigger-name" + GenerateTriggerNSLabel = "generate.kyverno.io/trigger-namespace" + GenerateTriggerKindLabel = "generate.kyverno.io/trigger-kind" + GenerateTriggerVersionLabel = "generate.kyverno.io/trigger-version" + GenerateTriggerGroupLabel = "generate.kyverno.io/trigger-group" + GenerateSourceNameLabel = "generate.kyverno.io/source-name" + GenerateSourceNSLabel = "generate.kyverno.io/source-namespace" + GenerateSourceKindLabel = "generate.kyverno.io/source-kind" + GenerateSourceVersionLabel = "generate.kyverno.io/source-version" + GenerateSourceGroupLabel = "generate.kyverno.io/source-group" + GenerateTypeCloneSourceLabel = "generate.kyverno.io/clone-source" ) diff --git a/pkg/background/common/labels.go b/pkg/background/common/labels.go index 1b7754985e..12dda502a5 100644 --- a/pkg/background/common/labels.go +++ b/pkg/background/common/labels.go @@ -21,19 +21,14 @@ type Object interface { } func ManageLabels(unstr *unstructured.Unstructured, triggerResource unstructured.Unstructured, policy kyvernov1.PolicyInterface, ruleName string) { - // add managedBY label if not defined labels := unstr.GetLabels() if labels == nil { labels = map[string]string{} } - // handle managedBy label managedBy(labels) - PolicyInfo(labels, policy, ruleName) - - TriggerInfo(labels, &triggerResource) - // update the labels + TriggerInfo(labels, triggerResource) unstr.SetLabels(labels) } @@ -93,13 +88,18 @@ func PolicyInfo(labels map[string]string, policy kyvernov1.PolicyInterface, rule labels[GenerateRuleLabel] = ruleName } -func TriggerInfo(labels map[string]string, obj Object) { - labels[GenerateTriggerAPIVersionLabel] = obj.GetAPIVersion() +func TriggerInfo(labels map[string]string, obj unstructured.Unstructured) { + labels[GenerateTriggerVersionLabel] = obj.GroupVersionKind().Version + labels[GenerateTriggerGroupLabel] = obj.GroupVersionKind().Group labels[GenerateTriggerKindLabel] = obj.GetKind() labels[GenerateTriggerNSLabel] = obj.GetNamespace() labels[GenerateTriggerNameLabel] = trimByLength(obj.GetName(), 63) } +func TagSource(labels map[string]string, obj Object) { + labels[GenerateTypeCloneSourceLabel] = "" +} + func trimByLength(value string, character int) string { if len(value) > character { return value[0:character] diff --git a/pkg/background/generate/cleanup.go b/pkg/background/generate/cleanup.go index a905381017..f1529a4ce3 100644 --- a/pkg/background/generate/cleanup.go +++ b/pkg/background/generate/cleanup.go @@ -55,8 +55,13 @@ func (c *GenerateController) deleteDownstreamForClone(policy kyvernov1.PolicyInt if ur.Spec.Rule != rule.Name { continue } - - downstreams, err := FindDownstream(c.client, policy, rule) + labels := map[string]string{ + common.GeneratePolicyLabel: policy.GetName(), + common.GeneratePolicyNamespaceLabel: policy.GetNamespace(), + common.GenerateRuleLabel: rule.Name, + kyvernov1.LabelAppManagedBy: kyvernov1.ValueKyvernoApp, + } + downstreams, err := FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), labels) if err != nil { return err } diff --git a/pkg/background/generate/clone.go b/pkg/background/generate/clone.go index 9edb4ab48e..84e96607cd 100644 --- a/pkg/background/generate/clone.go +++ b/pkg/background/generate/clone.go @@ -40,11 +40,12 @@ func manageClone(log logr.Logger, target, sourceSpec kyvernov1.ResourceSpec, pol return newSkipGenerateResponse(nil, target, fmt.Errorf("source resource %s not found: %v", target.String(), err)) } - if err := updateSourceLabel(client, sourceObj, ur.Spec.Resource, policy, rule); err != nil { + if err := updateSourceLabel(client, sourceObj); err != nil { log.Error(err, "failed to add labels to the source", "kind", sourceObj.GetKind(), "namespace", sourceObj.GetNamespace(), "name", sourceObj.GetName()) } sourceObjCopy := sourceObj.DeepCopy() + addSourceLabels(sourceObjCopy) targetObj, err := client.GetResource(context.TODO(), target.GetAPIVersion(), target.GetKind(), target.GetNamespace(), target.GetName()) if err != nil { if apierrors.IsNotFound(err) && len(ur.Status.GeneratedResources) != 0 && !clone.Synchronize { diff --git a/pkg/background/generate/source.go b/pkg/background/generate/source.go index d4c6a595fd..2ae97f8c13 100644 --- a/pkg/background/generate/source.go +++ b/pkg/background/generate/source.go @@ -3,22 +3,33 @@ package generate import ( "context" - kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" "github.com/kyverno/kyverno/pkg/background/common" "github.com/kyverno/kyverno/pkg/clients/dclient" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" ) -func updateSourceLabel(client dclient.Interface, source *unstructured.Unstructured, trigger kyvernov1.ResourceSpec, policy kyvernov1.PolicyInterface, rule kyvernov1.Rule) error { +func updateSourceLabel(client dclient.Interface, source *unstructured.Unstructured) error { labels := source.GetLabels() if labels == nil { labels = make(map[string]string) } - common.PolicyInfo(labels, policy, rule.Name) - common.TriggerInfo(labels, trigger) - + common.TagSource(labels, source) source.SetLabels(labels) _, err := client.UpdateResource(context.TODO(), source.GetAPIVersion(), source.GetKind(), source.GetNamespace(), source, false) return err } + +func addSourceLabels(source *unstructured.Unstructured) { + labels := source.GetLabels() + if labels == nil { + labels = make(map[string]string, 4) + } + + labels[common.GenerateSourceGroupLabel] = source.GroupVersionKind().Group + labels[common.GenerateSourceVersionLabel] = source.GroupVersionKind().Version + labels[common.GenerateSourceKindLabel] = source.GetKind() + labels[common.GenerateSourceNSLabel] = source.GetNamespace() + labels[common.GenerateSourceNameLabel] = source.GetName() + source.SetLabels(labels) +} diff --git a/pkg/background/generate/utils.go b/pkg/background/generate/utils.go index b3a2a77c1f..598db0d4e3 100644 --- a/pkg/background/generate/utils.go +++ b/pkg/background/generate/utils.go @@ -14,6 +14,7 @@ import ( "github.com/pkg/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime/schema" ) func newResourceSpec(genAPIVersion, genKind, genNamespace, genName string) kyvernov1.ResourceSpec { @@ -72,22 +73,19 @@ func updateRetryAnnotation(kyvernoClient versioned.Interface, ur *kyvernov1beta1 } func TriggerFromLabels(labels map[string]string) kyvernov1.ResourceSpec { + group := labels[common.GenerateTriggerGroupLabel] + version := labels[common.GenerateTriggerVersionLabel] + apiVersion := schema.GroupVersion{Group: group, Version: version} + return kyvernov1.ResourceSpec{ Kind: labels[common.GenerateTriggerKindLabel], Namespace: labels[common.GenerateTriggerNSLabel], Name: labels[common.GenerateTriggerNameLabel], - APIVersion: labels[common.GenerateTriggerAPIVersionLabel], + APIVersion: apiVersion.String(), } } -func FindDownstream(client dclient.Interface, policy kyvernov1.PolicyInterface, rule kyvernov1.Rule) (*unstructured.UnstructuredList, error) { - generation := rule.Generation - selector := &metav1.LabelSelector{MatchLabels: map[string]string{ - common.GeneratePolicyLabel: policy.GetName(), - common.GeneratePolicyNamespaceLabel: policy.GetNamespace(), - common.GenerateRuleLabel: rule.Name, - kyvernov1.LabelAppManagedBy: kyvernov1.ValueKyvernoApp, - }} - - return client.ListResource(context.TODO(), generation.GetAPIVersion(), generation.GetKind(), "", selector) +func FindDownstream(client dclient.Interface, apiVersion, kind string, labels map[string]string) (*unstructured.UnstructuredList, error) { + selector := &metav1.LabelSelector{MatchLabels: labels} + return client.ListResource(context.TODO(), apiVersion, kind, "", selector) } diff --git a/pkg/policy/generate.go b/pkg/policy/generate.go index 604bf70bd0..be7eed7ea5 100644 --- a/pkg/policy/generate.go +++ b/pkg/policy/generate.go @@ -88,7 +88,13 @@ func (pc *policyController) createURForDataRule(policy kyvernov1.PolicyInterface } var errorList []error if generate.GetData() != nil { - downstreams, err := generateutils.FindDownstream(pc.client, policy, rule) + labels := map[string]string{ + common.GeneratePolicyLabel: policy.GetName(), + common.GeneratePolicyNamespaceLabel: policy.GetNamespace(), + common.GenerateRuleLabel: rule.Name, + kyvernov1.LabelAppManagedBy: kyvernov1.ValueKyvernoApp, + } + downstreams, err := generateutils.FindDownstream(pc.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), labels) if err != nil { return downstreamExist, err } diff --git a/pkg/webhooks/resource/generation/handler.go b/pkg/webhooks/resource/generation/handler.go index 6fcfd79213..8fd067be3a 100644 --- a/pkg/webhooks/resource/generation/handler.go +++ b/pkg/webhooks/resource/generation/handler.go @@ -132,9 +132,9 @@ func (h *generationHandler) handleNonTrigger( ) { resource := policyContext.OldResource() labels := resource.GetLabels() - if labels[common.GeneratePolicyLabel] != "" { + if _, ok := labels[common.GenerateTypeCloneSourceLabel]; ok || labels[common.GeneratePolicyLabel] != "" { h.log.V(4).Info("handle non-trigger resource operation for generate") - if err := h.createUR(ctx, policyContext, request); err != nil { + if err := h.processRequest(ctx, policyContext, request); err != nil { h.log.Error(err, "failed to create the UR on non-trigger admission request") } } @@ -227,46 +227,67 @@ func (h *generationHandler) syncTriggerAction( } } -func (h *generationHandler) createUR(ctx context.Context, policyContext *engine.PolicyContext, request admissionv1.AdmissionRequest) (err error) { +// processRequest determine if it needs to re-apply the generate rule to the source or