From 7d65ebbd87195d2c55b5e270273d7e6f184e5dea Mon Sep 17 00:00:00 2001
From: vivek kumar sahu <vivekkumarsahu650@gmail.com>
Date: Thu, 21 Oct 2021 05:25:55 +0530
Subject: [PATCH] E2e test for global anchor validate policy (#2479)

* Added test-e2e-local in the Makefile

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* Added a proper Indentation

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* Added e2e test case for global-anchor validate policy

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* Added resources

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>
---
 test/e2e/validate/config.go    | 22 +++++++++++++++
 test/e2e/validate/resources.go | 49 ++++++++++++++++++++++++++++++++++
 2 files changed, 71 insertions(+)

diff --git a/test/e2e/validate/config.go b/test/e2e/validate/config.go
index 5210314da6..7d1ea1f47d 100644
--- a/test/e2e/validate/config.go
+++ b/test/e2e/validate/config.go
@@ -65,4 +65,26 @@ var ValidateTests = []struct {
 		ResourceRaw:       kyverno_2345_resource,
 		MustSucceed:       false,
 	},
+	{
+		// Case for https://github.com/kyverno/kyverno/issues/2390 issue
+		TestDescription:   "checks that policy contains global anchor fields",
+		PolicyName:        "check-image-pull-secret",
+		PolicyRaw:         kyverno_global_anchor_validate_policy,
+		ResourceName:      "pod-with-nginx-allowed-registory",
+		ResourceNamespace: "",
+		ResourceGVR:       podGVR,
+		ResourceRaw:       kyverno_global_anchor_validate_resource_1,
+		MustSucceed:       true,
+	},
+	{
+		// Case for https://github.com/kyverno/kyverno/issues/2390 issue
+		TestDescription:   "checks that policy contains global anchor fields",
+		PolicyName:        "check-image-pull-secret",
+		PolicyRaw:         kyverno_global_anchor_validate_policy,
+		ResourceName:      "pod-with-nginx-disallowed-registory",
+		ResourceNamespace: "",
+		ResourceGVR:       podGVR,
+		ResourceRaw:       kyverno_global_anchor_validate_resource_2,
+		MustSucceed:       false,
+	},
 }
diff --git a/test/e2e/validate/resources.go b/test/e2e/validate/resources.go
index 861da52d4b..af51157901 100644
--- a/test/e2e/validate/resources.go
+++ b/test/e2e/validate/resources.go
@@ -631,3 +631,52 @@ spec:
         drop:
         - CAP_SOMETHING
 `)
+
+var kyverno_global_anchor_validate_policy = []byte(`
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: sample
+spec:
+  validationFailureAction: enforce
+  rules:
+  - name: check-container-image
+    match:
+      resources:
+        kinds:
+        - Pod
+    validate:
+      pattern:
+        spec:
+          containers:
+          - name: "*"
+            <(image): "nginx"
+          imagePullSecrets:
+          - name: my-registry-secret
+`)
+
+var kyverno_global_anchor_validate_resource_1 = []byte(`
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-with-nginx-allowed-registory
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+  imagePullSecrets:
+  - name: my-registry-secret
+`)
+
+var kyverno_global_anchor_validate_resource_2 = []byte(`
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-with-nginx-disallowed-registory
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+  imagePullSecrets:
+  - name: other-registory-secret
+`)