From 2ea68ccc7aa9df6994b4cc13d2e53199fea412f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Tue, 12 Sep 2023 15:38:57 +0200 Subject: [PATCH] fix: Auto-gen rules can not get variables from test input values (#8337) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: improve cli version command and add tests Signed-off-by: Charles-Edouard Brétéché * fix: Auto-gen rules can not get variables from test input values Signed-off-by: Charles-Edouard Brétéché * fix Signed-off-by: Charles-Edouard Brétéché --------- Signed-off-by: Charles-Edouard Brétéché Co-authored-by: Mariam Fahmy --- cmd/cli/kubectl-kyverno/store/store.go | 3 ++- .../cli/test/autogen-values/kyverno-test.yaml | 19 +++++++++++++ test/cli/test/autogen-values/policy.yaml | 27 +++++++++++++++++++ test/cli/test/autogen-values/resource.yaml | 13 +++++++++ test/cli/test/autogen-values/values.yaml | 6 +++++ 5 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 test/cli/test/autogen-values/kyverno-test.yaml create mode 100644 test/cli/test/autogen-values/policy.yaml create mode 100644 test/cli/test/autogen-values/resource.yaml create mode 100644 test/cli/test/autogen-values/values.yaml diff --git a/cmd/cli/kubectl-kyverno/store/store.go b/cmd/cli/kubectl-kyverno/store/store.go index e924e360ed..c59ac677ac 100644 --- a/cmd/cli/kubectl-kyverno/store/store.go +++ b/cmd/cli/kubectl-kyverno/store/store.go @@ -80,7 +80,8 @@ func GetPolicyRule(policyName string, ruleName string) *Rule { for _, policy := range policies { if policy.Name == policyName { for _, rule := range policy.Rules { - if rule.Name == ruleName { + switch ruleName { + case rule.Name, "autogen-" + rule.Name, "autogen-cronjob-" + rule.Name: return &rule } } diff --git a/test/cli/test/autogen-values/kyverno-test.yaml b/test/cli/test/autogen-values/kyverno-test.yaml new file mode 100644 index 0000000000..8fe7f2e28c --- /dev/null +++ b/test/cli/test/autogen-values/kyverno-test.yaml @@ -0,0 +1,19 @@ +name: test +policies: + - policy.yaml +variables: values.yaml +resources: + - resource.yaml +results: + - policy: test-policy + rule: test-rule + resources: + - pod + kind: Pod + result: pass + - policy: test-policy + rule: test-rule + resources: + - deployment + kind: Deployment + result: pass \ No newline at end of file diff --git a/test/cli/test/autogen-values/policy.yaml b/test/cli/test/autogen-values/policy.yaml new file mode 100644 index 0000000000..422262d673 --- /dev/null +++ b/test/cli/test/autogen-values/policy.yaml @@ -0,0 +1,27 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: test-policy +spec: + validationFailureAction: audit + background: true + rules: + - name: test-rule + context: + - name: excludedPolicies + apiCall: + urlPath: "/api/v1/namespaces/{{request.namespace}}" + jmesPath: "metadata.annotations.\"overwrite.kyverno.io/excluded-policies\" || '[]' | parse_json(@)" + preconditions: + all: + - key: "key-name" + operator: AllNotIn + value: "{{ excludedPolicies }}" + match: + any: + - resources: + kinds: + - Pod + validate: + message: "Do nothing!" + pattern: {} diff --git a/test/cli/test/autogen-values/resource.yaml b/test/cli/test/autogen-values/resource.yaml new file mode 100644 index 0000000000..e8244dd6ad --- /dev/null +++ b/test/cli/test/autogen-values/resource.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod +spec: {} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + metadata: {} diff --git a/test/cli/test/autogen-values/values.yaml b/test/cli/test/autogen-values/values.yaml new file mode 100644 index 0000000000..dfb04de3e6 --- /dev/null +++ b/test/cli/test/autogen-values/values.yaml @@ -0,0 +1,6 @@ +policies: + - name: test-policy + rules: + - name: test-rule + values: + excludedPolicies: []