diff --git a/pkg/engine/overlay.go b/pkg/engine/overlay.go index 269a98c63c..e7fb0d5258 100644 --- a/pkg/engine/overlay.go +++ b/pkg/engine/overlay.go @@ -69,7 +69,7 @@ func processOverlay(rule kyverno.Rule, resource unstructured.Unstructured) (resp // rule application succesfuly response.Success = true - response.Message = fmt.Sprintf("succesfully process overlay") + response.Message = fmt.Sprintf("successfully processed overlay") response.Patches = patches // apply the patches to the resource return response, patchedResource diff --git a/pkg/engine/overlay_test.go b/pkg/engine/overlay_test.go index 5ee7091b76..a991fc27f2 100644 --- a/pkg/engine/overlay_test.go +++ b/pkg/engine/overlay_test.go @@ -947,3 +947,96 @@ func TestProcessOverlayPatches_insertWithCondition(t *testing.T) { compareJSONAsMap(t, expectedResult, doc) } + +func TestProcessOverlayPatches_InsertIfNotPresentWithConditions(t *testing.T) { + overlayRaw := []byte(` + { + "metadata": { + "annotations": { + "+(cluster-autoscaler.kubernetes.io/safe-to-evict)": true + } + }, + "spec": { + "volumes": [ + { + "(emptyDir)": {} + } + ] + } + }`) + + resourceRaw := []byte(` + { + "apiVersion": "v1", + "kind": "Pod", + "metadata": { + "name": "pod-with-emptydir" + }, + "spec": { + "containers": [ + { + "image": "k8s.gcr.io/test-webserver", + "name": "test-container", + "volumeMounts": [ + { + "mountPath": "/cache", + "name": "cache-volume" + } + ] + } + ], + "volumes": [ + { + "name": "cache-volume", + "emptyDir": {} + } + ] + } + }`) + + var resource, overlay interface{} + + json.Unmarshal(resourceRaw, &resource) + json.Unmarshal(overlayRaw, &overlay) + + patches, err := processOverlayPatches(resource, overlay) + assert.NilError(t, err) + assert.Assert(t, len(patches) != 0) + + doc, err := ApplyPatches(resourceRaw, patches) + assert.NilError(t, err) + + expectedResult := []byte(` + { + "apiVersion": "v1", + "kind": "Pod", + "metadata": { + "name": "pod-with-emptydir", + "annotations": { + "cluster-autoscaler.kubernetes.io/safe-to-evict": true + } + }, + "spec": { + "containers": [ + { + "image": "k8s.gcr.io/test-webserver", + "name": "test-container", + "volumeMounts": [ + { + "mountPath": "/cache", + "name": "cache-volume" + } + ] + } + ], + "volumes": [ + { + "name": "cache-volume", + "emptyDir": {} + } + ] + } + }`) + + compareJSONAsMap(t, expectedResult, doc) +} diff --git a/test/output/pod-with-emptydir.yaml b/test/output/pod-with-emptydir.yaml index f729d797a3..e7bc8b2897 100644 --- a/test/output/pod-with-emptydir.yaml +++ b/test/output/pod-with-emptydir.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: Pod metadata: name: pod-with-emptydir + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: true spec: containers: - image: k8s.gcr.io/test-webserver diff --git a/test/scenarios/other/scenario_mutate_validate_qos.yaml b/test/scenarios/other/scenario_mutate_validate_qos.yaml index 19220a53cb..808dade3d1 100644 --- a/test/scenarios/other/scenario_mutate_validate_qos.yaml +++ b/test/scenarios/other/scenario_mutate_validate_qos.yaml @@ -16,7 +16,7 @@ expected: - name: add-memory-limit type: Mutation success: true - message: succesfully process overlay + message: successfully processed overlay validation: policyresponse: policy: policy-qos diff --git a/test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict.yaml b/test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict.yaml index 0cef289009..fade477510 100644 --- a/test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict.yaml +++ b/test/scenarios/samples/best_practices/scenario_mutate_safe-to-evict.yaml @@ -16,4 +16,4 @@ expected: - name: add-safe-to-evict-annotation type: Mutation success: true - message: "succesfully processed overlay" \ No newline at end of file + message: "successfully processed overlay" \ No newline at end of file