diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/README.md b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/README.md index ff89967525..c36e7a4d75 100644 --- a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/README.md +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/README.md @@ -1,7 +1,11 @@ -# Title +## Description -This test ensures that deletion of a downstream resource created by a ClusterPolicy `generate` rule with sync disabled using a clone declaration does NOT cause it to be regenerated. If the downstream resource is regenerated, the test fails. If it is not regenerated, the test succeeds. +Tests that the deletion of a downstream resource created with a generate rule, clone, and no synchronization remains deleted and is not recreated. -### Tests a clone rule with sync not enabled that deleting a downstream resource shows it is not recreated. -### Because https://github.com/kyverno/kyverno/issues/4457 is not yet fixed for this type, the test will fail. -### Expected result: fail \ No newline at end of file +## Expected Behavior + +The deleted resource is expected to not be recreated. If the downstream resource is regenerated, the test fails. If it is not regenerated, the test succeeds. + +## Reference Issue(s) + +4457 diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/01-policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/01-policy.yaml new file mode 100644 index 0000000000..f3857739b0 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/01-policy.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- policy.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/02-resource.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/02-resource.yaml new file mode 100644 index 0000000000..90ff828793 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/02-resource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- ns.yaml +assert: +- cloned.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/03-removepolicy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/03-removepolicy.yaml new file mode 100644 index 0000000000..982ede98c3 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/03-removepolicy.yaml @@ -0,0 +1,8 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +delete: +- apiVersion: kyverno.io/v2beta1 + kind: ClusterPolicy + name: cpol-nosync-clone-delete-policy +assert: +- check.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/README.md b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/README.md new file mode 100644 index 0000000000..9324ce6b13 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/README.md @@ -0,0 +1,11 @@ +## Description + +This test ensures that deletion of a whole policy, with a generate rule using clone and no-sync, does NOT cause the downstream resource to be deleted. + +## Expected Behavior + +Once the policy is deleted, the downstream resource is expected to remain. If it does remain, the test passes. If it gets deleted, the test fails. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/check.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/check.yaml new file mode 100644 index 0000000000..2b2bfd7b57 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/check.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-nosync-delete-policy +type: Opaque diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/cloned.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/cloned.yaml new file mode 100644 index 0000000000..2b2bfd7b57 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/cloned.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-nosync-delete-policy +type: Opaque diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/ns.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/ns.yaml new file mode 100644 index 0000000000..e663ff96bb --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-nosync-delete-policy \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/policy-ready.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/policy-ready.yaml new file mode 100644 index 0000000000..e7e2cf2bca --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-nosync-clone-delete-policy +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/policy.yaml new file mode 100644 index 0000000000..e67b52381c --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/policy.yaml @@ -0,0 +1,30 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-nosync-clone-delete-policy +spec: + rules: + - name: clone-secret + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: Secret + name: regcred + namespace: "{{request.object.metadata.name}}" + synchronize: false + clone: + namespace: default + name: regcred +--- +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/01-policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/01-policy.yaml new file mode 100644 index 0000000000..f3857739b0 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/01-policy.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- policy.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/02-resource.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/02-resource.yaml new file mode 100644 index 0000000000..90ff828793 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/02-resource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- ns.yaml +assert: +- cloned.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/03-removerule.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/03-removerule.yaml new file mode 100644 index 0000000000..72e05dbe1e --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/03-removerule.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- singlerule.yaml +assert: +- check.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/README.md b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/README.md new file mode 100644 index 0000000000..8db10a7c04 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/README.md @@ -0,0 +1,11 @@ +## Description + +This test ensures that deletion of a rule within a policy containing multiple rules, with a generate rule using clone and no-sync, does NOT cause the downstream resource to be deleted. + +## Expected Behavior + +Once the rule is deleted, the downstream resource is expected to remain. If it does remain, the test passes. If it gets deleted, the test fails. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/check.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/check.yaml new file mode 100644 index 0000000000..da215944ae --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/check.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-nosync-delete-rule +type: Opaque +--- +apiVersion: v1 +data: + color: yellow +kind: ConfigMap +metadata: + namespace: cpol-clone-nosync-delete-rule + name: mytestcm \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/cloned.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/cloned.yaml new file mode 100644 index 0000000000..da215944ae --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/cloned.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-nosync-delete-rule +type: Opaque +--- +apiVersion: v1 +data: + color: yellow +kind: ConfigMap +metadata: + namespace: cpol-clone-nosync-delete-rule + name: mytestcm \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/ns.