the target changes +func (h *generationHandler) processRequest(ctx context.Context, policyContext *engine.PolicyContext, request admissionv1.AdmissionRequest) (err error) { var policy kyvernov1.PolicyInterface - new := policyContext.NewResource() - labels := new.GetLabels() - old := policyContext.OldResource() - oldLabels := old.GetLabels() - if !compareLabels(labels, oldLabels) { - return fmt.Errorf("labels have been changed, new: %v, old: %v", labels, oldLabels) - } + var labelsList []map[string]string + var deleteDownstream bool - managedBy := oldLabels[kyvernov1.LabelAppManagedBy] == kyvernov1.ValueKyvernoApp - deleteDownstream := false - if new.Object == nil { - labels = oldLabels - if !managedBy { + new := policyContext.NewResource() + old := policyContext.OldResource() + labels := old.GetLabels() + managedBy := labels[kyvernov1.LabelAppManagedBy] == kyvernov1.ValueKyvernoApp + + // clone source changes + if !managedBy { + if new.Object == nil { + // clone source deletion deleteDownstream = true } - } - pName := labels[common.GeneratePolicyLabel] - pNamespace := labels[common.GeneratePolicyNamespaceLabel] - pRuleName := labels[common.GenerateRuleLabel] + targetSelector := map[string]string{ + common.GenerateSourceGroupLabel: old.GroupVersionKind().Group, + common.GenerateSourceVersionLabel: old.GroupVersionKind().Version, + common.GenerateSourceKindLabel: old.GetKind(), + common.GenerateSourceNSLabel: old.GetNamespace(), + common.GenerateSourceNameLabel: old.GetName(), + } + targets, err := generateutils.FindDownstream(h.client, old.GetAPIVersion(), old.GetKind(), targetSelector) + if err != nil { + return fmt.Errorf("failed to list targets resources: %v", err) + } - if pNamespace != "" { - policy, err = h.polLister.Policies(pNamespace).Get(pName) + for i := range targets.Items { + l := targets.Items[i].GetLabels() + labelsList = append(labelsList, l) + } } else { - policy, err = h.cpolLister.Get(pName) + labelsList = append(labelsList, labels) } - if err != nil { - return err - } + for _, labels := range labelsList { + pName := labels[common.GeneratePolicyLabel] + pNamespace := labels[common.GeneratePolicyNamespaceLabel] + pRuleName := labels[common.GenerateRuleLabel] - pKey := common.PolicyKey(pNamespace, pName) - for _, rule := range policy.GetSpec().Rules { - if rule.Name == pRuleName && rule.Generation.Synchronize { - ur := buildURSpec(kyvernov1beta1.Generate, pKey, rule.Name, generateutils.TriggerFromLabels(labels), deleteDownstream) - if err := h.urGenerator.Apply(ctx, ur); err != nil { - e := event.NewBackgroundFailedEvent(err, pKey, pRuleName, event.GeneratePolicyController, &new) - h.eventGen.Add(e...) - return err + if pNamespace != "" { + policy, err = h.polLister.Policies(pNamespace).Get(pName) + } else { + policy, err = h.cpolLister.Get(pName) + } + + if err != nil { + return err + } + + pKey := common.PolicyKey(pNamespace, pName) + for _, rule := range policy.GetSpec().Rules { + if rule.Name == pRuleName && rule.Generation.Synchronize { + ur := buildURSpec(kyvernov1beta1.Generate, pKey, rule.Name, generateutils.TriggerFromLabels(labels), deleteDownstream) + if err := h.urGenerator.Apply(ctx, ur); err != nil { + e := event.NewBackgroundFailedEvent(err, pKey, pRuleName, event.GeneratePolicyController, &new) + h.eventGen.Add(e...) + return err + } } } } diff --git a/pkg/webhooks/resource/generation/utils.go b/pkg/webhooks/resource/generation/utils.go index 3dad0a1985..4d73a8389a 100644 --- a/pkg/webhooks/resource/generation/utils.go +++ b/pkg/webhooks/resource/generation/utils.go @@ -3,7 +3,6 @@ package generation import ( kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1" - "github.com/kyverno/kyverno/pkg/background/common" "github.com/kyverno/kyverno/pkg/engine" datautils "github.com/kyverno/kyverno/pkg/utils/data" admissionv1 "k8s.io/api/admission/v1" @@ -37,18 +36,3 @@ func matchDeleteOperation(rule kyvernov1.Rule) bool { return datautils.SliceContains(ops, string(admissionv1.Delete)) } - -func compareLabels(new, old map[string]string) bool { - if new == nil { - return true - } - if new[common.GeneratePolicyLabel] != old[common.GeneratePolicyLabel] || - new[common.GeneratePolicyNamespaceLabel] != old[common.GeneratePolicyNamespaceLabel] || - new[common.GenerateRuleLabel] != old[common.GenerateRuleLabel] || - new[common.GenerateTriggerNameLabel] != old[common.GenerateTriggerNameLabel] || - new[common.GenerateTriggerNSLabel] != old[common.GenerateTriggerNSLabel] || - new[common.GenerateTriggerKindLabel] != old[common.GenerateTriggerKindLabel] { - return false - } - return true -} diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/01-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/01-assert.yaml new file mode 100644 index 0000000000..53f672f4ce --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/01-assert.