From 7fcc6bbd330492ecc76ece9deaa4781d82f8eb18 Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Thu, 10 Oct 2019 10:46:11 -0700
Subject: [PATCH] require default namespace resource quota

---
 examples/best_practices/README.md             |  2 +-
 pkg/testrunner/testrunner_test.go             |  4 ++--
 .../require_namespace_quota.yaml              | 20 +++++++++++++++++++
 test/manifest/require_namespace_quota.yaml    |  4 ++++
 ...rio_validate_require_namespace_quota.yaml} |  4 ++--
 5 files changed, 29 insertions(+), 5 deletions(-)
 create mode 100644 samples/best_practices/require_namespace_quota.yaml
 create mode 100644 test/manifest/require_namespace_quota.yaml
 rename test/scenarios/test/{scenario_validate_namespace_quota.yaml => scenario_validate_require_namespace_quota.yaml} (78%)

diff --git a/examples/best_practices/README.md b/examples/best_practices/README.md
index a31ad76569..cd50bfd357 100644
--- a/examples/best_practices/README.md
+++ b/examples/best_practices/README.md
@@ -17,7 +17,7 @@
 | Require a namespace (disallow default)         | [policy_validate_default_namespace.yaml](policy_validate_default_namespace.yaml)                                                                     |     best_practices            |
 | Prevent mounting of default service account    | [policy_validate_disallow_default_serviceaccount.yaml](policy_validate_disallow_default_serviceaccount.yaml)                                                                      |
 | Require a default network policy               | [policy_validate_default_network_policy.yaml](policy_validate_default_network_policy.yaml)                                                                      |   best_practices            |
-| Require namespace quotas and limit ranges      | [policy_validate_namespace_quota.yaml](policy_validate_namespace_quota.yaml)                                                                      |
+| Require namespace quotas and limit ranges      | [policy_validate_namespace_quota.yaml](policy_validate_namespace_quota.yaml)                                                                      |     best_practices            |
 | Allow an FSGroup that owns the pod's volumes      | [policy_validate_fsgroup.yaml](policy_validate_fsgroup.yaml)                                                                      |
 | Require SELinux level of the container      | [policy_validate_selinux_context.yaml](policy_validate_selinux_context.yaml)                                                                      |
 | Allow default Proc Mount type      | [policy_validate_default_proc_mount.yaml](policy_validate_default_proc_mount.yaml)                                                                      |
diff --git a/pkg/testrunner/testrunner_test.go b/pkg/testrunner/testrunner_test.go
index f7eee8468f..21409ca3ab 100644
--- a/pkg/testrunner/testrunner_test.go
+++ b/pkg/testrunner/testrunner_test.go
@@ -100,8 +100,8 @@ func Test_validate_not_readonly_rootfilesystem(t *testing.T) {
 	testScenario(t, "test/scenarios/test/scenario_validate_require_readonly_rootfilesystem.yaml")
 }
 
-func Test_validate_namespace_quota(t *testing.T) {
-	testScenario(t, "test/scenarios/test/scenario_validate_namespace_quota.yaml")
+func Test_validate_require_namespace_quota(t *testing.T) {
+	testScenario(t, "test/scenarios/test/scenario_validate_require_namespace_quota.yaml")
 }
 
 func Test_validate_disallow_node_port(t *testing.T) {
diff --git a/samples/best_practices/require_namespace_quota.yaml b/samples/best_practices/require_namespace_quota.yaml
new file mode 100644
index 0000000000..539fd51467
--- /dev/null
+++ b/samples/best_practices/require_namespace_quota.yaml
@@ -0,0 +1,20 @@
+apiVersion: kyverno.io/v1alpha1
+kind: ClusterPolicy
+metadata:
+  name: validate-namespace-quota
+spec:
+  rules:
+  - name: validate-namespace-quota
+    match:
+      resources:
+        kinds:
+        - Namespace
+    generate:
+      kind: ResourceQuota
+      name: "defaultresourcequota"
+      spec:
+        hard:
+          requests.cpu: "*"
+          requests.memory: "*"
+          limits.cpu: "*"
+          limits.memory: "*"
\ No newline at end of file
diff --git a/test/manifest/require_namespace_quota.yaml b/test/manifest/require_namespace_quota.yaml
new file mode 100644
index 0000000000..5d2e46b373
--- /dev/null
+++ b/test/manifest/require_namespace_quota.yaml
@@ -0,0 +1,4 @@
+kind: Namespace
+apiVersion: v1
+metadata: 
+    name: "test-namespace-quota"
\ No newline at end of file
diff --git a/test/scenarios/test/scenario_validate_namespace_quota.yaml b/test/scenarios/test/scenario_validate_require_namespace_quota.yaml
similarity index 78%
rename from test/scenarios/test/scenario_validate_namespace_quota.yaml
rename to test/scenarios/test/scenario_validate_require_namespace_quota.yaml
index b3aea93203..6396b9cd6c 100644
--- a/test/scenarios/test/scenario_validate_namespace_quota.yaml
+++ b/test/scenarios/test/scenario_validate_require_namespace_quota.yaml
@@ -1,7 +1,7 @@
 # file path relative to project root
 input:
-  policy: examples/best_practices/policy_validate_namespace_quota.yaml
-  resource: examples/best_practices/resources/resource_validate_namespace_quota.yaml
+  policy: samples/best_practices/require_namespace_quota.yaml
+  resource: test/manifest/require_namespace_quota.yaml
 expected:
   generation:
     generatedResources: