mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

fix: generate policy fails if triggered resource name exceeds 63 characters limit (#8466) (#8835)

Browse source 
* fix: generate label resource name character length issue



* add source label



* modify newUR function



* fix



* improve readability



* remove generate source name label



* Revert changes



* update ResourceSpec



* add URGenerateResourceUIDLabel



* make codegen crds all



* make codegen client all



* add GenerateSourceUIDLabel



* modify comment



* make codegen crds all



* make codegen-docs-all



* make codegen-all



* set trigger uid



* add uid in transform()



* add name label



* fix: use resource name labels along with its UID



* fix: use the resource name label only if its uid label isn't set



* fix



* add kuttl tests



* fix: delete the trigger resource in the test



* fix: delete the source in the kuttl test



* add generate trigger uid label



* modify TriggerInfo function



* populate uid field for new update requests



* populate new ur spec with uid



* handle downstream resources cleanup



* populate uid of ur status



* fetch triggers by the UID label



* label triggers



* fetch trigger by comparing UID



* fetch cloneList downstream resource by UID



* update test names



* remove trigger name label assertions from kuttl tests



* add unit name selector



* add sleep



* assert events on failures



* rename tests



---------

Signed-off-by: Chandan-DK <chandandk468@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Chandan-DK <chandandk468@gmail.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
gcp-cherry-pick-bot[bot] 2023-11-06 11:26:39 +00:00 committed by GitHub
parent 1144e2454b
commit 52b1ccf1c9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
59 changed files with 572 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
api/kyverno/v1/resource_spec_types.go
View file

@ -6,6 +6,7 @@ import (
"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types"
)
type ResourceSpec struct {
@ -20,12 +21,16 @@ type ResourceSpec struct {
// Name specifies the resource name.
// +optional
Name string `json:"name,omitempty" yaml:"name,omitempty"`
// UID specifies the resource uid.
// +optional
UID types.UID `json:"uid,omitempty" yaml:"uid,omitempty"`
}
func (s ResourceSpec) GetName() string { return s.Name }
func (s ResourceSpec) GetNamespace() string { return s.Namespace }
func (s ResourceSpec) GetKind() string { return s.Kind }
func (s ResourceSpec) GetAPIVersion() string { return s.APIVersion }
func (s ResourceSpec) GetUID() types.UID { return s.UID }
func (s ResourceSpec) GetGroupVersion() (schema.GroupVersion, error) {
return schema.ParseGroupVersion(s.APIVersion)
}

1
api/kyverno/v1beta1/constants.go
View file

@ -11,6 +11,7 @@ const (
// URGeneratePolicyLabel adds the policy name to URs for generate policies
URGeneratePolicyLabel = "generate.kyverno.io/policy-name"
URGenerateResourceNameLabel = "generate.kyverno.io/resource-name"
URGenerateResourceUIDLabel = "generate.kyverno.io/resource-uid"
URGenerateResourceNSLabel = "generate.kyverno.io/resource-namespace"
URGenerateResourceKindLabel = "generate.kyverno.io/resource-kind"
URGenerateRetryCountAnnotation = "generate.kyverno.io/retry-count"

54
charts/kyverno/charts/crds/templates/crds.yaml
View file

@ -7429,6 +7429,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -8694,6 +8697,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -11801,6 +11807,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -13122,6 +13131,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -16193,6 +16205,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -17245,6 +17260,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -20505,6 +20523,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -21826,6 +21847,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -25137,6 +25161,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -26402,6 +26429,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -29510,6 +29540,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -30831,6 +30864,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -33903,6 +33939,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -34955,6 +34994,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -38215,6 +38257,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -39536,6 +39581,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -43090,6 +43138,9 @@ spec:
namespace:
description: Namespace specifies resource namespace.
type: string
uid:
description: UID specifies the resource uid.
type: string
type: object
rule:
description: Rule is the associate rule name of the current UR.
@ -43125,6 +43176,9 @@ spec:
namespace:
description: Namespace specifies resource namespace.
type: string
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
handler:

24
cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml
View file

@ -1123,6 +1123,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -2388,6 +2391,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -5495,6 +5501,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -6816,6 +6825,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -9887,6 +9899,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -10939,6 +10954,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -14199,6 +14217,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -15520,6 +15541,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object

