Add autogen-support for test command (#2093)

* Add autogen-support for test command * Fix e2e test issue * Add test cases for autogen-support * Fix testcase issue * add testcases for cronjob
2025-03-31 03:45:17 +00:00 · 2021-07-06 10:44:43 +05:30 · 2021-07-06 10:44:43 +05:30 · 4595f2cf30
commit 4595f2cf30
parent fdaa73b175
4 changed files with 163 additions and 2 deletions
--- a/pkg/kyverno/test/command.go
+++ b/pkg/kyverno/test/command.go
@ -227,6 +227,7 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu
 	for _, resp := range resps {
 		policyName := resp.PolicyResponse.Policy.Name
 		resourceName := resp.PolicyResponse.Resource.Name
+
 		var rules []string
 		for _, rule := range resp.PolicyResponse.Rules {
 			rules = append(rules, rule.Name)
@ -257,14 +258,18 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu
 				if rule.Type != utils.Validation.String() {
 					continue
 				}
+				ruleName := strings.ReplaceAll(rule.Name, "autogen-", "")
+				if strings.Contains(rule.Name, "autogen-cronjob") {
+					ruleName = strings.ReplaceAll(rule.Name, "autogen-cronjob-", "")
+				}
 				var result report.PolicyReportResult
-				resultsKey := fmt.Sprintf("%s-%s-%s", info.PolicyName, rule.Name, infoResult.Resource.Name)
+				resultsKey := fmt.Sprintf("%s-%s-%s", info.PolicyName, ruleName, infoResult.Resource.Name)
 				if val, ok := results[resultsKey]; ok {
 					result = val
 				} else {
 					continue
 				}
-				result.Rule = rule.Name
+				result.Rule = ruleName
 				result.Status = report.PolicyStatus(rule.Check)
 				results[resultsKey] = result
 			}
--- a/test/cli/test/autogen/policy.yaml
+++ b/test/cli/test/autogen/policy.yaml
@ -0,0 +1,19 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: require-common-labels
+spec:
+  validationFailureAction: enforce
+  rules:
+  - name: check-for-labels
+    match:
+      resources:
+        kinds:
+        - Pod
+    validate:
+      message: "Both `app` and `owner` labels must be set on all workloads"
+      pattern:
+        metadata:
+          labels:
+            app: "?*"
+            owner: "?*"
--- a/test/cli/test/autogen/resources.yaml
+++ b/test/cli/test/autogen/resources.yaml
@ -0,0 +1,85 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-with-labels
+  labels:
+    app: my-pod
+    owner: me
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-missing-labels
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deployment-with-labels
+spec:
+  template:
+    metadata:
+      labels:
+        app: my-pod
+        owner: me
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deployment-missing-labels
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: StatefulSet-with-labels
+spec:
+  serviceName: "nginx"
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: my-pod
+        owner: me
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: StatefulSet-without-labels
+spec:
+  serviceName: "nginx"
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: cronjob-with-labels
+spec:
+  schedule: "*/1 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app: my-pod
+            owner: me
+
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: cronjob-without-labels
+spec:
+  schedule: "*/1 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: hello
+            image: busybox
--- a/test/cli/test/autogen/test.yaml
+++ b/test/cli/test/autogen/test.yaml
@ -0,0 +1,52 @@
+policies:
+- policy.yaml
+resources:
+- resources.yaml
+results:
+# TEST: Pod with Labels Should Pass
+- policy: require-common-labels
+  rule: check-for-labels
+  status: pass
+  resource: pod-with-labels
+
+# TEST: Pod Missing Labels Should Fail
+- policy: require-common-labels
+  rule: check-for-labels
+  status: fail
+  resource: pod-missing-labels
+
+# TEST: Deployment with Labels Should Pass
+- policy: require-common-labels
+  rule: check-for-labels
+  status: pass
+  resource: deployment-with-labels
+
+# TEST: Deployment with Labels Should Fail
+- policy: require-common-labels
+  rule: check-for-labels
+  status: fail
+  resource: deployment-missing-labels
+
+# TEST: StatefulSet with Labels Should Pass
+- policy: require-common-labels
+  rule: check-for-labels
+  status: pass
+  resource: StatefulSet-with-labels
+
+# TEST: StatefulSet with Labels Should fail
+- policy: require-common-labels
+  rule: check-for-labels
+  status: fail
+  resource: StatefulSet-without-labels
+
+# TEST: Cronjob with Labels Should pass
+- policy: require-common-labels
+  rule: check-for-labels
+  status: pass
+  resource: cronjob-with-labels
+
+# TEST: Cronjob without Labels Should fail
+- policy: require-common-labels
+  rule: check-for-labels
+  status: fail
+  resource: cronjob-without-labels