diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index 50ffbf9b43..b277c2558c 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -71,11 +71,12 @@ type Test struct { } type TestResults struct { - Policy string `json:"policy"` - Rule string `json:"rule"` - Result report.PolicyResult `json:"result"` - Status report.PolicyResult `json:"status"` - Resource string `json:"resource"` + Policy string `json:"policy"` + Rule string `json:"rule"` + Result report.PolicyResult `json:"result"` + Status report.PolicyResult `json:"status"` + Resource string `json:"resource"` + AutoGeneratedRule string `json:"auto_generated_rule"` } type ReportResult struct { @@ -234,9 +235,10 @@ func getLocalDirTestFiles(fs billy.Filesystem, path, fileName, valuesFile string return errors } -func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResults, infos []policyreport.Info) map[string]report.PolicyReportResult { +func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResults, infos []policyreport.Info) (map[string]report.PolicyReportResult, []TestResults) { results := make(map[string]report.PolicyReportResult) now := metav1.Timestamp{Seconds: time.Now().Unix()} + for _, resp := range resps { policyName := resp.PolicyResponse.Policy.Name resourceName := resp.PolicyResponse.Resource.Name @@ -245,6 +247,7 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu for _, rule := range resp.PolicyResponse.Rules { rules = append(rules, rule.Name) } + result := report.PolicyReportResult{ Policy: policyName, Resources: []*corev1.ObjectReference{ @@ -253,11 +256,23 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu }, }, } - for _, test := range testResults { + + for i, test := range testResults { if test.Policy == policyName && test.Resource == resourceName { if !util.ContainsString(rules, test.Rule) { - result.Result = report.StatusSkip + if !util.ContainsString(rules, "autogen-"+test.Rule) { + if !util.ContainsString(rules, "autogen-cronjob-"+test.Rule) { + result.Result = report.StatusSkip + } else { + testResults[i].AutoGeneratedRule = "autogen-cronjob" + test.Rule = "autogen-cronjob-" + test.Rule + } + } else { + testResults[i].AutoGeneratedRule = "autogen" + test.Rule = "autogen-" + test.Rule + } } + resultsKey := fmt.Sprintf("%s-%s-%s", test.Policy, test.Rule, test.Resource) if _, ok := results[resultsKey]; !ok { results[resultsKey] = result @@ -265,12 +280,14 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu } } } + for _, info := range infos { for _, infoResult := range info.Results { for _, rule := range infoResult.Rules { if rule.Type != utils.Validation.String() { continue } + var result report.PolicyReportResult resultsKey := fmt.Sprintf("%s-%s-%s", info.PolicyName, rule.Name, infoResult.Resource.Name) if val, ok := results[resultsKey]; ok { @@ -278,6 +295,7 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu } else { continue } + result.Rule = rule.Name result.Result = report.PolicyResult(rule.Check) result.Source = policyreport.SourceValue @@ -287,7 +305,7 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu } } - return results + return results, testResults } func getPolicyResourceFullPath(path []string, policyResourcePath string, isGit bool) []string { @@ -404,8 +422,9 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s pvInfos = append(pvInfos, info) } } - resultsMap := buildPolicyResults(validateEngineResponses, values.Results, pvInfos) - resultErr := printTestResult(resultsMap, values.Results, rc) + resultsMap, testResults := buildPolicyResults(validateEngineResponses, values.Results, pvInfos) + + resultErr := printTestResult(resultsMap, testResults, rc) if resultErr != nil { return sanitizederror.NewWithError("Unable to genrate result. Error:", resultErr) } @@ -425,7 +444,16 @@ func printTestResult(resps map[string]report.PolicyReportResult, testResults []T res.Policy = boldFgCyan.Sprintf(v.Policy) res.Rule = boldFgCyan.Sprintf(v.Rule) res.Resource = boldFgCyan.Sprintf(v.Resource) - resultKey := fmt.Sprintf("%s-%s-%s", v.Policy, v.Rule, v.Resource) + + var ruleNameInResultKey string + if v.AutoGeneratedRule != "" { + ruleNameInResultKey = fmt.Sprintf("%s-%s", v.AutoGeneratedRule, v.Rule) + } else { + ruleNameInResultKey = v.Rule + } + + resultKey := fmt.Sprintf("%s-%s-%s", v.Policy, ruleNameInResultKey, v.Resource) + var testRes report.PolicyReportResult if val, ok := resps[resultKey]; ok { testRes = val diff --git a/test/cli/test/autogen/test.yaml b/test/cli/test/autogen/test.yaml index dcf402e848..d6bef7195f 100644 --- a/test/cli/test/autogen/test.yaml +++ b/test/cli/test/autogen/test.yaml @@ -17,36 +17,36 @@ results: # TEST: Deployment with Labels Should Pass - policy: require-common-labels - rule: autogen-check-for-labels + rule: check-for-labels result: pass resource: deployment-with-labels # TEST: Deployment with Labels Should Fail - policy: require-common-labels - rule: autogen-check-for-labels + rule: check-for-labels result: fail resource: deployment-missing-labels # TEST: StatefulSet with Labels Should Pass - policy: require-common-labels - rule: autogen-check-for-labels + rule: check-for-labels result: pass resource: StatefulSet-with-labels # TEST: StatefulSet with Labels Should fail - policy: require-common-labels - rule: autogen-check-for-labels + rule: check-for-labels result: fail resource: StatefulSet-without-labels # TEST: Cronjob with Labels Should pass - policy: require-common-labels - rule: autogen-cronjob-check-for-labels + rule: check-for-labels result: pass resource: cronjob-with-labels # TEST: Cronjob without Labels Should fail - policy: require-common-labels - rule: autogen-cronjob-check-for-labels + rule: check-for-labels result: fail resource: cronjob-without-labels