24
cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml
View file

@ -1124,6 +1124,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -2389,6 +2392,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -5497,6 +5503,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -6818,6 +6827,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -9890,6 +9902,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -10942,6 +10957,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -14202,6 +14220,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -15523,6 +15544,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object

24
config/crds/kyverno.io_clusterpolicies.yaml
View file

@ -1123,6 +1123,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -2388,6 +2391,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -5495,6 +5501,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -6816,6 +6825,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -9887,6 +9899,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -10939,6 +10954,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -14199,6 +14217,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -15520,6 +15541,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object

24
config/crds/kyverno.io_policies.yaml
View file

@ -1124,6 +1124,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -2389,6 +2392,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -5497,6 +5503,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -6818,6 +6827,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -9890,6 +9902,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -10942,6 +10957,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -14202,6 +14220,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -15523,6 +15544,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object

6
config/crds/kyverno.io_updaterequests.yaml
View file

@ -343,6 +343,9 @@ spec:
namespace:
description: Namespace specifies resource namespace.
type: string
uid:
description: UID specifies the resource uid.
type: string
type: object
rule:
description: Rule is the associate rule name of the current UR.
@ -378,6 +381,9 @@ spec:
namespace:
description: Namespace specifies resource namespace.
type: string
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
handler:

54
config/install-latest-testing.yaml
View file

@ -7648,6 +7648,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -8913,6 +8916,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -12020,6 +12026,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -13341,6 +13350,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -16412,6 +16424,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -17464,6 +17479,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -20724,6 +20742,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -22045,6 +22066,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -25358,6 +25382,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -26623,6 +26650,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -29731,6 +29761,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -31052,6 +31085,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -34124,6 +34160,9 @@ spec:
resource specified in the Clone declaration. Optional.
Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -35176,6 +35215,9 @@ spec:
is supported for backwards compatibility but will
be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -38436,6 +38478,9 @@ spec:
Data or the resource specified in the Clone declaration.
Optional. Defaults to "false" if not specified.
type: boolean
uid:
description: UID specifies the resource uid.
type: string
type: object
imageExtractors:
additionalProperties:
@ -39757,6 +39802,9 @@ spec:
will be deprecated in the next major release.
See: https://kyverno.io/docs/writing-policies/preconditions/'
x-kubernetes-preserve-unknown-fields: true
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
type: object
@ -43315,6 +43363,9 @@ spec:
namespace:
description: Namespace specifies resource namespace.
type: string
uid:
description: UID specifies the resource uid.
type: string
type: object
rule:
description: Rule is the associate rule name of the current UR.
@ -43350,6 +43401,9 @@ spec:
namespace:
description: Namespace specifies resource namespace.
type: string
uid:
description: UID specifies the resource uid.
type: string
type: object
type: array
handler:

14
docs/user/crd/index.html
View file

@ -3298,6 +3298,20 @@ string
<p>Name specifies the resource name.</p>
</td>
</tr>
<tr>
<td>
<code>uid</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#uid-types-pkg">
k8s.io/apimachinery/pkg/types.UID
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>UID specifies the resource uid.</p>
</td>
</tr>
</tbody>
</table>
<hr />

2
pkg/background/common/constants.go
View file

@ -5,11 +5,13 @@ const (
GeneratePolicyNamespaceLabel = "generate.kyverno.io/policy-namespace"
GenerateRuleLabel = "generate.kyverno.io/rule-name"
GenerateTriggerNameLabel = "generate.kyverno.io/trigger-name"
GenerateTriggerUIDLabel = "generate.kyverno.io/trigger-uid"
GenerateTriggerNSLabel = "generate.kyverno.io/trigger-namespace"
GenerateTriggerKindLabel = "generate.kyverno.io/trigger-kind"
GenerateTriggerVersionLabel = "generate.kyverno.io/trigger-version"
GenerateTriggerGroupLabel = "generate.kyverno.io/trigger-group"
GenerateSourceNameLabel = "generate.kyverno.io/source-name"
GenerateSourceUIDLabel = "generate.kyverno.io/source-uid"
GenerateSourceNSLabel = "generate.kyverno.io/source-namespace"
GenerateSourceKindLabel = "generate.kyverno.io/source-kind"
GenerateSourceVersionLabel = "generate.kyverno.io/source-version"

13
pkg/background/common/labels.go
View file

@ -11,6 +11,7 @@ import (
"github.com/kyverno/kyverno/pkg/logging"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
pkglabels "k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/tools/cache"
)
@ -19,6 +20,7 @@ type Object interface {
GetNamespace() string
GetKind() string
GetAPIVersion() string
GetUID() types.UID
}
func ManageLabels(unstr *unstructured.Unstructured, triggerResource unstructured.Unstructured, policy kyvernov1.PolicyInterface, ruleName string) {
@ -59,7 +61,7 @@ func GenerateLabelsSet(policyKey string, trigger Object) pkglabels.Set {
}
isNil := trigger == nil || (reflect.ValueOf(trigger).Kind() == reflect.Ptr && reflect.ValueOf(trigger).IsNil())
if !isNil {
set[kyvernov1beta1.URGenerateResourceNameLabel] = trigger.GetName()
set[kyvernov1beta1.URGenerateResourceUIDLabel] = string(trigger.GetUID())
set[kyvernov1beta1.URGenerateResourceNSLabel] = trigger.GetNamespace()
set[kyvernov1beta1.URGenerateResourceKindLabel] = trigger.GetKind()
}
@ -94,16 +96,9 @@ func TriggerInfo(labels map[string]string, obj unstructured.Unstructured) {
labels[GenerateTriggerGroupLabel] = obj.GroupVersionKind().Group
labels[GenerateTriggerKindLabel] = obj.GetKind()
labels[GenerateTriggerNSLabel] = obj.GetNamespace()
labels[GenerateTriggerNameLabel] = trimByLength(obj.GetName(), 63)
labels[GenerateTriggerUIDLabel] = string(obj.GetUID())
}
func TagSource(labels map[string]string, obj Object) {
labels[GenerateTypeCloneSourceLabel] = ""
}
func trimByLength(value string, character int) string {
if len(value) > character {
return value[0:character]
}
return value
}

29
pkg/background/common/resource.go
View file

@ -3,22 +3,31 @@ package common
import (
"context"
"fmt"
"time"
"github.com/go-logr/logr"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
"github.com/kyverno/kyverno/pkg/clients/dclient"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
retryutils "github.com/kyverno/kyverno/pkg/utils/retry"
admissionv1 "k8s.io/api/admission/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSpec, log logr.Logger) (*unstructured.Unstructured, error) {
func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSpec, log logr.Logger) (resource *unstructured.Unstructured, err error) {
resourceSpec := urSpec.GetResource()
get := func() (*unstructured.Unstructured, error) {
if urSpec.GetResource().GetUID() != "" {
triggers, err := client.ListResource(context.TODO(), resourceSpec.GetAPIVersion(), resourceSpec.GetKind(), resourceSpec.GetNamespace(), nil)
if err != nil {
return nil, fmt.Errorf("failed to list trigger resources: %v", err)
}
for _, trigger := range triggers.Items {
if resourceSpec.GetUID() == trigger.GetUID() {
return &trigger, nil
}
}
} else if urSpec.GetResource().GetName() != "" {
if resourceSpec.Kind == "Namespace" {
resourceSpec.Namespace = ""
}
@ -35,18 +44,6 @@ func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSp
return resource, nil
}
var resource *unstructured.Unstructured
var err error
retry := func(_ context.Context) error {
resource, err = get()
return err
}
f := retryutils.RetryFunc(context.TODO(), time.Second, 5*time.Second, log.WithName("getResource"), "failed to get resource", retry)
if err := f(); err != nil {
return nil, err
}
if resource == nil && urSpec.Context.AdmissionRequestInfo.AdmissionRequest != nil {
request := urSpec.Context.AdmissionRequestInfo.AdmissionRequest
raw := request.Object.Raw

7
pkg/background/common/util.go
View file

@ -9,6 +9,7 @@ import (
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1"
"github.com/kyverno/kyverno/pkg/clients/dclient"
"github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/logging"
errors "github.com/pkg/errors"
@ -51,6 +52,7 @@ func ResourceSpecFromUnstructured(obj unstructured.Unstructured) kyvernov1.Resou
Kind: obj.GetKind(),
Namespace: obj.GetNamespace(),
Name: obj.GetName(),
UID: obj.GetUID(),
}
}
@ -99,3 +101,8 @@ func UpdateRetryAnnotation(kyvernoClient versioned.Interface, ur *kyvernov1beta1
}
return nil
}
func FindDownstream(client dclient.Interface, apiVersion, kind string, labels map[string]string) (*unstructured.UnstructuredList, error) {
selector := &metav1.LabelSelector{MatchLabels: labels}
return client.ListResource(context.TODO(), apiVersion, kind, "", selector)
}

40
pkg/background/generate/cleanup.go
View file

@ -101,25 +101,51 @@ func (c *GenerateController) getDownstreams(rule kyvernov1.Rule, selector map[st
return nil, err
}
selector[common.GenerateTriggerNameLabel] = ur.Spec.GetResource().GetName()
selector[common.GenerateTriggerUIDLabel] = string(ur.Spec.GetResource().GetUID())
selector[common.GenerateTriggerNSLabel] = ur.Spec.GetResource().GetNamespace()
selector[common.GenerateTriggerKindLabel] = ur.Spec.GetResource().GetKind()
selector[common.GenerateTriggerGroupLabel] = gv.Group
selector[common.GenerateTriggerVersionLabel] = gv.Version
if rule.Generation.GetKind() != "" {
c.log.V(4).Info("fetching downstream resources", "APIVersion", rule.Generation.GetAPIVersion(), "kind", rule.Generation.GetKind(), "selector", selector)
return FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), selector)
// Fetch downstream resources using trigger uid label
c.log.V(4).Info("fetching downstream resource by the UID", "APIVersion", rule.Generation.GetAPIVersion(), "kind", rule.Generation.GetKind(), "selector", selector)
downstreamList, err := common.FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), selector)
if err != nil {
return nil, err
}
if len(downstreamList.Items) == 0 {
// Fetch downstream resources using the trigger name label
delete(selector, common.GenerateTriggerUIDLabel)
selector[common.GenerateTriggerNameLabel] = ur.Spec.GetResource().GetName()
c.log.V(4).Info("fetching downstream resource by the name", "APIVersion", rule.Generation.GetAPIVersion(), "kind", rule.Generation.GetKind(), "selector", selector)
dsList, err := common.FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), selector)
if err != nil {
return nil, err
}
downstreamList.Items = append(downstreamList.Items, dsList.Items...)
}
return downstreamList, err
}
dsList := &unstructured.UnstructuredList{}
for _, kind := range rule.Generation.CloneList.Kinds {
apiVersion, kind := kubeutils.GetKindFromGVK(kind)
c.log.V(4).Info("fetching downstream resources", "APIVersion", apiVersion, "kind", kind, "selector", selector)
dsList, err = FindDownstream(c.client, apiVersion, kind, selector)
c.log.V(4).Info("fetching downstream cloneList resources by the UID", "APIVersion", apiVersion, "kind", kind, "selector", selector)
dsList, err = common.FindDownstream(c.client, apiVersion, kind, selector)
if err != nil {
return nil, err
} else {
dsList.Items = append(dsList.Items, dsList.Items...)
}
if len(dsList.Items) == 0 {
delete(selector, common.GenerateTriggerUIDLabel)
selector[common.GenerateTriggerNameLabel] = ur.Spec.GetResource().GetName()
c.log.V(4).Info("fetching downstream resource by the name", "APIVersion", rule.Generation.GetAPIVersion(), "kind", rule.Generation.GetKind(), "selector", selector)
dsList, err = common.FindDownstream(c.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), selector)
if err != nil {
return nil, err
}
}
}
return dsList, nil

25
pkg/background/generate/generate.go
View file

@ -34,6 +34,7 @@ import (
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/selection"
corev1listers "k8s.io/client-go/listers/core/v1"
"k8s.io/client-go/tools/cache"
)
@ -232,16 +233,36 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
logger.V(4).Info("querying all update requests")
selector := labels.SelectorFromSet(labels.Set(map[string]string{
kyvernov1beta1.URGeneratePolicyLabel: engineResponse.Policy().GetName(),
kyvernov1beta1.URGenerateResourceNameLabel: engineResponse.Resource.GetName(),
kyvernov1beta1.URGenerateResourceKindLabel: engineResponse.Resource.GetKind(),
kyvernov1beta1.URGenerateResourceNSLabel: engineResponse.Resource.GetNamespace(),
}))
urList, err := c.urLister.List(selector)
// get update requests that have the resource UID label
requirement, err := labels.NewRequirement(kyvernov1beta1.URGenerateResourceUIDLabel, selection.Equals, []string{string(engineResponse.Resource.GetUID())})
if err != nil {
logger.Error(err, "failed to add the resource UID label")
}
selectorWithResUID := selector.Add(*requirement)
urList, err := c.urLister.List(selectorWithResUID)
if err != nil {
logger.Error(err, "failed to get update request for the resource", "kind", engineResponse.Resource.GetKind(), "name", engineResponse.Resource.GetName(), "namespace", engineResponse.Resource.GetNamespace())
continue
}
if len(urList) == 0 {
// get update requests that have the resource name label
requirement, err = labels.NewRequirement(kyvernov1beta1.URGenerateResourceNameLabel, selection.Equals, []string{engineResponse.Resource.GetName()})
if err != nil {
logger.Error(err, "failed to add the resource name label")
continue
}
selectorWithResName := selector.Add(*requirement)
urList, err = c.urLister.List(selectorWithResName)
if err != nil {
logger.Error(err, "failed to get update request for the resource", "kind", engineResponse.Resource.GetKind(), "name", engineResponse.Resource.GetName(), "namespace", engineResponse.Resource.GetNamespace())
continue
}
}
for _, v := range urList {
err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), v.GetName(), metav1.DeleteOptions{})
if err != nil {

2
pkg/background/generate/source.go
View file

@ -30,6 +30,6 @@ func addSourceLabels(source *unstructured.Unstructured) {
labels[common.GenerateSourceVersionLabel] = source.GroupVersionKind().Version
labels[common.GenerateSourceKindLabel] = source.GetKind()
labels[common.GenerateSourceNSLabel] = source.GetNamespace()
labels[common.GenerateSourceNameLabel] = source.GetName()
labels[common.GenerateSourceUIDLabel] = string(source.GetUID())
source.SetLabels(labels)
}

12
pkg/background/generate/utils.go
View file

@ -1,14 +1,10 @@
package generate
import (
"context"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
"github.com/kyverno/kyverno/pkg/background/common"
"github.com/kyverno/kyverno/pkg/clients/dclient"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types"
)
func newResourceSpec(genAPIVersion, genKind, genNamespace, genName string) kyvernov1.ResourceSpec {
@ -29,11 +25,7 @@ func TriggerFromLabels(labels map[string]string) kyvernov1.ResourceSpec {
Kind: labels[common.GenerateTriggerKindLabel],
Namespace: labels[common.GenerateTriggerNSLabel],
Name: labels[common.GenerateTriggerNameLabel],
UID: types.UID(labels[common.GenerateTriggerUIDLabel]),
APIVersion: apiVersion.String(),
}
}
func FindDownstream(client dclient.Interface, apiVersion, kind string, labels map[string]string) (*unstructured.UnstructuredList, error) {
selector := &metav1.LabelSelector{MatchLabels: labels}
return client.ListResource(context.TODO(), apiVersion, kind, "", selector)
}

10
pkg/client/applyconfigurations/kyverno/v1/generation.go
View file

@ -20,6 +20,7 @@ package v1
import (
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
types "k8s.io/apimachinery/pkg/types"
)
// GenerationApplyConfiguration represents an declarative configuration of the Generation type for use
@ -74,6 +75,15 @@ func (b *GenerationApplyConfiguration) WithName(value string) *GenerationApplyCo
return b
}
// WithUID sets the UID field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the UID field is set to the value of the last call.
func (b *GenerationApplyConfiguration) WithUID(value types.UID) *GenerationApplyConfiguration {
b.ensureResourceSpecApplyConfigurationExists()
b.UID = &value
return b
}
func (b *GenerationApplyConfiguration) ensureResourceSpecApplyConfigurationExists() {
if b.ResourceSpecApplyConfiguration == nil {
b.ResourceSpecApplyConfiguration = &ResourceSpecApplyConfiguration{}

21
pkg/client/applyconfigurations/kyverno/v1/resourcespec.go
View file

@ -18,13 +18,18 @@ limitations under the License.
package v1
import (
types "k8s.io/apimachinery/pkg/types"
)
// ResourceSpecApplyConfiguration represents an declarative configuration of the ResourceSpec type for use
// with apply.
type ResourceSpecApplyConfiguration struct {
APIVersion *string `json:"apiVersion,omitempty"`
Kind *string `json:"kind,omitempty"`
Namespace *string `json:"namespace,omitempty"`
Name *string `json:"name,omitempty"`
APIVersion *string `json:"apiVersion,omitempty"`
Kind *string `json:"kind,omitempty"`
Namespace *string `json:"namespace,omitempty"`
Name *string `json:"name,omitempty"`
UID *types.UID `json:"uid,omitempty"`
}
// ResourceSpecApplyConfiguration constructs an declarative configuration of the ResourceSpec type for use with
@ -64,3 +69,11 @@ func (b *ResourceSpecApplyConfiguration) WithName(value string) *ResourceSpecApp
b.Name = &value
return b
}
// WithUID sets the UID field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the UID field is set to the value of the last call.
func (b *ResourceSpecApplyConfiguration) WithUID(value types.UID) *ResourceSpecApplyConfiguration {
b.UID = &value
return b
}

10
pkg/client/applyconfigurations/kyverno/v1/targetresourcespec.go
View file

@ -20,6 +20,7 @@ package v1
import (
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
types "k8s.io/apimachinery/pkg/types"
)
// TargetResourceSpecApplyConfiguration represents an declarative configuration of the TargetResourceSpec type for use
@ -72,6 +73,15 @@ func (b *TargetResourceSpecApplyConfiguration) WithName(value string) *TargetRes
return b
}
// WithUID sets the UID field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the UID field is set to the value of the last call.
func (b *TargetResourceSpecApplyConfiguration) WithUID(value types.UID) *TargetResourceSpecApplyConfiguration {
b.ensureResourceSpecApplyConfigurationExists()
b.UID = &value
return b
}
func (b *TargetResourceSpecApplyConfiguration) ensureResourceSpecApplyConfigurationExists() {
if b.ResourceSpecApplyConfiguration == nil {
b.ResourceSpecApplyConfiguration = &ResourceSpecApplyConfiguration{}

2
pkg/policy/generate.go
View file

@ -101,7 +101,7 @@ func (pc *policyController) syncDataRulechanges(policy kyvernov1.PolicyInterface
kyverno.LabelAppManagedBy: kyverno.ValueKyvernoApp,
}
downstreams, err := generateutils.FindDownstream(pc.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), labels)
downstreams, err := common.FindDownstream(pc.client, rule.Generation.GetAPIVersion(), rule.Generation.GetKind(), labels)
if err != nil {
return err
}

2
pkg/policy/updaterequest.go
View file

@ -45,6 +45,7 @@ func newUR(policy kyvernov1.PolicyInterface, trigger kyvernov1.ResourceSpec, rul
Namespace: trigger.GetNamespace(),
Name: trigger.GetName(),
APIVersion: trigger.GetAPIVersion(),
UID: trigger.GetUID(),
},
DeleteDownstream: deleteDownstream,
},
@ -60,6 +61,7 @@ func newURStatus(downstream unstructured.Unstructured) kyvernov1beta1.UpdateRequ
Kind: downstream.GetKind(),
Namespace: downstream.GetNamespace(),
Name: downstream.GetName(),
UID: downstream.GetUID(),
},
},
}

23
pkg/webhooks/resource/generation/handler.go
View file

@ -160,6 +160,7 @@ func (h *generationHandler) applyGeneration(
Kind: trigger.GetKind(),
Namespace: trigger.GetNamespace(),
Name: trigger.GetName(),
UID: trigger.GetUID(),
}
rules := getAppliedRules(policy, appliedRules)
@ -196,6 +197,7 @@ func (h *generationHandler) syncTriggerAction(
Kind: trigger.GetKind(),
Namespace: trigger.GetNamespace(),
Name: trigger.GetName(),
UID: trigger.GetUID(),
}
rules := getAppliedRules(policy, failedRules)
@ -246,6 +248,7 @@ func (h *generationHandler) processRequest(ctx context.Context, policyContext *e
// clone source deletion
deleteDownstream = true
}
// fetch targets that have the source name label
targetSelector := map[string]string{
common.GenerateSourceGroupLabel: old.GroupVersionKind().Group,
common.GenerateSourceVersionLabel: old.GroupVersionKind().Version,
@ -253,7 +256,25 @@ func (h *generationHandler) processRequest(ctx context.Context, policyContext *e
common.GenerateSourceNSLabel: old.GetNamespace(),
common.GenerateSourceNameLabel: old.GetName(),
}
targets, err := generateutils.FindDownstream(h.client, old.GetAPIVersion(), old.GetKind(), targetSelector)
targets, err := common.FindDownstream(h.client, old.GetAPIVersion(), old.GetKind(), targetSelector)
if err != nil {
return fmt.Errorf("failed to list targets resources: %v", err)
}
for i := range targets.Items {
l := targets.Items[i].GetLabels()
labelsList = append(labelsList, l)
}
// fetch targets that have the source UID label
targetSelector = map[string]string{
common.GenerateSourceGroupLabel: old.GroupVersionKind().Group,
common.GenerateSourceVersionLabel: old.GroupVersionKind().Version,
common.GenerateSourceKindLabel: old.GetKind(),
common.GenerateSourceNSLabel: old.GetNamespace(),
common.GenerateSourceUIDLabel: string(old.GetUID()),
}
targets, err = common.FindDownstream(h.client, old.GetAPIVersion(), old.GetKind(), targetSelector)
if err != nil {
return fmt.Errorf("failed to list targets resources: %v", err)
}

1
pkg/webhooks/resource/utils.go
View file

@ -88,6 +88,7 @@ func transform(admissionRequestInfo kyvernov1beta1.AdmissionRequestInfoObject, u
Namespace: er.Resource.GetNamespace(),
Name: er.Resource.GetName(),
APIVersion: er.Resource.GetAPIVersion(),
UID: er.Resource.GetUID(),
},
Context: kyvernov1beta1.UpdateRequestSpecContext{
UserRequestInfo: userRequestInfo,

0
test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/01-crd.yaml → test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/01-crd.yaml
View file

0
test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/02-policy.yaml → test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/02-policy.yaml
View file

0
test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/03-resource.yaml → test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/03-resource.yaml
View file

5
test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/04-sleep.yaml Normal file
View file

@ -0,0 +1,5 @@
# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run.
apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- command: sleep 3

2
test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/04-event.yaml → test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/05-event.yaml
View file

@ -1,5 +1,5 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
error:
assert:
- event.yaml

15
test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/README.md Normal file
View file

@ -0,0 +1,15 @@
## Description
This test creates a generate policy, and a resource. A `PolicyError` event should be created upon the failure.
## Steps
1. - Create a policy
- Assert the policy becomes ready
1. - Create a resource
1. - Asset a `PolicyError` event is created
## Reference Issue(s)
https://github.com/kyverno/kyverno/pull/8466
https://github.com/kyverno/kyverno/pull/1413

0
test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/crd-assert.yaml → test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/crd-assert.yaml
View file

0
test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/crd.yaml → test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/crd.yaml
View file

1
test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/event.yaml → test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/event.yaml
View file

@ -6,4 +6,5 @@ involvedObject:
apiVersion: kyverno.io/v1
kind: ClusterPolicy
name: rbac-policy
reason: PolicyError
reportingComponent: kyverno-generate

0
test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/policy-assert.yaml → test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/policy-assert.yaml
View file

2
test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/policy.yaml → test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/policy.yaml
View file

@ -23,3 +23,5 @@ spec:
- resources:
kinds:
- Namespace
names:
- ns-2

0
test/conformance/kuttl/events/clusterpolicy/no-events-upon-fail-generation/resource.yaml → test/conformance/kuttl/events/clusterpolicy/generate-events-upon-fail-generation/resource.yaml
View file

9
test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-assert.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: kyverno.io/v2beta1
kind: ClusterPolicy
metadata:
name: generate-secret
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

30
test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-manifests.yaml Normal file
View file

@ -0,0 +1,30 @@
apiVersion: v1
data:
foo: YmFy
kind: Secret
metadata:
name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
namespace: default
type: Opaque
---
apiVersion: kyverno.io/v2beta1
kind: ClusterPolicy
metadata:
name: generate-secret
spec:
rules:
- name: clone-secret
match:
any:
- resources:
kinds:
- Namespace
generate:
apiVersion: v1
kind: Secret
name: regcred
namespace: "{{request.object.metadata.name}}"
synchronize: true
clone:
namespace: default
name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred

5
test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-assert.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: v1
kind: Secret
metadata:
name: regcred
namespace: production

4
test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-ns.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: production

4
test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/03-sleep.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- command: sleep 3

7
test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/04-delete-source.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
delete:
- apiVersion: v1
kind: Secret
name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
namespace: default

4
test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/05-sleep.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- command: sleep 3

8
test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/06-error.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: v1
data:
foo: YmFy
kind: Secret
metadata:
name: regcred
namespace: production
type: Opaque

11
test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/README.md Normal file
View file

@ -0,0 +1,11 @@
## Description
This test ensures that the secret is cloned from a source resource name exceeds 63 characters limit.
## Expected Behavior
If the downstream resource is created, the test passes. If it is not created, the test fails.
## Reference Issue(s)
https://github.com/kyverno/kyverno/issues/8447

1
test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml
View file

@ -14,7 +14,6 @@ metadata:
generate.kyverno.io/trigger-version: v1
generate.kyverno.io/trigger-group: ""
generate.kyverno.io/trigger-kind: ConfigMap
generate.kyverno.io/trigger-name: generate-event-on-edit-configmap
generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns
namespace: generate-event-on-edit-ns
source:

2
test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml
View file

@ -14,7 +14,6 @@ metadata:
generate.kyverno.io/trigger-version: v1
generate.kyverno.io/trigger-group: ""
generate.kyverno.io/trigger-kind: ConfigMap
generate.kyverno.io/trigger-name: generate-event-on-edit-configmap
generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns
namespace: generate-event-on-edit-ns
source:
@ -36,7 +35,6 @@ metadata:
generate.kyverno.io/trigger-version: v1
generate.kyverno.io/trigger-group: ""
generate.kyverno.io/trigger-kind: ConfigMap
generate.kyverno.io/trigger-name: generate-event-on-edit-configmap
generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns
namespace: generate-event-on-edit-ns
source:

9
test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-assert.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: kyverno.io/v2beta1
kind: ClusterPolicy
metadata:
name: generate-network-policy
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

26
test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-policy.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: generate-network-policy
spec:
rules:
- name: default-deny
match:
any:
- resources:
kinds:
- ConfigMap
names:
- my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap
generate:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
name: default-deny
namespace: "{{request.object.metadata.namespace}}"
synchronize: true
data:
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress

12
test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/02-trigger.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: Namespace
metadata:
name: trigger-resource-name-exceeds-63-characters-ns
---
apiVersion: v1
kind: ConfigMap
metadata:
name: my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap
namespace: trigger-resource-name-exceeds-63-characters-ns
data:
color: blue

4
test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/03-downstream-created.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
assert:
- downstream.yaml

7
test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/04-delete.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
delete:
- apiVersion: v1
kind: ConfigMap
name: my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap
namespace: trigger-resource-name-exceeds-63-characters-ns

4
test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/05-sleep.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
- command: sleep 3

4
test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/06-check.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kuttl.dev/v1beta1
kind: TestStep
error:
- downstream.yaml

11
test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/README.md Normal file
View file

@ -0,0 +1,11 @@
## Description
This test checks to ensure that generation of the downstream when the trigger resource name exceeds 63 characters limit.
## Expected Behavior
If the downstream resource is generated, the test passes.
## Reference Issue(s)
https://github.com/kyverno/kyverno/issues/4675

9
test/conformance/kuttl/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/downstream.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
namespace: trigger-resource-name-exceeds-63-characters-ns
spec:
policyTypes:
- Ingress
- Egress

2
test/conformance/kuttl/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/01-manifests.yaml
View file

@ -24,6 +24,8 @@ spec:
- resources:
kinds:
- ConfigMap
names:
- test-org
generate:
apiVersion: v1
kind: Secret

1
test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml
View file

@ -12,7 +12,6 @@ metadata:
generate.kyverno.io/trigger-version: v1
generate.kyverno.io/trigger-group: ""
generate.kyverno.io/trigger-kind: PodExecOptions
generate.kyverno.io/trigger-name: ""
generate.kyverno.io/trigger-namespace: test-generate-exec
somekey: somevalue
name: zk-kafka-address