test: add best practices policies in conformance tests (#5082)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2025-03-28 18:38:40 +00:00 · 2022-10-20 18:05:11 +02:00 · 2022-10-20 18:05:11 +02:00 · 35491d248e
commit 35491d248e
parent 0feec9bef5
2 changed files with 56 additions and 2 deletions
--- a/test/conformance/main.go
+++ b/test/conformance/main.go
@ -53,7 +53,13 @@ type KubectlTest struct {
 func (kt KubectlTest) Run(name string) error {
 	stdout, stderr, err := runCommand("kubectl", kt.Args...)
 	if kt.Expect != nil {
-		return kt.Expect.Verify(stdout, stderr, err)
+		if err := kt.Expect.Verify(stdout, stderr, err); err != nil {
+			log.Println("--- STDERR ---")
+			log.Println(string(stderr))
+			log.Println("--- STDOUT ---")
+			log.Println(string(stdout))
+			return err
+		}
 	}
 	return nil
 }
@ -151,7 +157,7 @@ func main() {
 			}
 			var errs []error
 			for _, test := range tests {
-				log.Println("Running test ", test.Description, " ...")
+				log.Println("Running test", test.Description, "...")
 				if err := test.Run(name); err != nil {
 					log.Println("FAILED: ", err)
 					errs = append(errs, err)
--- a/test/conformance/tests.yaml
+++ b/test/conformance/tests.yaml
@ -49,3 +49,51 @@ should-fail:
          Error from server: error when creating "test/conformance/manifests/should-fail/background-userinfo-4.yaml":
          admission webhook "validate-policy.kyverno.svc" denied the request: only select variables are allowed in background mode.
          Set spec.background=false to disable background mode for this policy rule: variable "{{serviceAccountName}} is not allowed 
+  - description: Best practice policies should create fine
+    kubectl:
+      args:
+        - create
+        - -f 
+        - test/best_practices
+      expect:
+        exitcode: 0
+        stdout: |-
+          clusterpolicy.kyverno.io/add-networkpolicy created
+          clusterpolicy.kyverno.io/add-ns-quota created
+          clusterpolicy.kyverno.io/add-safe-to-evict created
+          clusterpolicy.kyverno.io/disallow-bind-mounts created
+          clusterpolicy.kyverno.io/disallow-host-network-port created
+          clusterpolicy.kyverno.io/disallow-host-pid-ipc created
+          clusterpolicy.kyverno.io/disallow-latest-tag created
+          clusterpolicy.kyverno.io/disallow-privileged created
+          clusterpolicy.kyverno.io/disallow-sysctls created
+          clusterpolicy.kyverno.io/require-certain-labels created
+          clusterpolicy.kyverno.io/require-labels created
+          clusterpolicy.kyverno.io/require-pod-requests-limits created
+          clusterpolicy.kyverno.io/select-secrets created
+  - description: Best practice policies should become ready
+    kubectl:
+      args:
+        - wait
+        - --for
+        - condition=ready
+        - cpol
+        - --all
+        - --timeout
+        - 90s
+      expect:
+        exitcode: 0
+        stdout: |-
+          clusterpolicy.kyverno.io/add-networkpolicy condition met
+          clusterpolicy.kyverno.io/add-ns-quota condition met
+          clusterpolicy.kyverno.io/add-safe-to-evict condition met
+          clusterpolicy.kyverno.io/disallow-bind-mounts condition met
+          clusterpolicy.kyverno.io/disallow-host-network-port condition met
+          clusterpolicy.kyverno.io/disallow-host-pid-ipc condition met
+          clusterpolicy.kyverno.io/disallow-latest-tag condition met
+          clusterpolicy.kyverno.io/disallow-privileged condition met
+          clusterpolicy.kyverno.io/disallow-sysctls condition met
+          clusterpolicy.kyverno.io/require-certain-labels condition met
+          clusterpolicy.kyverno.io/require-labels condition met
+          clusterpolicy.kyverno.io/require-pod-requests-limits condition met
+          clusterpolicy.kyverno.io/select-secrets condition met