From 5585ed5e9d48c155fcb02aab12edc8a7817f78c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charles.edouard@nirmata.com>
Date: Tue, 28 Feb 2023 16:27:27 +0100
Subject: [PATCH] chore: add cascading kuttl test (#6425)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 .../two-foreach-rules/01-policy.yaml          |  6 ++++
 .../two-foreach-rules/02-configmap.yaml       |  6 ++++
 .../cascading/two-foreach-rules/README.md     |  9 +++++
 .../two-foreach-rules/configmap-assert.yaml   |  7 ++++
 .../two-foreach-rules/configmap.yaml          |  4 +++
 .../two-foreach-rules/policy-assert.yaml      |  9 +++++
 .../cascading/two-foreach-rules/policy.yaml   | 35 +++++++++++++++++++
 7 files changed, 76 insertions(+)
 create mode 100644 test/conformance/kuttl/mutate/cascading/two-foreach-rules/01-policy.yaml
 create mode 100644 test/conformance/kuttl/mutate/cascading/two-foreach-rules/02-configmap.yaml
 create mode 100644 test/conformance/kuttl/mutate/cascading/two-foreach-rules/README.md
 create mode 100644 test/conformance/kuttl/mutate/cascading/two-foreach-rules/configmap-assert.yaml
 create mode 100644 test/conformance/kuttl/mutate/cascading/two-foreach-rules/configmap.yaml
 create mode 100644 test/conformance/kuttl/mutate/cascading/two-foreach-rules/policy-assert.yaml
 create mode 100644 test/conformance/kuttl/mutate/cascading/two-foreach-rules/policy.yaml

diff --git a/test/conformance/kuttl/mutate/cascading/two-foreach-rules/01-policy.yaml b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/01-policy.yaml
new file mode 100644
index 0000000000..b088ed7601
--- /dev/null
+++ b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/01-policy.yaml
@@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- policy.yaml
+assert:
+- policy-assert.yaml
diff --git a/test/conformance/kuttl/mutate/cascading/two-foreach-rules/02-configmap.yaml b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/02-configmap.yaml
new file mode 100644
index 0000000000..52e6510d74
--- /dev/null
+++ b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/02-configmap.yaml
@@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- file: configmap.yaml
+assert:
+- configmap-assert.yaml
diff --git a/test/conformance/kuttl/mutate/cascading/two-foreach-rules/README.md b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/README.md
new file mode 100644
index 0000000000..61c6284e8c
--- /dev/null
+++ b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/README.md
@@ -0,0 +1,9 @@
+## Description
+
+This test creates a policy with two mutation rules.
+The second rule depends on the mutation in the first rule.
+To succeed, the changes in the first mutation rule need to cascade correctly to get the second rule to execute correctly.
+
+## Related issue
+
+https://github.com/kyverno/kyverno/issues/6210
diff --git a/test/conformance/kuttl/mutate/cascading/two-foreach-rules/configmap-assert.yaml b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/configmap-assert.yaml
new file mode 100644
index 0000000000..2edf1170b2
--- /dev/null
+++ b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/configmap-assert.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm
+  annotations:
+    mutation1: '1'
+    mutation2: 'found mutation1: 1'
diff --git a/test/conformance/kuttl/mutate/cascading/two-foreach-rules/configmap.yaml b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/configmap.yaml
new file mode 100644
index 0000000000..0b8bf83e62
--- /dev/null
+++ b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/configmap.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm
diff --git a/test/conformance/kuttl/mutate/cascading/two-foreach-rules/policy-assert.yaml b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/policy-assert.yaml
new file mode 100644
index 0000000000..607796aab5
--- /dev/null
+++ b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/policy-assert.yaml
@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: mutate-chain
+status:
+  conditions:
+  - reason: Succeeded
+    status: 'True'
+    type: Ready
diff --git a/test/conformance/kuttl/mutate/cascading/two-foreach-rules/policy.yaml b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/policy.yaml
new file mode 100644
index 0000000000..11d393a9c8
--- /dev/null
+++ b/test/conformance/kuttl/mutate/cascading/two-foreach-rules/policy.yaml
@@ -0,0 +1,35 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: mutate-chain
+spec:
+  background: false
+  validationFailureAction: Enforce
+  rules:
+    - name: mutation1
+      match:
+        all:
+          - resources:
+              kinds:
+                - v1/ConfigMap
+      mutate:
+        foreach:
+          - list: "['dummy']"
+            patchStrategicMerge:
+              metadata:
+                annotations:
+                  # value is a counter in case K8s decides for multiple mutation rounds
+                  mutation1: "{{ not_null(request.object.metadata.annotations.mutation1, '0') | add(@, '1') }}"
+    - name: mutation2
+      match:
+        all:
+          - resources:
+              kinds:
+                - v1/ConfigMap
+      mutate:
+        foreach:
+          - list: "['dummy']"
+            patchStrategicMerge:
+              metadata:
+                annotations:
+                  mutation2: "found mutation1: {{ request.object.metadata.annotations.mutation1 || '<nothing>' }}"