From 35491d248e8920785bb9adfa10f0f7b757709b55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Thu, 20 Oct 2022 18:05:11 +0200 Subject: [PATCH] test: add best practices policies in conformance tests (#5082) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché Signed-off-by: Charles-Edouard Brétéché Co-authored-by: Vyankatesh Kudtarkar --- test/conformance/main.go | 10 ++++++-- test/conformance/tests.yaml | 48 +++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 2 deletions(-) diff --git a/test/conformance/main.go b/test/conformance/main.go index 35a36b91a2..a76896a319 100644 --- a/test/conformance/main.go +++ b/test/conformance/main.go @@ -53,7 +53,13 @@ type KubectlTest struct { func (kt KubectlTest) Run(name string) error { stdout, stderr, err := runCommand("kubectl", kt.Args...) if kt.Expect != nil { - return kt.Expect.Verify(stdout, stderr, err) + if err := kt.Expect.Verify(stdout, stderr, err); err != nil { + log.Println("--- STDERR ---") + log.Println(string(stderr)) + log.Println("--- STDOUT ---") + log.Println(string(stdout)) + return err + } } return nil } @@ -151,7 +157,7 @@ func main() { } var errs []error for _, test := range tests { - log.Println("Running test ", test.Description, " ...") + log.Println("Running test", test.Description, "...") if err := test.Run(name); err != nil { log.Println("FAILED: ", err) errs = append(errs, err) diff --git a/test/conformance/tests.yaml b/test/conformance/tests.yaml index c86d850947..4541c9583e 100644 --- a/test/conformance/tests.yaml +++ b/test/conformance/tests.yaml @@ -49,3 +49,51 @@ should-fail: Error from server: error when creating "test/conformance/manifests/should-fail/background-userinfo-4.yaml": admission webhook "validate-policy.kyverno.svc" denied the request: only select variables are allowed in background mode. Set spec.background=false to disable background mode for this policy rule: variable "{{serviceAccountName}} is not allowed + - description: Best practice policies should create fine + kubectl: + args: + - create + - -f + - test/best_practices + expect: + exitcode: 0 + stdout: |- + clusterpolicy.kyverno.io/add-networkpolicy created + clusterpolicy.kyverno.io/add-ns-quota created + clusterpolicy.kyverno.io/add-safe-to-evict created + clusterpolicy.kyverno.io/disallow-bind-mounts created + clusterpolicy.kyverno.io/disallow-host-network-port created + clusterpolicy.kyverno.io/disallow-host-pid-ipc created + clusterpolicy.kyverno.io/disallow-latest-tag created + clusterpolicy.kyverno.io/disallow-privileged created + clusterpolicy.kyverno.io/disallow-sysctls created + clusterpolicy.kyverno.io/require-certain-labels created + clusterpolicy.kyverno.io/require-labels created + clusterpolicy.kyverno.io/require-pod-requests-limits created + clusterpolicy.kyverno.io/select-secrets created + - description: Best practice policies should become ready + kubectl: + args: + - wait + - --for + - condition=ready + - cpol + - --all + - --timeout + - 90s + expect: + exitcode: 0 + stdout: |- + clusterpolicy.kyverno.io/add-networkpolicy condition met + clusterpolicy.kyverno.io/add-ns-quota condition met + clusterpolicy.kyverno.io/add-safe-to-evict condition met + clusterpolicy.kyverno.io/disallow-bind-mounts condition met + clusterpolicy.kyverno.io/disallow-host-network-port condition met + clusterpolicy.kyverno.io/disallow-host-pid-ipc condition met + clusterpolicy.kyverno.io/disallow-latest-tag condition met + clusterpolicy.kyverno.io/disallow-privileged condition met + clusterpolicy.kyverno.io/disallow-sysctls condition met + clusterpolicy.kyverno.io/require-certain-labels condition met + clusterpolicy.kyverno.io/require-labels condition met + clusterpolicy.kyverno.io/require-pod-requests-limits condition met + clusterpolicy.kyverno.io/select-secrets condition met