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-reinstall-policy +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/01-manifests.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/01-manifests.yaml new file mode 100644 index 0000000000..d06f1b63ff --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/01-manifests.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-ns +--- +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-ns +type: Opaque +data: + foo: Zm9v +--- +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-reinstall-policy +spec: + rules: + - name: sync-image-pull-secret + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: Secret + name: regcred + namespace: "{{request.object.metadata.name}}" + synchronize: true + clone: + namespace: cpol-clone-sync-single-source-multiple-targets-ns + name: regcred \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/02-trigger.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/02-trigger.yaml new file mode 100644 index 0000000000..bc52ac1d89 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/02-trigger.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/03-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/03-assert.yaml new file mode 100644 index 0000000000..247bfcf0cc --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/03-assert.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +type: Opaque +data: + foo: Zm9v +--- +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 +type: Opaque +data: + foo: Zm9v diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/04-delete.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/04-delete.yaml new file mode 100644 index 0000000000..19c18cc185 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/04-delete.yaml @@ -0,0 +1,7 @@ +# Specifying the kind as `TestStep` performs certain behaviors like this delete operation. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +delete: +- apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-clone-sync-reinstall-policy \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/05-update-source.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/05-update-source.yaml new file mode 100644 index 0000000000..26c19c10cc --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/05-update-source.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-ns +type: Opaque +data: + foo: aGVyZWlzY2hhbmdlZGRhdGE= \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/06-recreate-policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/06-recreate-policy.yaml new file mode 100644 index 0000000000..c56b01ed44 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/06-recreate-policy.yaml @@ -0,0 +1,22 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-reinstall-policy +spec: + generateExisting: true + rules: + - name: sync-image-pull-secret + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: Secret + name: regcred + namespace: "{{request.object.metadata.name}}" + synchronize: true + clone: + namespace: cpol-clone-sync-single-source-multiple-targets-ns + name: regcred \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/07-sleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/07-sleep.yaml new file mode 100644 index 0000000000..e0f2098e5d --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/07-sleep.yaml @@ -0,0 +1,4 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 3 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/08-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/08-assert.yaml new file mode 100644 index 0000000000..bf37d75c00 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/08-assert.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +type: Opaque +data: + foo: aGVyZWlzY2hhbmdlZGRhdGE= +--- +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 +type: Opaque +data: + foo: aGVyZWlzY2hhbmdlZGRhdGE= \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/09-update-source.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/09-update-source.yaml new file mode 100644 index 0000000000..33a49db7a4 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/09-update-source.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-ns +type: Opaque +data: + foo: YmFy \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/10-sleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/10-sleep.yaml new file mode 100644 index 0000000000..e0f2098e5d --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/10-sleep.yaml @@ -0,0 +1,4 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 3 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/11-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/11-assert.yaml new file mode 100644 index 0000000000..8f4e990d14 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/11-assert.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +type: Opaque +data: + foo: YmFy +--- +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 +type: Opaque +data: + foo: YmFy \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/README.md b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/README.md new file mode 100644 index 0000000000..843d354140 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/README.md @@ -0,0 +1,13 @@ +## Description + +This is a corner case test to ensure a generate clone rule can be triggered on the deletion of the trigger resource. It also ensures upgrades to 1.10 are successful for the same clone rule type. + +## Expected Behavior + +1. when the trigger is created, the corresponding downstream target secret should be generated +2. delete the policy, update the source, then re-install the policy with generateExisting=true, the change should be synced to the downstream target +3. update the source again, the change should be synced to the downstream target + +## Reference Issue(s) + +https://github.com/kyverno/kyverno/issues/7170 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/01-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/01-assert.yaml new file mode 100644 index 0000000000..509cb19542 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/01-assert.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-single-source-multiple-targets +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/01-manifests.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/01-manifests.yaml new file mode 100644 index 0000000000..20e4df7080 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/01-manifests.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-ns +--- +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: foosource + namespace: cpol-clone-sync-single-source-multiple-targets-ns +--- +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-single-source-multiple-targets +spec: + generateExisting: false + rules: + - name: rule-clone-sync-single-source-multiple-targets + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: ConfigMap + name: footarget + namespace: "{{request.object.metadata.name}}" + synchronize: true + clone: + namespace: cpol-clone-sync-single-source-multiple-targets-ns + name: foosource \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/02-triggers.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/02-triggers.yaml new file mode 100644 index 0000000000..bc52ac1d89 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/02-triggers.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/03-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/03-assert.yaml new file mode 100644 index 0000000000..6db90bec71 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/03-assert.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +--- +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/04-update-source.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/04-update-source.yaml new file mode 100644 index 0000000000..6db64aace2 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/04-update-source.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: foosource + namespace: cpol-clone-sync-single-source-multiple-targets-ns \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/05-sleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/05-sleep.yaml new file mode 100644 index 0000000000..e0f2098e5d --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/05-sleep.yaml @@ -0,0 +1,4 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 3 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/06-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/06-assert.yaml new file mode 100644 index 0000000000..6a3abcb63b --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/06-assert.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +--- +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/README.md b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/README.md new file mode 100644 index 0000000000..220aefaaca --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/README.md @@ -0,0 +1,11 @@ +## Description + +This is a corner case test to ensure the changes to the clone source can be synced to multiple targets. + +## Expected Behavior + +If the change from `foo=bar` to `foo=baz` is synced to downstream targets, the test passes. Otherwise fails. + +## Reference Issue(s) + +https://github.com/kyverno/kyverno/issues/7170 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/01-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/01-assert.yaml new file mode 100644 index 0000000000..82640f38c1 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/01-assert.yaml @@ -0,0 +1,19 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-single-trigger-source-multiple-targets-1 +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready +--- +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-single-trigger-source-multiple-targets-2 +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/01-manifests.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/01-manifests.yaml new file mode 100644 index 0000000000..e08ae4a58b --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/01-manifests.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-trigger-source-multiple-targets-ns +--- +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: foosource + namespace: cpol-clone-sync-single-trigger-source-multiple-targets-ns +--- +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-single-trigger-source-multiple-targets-1 +spec: + rules: + - name: rule-sync-image-pull-secret + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: ConfigMap + name: footarget + namespace: "{{request.object.metadata.name}}" + synchronize: true + clone: + namespace: cpol-clone-sync-single-trigger-source-multiple-targets-ns + name: foosource +--- +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-single-trigger-source-multiple-targets-2 +spec: + rules: + - name: rule-sync-image-pull-secret + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: ConfigMap + name: bartarget + namespace: "{{request.object.metadata.name}}" + synchronize: true + clone: + namespace: cpol-clone-sync-single-trigger-source-multiple-targets-ns + name: foosource \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/02-triggers.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/02-triggers.yaml new file mode 100644 index 0000000000..ff8a3e272f --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/02-triggers.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-single-trigger-source-multiple-targets-trigger-ns diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/03-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/03-assert.yaml new file mode 100644 index 0000000000..c0b1d5e201 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/03-assert.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-single-trigger-source-multiple-targets-trigger-ns +--- +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: bartarget + namespace: cpol-single-trigger-source-multiple-targets-trigger-ns \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/04-update-source.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/04-update-source.yaml new file mode 100644 index 0000000000..19705f3b95 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/04-update-source.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: foosource + namespace: cpol-clone-sync-single-trigger-source-multiple-targets-ns \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/05-sleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/05-sleep.yaml new file mode 100644 index 0000000000..e0f2098e5d --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/05-sleep.yaml @@ -0,0 +1,4 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 3 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/06-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/06-assert.yaml new file mode 100644 index 0000000000..4124b1cb53 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/06-assert.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-single-trigger-source-multiple-targets-trigger-ns +--- +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: bartarget + namespace: cpol-single-trigger-source-multiple-targets-trigger-ns \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/README.md b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/README.md new file mode 100644 index 0000000000..220aefaaca --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/README.md @@ -0,0 +1,11 @@ +## Description + +This is a corner case test to ensure the changes to the clone source can be synced to multiple targets. + +## Expected Behavior + +If the change from `foo=bar` to `foo=baz` is synced to downstream targets, the test passes. Otherwise fails. + +## Reference Issue(s) + +https://github.com/kyverno/kyverno/issues/7170 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml index b45b5e40ab..d30d0fdd71 100644 --- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml @@ -11,7 +11,8 @@ metadata: generate.kyverno.io/policy-name: generate-event-upon-edit generate.kyverno.io/policy-namespace: "" generate.kyverno.io/rule-name: generate-event-on-edit - generate.kyverno.io/trigger-apiversion: v1 + generate.kyverno.io/trigger-version: v1 + generate.kyverno.io/trigger-group: "" generate.kyverno.io/trigger-kind: ConfigMap generate.kyverno.io/trigger-name: generate-event-on-edit-configmap generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml index 40f1e61f7f..172a6c7a72 100644 --- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml @@ -11,7 +11,8 @@ metadata: generate.kyverno.io/policy-name: generate-event-upon-edit generate.kyverno.io/policy-namespace: "" generate.kyverno.io/rule-name: generate-event-on-edit - generate.kyverno.io/trigger-apiversion: v1 + generate.kyverno.io/trigger-version: v1 + generate.kyverno.io/trigger-group: "" generate.kyverno.io/trigger-kind: ConfigMap generate.kyverno.io/trigger-name: generate-event-on-edit-configmap generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns @@ -32,7 +33,8 @@ metadata: generate.kyverno.io/policy-name: generate-event-upon-edit generate.kyverno.io/policy-namespace: "" generate.kyverno.io/rule-name: generate-event-on-edit - generate.kyverno.io/trigger-apiversion: v1 + generate.kyverno.io/trigger-version: v1 + generate.kyverno.io/trigger-group: "" generate.kyverno.io/trigger-kind: ConfigMap generate.kyverno.io/trigger-name: generate-event-on-edit-configmap generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/99-cleanup.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/99-cleanup.yaml deleted file mode 100644 index 1a01e55a0b..0000000000 --- a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/99-cleanup.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# This clean-up stage is necessary because of https://github.com/kyverno/kyverno/issues/5101 -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - command: kubectl delete ur -A --all \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/cloned.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/cloned.yaml index 61ff2f02d2..9a9ea09e1f 100644 --- a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/cloned.yaml +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/cloned.yaml @@ -4,5 +4,5 @@ data: kind: Secret metadata: name: regcred - namespace: myfoons + namespace: cpol-clone-sync-modify-source-trigger-ns type: Opaque diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/editedsource.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/editedsource.yaml index 9561e0c97e..b254d33cea 100644 --- a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/editedsource.yaml +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/editedsource.yaml @@ -4,5 +4,5 @@ data: kind: Secret metadata: name: regcred - namespace: default + namespace: cpol-clone-sync-modify-source-ns type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/ns.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/ns.yaml index f5d7996929..662b1591e1 100644 --- a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/ns.yaml +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/ns.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: myfoons \ No newline at end of file + name: cpol-clone-sync-modify-source-trigger-ns \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/policy.yaml index 255fe55fe7..c122ce5d2b 100644 --- a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/policy.yaml +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/policy.yaml @@ -1,10 +1,15 @@ apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-modify-source-ns +--- +apiVersion: v1 data: foo: YmFy kind: Secret metadata: name: regcred - namespace: default + namespace: cpol-clone-sync-modify-source-ns type: Opaque --- apiVersion: kyverno.io/v2beta1 @@ -26,6 +31,6 @@ spec: namespace: "{{request.object.metadata.name}}" synchronize: true clone: - namespace: default + namespace: cpol-clone-sync-modify-source-ns name: regcred --- diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/updatedsecret.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/updatedsecret.yaml index 540858127a..cf3bfe8066 100644 --- a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/updatedsecret.yaml +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/updatedsecret.yaml @@ -4,5 +4,5 @@ data: kind: Secret metadata: name: regcred - namespace: myfoons + namespace: cpol-clone-sync-modify-source-trigger-ns type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml index e41983d511..646832cc35 100644 --- a/test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml @@ -9,7 +9,8 @@ metadata: generate.kyverno.io/policy-name: zk-kafka-address generate.kyverno.io/policy-namespace: "" generate.kyverno.io/rule-name: k-kafka-address - generate.kyverno.io/trigger-apiversion: v1 + generate.kyverno.io/trigger-version: v1 + generate.kyverno.io/trigger-group: "" generate.kyverno.io/trigger-kind: PodExecOptions generate.kyverno.io/trigger-name: "" generate.kyverno.io/trigger-namespace: test-generate-exec