mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

chore: remove dead code ()

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-03-28 16:43:25 +02:00 committed by GitHub
parent f812335280
commit 74664d4280
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 0 additions and 107 deletions
pkg/engine/utils
match.goutils_test.go

38
pkg/engine/utils/match.go
View file

@ -2,7 +2,6 @@ package utils
import (
"fmt"
"strings"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
@ -286,40 +285,3 @@ func matchesResourceDescriptionExcludeHelper(
// len(errs) != 0 if the filter excluded the resource
return errs
}
// excludeResource checks if the resource has ownerRef set
func excludeResource(podControllers string, resource unstructured.Unstructured) bool {
kind := resource.GetKind()
hasOwner := false
if kind == "Pod" || kind == "Job" {
for _, owner := range resource.GetOwnerReferences() {
hasOwner = true
if owner.Kind != "ReplicaSet" && !strings.Contains(podControllers, owner.Kind) {
return false
}
}
return hasOwner
}
return false
}
// ManagedPodResource returns true:
// - if the policy has auto-gen annotation && resource == Pod
// - if the auto-gen contains cronJob && resource == Job
func ManagedPodResource(policy kyvernov1.PolicyInterface, resource unstructured.Unstructured) bool {
podControllers, ok := policy.GetAnnotations()[kyvernov1.PodControllersAnnotation]
if !ok || strings.ToLower(podControllers) == "none" {
return false
}
if excludeResource(podControllers, resource) {
return true
}
if strings.Contains(podControllers, "CronJob") && excludeResource(podControllers, resource) {
return true
}
return false
}

69
pkg/engine/utils/utils_test.go
View file

@ -11,7 +11,6 @@ import (
"github.com/kyverno/kyverno/api/kyverno/v1beta1"
"github.com/kyverno/kyverno/pkg/autogen"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"gotest.tools/assert"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
@ -2469,71 +2468,3 @@ func TestResourceDescriptionExclude_Label_Expression_Match(t *testing.T) {
t.Errorf("Testcase has failed due to the following:\n Function has returned no error, even though it was supposed to fail")
}
}
func TestManagedPodResource(t *testing.T) {
testCases := []struct {
name string
policy []byte
resource []byte
expectedResult bool
}{
{
name: "disable-autogen-pod-without-owner",
policy: []byte(`{"apiVersion": "kyverno.io/v1","kind": "ClusterPolicy","metadata": {"name": "test-managedPod","annotations": {"pod-policies.kyverno.io/autogen-controllers": "none"}}}`),
resource: []byte(`{"apiVersion": "v1","kind": "Pod","metadata": {"name": "test"}}`),
expectedResult: false,
},
{
name: "disable-autogen-pod-with-owner",
policy: []byte(`{"apiVersion": "kyverno.io/v1","kind": "ClusterPolicy","metadata": {"name": "test-managedPod","annotations": {"pod-policies.kyverno.io/autogen-controllers": "none"}}}`),
resource: []byte(`{"apiVersion": "v1","kind": "Pod","metadata": {"name": "test","ownerReferences": [{"kind": "Deployment"}]}}`),
expectedResult: false,
},
{
name: "disable-autogen",
policy: []byte(`{"apiVersion": "kyverno.io/v1","kind": "ClusterPolicy","metadata": {"name": "test-managedPod"}}`),
resource: []byte(`{"apiVersion": "v1","kind": "Pod","metadata": {"name": "test","ownerReferences": [{"kind": "Deployment"}]}}`),
expectedResult: false,
},
{
name: "enable-autogen-pod-without-owner",
policy: []byte(`{"apiVersion": "kyverno.io/v1","kind": "ClusterPolicy","metadata": {"name": "test-managedPod","annotations": {"pod-policies.kyverno.io/autogen-controllers": "Deployment"}}}`),
resource: []byte(`{"apiVersion": "v1","kind": "Pod","metadata": {"name": "test"}}`),
expectedResult: false,
},
{
name: "enable-autogen-pod-with-matched-owner",
policy: []byte(`{"apiVersion": "kyverno.io/v1","kind": "ClusterPolicy","metadata": {"name": "test-managedPod","annotations": {"pod-policies.kyverno.io/autogen-controllers": "Deployment"}}}`),
resource: []byte(`{"apiVersion": "v1","kind": "Pod","metadata": {"name": "test","ownerReferences": [{"kind": "Deployment"}]}}`),
expectedResult: true,
},
{
name: "enable-autogen-pod-with-unmatched-owner",
policy: []byte(`{"apiVersion": "kyverno.io/v1","kind": "ClusterPolicy","metadata": {"name": "test-managedPod","annotations": {"pod-policies.kyverno.io/autogen-controllers": "Deployment"}}}`),
resource: []byte(`{"apiVersion": "v1","kind": "Pod","metadata": {"name": "test","ownerReferences": [{"kind": "Challenge"}]}}`),
expectedResult: false,
},
{
name: "enable-autogen-pod-with-owner-rs",
policy: []byte(`{"apiVersion": "kyverno.io/v1","kind": "ClusterPolicy","metadata": {"name": "test-managedPod","annotations": {"pod-policies.kyverno.io/autogen-controllers": "Deployment,StatefulSet"}}}`),
resource: []byte(`{"apiVersion": "v1","kind": "Pod","metadata": {"name": "test","ownerReferences": [{"kind": "ReplicaSet"}]}}`),
expectedResult: true,
},
{
name: "enable-autogen-pod-with-multiple-owners",
policy: []byte(`{"apiVersion": "kyverno.io/v1","kind": "ClusterPolicy","metadata": {"name": "test-managedPod","annotations": {"pod-policies.kyverno.io/autogen-controllers": "Deployment,StatefulSet"}}}`),
resource: []byte(`{"apiVersion": "v1","kind": "Pod","metadata": {"name": "test","ownerReferences": [{"kind": "Deployment"},{"kind": "Challenge"}]}}`),
expectedResult: false,
},
}
for i, tc := range testCases {
var policy v1.ClusterPolicy
err := json.Unmarshal(tc.policy, &policy)
assert.Assert(t, err == nil, "Test %d/%s invalid policy raw: %v", i+1, tc.name, err)
resource, _ := kubeutils.BytesToUnstructured(tc.resource)
res := ManagedPodResource(&policy, *resource)
assert.Equal(t, res, tc.expectedResult, "test %d/%s failed, expect %v, got %v", i+1, tc.name, tc.expectedResult, res)
}
}