fix: image extractor kuttl tests (#5293)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-12-14 11:57:48 +00:00 · 2022-11-10 10:36:08 +01:00 · 2022-11-10 10:36:08 +01:00 · 72dee76c06
commit 72dee76c06
parent 14e6aa4bba
38 changed files with 209 additions and 196 deletions
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/00-crd.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/00-crd.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- crd.yaml
+assert:
+- crd-ready.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/01-policy.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/01-policy.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- policy.yaml
+assert:
+- policy-ready.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/02-task.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/02-task.yaml
@ -1,9 +1,6 @@
-apiVersion: tekton.dev/v1beta1
-kind: Task
-metadata:
-  name: example-task-name
-  namespace: tekton-test
-spec:
-  steps:
-    - name: cosign
-      image: ghcr.io/sigstore/cosign/cosign@sha256:33a6a55d2f1354bc989b791974cf4ee00a900ab9e4e54b393962321758eee3c6
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- task.yaml
+assert:
+- task.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/03-assert.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/03-assert.yaml
@ -1,7 +0,0 @@
-apiVersion: tekton.dev/v1beta1
-kind: Task
-metadata:
-  name: example-task-name
-  namespace: tekton-test
-  annotations:
-    kyverno.io/verify-images: '{"ghcr.io/sigstore/cosign/cosign@sha256:33a6a55d2f1354bc989b791974cf4ee00a900ab9e4e54b393962321758eee3c6":true}'
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/99-cleanup.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/99-cleanup.yaml
@ -1,4 +0,0 @@
-apiVersion: kuttl.dev/v1beta1
-kind: TestStep
-commands:
-  - command: kubectl delete -f 01-manifests.yaml,02-task.yaml --force --wait=true --ignore-not-found=true
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/crd-ready.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/crd-ready.yaml
@ -0,0 +1,4 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: tasks.tekton.dev
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/crd.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/crd.yaml
@ -0,0 +1,24 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: tasks.tekton.dev
+spec:
+  group: tekton.dev
+  preserveUnknownFields: false
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+  names:
+    kind: Task
+    plural: tasks
+    categories:
+    - tekton
+    - tekton-pipelines
+  scope: Namespaced
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/policy-ready.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/policy-ready.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/01-manifests.yaml
@ -1,33 +1,3 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: tekton-test
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: tasks.tekton.dev
-spec:
-  group: tekton.dev
-  preserveUnknownFields: false
-  versions:
-  - name: v1beta1
-    served: true
-    storage: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        x-kubernetes-preserve-unknown-fields: true
-    subresources:
-      status: {}
-  names:
-    kind: Task
-    plural: tasks
-    categories:
-    - tekton
-    - tekton-pipelines
-  scope: Namespaced
---
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
@ -60,4 +30,4 @@ spec:
            subject: "https://github.com/*"
            rekor:
              url: https://rekor.sigstore.dev
-      required: true
+      required: true
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/task.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/task.yaml
@ -0,0 +1,8 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: example-task-name
+spec:
+  steps:
+    - name: cosign
+      image: ghcr.io/sigstore/cosign/cosign@sha256:33a6a55d2f1354bc989b791974cf4ee00a900ab9e4e54b393962321758eee3c6
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/00-crd.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/00-crd.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- crd.yaml
+assert:
+- crd-ready.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/01-policy.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/01-policy.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- policy.yaml
+assert:
+- policy-ready.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/03-errors.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/03-errors.yaml
@ -2,4 +2,3 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: example-task-name
-  namespace: tekton-test
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/99-cleanup.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/99-cleanup.yaml
@ -1,4 +0,0 @@
-apiVersion: kuttl.dev/v1beta1
-kind: TestStep
-commands:
-  - command: kubectl delete -f 01-manifests.yaml --force --wait=true --ignore-not-found=true
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/badtask.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/badtask.yaml
@ -2,7 +2,6 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: example-task-name
-  namespace: tekton-test
 spec:
  steps:
    - name: ubuntu-example
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/crd-ready.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/crd-ready.yaml
@ -0,0 +1,4 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: tasks.tekton.dev
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/crd.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/crd.yaml
@ -0,0 +1,24 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: tasks.tekton.dev
+spec:
+  group: tekton.dev
+  preserveUnknownFields: false
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+  names:
+    kind: Task
+    plural: tasks
+    categories:
+    - tekton
+    - tekton-pipelines
+  scope: Namespaced
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/policy-ready.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/policy-ready.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex/01-manifests.yaml
@ -1,33 +1,3 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: tekton-test
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: tasks.tekton.dev
-spec:
-  group: tekton.dev
-  preserveUnknownFields: false
-  versions:
-  - name: v1beta1
-    served: true
-    storage: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        x-kubernetes-preserve-unknown-fields: true
-    subresources:
-      status: {}
-  names:
-    kind: Task
-    plural: tasks
-    categories:
-    - tekton
-    - tekton-pipelines
-  scope: Namespaced
---
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/00-crd.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/00-crd.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- crd.yaml
+assert:
+- crd-ready.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/01-manifests.yaml
@ -1,54 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: tekton-test
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: tasks.tekton.dev
-spec:
-  group: tekton.dev
-  preserveUnknownFields: false
-  versions:
-  - name: v1beta1
-    served: true
-    storage: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        x-kubernetes-preserve-unknown-fields: true
-    subresources:
-      status: {}
-  names:
-    kind: Task
-    plural: tasks
-    categories:
-    - tekton
-    - tekton-pipelines
-  scope: Namespaced
---
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: tasks-no-extractor
-spec:
-  validationFailureAction: enforce
-  rules:
-  - name: verify-images
-    match:
-      any:
-      - resources:
-          kinds:
-          - tekton.dev/v1beta1/Task
-    preconditions:
-    - key: "{{request.operation}}"
-      operator: NotEquals
-      value: DELETE
-    verifyImages:
-    - image: "*"
-      key: |-
-        -----BEGIN PUBLIC KEY-----
-        MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
-        5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-        -----END PUBLIC KEY----- 
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/01-policy.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/01-policy.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- policy.yaml
+assert:
+- policy-ready.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/02-task.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/02-task.yaml
@ -1,9 +1,6 @@
-apiVersion: tekton.dev/v1beta1
-kind: Task
-metadata:
-  name: example-task-name
-  namespace: tekton-test
-spec:
-  steps:
-    - name: ubuntu-example
-      image: ubuntu:bionic
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- task.yaml
+assert:
+- task.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/99-cleanup.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/99-cleanup.yaml
@ -1,4 +0,0 @@
-apiVersion: kuttl.dev/v1beta1
-kind: TestStep
-commands:
-  - command: kubectl delete -f 01-manifests.yaml,02-task.yaml --force --wait=true --ignore-not-found=true
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/crd-ready.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/crd-ready.yaml
@ -0,0 +1,4 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: tasks.tekton.dev
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/crd.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/crd.yaml
@ -0,0 +1,24 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: tasks.tekton.dev
+spec:
+  group: tekton.dev
+  preserveUnknownFields: false
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+  names:
+    kind: Task
+    plural: tasks
+    categories:
+    - tekton
+    - tekton-pipelines
+  scope: Namespaced
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/policy-ready.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/policy-ready.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/policy.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/policy.yaml
@ -0,0 +1,24 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: tasks-no-extractor
+spec:
+  validationFailureAction: enforce
+  rules:
+  - name: verify-images
+    match:
+      any:
+      - resources:
+          kinds:
+          - tekton.dev/v1beta1/Task
+    preconditions:
+    - key: "{{request.operation}}"
+      operator: NotEquals
+      value: DELETE
+    verifyImages:
+    - image: "*"
+      key: |-
+        -----BEGIN PUBLIC KEY-----
+        MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
+        5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
+        -----END PUBLIC KEY-----
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/03-assert.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-none/03-assert.yaml
@ -2,4 +2,7 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: example-task-name
-  namespace: tekton-test
+spec:
+  steps:
+    - name: ubuntu-example
+      image: ubuntu:bionic
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/00-crd.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/00-crd.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- crd.yaml
+assert:
+- crd-ready.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/01-policy.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/01-policy.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- policy.yaml
+assert:
+- policy-ready.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/03-errors.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/03-errors.yaml
@ -1,5 +0,0 @@
-apiVersion: tekton.dev/v1beta1
-kind: Task
-metadata:
-  name: example-task-name
-  namespace: tekton-test
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/99-cleanup.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/99-cleanup.yaml
@ -1,4 +0,0 @@
-apiVersion: kuttl.dev/v1beta1
-kind: TestStep
-commands:
-  - command: kubectl delete -f 01-manifests.yaml --force --wait=true --ignore-not-found=true
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/badtask.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/badtask.yaml
@ -2,7 +2,6 @@ apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: example-task-name
-  namespace: tekton-test
 spec:
  steps:
    - name: ubuntu-example
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/crd-ready.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/crd-ready.yaml
@ -0,0 +1,4 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: tasks.tekton.dev
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/crd.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/crd.yaml
@ -0,0 +1,24 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: tasks.tekton.dev
+spec:
+  group: tekton.dev
+  preserveUnknownFields: false
+  versions:
+  - name: v1beta1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        x-kubernetes-preserve-unknown-fields: true
+    subresources:
+      status: {}
+  names:
+    kind: Task
+    plural: tasks
+    categories:
+    - tekton
+    - tekton-pipelines
+  scope: Namespaced
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/policy-ready.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/policy-ready.yaml
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-simple/01-manifests.yaml
@ -1,33 +1,3 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: tekton-test
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: tasks.tekton.dev
-spec:
-  group: tekton.dev
-  preserveUnknownFields: false
-  versions:
-  - name: v1beta1
-    served: true
-    storage: true
-    schema:
-      openAPIV3Schema:
-        type: object
-        x-kubernetes-preserve-unknown-fields: true
-    subresources:
-      status: {}
-  names:
-    kind: Task
-    plural: tasks
-    categories:
-    - tekton
-    - tekton-pipelines
-  scope: Namespaced
---
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
@ -55,4 +25,3 @@ spec:
        MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
        5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
        -----END PUBLIC KEY----- 
---