mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
feat: support bindings in Kyvenro CLI test command (#9759)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
This commit is contained in:
Mariam Fahmy
GitHub
parent
7b881aca9d
commit
0d7cb9527f
13 changed files with 241 additions and 25 deletions
|
|
@ -326,7 +326,7 @@ func Test_Apply(t *testing.T) {
|
|||
},
|
||||
expectedPolicyReports: []policyreportv1alpha2.PolicyReport{{
|
||||
Summary: policyreportv1alpha2.PolicyReportSummary{
|
||||
Pass: 0,
|
||||
Pass: 2,
|
||||
Fail: 2,
|
||||
Skip: 0,
|
||||
Error: 0,
|
||||
|
|
@ -345,7 +345,7 @@ func Test_Apply(t *testing.T) {
|
|||
},
|
||||
expectedPolicyReports: []policyreportv1alpha2.PolicyReport{{
|
||||
Summary: policyreportv1alpha2.PolicyReportSummary{
|
||||
Pass: 0,
|
||||
Pass: 1,
|
||||
Fail: 1,
|
||||
Skip: 0,
|
||||
Error: 0,
|
||||
|
|
|
|||
|
|
@ -58,14 +58,14 @@ func runTest(out io.Writer, testCase test.TestCase, registryAccess bool, auditWa
|
|||
// policies
|
||||
fmt.Fprintln(out, " Loading policies", "...")
|
||||
policyFullPath := path.GetFullPaths(testCase.Test.Policies, testDir, isGit)
|
||||
policies, validatingAdmissionPolicies, _, err := policy.Load(testCase.Fs, testDir, policyFullPath...)
|
||||
policies, vaps, vapBindings, err := policy.Load(testCase.Fs, testDir, policyFullPath...)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Error: failed to load policies (%s)", err)
|
||||
}
|
||||
// resources
|
||||
fmt.Fprintln(out, " Loading resources", "...")
|
||||
resourceFullPath := path.GetFullPaths(testCase.Test.Resources, testDir, isGit)
|
||||
resources, err := common.GetResourceAccordingToResourcePath(out, testCase.Fs, resourceFullPath, false, policies, validatingAdmissionPolicies, dClient, "", false, testDir)
|
||||
resources, err := common.GetResourceAccordingToResourcePath(out, testCase.Fs, resourceFullPath, false, policies, vaps, dClient, "", false, testDir)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Error: failed to load resources (%s)", err)
|
||||
}
|
||||
|
|
@ -83,7 +83,7 @@ func runTest(out io.Writer, testCase test.TestCase, registryAccess bool, auditWa
|
|||
return nil, fmt.Errorf("Error: failed to load exceptions (%s)", err)
|
||||
}
|
||||
// Validates that exceptions cannot be used with ValidatingAdmissionPolicies.
|
||||
if len(validatingAdmissionPolicies) > 0 && len(exceptions) > 0 {
|
||||
if len(vaps) > 0 && len(exceptions) > 0 {
|
||||
return nil, fmt.Errorf("Error: Currently, the use of exceptions in conjunction with ValidatingAdmissionPolicies is not supported.")
|
||||
}
|
||||
// init store
|
||||
|
|
@ -94,9 +94,9 @@ func runTest(out io.Writer, testCase test.TestCase, registryAccess bool, auditWa
|
|||
vars.SetInStore(&store)
|
||||
}
|
||||
if len(exceptions) > 0 {
|
||||
fmt.Fprintln(out, " Applying", len(policies)+len(validatingAdmissionPolicies), pluralize.Pluralize(len(policies)+len(validatingAdmissionPolicies), "policy", "policies"), "to", len(uniques), pluralize.Pluralize(len(uniques), "resource", "resources"), "with", len(exceptions), pluralize.Pluralize(len(exceptions), "exception", "exceptions"), "...")
|
||||
fmt.Fprintln(out, " Applying", len(policies)+len(vaps), pluralize.Pluralize(len(policies)+len(vaps), "policy", "policies"), "to", len(uniques), pluralize.Pluralize(len(uniques), "resource", "resources"), "with", len(exceptions), pluralize.Pluralize(len(exceptions), "exception", "exceptions"), "...")
|
||||
} else {
|
||||
fmt.Fprintln(out, " Applying", len(policies)+len(validatingAdmissionPolicies), pluralize.Pluralize(len(policies)+len(validatingAdmissionPolicies), "policy", "policies"), "to", len(uniques), pluralize.Pluralize(len(uniques), "resource", "resources"), "...")
|
||||
fmt.Fprintln(out, " Applying", len(policies)+len(vaps), pluralize.Pluralize(len(policies)+len(vaps), "policy", "policies"), "to", len(uniques), pluralize.Pluralize(len(uniques), "resource", "resources"), "...")
|
||||
}
|
||||
// TODO document the code below
|
||||
ruleToCloneSourceResource := map[string]string{}
|
||||
|
|
@ -180,8 +180,10 @@ func runTest(out io.Writer, testCase test.TestCase, registryAccess bool, auditWa
|
|||
}
|
||||
for _, resource := range uniques {
|
||||
processor := processor.ValidatingAdmissionPolicyProcessor{
|
||||
Policies: validatingAdmissionPolicies,
|
||||
Policies: vaps,
|
||||
Bindings: vapBindings,
|
||||
Resource: resource,
|
||||
NamespaceSelectorMap: vars.NamespaceSelectors(),
|
||||
PolicyReport: true,
|
||||
Rc: &resultCounts,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx-deployment
|
||||
name: nginx-deployment-1
|
||||
labels:
|
||||
app: nginx
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx-deployment-2
|
||||
labels:
|
||||
app: nginx
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx
|
||||
image: nginx:latest
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
apiVersion: cli.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
name: kyverno-test.yaml
|
||||
policies:
|
||||
- policy.yaml
|
||||
resources:
|
||||
- deployment1.yaml
|
||||
- deployment2.yaml
|
||||
- deployment3.yaml
|
||||
results:
|
||||
- isValidatingAdmissionPolicy: true
|
||||
kind: Deployment
|
||||
policy: check-deployment-replicas
|
||||
resources:
|
||||
- nginx-deployment-1
|
||||
result: fail
|
||||
- isValidatingAdmissionPolicy: true
|
||||
kind: Deployment
|
||||
policy: check-deployment-replicas
|
||||
resources:
|
||||
- nginx-deployment-2
|
||||
result: pass
|
||||
- isValidatingAdmissionPolicy: true
|
||||
kind: Deployment
|
||||
policy: check-deployment-replicas
|
||||
resources:
|
||||
- busybox-deployment
|
||||
result: skip
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
apiVersion: cli.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
name: kyverno-test.yaml
|
||||
policies:
|
||||
- policy.yaml
|
||||
resources:
|
||||
- deployment1.yaml
|
||||
- deployment2.yaml
|
||||
results:
|
||||
- isValidatingAdmissionPolicy: true
|
||||
kind: Deployment
|
||||
policy: check-deployment-replicas
|
||||
resources:
|
||||
- nginx-deployment
|
||||
result: fail
|
||||
- isValidatingAdmissionPolicy: true
|
||||
kind: Deployment
|
||||
policy: check-deployment-replicas
|
||||
resources:
|
||||
- busybox-deployment
|
||||
result: skip
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: busybox-deployment
|
||||
name: testing-deployment-1
|
||||
namespace: testing
|
||||
labels:
|
||||
app: busybox
|
||||
|
|
@ -18,3 +18,24 @@ spec:
|
|||
containers:
|
||||
- name: busybox
|
||||
image: busybox:latest
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: testing-deployment-2
|
||||
namespace: testing
|
||||
labels:
|
||||
app: busybox
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: busybox
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: busybox
|
||||
spec:
|
||||
containers:
|
||||
- name: busybox
|
||||
image: busybox:latest
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx-deployment
|
||||
name: staging-deployment-1
|
||||
namespace: staging
|
||||
labels:
|
||||
app: nginx
|
||||
|
|
@ -18,3 +18,24 @@ spec:
|
|||
containers:
|
||||
- name: nginx
|
||||
image: nginx:latest
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: staging-deployment-2
|
||||
namespace: staging
|
||||
labels:
|
||||
app: nginx
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx
|
||||
image: nginx:latest
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx-deployment
|
||||
name: production-deployment-1
|
||||
namespace: production
|
||||
labels:
|
||||
app: nginx
|
||||
|
|
@ -18,3 +18,24 @@ spec:
|
|||
containers:
|
||||
- name: nginx
|
||||
image: nginx:latest
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: production-deployment-2
|
||||
namespace: production
|
||||
labels:
|
||||
app: nginx
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx
|
||||
image: nginx:latest
|
||||
|
|
|
|||
|
|
@ -0,0 +1,33 @@
|
|||
apiVersion: cli.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
name: kyverno-test.yaml
|
||||
policies:
|
||||
- policy.yaml
|
||||
resources:
|
||||
- deployment1.yaml
|
||||
- deployment2.yaml
|
||||
- deployment3.yaml
|
||||
results:
|
||||
- isValidatingAdmissionPolicy: true
|
||||
kind: Deployment
|
||||
policy: check-deployment-replicas
|
||||
resources:
|
||||
- staging-deployment-1
|
||||
- production-deployment-1
|
||||
result: fail
|
||||
- isValidatingAdmissionPolicy: true
|
||||
kind: Deployment
|
||||
policy: check-deployment-replicas
|
||||
resources:
|
||||
- staging-deployment-2
|
||||
- production-deployment-2
|
||||
result: pass
|
||||
- isValidatingAdmissionPolicy: true
|
||||
kind: Deployment
|
||||
policy: check-deployment-replicas
|
||||
resources:
|
||||
- testing-deployment-1
|
||||
- testing-deployment-2
|
||||
result: skip
|
||||
variables: values.yaml
|
||||
|
|
@ -3,12 +3,12 @@ kind: Value
|
|||
metadata:
|
||||
name: values
|
||||
namespaceSelector:
|
||||
- name: staging
|
||||
labels:
|
||||
- labels:
|
||||
environment: staging
|
||||
- name: production
|
||||
labels:
|
||||
name: staging
|
||||
- labels:
|
||||
environment: production
|
||||
- name: testing
|
||||
labels:
|
||||
name: production
|
||||
- labels:
|
||||
environment: testing
|
||||
name: testing
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: busybox-deployment
|
||||
name: busybox-deployment-1
|
||||
labels:
|
||||
app: busybox
|
||||
spec:
|
||||
|
|
@ -17,3 +17,23 @@ spec:
|
|||
containers:
|
||||
- name: busybox
|
||||
image: busybox:latest
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: busybox-deployment-2
|
||||
labels:
|
||||
app: busybox
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: busybox
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: busybox
|
||||
spec:
|
||||
containers:
|
||||
- name: busybox
|
||||
image: busybox:latest
|
||||
|
|
|
|||
|
|
@ -0,0 +1,28 @@
|
|||
apiVersion: cli.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
name: kyverno-test.yaml
|
||||
policies:
|
||||
- policy.yaml
|
||||
resources:
|
||||
- deployment1.yaml
|
||||
- deployment2.yaml
|
||||
results:
|
||||
- isValidatingAdmissionPolicy: true
|
||||
kind: Deployment
|
||||
policy: check-deployment-replicas
|
||||
resources:
|
||||
- busybox-deployment-1
|
||||
result: fail
|
||||
- isValidatingAdmissionPolicy: true
|
||||
kind: Deployment
|
||||
policy: check-deployment-replicas
|
||||
resources:
|
||||
- busybox-deployment-2
|
||||
result: pass
|
||||
- isValidatingAdmissionPolicy: true
|
||||
kind: Deployment
|
||||
policy: check-deployment-replicas
|
||||
resources:
|
||||
- nginx-deployment
|
||||
result: skip
|
||||
Loading…
Reference in a new issue