mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
chore: use mutateExistingOnPolicyUpdate under mutate rule in chainsaw tests (#10507)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
This commit is contained in:
Mariam Fahmy
GitHub
parent
9285006f7a
commit
88d1063647
23 changed files with 24 additions and 24 deletions
|
|
@ -1625,7 +1625,6 @@ func Test_mutate_existing_resources(t *testing.T) {
|
|||
"name": "sync-cms"
|
||||
},
|
||||
"spec": {
|
||||
"mutateExistingOnPolicyUpdate": false,
|
||||
"rules": [
|
||||
{
|
||||
"name": "concat-cm",
|
||||
|
|
@ -1647,6 +1646,7 @@ func Test_mutate_existing_resources(t *testing.T) {
|
|||
]
|
||||
},
|
||||
"mutate": {
|
||||
"mutateExistingOnPolicyUpdate": false,
|
||||
"targets": [
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
|
|
@ -1717,7 +1717,6 @@ func Test_mutate_existing_resources(t *testing.T) {
|
|||
"name": "sync-cms"
|
||||
},
|
||||
"spec": {
|
||||
"mutateExistingOnPolicyUpdate": false,
|
||||
"rules": [
|
||||
{
|
||||
"name": "concat-cm",
|
||||
|
|
@ -1739,6 +1738,7 @@ func Test_mutate_existing_resources(t *testing.T) {
|
|||
]
|
||||
},
|
||||
"mutate": {
|
||||
"mutateExistingOnPolicyUpdate": false,
|
||||
"targets": [
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ metadata:
|
|||
This policy generates and synchronizes a configmap for custom resource kube-state-metrics.
|
||||
spec:
|
||||
generateExisting: true
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
schemaValidation: false
|
||||
rules:
|
||||
- name: generate-cm-for-kube-state-metrics-crds
|
||||
|
|
@ -55,6 +54,7 @@ spec:
|
|||
operator: Equals
|
||||
value: UPDATE
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
targets:
|
||||
- apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: reload
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
rules:
|
||||
- match:
|
||||
any:
|
||||
|
|
@ -14,6 +13,7 @@ spec:
|
|||
matchLabels:
|
||||
kyverno.io/watch: "true"
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
annotations:
|
||||
|
|
|
|||
|
|
@ -18,7 +18,6 @@ metadata:
|
|||
name: add-privileged-existing-namespaces
|
||||
spec:
|
||||
background: false
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
rules:
|
||||
- match:
|
||||
any:
|
||||
|
|
@ -28,6 +27,7 @@ spec:
|
|||
names:
|
||||
- background-false-ns
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
labels:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: test-post-mutation
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
rules:
|
||||
- match:
|
||||
any:
|
||||
|
|
@ -15,6 +14,7 @@ spec:
|
|||
namespaces:
|
||||
- staging-4
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
patchesJson6902: "- op: add\n path: \"/metadata/labels/env\"\n value: \"{{
|
||||
request.object.metadata.namespace }}\" "
|
||||
targets:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: mutate-existing-secret
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
rules:
|
||||
- match:
|
||||
any:
|
||||
|
|
@ -15,6 +14,7 @@ spec:
|
|||
namespaces:
|
||||
- staging
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
labels:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: test-post-mutation-delete-trigger
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
rules:
|
||||
- match:
|
||||
any:
|
||||
|
|
@ -17,6 +16,7 @@ spec:
|
|||
operations:
|
||||
- DELETE
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
labels:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: mutate-existing-secret
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
rules:
|
||||
- match:
|
||||
any:
|
||||
|
|
@ -15,6 +14,7 @@ spec:
|
|||
namespaces:
|
||||
- staging
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
labels:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: mutate-existing-secret
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
rules:
|
||||
- name: mutate-secret-on-configmap-event
|
||||
match:
|
||||
|
|
@ -16,6 +15,7 @@ spec:
|
|||
namespaces:
|
||||
- staging
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
targets:
|
||||
- apiVersion: v1
|
||||
kind: Secret
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: cpol-multiple-rules-match-exclude
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
rules:
|
||||
- match:
|
||||
any:
|
||||
|
|
@ -14,6 +13,7 @@ spec:
|
|||
matchLabels:
|
||||
policy.lan/flag: "true"
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
labels:
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ metadata:
|
|||
annotations:
|
||||
pod-policies.kyverno.io/autogen-controllers: none
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
validationFailureAction: Enforce
|
||||
rules:
|
||||
- name: propagate org label from namespace
|
||||
|
|
@ -24,6 +23,7 @@ spec:
|
|||
urlPath: /api/v1/namespaces/{{ request.object.metadata.namespace }}
|
||||
jmesPath: metadata.labels.org
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
targets:
|
||||
- apiVersion: v1
|
||||
kind: Pod
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ metadata:
|
|||
annotations:
|
||||
pod-policies.kyverno.io/autogen-controllers: none
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
validationFailureAction: Enforce
|
||||
rules:
|
||||
- name: propagate org label from namespace
|
||||
|
|
@ -24,6 +23,7 @@ spec:
|
|||
urlPath: /api/v1/namespaces/{{ request.object.metadata.namespace }}
|
||||
jmesPath: metadata.labels.org
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
targets:
|
||||
- apiVersion: v1
|
||||
kind: Pod
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: test-post-mutation-create-policy
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
rules:
|
||||
- match:
|
||||
any:
|
||||
|
|
@ -15,6 +14,7 @@ spec:
|
|||
namespaces:
|
||||
- staging-3
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
labels:
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ metadata:
|
|||
annotations:
|
||||
pod-policies.kyverno.io/autogen-controllers: none
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
validationFailureAction: Enforce
|
||||
rules:
|
||||
- name: propagate org label from namespace
|
||||
|
|
@ -24,6 +23,7 @@ spec:
|
|||
urlPath: /api/v1/namespaces/{{ request.object.metadata.namespace }}
|
||||
jmesPath: metadata.labels.org
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
targets:
|
||||
- apiVersion: v1
|
||||
kind: Pod
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: test
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
rules:
|
||||
- name: test
|
||||
match:
|
||||
|
|
@ -14,6 +13,7 @@ spec:
|
|||
names:
|
||||
- default
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
targets:
|
||||
- kind: Pod
|
||||
apiVersion: '*'
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: cpol-namespace-variable
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
rules:
|
||||
- name: apply-flag
|
||||
match:
|
||||
|
|
@ -15,6 +14,7 @@ spec:
|
|||
matchLabels:
|
||||
policy.lan/flag: 'true'
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: false
|
||||
targets:
|
||||
- kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: cpol-mutate-existing-auth-check
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
background: false
|
||||
rules:
|
||||
- name: label-privileged-namespaces
|
||||
|
|
@ -13,6 +12,7 @@ spec:
|
|||
kinds:
|
||||
- Namespace
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
targets:
|
||||
- apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: mutate-existing-require-targets-policy-no-targets
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
rules:
|
||||
- name: mutate-secret-on-configmap-create
|
||||
match:
|
||||
|
|
@ -16,6 +15,7 @@ spec:
|
|||
namespaces:
|
||||
- staging
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
patchStrategicMerge:
|
||||
metadata:
|
||||
labels:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: mutate-existing-require-targets-policy-targets
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
rules:
|
||||
- name: mutate-secret-on-configmap-create
|
||||
match:
|
||||
|
|
@ -16,6 +15,7 @@ spec:
|
|||
namespaces:
|
||||
- staging
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
targets:
|
||||
- apiVersion: v1
|
||||
kind: Secret
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: target-variable-validation-cpol
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
schemaValidation: false
|
||||
background: true
|
||||
rules:
|
||||
|
|
@ -14,6 +13,7 @@ spec:
|
|||
kinds:
|
||||
- Secret
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
targets:
|
||||
- apiVersion: v1
|
||||
kind: ConfigMap
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ kind: ClusterPolicy
|
|||
metadata:
|
||||
name: target-variable-validation-cpol
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
schemaValidation: false
|
||||
background: true
|
||||
rules:
|
||||
|
|
@ -14,6 +13,7 @@ spec:
|
|||
kinds:
|
||||
- Secret
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
targets:
|
||||
- apiVersion: v1
|
||||
kind: ConfigMap
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ metadata:
|
|||
name: pol-mutate-existing-auth-check
|
||||
namespace: pol-mutate-existing-auth-check-ns
|
||||
spec:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
background: false
|
||||
rules:
|
||||
- name: label-privileged-namespaces
|
||||
|
|
@ -14,6 +13,7 @@ spec:
|
|||
kinds:
|
||||
- ConfigMap
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
targets:
|
||||
- apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ metadata:
|
|||
This policy generates and synchronizes a configmap for custom resource kube-state-metrics.
|
||||
spec:
|
||||
generateExisting: true
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
rules:
|
||||
- name: restart-kube-state-metrics-on-cm-change
|
||||
match:
|
||||
|
|
@ -25,6 +24,7 @@ spec:
|
|||
operator: NotEquals
|
||||
value: source
|
||||
mutate:
|
||||
mutateExistingOnPolicyUpdate: true
|
||||
targets:
|
||||
- apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
|
|
|
|||
Loading…
Reference in a new issue