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/ns.yaml new file mode 100644 index 0000000000..d708a1ebd3 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-nosync-delete-rule \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/policy-ready.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/policy-ready.yaml new file mode 100644 index 0000000000..66a5d55f4d --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-nosync-clone +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/policy.yaml new file mode 100644 index 0000000000..e5c714132a --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/policy.yaml @@ -0,0 +1,53 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-nosync-clone +spec: + rules: + - name: clone-secret + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: Secret + name: regcred + namespace: "{{request.object.metadata.name}}" + synchronize: false + clone: + namespace: default + name: regcred + - name: clone-configmap + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: ConfigMap + name: mytestcm + namespace: "{{request.object.metadata.name}}" + synchronize: false + clone: + namespace: default + name: mytestcm +--- +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque +--- +apiVersion: v1 +data: + color: yellow +kind: ConfigMap +metadata: + namespace: default + name: mytestcm \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/singlerule.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/singlerule.yaml new file mode 100644 index 0000000000..66fea0e255 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/singlerule.yaml @@ -0,0 +1,21 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-nosync-clone +spec: + rules: + - name: clone-secret + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: Secret + name: regcred + namespace: "{{request.object.metadata.name}}" + synchronize: false + clone: + namespace: default + name: regcred \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/01-policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/01-policy.yaml new file mode 100644 index 0000000000..f3857739b0 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/01-policy.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- policy.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/02-resource.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/02-resource.yaml new file mode 100644 index 0000000000..90ff828793 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/02-resource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- ns.yaml +assert: +- cloned.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/03-deletesource.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/03-deletesource.yaml new file mode 100644 index 0000000000..99d9ceb00b --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/03-deletesource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +delete: +- apiVersion: v1 + kind: Secret + name: regcred \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/04-forcesleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/04-forcesleep.yaml new file mode 100644 index 0000000000..5b8bfb4701 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/04-forcesleep.yaml @@ -0,0 +1,4 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 5 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/05-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/05-assert.yaml new file mode 100644 index 0000000000..7f5bec03a1 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/05-assert.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-nosync-delete-source +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/README.md b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/README.md new file mode 100644 index 0000000000..ec9bf797bf --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/README.md @@ -0,0 +1,11 @@ +## Description + +This test ensures that deletion of a source (upstream) resource, using a generate policy with clone and no-sync, does NOT cause the downstream resource to be deleted. + +## Expected Behavior + +Once the upstream resource is deleted, the downstream resource is expected to remain. If it does remain, the test passes. If it gets deleted, the test fails. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/cloned.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/cloned.yaml new file mode 100644 index 0000000000..185d28b47a --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/cloned.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-nosync-delete-source +type: Opaque diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/ns.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/ns.yaml new file mode 100644 index 0000000000..19207caf74 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-nosync-delete-source \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/policy-ready.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/policy-ready.yaml new file mode 100644 index 0000000000..57aa75e934 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-nosync-delete-source +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/policy.yaml new file mode 100644 index 0000000000..a86c4b7124 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/policy.yaml @@ -0,0 +1,30 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-nosync-delete-source +spec: + rules: + - name: clone-secret + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: Secret + name: regcred + namespace: "{{request.object.metadata.name}}" + synchronize: false + clone: + namespace: default + name: regcred +--- +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/01-policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/01-policy.yaml new file mode 100644 index 0000000000..f3857739b0 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/01-policy.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- policy.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/02-resource.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/02-resource.yaml new file mode 100644 index 0000000000..90ff828793 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/02-resource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- ns.yaml +assert: +- cloned.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/03-modifydownstream.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/03-modifydownstream.yaml new file mode 100644 index 0000000000..0de4724e25 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/03-modifydownstream.yaml @@ -0,0 +1,4 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- changed-secret.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/04-forcesleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/04-forcesleep.yaml new file mode 100644 index 0000000000..5b8bfb4701 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/04-forcesleep.yaml @@ -0,0 +1,4 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 5 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/05-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/05-assert.yaml new file mode 100644 index 0000000000..f9a4916e78 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/05-assert.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: aGVyZWlzY2hhbmdlZGRhdGE= +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-nosync-modify-downstream +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/README.md b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/README.md new file mode 100644 index 0000000000..708b737217 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/README.md @@ -0,0 +1,11 @@ +## Description + +This test ensures that modification of a downstream (generated) resource, using a generate policy with clone and no-sync, does NOT cause changes to be synchronized downstream. + +## Expected Behavior + +Once the downstream resource is modified, the downstream resource is expected to remain as-is. If it does remain as-is, the test passes. If the changes get reverted (synced), the test fails. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/changed-secret.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/changed-secret.yaml new file mode 100644 index 0000000000..f9a4916e78 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/changed-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: aGVyZWlzY2hhbmdlZGRhdGE= +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-nosync-modify-downstream +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/check.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/check.yaml new file mode 100644 index 0000000000..049ff2bcc2 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/check.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-nosync-clone-modify-source +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/cloned.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/cloned.yaml new file mode 100644 index 0000000000..82300056ab --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/cloned.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-nosync-modify-downstream +type: Opaque diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/ns.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/ns.yaml new file mode 100644 index 0000000000..cfcaa2e82c --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-nosync-modify-downstream \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/policy-ready.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/policy-ready.yaml new file mode 100644 index 0000000000..bc58729bd4 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-nosync-modify-downstream +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/policy.yaml new file mode 100644 index 0000000000..757cacb03c --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/policy.yaml @@ -0,0 +1,30 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-nosync-modify-downstream +spec: + rules: + - name: clone-secret + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: Secret + name: regcred + namespace: "{{request.object.metadata.name}}" + synchronize: false + clone: + namespace: default + name: regcred +--- +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/01-policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/01-policy.yaml new file mode 100644 index 0000000000..f3857739b0 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/01-policy.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- policy.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/02-resource.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/02-resource.yaml new file mode 100644 index 0000000000..90ff828793 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/02-resource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- ns.yaml +assert: +- cloned.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/03-modifysource.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/03-modifysource.yaml new file mode 100644 index 0000000000..0de4724e25 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/03-modifysource.yaml @@ -0,0 +1,4 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- changed-secret.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/04-forcesleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/04-forcesleep.yaml new file mode 100644 index 0000000000..5b8bfb4701 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/04-forcesleep.yaml @@ -0,0 +1,4 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 5 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/05-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/05-assert.yaml new file mode 100644 index 0000000000..049ff2bcc2 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/05-assert.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-nosync-clone-modify-source +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/README.md b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/README.md new file mode 100644 index 0000000000..3cfcb5042b --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/README.md @@ -0,0 +1,11 @@ +## Description + +This test ensures that modification of a source (upstream) resource, using a generate policy with clone and no-sync, does NOT cause changes to be synchronized downstream. + +## Expected Behavior + +Once the upstream resource is modified, the downstream resource is expected to remain as it was prior to the upstream modification. If it does remain, the test passes. If it gets modified (sync), the test fails. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/changed-secret.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/changed-secret.yaml new file mode 100644 index 0000000000..27dd50fe64 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/changed-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: aGVyZWlzY2hhbmdlZGRhdGE= +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/check.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/check.yaml new file mode 100644 index 0000000000..049ff2bcc2 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/check.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-nosync-clone-modify-source +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/cloned.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/cloned.yaml new file mode 100644 index 0000000000..414750df5e --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/cloned.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-nosync-clone-modify-source +type: Opaque diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/ns.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/ns.yaml new file mode 100644 index 0000000000..2f356ca057 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-nosync-clone-modify-source \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/policy-ready.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/policy-ready.yaml new file mode 100644 index 0000000000..fe745b646e --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-nosync-clone-modify-source +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/policy.yaml new file mode 100644 index 0000000000..ccd891acae --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/policy.yaml @@ -0,0 +1,30 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-nosync-clone-modify-source +spec: + rules: + - name: clone-secret + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: Secret + name: regcred + namespace: "{{request.object.metadata.name}}" + synchronize: false + clone: + namespace: default + name: regcred +--- +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque