diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/README.md b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/README.md new file mode 100644 index 0000000000..16e6dc869c --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/README.md @@ -0,0 +1,11 @@ +## Description + +This tests that the ownerReferences of cloned objects in different Namespaces are removed. Otherwise these objects will be immediately garbage-collected + +## Expected Behavior + +The background controller will strip the ownerReference when cloning between Namespaces, if it exists. + +## Reference Issue(s) + +- https://github.com/kyverno/kyverno/issues/2276 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/chainsaw-test.yaml new file mode 100755 index 0000000000..03b1501ce3 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/chainsaw-test.yaml @@ -0,0 +1,38 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-delete-ownerreferences-across-namespaces +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - script: + content: | + kubectl -n cpol-clone-delete-ownerreferences-across-namespaces-source-ns get configmap owner -o json | jq '{ + "metadata": { + "ownerReferences": [{ + "apiVersion": "v1", + "kind": "ConfigMap", + "name": "owner", + "uid": .metadata.uid + }] + } + }' | kubectl patch -n cpol-clone-delete-ownerreferences-across-namespaces-source-ns secret cpol-clone-delete-ownerreferences-across-namespaces --patch-file=/dev/stdin + - name: step-03 + try: + - apply: + file: trigger.yaml + - assert: + file: created-secret.yaml + - name: step-04 + try: + - script: + content: | + kubectl --namespace cpol-clone-delete-ownerreferences-across-namespaces-target-ns get secret cpol-clone-delete-ownerreferences-across-namespaces -o json | jq -e '.metadata.ownerReferences == null' diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/created-secret.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/created-secret.yaml new file mode 100644 index 0000000000..64e2789fd0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/created-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: cpol-clone-delete-ownerreferences-across-namespaces + namespace: cpol-clone-delete-ownerreferences-across-namespaces-target-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/policy-ready.yaml new file mode 100644 index 0000000000..087293808d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-delete-ownerreferences-across-namespaces +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/policy.yaml new file mode 100644 index 0000000000..e95821be60 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/policy.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-delete-ownerreferences-across-namespaces-source-ns +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: owner + namespace: cpol-clone-delete-ownerreferences-across-namespaces-source-ns +type: Opaque +--- +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: cpol-clone-delete-ownerreferences-across-namespaces + namespace: cpol-clone-delete-ownerreferences-across-namespaces-source-ns +type: Opaque +--- +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-delete-ownerreferences-across-namespaces +spec: + generateExisting: true + rules: + - generate: + apiVersion: v1 + clone: + name: cpol-clone-delete-ownerreferences-across-namespaces + namespace: cpol-clone-delete-ownerreferences-across-namespaces-source-ns + kind: Secret + name: cpol-clone-delete-ownerreferences-across-namespaces + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: clone-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/trigger.yaml new file mode 100644 index 0000000000..04ad516c46 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces-deprecated/trigger.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-delete-ownerreferences-across-namespaces-target-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/policy.yaml index e95821be60..0bf679f8b9 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/policy.yaml @@ -24,9 +24,9 @@ kind: ClusterPolicy metadata: name: cpol-clone-delete-ownerreferences-across-namespaces spec: - generateExisting: true rules: - generate: + generateExisting: true apiVersion: v1 clone: name: cpol-clone-delete-ownerreferences-across-namespaces diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/README.md b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/README.md new file mode 100644 index 0000000000..843d354140 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/README.md @@ -0,0 +1,13 @@ +## Description + +This is a corner case test to ensure a generate clone rule can be triggered on the deletion of the trigger resource. It also ensures upgrades to 1.10 are successful for the same clone rule type. + +## Expected Behavior + +1. when the trigger is created, the corresponding downstream target secret should be generated +2. delete the policy, update the source, then re-install the policy with generateExisting=true, the change should be synced to the downstream target +3. update the source again, the change should be synced to the downstream target + +## Reference Issue(s) + +https://github.com/kyverno/kyverno/issues/7170 \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..5362f726a8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..f1ead79e1e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: Zm9v +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..4daff4a301 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,21 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-reinstall-policy +spec: + rules: + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-ns + kind: Secret + name: regcred + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: sync-image-pull-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..53f672f4ce --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-reinstall-policy +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..8f943622ad --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-02-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-02-apply-1-2.yaml new file mode 100755 index 0000000000..426355750d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-02-apply-1-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-03-assert-1-1.yaml new file mode 100755 index 0000000000..9e3170e120 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-03-assert-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: Zm9v +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-03-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-03-assert-1-2.yaml new file mode 100755 index 0000000000..2a85a11905 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-03-assert-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: Zm9v +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-05-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-05-apply-1-1.yaml new file mode 100755 index 0000000000..8e7a7103b8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-05-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: aGVyZWlzY2hhbmdlZGRhdGE= +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-06-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-06-apply-1-1.yaml new file mode 100755 index 0000000000..7b0fa06a2e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-06-apply-1-1.yaml @@ -0,0 +1,22 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-reinstall-policy +spec: + generateExisting: true + rules: + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-ns + kind: Secret + name: regcred + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: sync-image-pull-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-08-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-08-assert-1-1.yaml new file mode 100755 index 0000000000..09c5e3946b --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-08-assert-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: aGVyZWlzY2hhbmdlZGRhdGE= +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-08-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-08-assert-1-2.yaml new file mode 100755 index 0000000000..65729904d8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-08-assert-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: aGVyZWlzY2hhbmdlZGRhdGE= +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-09-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-09-apply-1-1.yaml new file mode 100755 index 0000000000..12906c0adb --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-09-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-11-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-11-assert-1-1.yaml new file mode 100755 index 0000000000..9eed40bc86 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-11-assert-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-11-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-11-assert-1-2.yaml new file mode 100755 index 0000000000..db3bfca1ea --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-step-11-assert-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-test.yaml new file mode 100755 index 0000000000..9f026339e6 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy-deprecated/chainsaw-test.yaml @@ -0,0 +1,68 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-reinstall-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - apply: + file: chainsaw-step-02-apply-1-2.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - assert: + file: chainsaw-step-03-assert-1-2.yaml + - name: step-04 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-clone-sync-reinstall-policy + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1-1.yaml + - name: step-06 + try: + - apply: + file: chainsaw-step-06-apply-1-1.yaml + - name: step-07 + try: + - sleep: + duration: 3s + - name: step-08 + try: + - assert: + file: chainsaw-step-08-assert-1-1.yaml + - assert: + file: chainsaw-step-08-assert-1-2.yaml + - name: step-09 + try: + - apply: + file: chainsaw-step-09-apply-1-1.yaml + - name: step-10 + try: + - sleep: + duration: 3s + - name: step-11 + try: + - assert: + file: chainsaw-step-11-assert-1-1.yaml + - assert: + file: chainsaw-step-11-assert-1-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-06-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-06-apply-1-1.yaml index 7b0fa06a2e..85c42ca398 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-06-apply-1-1.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-06-apply-1-1.yaml @@ -3,9 +3,9 @@ kind: ClusterPolicy metadata: name: cpol-clone-sync-reinstall-policy spec: - generateExisting: true rules: - generate: + generateExisting: true apiVersion: v1 clone: name: regcred diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/README.md b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/README.md new file mode 100644 index 0000000000..220aefaaca --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/README.md @@ -0,0 +1,11 @@ +## Description + +This is a corner case test to ensure the changes to the clone source can be synced to multiple targets. + +## Expected Behavior + +If the change from `foo=bar` to `foo=baz` is synced to downstream targets, the test passes. Otherwise fails. + +## Reference Issue(s) + +https://github.com/kyverno/kyverno/issues/7170 \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..5362f726a8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..d2ecb8831d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: foosource + namespace: cpol-clone-sync-single-source-multiple-targets-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..af736c2e3a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,22 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-single-source-multiple-targets +spec: + generateExisting: false + rules: + - generate: + apiVersion: v1 + clone: + name: foosource + namespace: cpol-clone-sync-single-source-multiple-targets-ns + kind: ConfigMap + name: footarget + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: rule-clone-sync-single-source-multiple-targets diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..509cb19542 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-single-source-multiple-targets +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..8f943622ad --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-02-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-02-apply-1-2.yaml new file mode 100755 index 0000000000..426355750d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-02-apply-1-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-03-assert-1-1.yaml new file mode 100755 index 0000000000..cb210f1f2d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-03-assert-1-1.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-03-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-03-assert-1-2.yaml new file mode 100755 index 0000000000..55feaab63a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-03-assert-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-04-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-04-apply-1-1.yaml new file mode 100755 index 0000000000..53e0fd526f --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-04-apply-1-1.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: foosource + namespace: cpol-clone-sync-single-source-multiple-targets-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-06-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-06-assert-1-1.yaml new file mode 100755 index 0000000000..aa965bc916 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-06-assert-1-1.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-06-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-06-assert-1-2.yaml new file mode 100755 index 0000000000..dd0baf6c93 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-step-06-assert-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-test.yaml new file mode 100755 index 0000000000..02cf82aa20 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets-deprecated/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-single-source-multiple-triggers-targets +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - apply: + file: chainsaw-step-02-apply-1-2.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - assert: + file: chainsaw-step-03-assert-1-2.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: chainsaw-step-06-assert-1-1.yaml + - assert: + file: chainsaw-step-06-assert-1-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-3.yaml index af736c2e3a..3dc008a321 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-3.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-3.yaml @@ -3,9 +3,9 @@ kind: ClusterPolicy metadata: name: cpol-clone-sync-single-source-multiple-targets spec: - generateExisting: false rules: - generate: + generateExisting: false apiVersion: v1 clone: name: foosource diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/README.md b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/README.md new file mode 100644 index 0000000000..80d73af201 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/README.md @@ -0,0 +1,10 @@ +## Description + +This test checks to ensure that deletion of a rule in a ClusterPolicy generate rule, data declaration, with sync disabled, does not result in the downstream resource's deletion. + +## Expected Behavior + +The downstream (generated) resource is expected to remain if the corresponding rule within a ClusterPolicy is deleted. If it is not deleted, the test passes. If it is deleted, the test fails. + +## Reference Issue(s) + diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..b52a6e57bd --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-to-nosync-delete-rule-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/chainsaw-step-04-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/chainsaw-step-04-apply-1-1.yaml new file mode 100755 index 0000000000..0839987d1c --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/chainsaw-step-04-apply-1-1.yaml @@ -0,0 +1,63 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-to-nosync-delete-rule +spec: + generateExisting: false + rules: + - exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: false + match: + any: + - resources: + kinds: + - Namespace + name: k-kafka-address + - exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + apiVersion: v1 + data: + data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl + kind: Secret + metadata: + labels: + somekey: somesecretvalue + type: Opaque + kind: Secret + name: supersecret + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: super-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/chainsaw-test.yaml new file mode 100755 index 0000000000..e524146ca0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-to-nosync-delete-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: secret.yaml + - assert: + file: configmap.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - apply: + file: delete-rule.yaml + - assert: + file: policy-ready.yaml + - name: step-06 + try: + - sleep: + duration: 3s + - name: step-07 + try: + - assert: + file: secret.yaml + - assert: + file: configmap.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/configmap.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/configmap.yaml new file mode 100644 index 0000000000..aae2b42313 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-to-nosync-delete-rule-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/delete-rule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/delete-rule.yaml new file mode 100644 index 0000000000..d24c7e4397 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/delete-rule.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: multiple-gens +spec: + generateExisting: false + rules: + - name: super-secret + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: true + apiVersion: v1 + kind: Secret + name: supersecret + namespace: "{{request.object.metadata.name}}" + data: + kind: Secret + type: Opaque + metadata: + labels: + somekey: somesecretvalue + data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/policy-ready.yaml new file mode 100644 index 0000000000..d6a7219a7b --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-to-nosync-delete-rule +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/policy.yaml new file mode 100644 index 0000000000..b2cb12d617 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/policy.yaml @@ -0,0 +1,63 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-to-nosync-delete-rule +spec: + generateExisting: false + rules: + - name: k-kafka-address + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: true + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: "{{request.object.metadata.name}}" + data: + kind: ConfigMap + metadata: + labels: + somekey: somevalue + data: + ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" + KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + - name: super-secret + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: true + apiVersion: v1 + kind: Secret + name: supersecret + namespace: "{{request.object.metadata.name}}" + data: + kind: Secret + type: Opaque + metadata: + labels: + somekey: somesecretvalue + data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/secret.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/secret.yaml new file mode 100644 index 0000000000..611a54d4d5 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule-deprecated/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl +kind: Secret +metadata: + labels: + somekey: somesecretvalue + name: supersecret + namespace: cpol-data-sync-to-nosync-delete-rule-ns +type: Opaque \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-step-04-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-step-04-apply-1-1.yaml index 0839987d1c..cb903c5764 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-step-04-apply-1-1.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-step-04-apply-1-1.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-sync-to-nosync-delete-rule spec: - generateExisting: false rules: - exclude: any: @@ -14,6 +13,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false apiVersion: v1 data: data: @@ -42,6 +42,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false apiVersion: v1 data: data: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/delete-rule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/delete-rule.yaml index d24c7e4397..20fd582920 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/delete-rule.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/delete-rule.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: multiple-gens spec: - generateExisting: false rules: - name: super-secret match: @@ -20,6 +19,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: true apiVersion: v1 kind: Secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy.yaml index b2cb12d617..091c0f557e 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-sync-to-nosync-delete-rule spec: - generateExisting: false rules: - name: k-kafka-address match: @@ -20,6 +19,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: true apiVersion: v1 kind: ConfigMap @@ -48,6 +48,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: true apiVersion: v1 kind: Secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/README.md b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/README.md similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/README.md rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/README.md diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/chainsaw-step-04-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/chainsaw-step-04-apply-1-1.yaml similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/chainsaw-step-04-apply-1-1.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/chainsaw-step-04-apply-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/chainsaw-test.yaml similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/chainsaw-test.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/chainsaw-test.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/cluster-role.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/cluster-role.yaml similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/cluster-role.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/cluster-role.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/manifests.yaml similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/manifests.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/policy-ready.yaml similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/policy-ready.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/policy.yaml similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update(deprecated)/policy.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update-deprecated/policy.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy.yaml index b730615689..17588701ea 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/policy.yaml @@ -6,7 +6,6 @@ metadata: policies.kyverno.io/description: >- This policy generates and synchronizes a configmap for custom resource kube-state-metrics. spec: - generateExisting: true schemaValidation: false rules: - name: generate-cm-for-kube-state-metrics-crds @@ -23,6 +22,7 @@ spec: matchLabels: kubestatemetrics.platform.example: source generate: + generateExisting: true synchronize: true apiVersion: v1 kind: Secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/README.md new file mode 100644 index 0000000000..acfc8d8ea8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/README.md @@ -0,0 +1,11 @@ +## Description + +This test ensures that creation of a multiple target resource created by a ClusterPolicy `generate.cloneList` rule. If it is not generated, the test fails. + +## Expected Behavior + +The cloned Secret and ConfigMap from the default namespace should exists in newly created namespace. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/chainsaw-test.yaml new file mode 100755 index 0000000000..519798f9e0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/chainsaw-test.yaml @@ -0,0 +1,21 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-list-sync-create +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - apply: + file: cluster-policy.yaml + - assert: + file: cluster-policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: resource-assert.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/cluster-policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/cluster-policy-ready.yaml new file mode 100644 index 0000000000..aa49cef010 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/cluster-policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: sync-with-multi-clone +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/cluster-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/cluster-policy.yaml new file mode 100644 index 0000000000..999776422d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/cluster-policy.yaml @@ -0,0 +1,32 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: sync-with-multi-clone +spec: + generateExisting: false + rules: + - name: sync-secret + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + namespace: "{{request.object.metadata.name}}" + synchronize : true + cloneList: + namespace: default + kinds: + - v1/Secret + - v1/ConfigMap + selector: + matchLabels: + allowedToBeCloned: "true" diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/manifests.yaml new file mode 100644 index 0000000000..2761bf800e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/manifests.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: bootstrap-config + namespace: default + labels: + allowedToBeCloned: "true" +data: + initial_lives: "15" +--- +apiVersion: v1 +kind: Secret +metadata: + name: image-secret + namespace: default + labels: + allowedToBeCloned: "true" +type: kubernetes.io/basic-auth +stringData: + username: admin + password: t0p-Secret-super diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/ns.yaml new file mode 100644 index 0000000000..102035c1c4 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: prod-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/resource-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/resource-assert.yaml new file mode 100644 index 0000000000..e9a93ac5a1 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create-deprecated/resource-assert.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +data: + password: dDBwLVNlY3JldC1zdXBlcg== + username: YWRtaW4= +kind: Secret +metadata: + labels: + allowedToBeCloned: "true" + name: image-secret + namespace: prod-1 +type: kubernetes.io/basic-auth +--- +apiVersion: v1 +data: + initial_lives: "15" +kind: ConfigMap +metadata: + labels: + allowedToBeCloned: "true" + name: bootstrap-config + namespace: prod-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/cluster-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/cluster-policy.yaml index 999776422d..5d376ce17e 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/cluster-policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/cluster-policy.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: sync-with-multi-clone spec: - generateExisting: false rules: - name: sync-secret match: @@ -20,6 +19,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false namespace: "{{request.object.metadata.name}}" synchronize : true cloneList: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/README.md new file mode 100644 index 0000000000..4e6125e799 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/README.md @@ -0,0 +1,11 @@ +## Description + +This test verifies the synchronize behavior of generated resource, if the selected source resources using a matched label selector `allowedToBeCloned: "true"` gets changed, the update should be synchronized with the target resource as well. + +## Expected Behavior + +This test ensures that update of source resource(ConfigMap) match selected using `allowedToBeCloned: "true"` label get synchronized with target resource created by a ClusterPolicy `generate.cloneList` rule, otherwise the test fails. + +## Reference Issue(s) + +#4930 \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/chainsaw-test.yaml new file mode 100755 index 0000000000..f5e4b34e68 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/chainsaw-test.yaml @@ -0,0 +1,33 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-list-sync-update +spec: + steps: + - name: step-00 + try: + - apply: + file: manifests.yaml + - apply: + file: cluster-policy.yaml + - assert: + file: cluster-policy-ready.yaml + - name: step-01 + try: + - apply: + file: ns.yaml + - assert: + file: resource-assert.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: resource-assert.yaml + - name: step-03 + try: + - apply: + file: update-source.yaml + - assert: + file: synchronized-target.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/cluster-policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/cluster-policy-ready.yaml new file mode 100644 index 0000000000..d0a67c43a0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/cluster-policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: sync-with-multi-clone-update +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/cluster-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/cluster-policy.yaml new file mode 100644 index 0000000000..c245f8c5f5 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/cluster-policy.yaml @@ -0,0 +1,32 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: sync-with-multi-clone-update +spec: + generateExisting: false + rules: + - name: sync-secret + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + namespace: "{{request.object.metadata.name}}" + synchronize : true + cloneList: + namespace: default + kinds: + - v1/Secret + - v1/ConfigMap + selector: + matchLabels: + allowedToBeCloned: "true" diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/manifests.yaml new file mode 100644 index 0000000000..2761bf800e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/manifests.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: bootstrap-config + namespace: default + labels: + allowedToBeCloned: "true" +data: + initial_lives: "15" +--- +apiVersion: v1 +kind: Secret +metadata: + name: image-secret + namespace: default + labels: + allowedToBeCloned: "true" +type: kubernetes.io/basic-auth +stringData: + username: admin + password: t0p-Secret-super diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/ns.yaml new file mode 100644 index 0000000000..f1ded585a8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: prod \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/resource-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/resource-assert.yaml new file mode 100644 index 0000000000..e377632d08 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/resource-assert.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +data: + password: dDBwLVNlY3JldC1zdXBlcg== + username: YWRtaW4= +kind: Secret +metadata: + labels: + allowedToBeCloned: "true" + name: image-secret + namespace: prod +type: kubernetes.io/basic-auth +--- +apiVersion: v1 +data: + initial_lives: "15" +kind: ConfigMap +metadata: + labels: + allowedToBeCloned: "true" + name: bootstrap-config + namespace: prod diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/synchronized-target.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/synchronized-target.yaml new file mode 100644 index 0000000000..59428d2df1 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/synchronized-target.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +data: + initial_lives: "50" +kind: ConfigMap +metadata: + labels: + allowedToBeCloned: "true" + name: bootstrap-config + namespace: prod diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/update-source.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/update-source.yaml new file mode 100644 index 0000000000..91ed16a4fc --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update-deprecated/update-source.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: bootstrap-config + namespace: default + labels: + allowedToBeCloned: "true" +data: + initial_lives: "50" \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/cluster-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/cluster-policy.yaml index c245f8c5f5..bcabfb7856 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/cluster-policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/cluster-policy.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: sync-with-multi-clone-update spec: - generateExisting: false rules: - name: sync-secret match: @@ -20,6 +19,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false namespace: "{{request.object.metadata.name}}" synchronize : true cloneList: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/README.md new file mode 100644 index 0000000000..0367ead91f --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that updates to a trigger which cause it to no longer match a precondition of the rule, with a generate clone declaration and sync enabled, results in the downstream resource's deletion. + +## Expected Behavior + +If the downstream resource is deleted, the test passes. If it remains, the test fails. + +## Reference Issue(s) + +https://github.com/kyverno/kyverno/issues/7481 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..b8f1d42261 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-existing-update-trigger-no-precondition-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..7aaae52e70 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + create: "true" + name: test-org + namespace: cpol-clone-sync-existing-update-trigger-no-precondition-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..fdbca3177b --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: source-secret + namespace: cpol-clone-sync-existing-update-trigger-no-precondition-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-02-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-02-apply-1-2.yaml new file mode 100755 index 0000000000..35a9cd5c45 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-02-apply-1-2.yaml @@ -0,0 +1,27 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-existing-update-trigger-no-precondition +spec: + generateExisting: true + rules: + - generate: + apiVersion: v1 + clone: + name: source-secret + namespace: cpol-clone-sync-existing-update-trigger-no-precondition-ns + kind: Secret + name: downstream-secret + namespace: '{{request.object.metadata.namespace}}' + synchronize: true + match: + any: + - resources: + kinds: + - ConfigMap + name: clone-secret + preconditions: + any: + - key: '{{ request.object.metadata.labels.create || '''' }}' + operator: Equals + value: "true" diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..2edd4172cf --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-existing-update-trigger-no-precondition +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-05-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-05-apply-1-1.yaml new file mode 100755 index 0000000000..514fea3c09 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-step-05-apply-1-1.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + create: "false" + name: test-org + namespace: cpol-clone-sync-existing-update-trigger-no-precondition-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-test.yaml new file mode 100755 index 0000000000..f20146f12c --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/chainsaw-test.yaml @@ -0,0 +1,41 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-existing-update-trigger-no-precondition +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - apply: + file: chainsaw-step-02-apply-1-2.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: downstream.yaml + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1-1.yaml + - name: step-06 + try: + - sleep: + duration: 3s + - name: step-07 + try: + - error: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/downstream.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/downstream.yaml new file mode 100644 index 0000000000..3d17e04f10 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition-deprecated/downstream.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: downstream-secret + namespace: cpol-clone-sync-existing-update-trigger-no-precondition-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-2.yaml index 35a9cd5c45..87e8d28ec0 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-2.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-2.yaml @@ -3,9 +3,9 @@ kind: ClusterPolicy metadata: name: cpol-clone-sync-existing-update-trigger-no-precondition spec: - generateExisting: true rules: - generate: + generateExisting: true apiVersion: v1 clone: name: source-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/README.md new file mode 100644 index 0000000000..e79931200a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/README.md @@ -0,0 +1,11 @@ +# Title + +This is a generate test to ensure deleting a generate policy using a data declaration with sync enabled deletes the downstream ConfigMap when matching a new Namespace. + +## Expected Behavior + +If the generated (downstream) resource is not recreated, the test passes. If it is recreated from the definition in the rule, the test fails. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..54d5a66d06 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: zk-kafka-address +spec: + generateExisting: true + rules: + - exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: false + match: + any: + - resources: + kinds: + - Namespace + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..a74a39118d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: zk-kafka-address +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..2db0de2d3e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..eec69cbde9 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-05-error-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-05-error-1-1.yaml new file mode 100755 index 0000000000..c2b5b39926 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-step-05-error-1-1.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: zk-kafka-address + namespace: cpol-data-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..8120e85859 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-downstream/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-nosync-delete-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: cpol-data-nosync-delete-downstream-ns + - name: step-05 + try: + - error: + file: chainsaw-step-05-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/README.md new file mode 100644 index 0000000000..592cd1e3cc --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that a generate rule with a data declaration and NO synchronization, when the ClusterPolicy is deleted does NOT cause the generated resources to be deleted. + +## Expected Behavior + +If the downstream resource remains after deletion of the ClusterPolicy, the test passes. If it is deleted, the test fails. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/chainsaw-step-05-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/chainsaw-step-05-assert-1-1.yaml new file mode 100755 index 0000000000..a267204a69 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/chainsaw-step-05-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: wolfram-debug diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..47f840aee4 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/chainsaw-test.yaml @@ -0,0 +1,34 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-nosync-delete-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-generated.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-data-nosync-delete-policy-policy + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/policy-ready.yaml new file mode 100644 index 0000000000..318f65b126 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-nosync-delete-policy-policy +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/policy.yaml new file mode 100644 index 0000000000..cd628d18b7 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/policy.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-nosync-delete-policy-policy +spec: + generateExisting: false + rules: + - name: cpol-data-nosync-delete-policy-rule + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: false + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: "{{request.object.metadata.name}}" + data: + kind: ConfigMap + metadata: + labels: + somekey: somevalue + data: + ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" + KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/resource-generated.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/resource-generated.yaml new file mode 100644 index 0000000000..09eb786efa --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/resource-generated.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: wolfram-debug \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/resource.yaml new file mode 100644 index 0000000000..1cb9ac1a09 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-policy/resource.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: wolfram-debug \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/README.md new file mode 100644 index 0000000000..0b2e9aa154 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that a generate rule with a data declaration and NO synchronization, when a rule within a policy having two rules is deleted does NOT cause any of the generated resources corresponding to that removed rule to be deleted. + +## Expected Behavior + +If both generated resources remain after deletion of the rule, the test passes. If either one is deleted, the test fails. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/both-resources-exist.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/both-resources-exist.yaml new file mode 100644 index 0000000000..2ffa5486a5 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/both-resources-exist.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: trench-splendid +--- +apiVersion: v1 +data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl +kind: Secret +metadata: + labels: + somekey: somesecretvalue + name: supersecret + namespace: trench-splendid +type: Opaque \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..56f80c437a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-nosync-delete-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-generated.yaml + - name: step-03 + try: + - apply: + file: policy-with-rule-removed.yaml + - assert: + file: both-resources-exist.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/policy-ready.yaml new file mode 100644 index 0000000000..1b643c1744 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-nosync-delete-rule-policy +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/policy-with-rule-removed.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/policy-with-rule-removed.yaml new file mode 100644 index 0000000000..81d1b5c162 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/policy-with-rule-removed.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-nosync-delete-rule-policy +spec: + generateExisting: false + rules: + - name: cpol-data-nosync-delete-rule-ruletwo + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: false + apiVersion: v1 + kind: Secret + name: supersecret + namespace: "{{request.object.metadata.name}}" + data: + kind: Secret + type: Opaque + metadata: + labels: + somekey: somesecretvalue + data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/policy.yaml new file mode 100644 index 0000000000..652db29e13 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/policy.yaml @@ -0,0 +1,63 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-nosync-delete-rule-policy +spec: + generateExisting: false + rules: + - name: cpol-data-nosync-delete-rule-ruleone + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: false + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: "{{request.object.metadata.name}}" + data: + kind: ConfigMap + metadata: + labels: + somekey: somevalue + data: + ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" + KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + - name: cpol-data-nosync-delete-rule-ruletwo + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: false + apiVersion: v1 + kind: Secret + name: supersecret + namespace: "{{request.object.metadata.name}}" + data: + kind: Secret + type: Opaque + metadata: + labels: + somekey: somesecretvalue + data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/resource-generated.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/resource-generated.yaml new file mode 100644 index 0000000000..2ffa5486a5 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/resource-generated.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: trench-splendid +--- +apiVersion: v1 +data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl +kind: Secret +metadata: + labels: + somekey: somesecretvalue + name: supersecret + namespace: trench-splendid +type: Opaque \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/resource.yaml new file mode 100644 index 0000000000..a2c9cf71f1 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-delete-rule/resource.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: trench-splendid \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/README.md new file mode 100644 index 0000000000..596e154032 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that a generate rule with a data declaration and NO synchronization, when a downstream (generated) resource is modified this does NOT result in those modifications getting reverted based upon the definition in the rule. + +## Expected Behavior + +If the downstream resource is left in the modified state, the test passes. If the downstream resource is synced from the definition in the rule, the test fails. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..6add43591f --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-nosync-modify-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-generated.yaml + - name: step-03 + try: + - apply: + file: downstream-modified.yaml + - assert: + file: downstream-untouched.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/downstream-modified.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/downstream-modified.yaml new file mode 100644 index 0000000000..3de43c12f7 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/downstream-modified.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: hereissomenewdataichanged + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: selected-beagle diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/downstream-untouched.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/downstream-untouched.yaml new file mode 100644 index 0000000000..3de43c12f7 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/downstream-untouched.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: hereissomenewdataichanged + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: selected-beagle diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/policy-ready.yaml new file mode 100644 index 0000000000..138224923e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-nosync-modify-downstream-policy +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/policy.yaml new file mode 100644 index 0000000000..5af58dedb7 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/policy.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-nosync-modify-downstream-policy +spec: + generateExisting: false + rules: + - name: cpol-data-nosync-modify-downstream-rule + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: false + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: "{{request.object.metadata.name}}" + data: + kind: ConfigMap + metadata: + labels: + somekey: somevalue + data: + ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" + KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/resource-generated.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/resource-generated.yaml new file mode 100644 index 0000000000..e505b84cb1 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/resource-generated.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: selected-beagle diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/resource.yaml new file mode 100644 index 0000000000..8e8591b4c2 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-downstream/resource.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: selected-beagle \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/README.md new file mode 100644 index 0000000000..2c677699cb --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that a generate rule with a data declaration and NO synchronization, when a rule within a policy is changed (under the data object) that this does NOT cause the downstream resource to be synced. + +## Expected Behavior + +If the downstream resource is NOT modified from its initial generation, the test passes. If the downstream resource is synced from the changes made to the rule, the test fails. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..67e53b0760 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-nosync-modify-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-generated.yaml + - name: step-03 + try: + - apply: + file: rule-modified.yaml + - assert: + file: downstream-untouched.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/downstream-untouched.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/downstream-untouched.yaml new file mode 100644 index 0000000000..c0a559ef8a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/downstream-untouched.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: stern-liquid diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/policy-ready.yaml new file mode 100644 index 0000000000..6e7c0e22b0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-nosync-modify-rule-policy +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/policy.yaml new file mode 100644 index 0000000000..867b2c7747 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/policy.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-nosync-modify-rule-policy +spec: + generateExisting: false + rules: + - name: cpol-data-nosync-modify-rule-rule + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: false + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: "{{request.object.metadata.name}}" + data: + kind: ConfigMap + metadata: + labels: + somekey: somevalue + data: + ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" + KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/resource-generated.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/resource-generated.yaml new file mode 100644 index 0000000000..c0a559ef8a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/resource-generated.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: stern-liquid diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/resource.yaml new file mode 100644 index 0000000000..e00ac16bc1 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/resource.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: stern-liquid \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/rule-modified.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/rule-modified.yaml new file mode 100644 index 0000000000..731814074a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/cpol-data-nosync-modify-rule/rule-modified.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-nosync-modify-rule-policy +spec: + generateExisting: false + rules: + - name: cpol-data-nosync-modify-rule-rule + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: false + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: "{{request.object.metadata.name}}" + data: + kind: ConfigMap + metadata: + labels: + somekey: somevalue + data: + ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" + KAFKA_ADDRESS: "ihavechangedthis" diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/README.md new file mode 100644 index 0000000000..b234ae5d3c --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/README.md @@ -0,0 +1,11 @@ +## Description + +This test assures generation of resource with a sub-resource acting as a trigger. + +## Expected Behavior + +The test passes and `configmap` `zk-kafka-address` is created. + +## Reference Issue(s) + +6399 \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/chainsaw-step-03-assert-1-1.yaml new file mode 100755 index 0000000000..16db48356d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/chainsaw-step-03-assert-1-1.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/managed-by: kyverno + generate.kyverno.io/policy-name: zk-kafka-address + generate.kyverno.io/policy-namespace: "" + generate.kyverno.io/rule-name: k-kafka-address + generate.kyverno.io/trigger-group: "" + generate.kyverno.io/trigger-kind: PodExecOptions + generate.kyverno.io/trigger-namespace: test-generate-exec + generate.kyverno.io/trigger-version: v1 + somekey: somevalue + name: zk-kafka-address + namespace: test-generate-exec diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/chainsaw-test.yaml new file mode 100755 index 0000000000..a9663373ae --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/chainsaw-test.yaml @@ -0,0 +1,92 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: generate-on-subresource-trigger +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - apply: + file: namespace.yaml + - assert: + file: policy-ready.yaml + - assert: + file: namespace-ready.yaml + - name: step-02 + try: + - command: + args: + - run + - nginx + - --image=nginx + - -n + - test-generate-exec + entrypoint: kubectl + - command: + args: + - wait + - --for=condition=Ready + - pod/nginx + - -n + - test-generate-exec + entrypoint: kubectl + - command: + args: + - exec + - -n + - test-generate-exec + - nginx + - -it + - -- + - ls + entrypoint: kubectl + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - name: step-99 + try: + - command: + args: + - delete + - cpol + - zk-kafka-address + - --force + - --wait=true + - --ignore-not-found=true + entrypoint: kubectl + timeout: 30s + - command: + args: + - delete + - pod + - nginx + - -n + - test-generate-exec + - --wait=true + - --ignore-not-found=true + entrypoint: kubectl + timeout: 30s + - command: + args: + - delete + - cm + - zk-kafka-address + - -n + - test-generate-exec + - --wait=true + - --ignore-not-found=true + entrypoint: kubectl + timeout: 30s + - command: + args: + - delete + - ns + - test-generate-exec + - --wait=true + - --ignore-not-found=true + entrypoint: kubectl + timeout: 30s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/namespace-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/namespace-ready.yaml new file mode 100644 index 0000000000..d6e0bec5d6 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/namespace-ready.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-generate-exec +status: + phase: Active diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/namespace.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/namespace.yaml new file mode 100644 index 0000000000..41144ca1ec --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-generate-exec diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/policy-ready.yaml new file mode 100644 index 0000000000..ff338c6bcf --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: zk-kafka-address +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/policy.yaml new file mode 100644 index 0000000000..4171a6a719 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync-deprecated/generate-on-subresource-trigger/policy.yaml @@ -0,0 +1,29 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: zk-kafka-address +spec: + # generateExisting does not work for sub-resources + generateExisting: false + rules: + - name: k-kafka-address + match: + any: + - resources: + kinds: + - "Pod/exec" + generate: + # synchronization does not work for sub-resources + synchronize: false + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: "{{request.namespace}}" + data: + kind: ConfigMap + metadata: + labels: + somekey: somevalue + data: + ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" + KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml index 54d5a66d06..2404793134 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: zk-kafka-address spec: - generateExisting: true rules: - exclude: any: @@ -14,6 +13,7 @@ spec: - kube-public - kyverno generate: + generateExisting: true apiVersion: v1 data: data: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/policy.yaml index cd628d18b7..0db6d0e304 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/policy.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-nosync-delete-policy-policy spec: - generateExisting: false rules: - name: cpol-data-nosync-delete-policy-rule match: @@ -20,6 +19,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: false apiVersion: v1 kind: ConfigMap diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/policy-with-rule-removed.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/policy-with-rule-removed.yaml index 81d1b5c162..74980bfc8d 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/policy-with-rule-removed.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/policy-with-rule-removed.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-nosync-delete-rule-policy spec: - generateExisting: false rules: - name: cpol-data-nosync-delete-rule-ruletwo match: @@ -20,6 +19,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: false apiVersion: v1 kind: Secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/policy.yaml index 652db29e13..e2f60a3e4b 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/policy.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-nosync-delete-rule-policy spec: - generateExisting: false rules: - name: cpol-data-nosync-delete-rule-ruleone match: @@ -20,6 +19,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: false apiVersion: v1 kind: ConfigMap @@ -48,6 +48,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: false apiVersion: v1 kind: Secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/policy.yaml index 5af58dedb7..2829baa153 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/policy.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-nosync-modify-downstream-policy spec: - generateExisting: false rules: - name: cpol-data-nosync-modify-downstream-rule match: @@ -20,6 +19,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: false apiVersion: v1 kind: ConfigMap diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/policy.yaml index 867b2c7747..77a8d55bd3 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/policy.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-nosync-modify-rule-policy spec: - generateExisting: false rules: - name: cpol-data-nosync-modify-rule-rule match: @@ -20,6 +19,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: false apiVersion: v1 kind: ConfigMap diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/rule-modified.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/rule-modified.yaml index 731814074a..883fcadeb6 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/rule-modified.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/rule-modified.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-nosync-modify-rule-policy spec: - generateExisting: false rules: - name: cpol-data-nosync-modify-rule-rule match: @@ -20,6 +19,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: false apiVersion: v1 kind: ConfigMap diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/policy.yaml index 4171a6a719..406c74db0c 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/policy.yaml @@ -3,8 +3,6 @@ kind: ClusterPolicy metadata: name: zk-kafka-address spec: - # generateExisting does not work for sub-resources - generateExisting: false rules: - name: k-kafka-address match: @@ -13,6 +11,8 @@ spec: kinds: - "Pod/exec" generate: + # generateExisting does not work for sub-resources + generateExisting: false # synchronization does not work for sub-resources synchronize: false apiVersion: v1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/README.md new file mode 100644 index 0000000000..1a6d9f9309 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/README.md @@ -0,0 +1,3 @@ +# Title + +This is a generate test to ensure a generate policy using a data declaration with sync enabled creates a downstream ConfigMap when matching a new Namespace. diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..f3400e8caa --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: zk-kafka-address +spec: + generateExisting: false + rules: + - exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..a74a39118d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: zk-kafka-address +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..39e58da1c6 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-create-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..9101423820 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-create-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-test.yaml new file mode 100755 index 0000000000..5ffd23bd25 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-create/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-create +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/README.md new file mode 100644 index 0000000000..6c4c8bc164 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that when a standard generate policy with data type and sync enabled is used, deletion of the generated/downstream resource causes Kyverno to re-create the resource. + +## Expected Behavior + +If the resource is recreated, the test passes. If it is not, the test fails. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..823e4d47a8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-delete-downstream-policy +spec: + generateExisting: false + rules: + - exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: cpol-data-sync-delete-downstream-rule diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..1dc2717dc1 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-delete-downstream-policy +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..0547fe104f --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..5163971fb0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-05-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-05-assert-1-1.yaml new file mode 100755 index 0000000000..5163971fb0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-step-05-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..ae24d10bba --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-downstream/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-delete-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: cpol-data-sync-delete-downstream-ns + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/README.md new file mode 100644 index 0000000000..e4636d9dc5 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/README.md @@ -0,0 +1,3 @@ +# Title + +This is a generate test to ensure deleting a generate policy using a data declaration with sync enabled deletes the downstream ConfigMap when matching a new Namespace. diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..1bfd91e834 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-delete-policy +spec: + generateExisting: false + rules: + - exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: cpol-data-sync-delete-rule diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..daed8b6b35 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-delete-policy +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..8236730116 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-delete-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..ffa72b5034 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-delete-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-03-assert-1-1.yaml new file mode 100755 index 0000000000..ffa72b5034 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-03-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-delete-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-04-error-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-04-error-1-1.yaml new file mode 100755 index 0000000000..9dcf695191 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-step-04-error-1-1.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: zk-kafka-address + namespace: cpol-data-sync-delete-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..d7bb1335ed --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-policy/chainsaw-test.yaml @@ -0,0 +1,32 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-delete-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - name: step-04 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-data-sync-delete-policy + - error: + file: chainsaw-step-04-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/README.md new file mode 100644 index 0000000000..628111ceaa --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that deletion of a rule in a ClusterPolicy generate rule, data declaration, with sync enabled, results in the downstream resource's deletion. + +## Expected Behavior + +The downstream (generated) resource is expected to be deleted if the corresponding rule within a ClusterPolicy is deleted. If it is not deleted, the test fails. If it is deleted, the test passes. + +## Reference Issue(s) + +https://github.com/kyverno/kyverno/issues/5744 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..c3a4e19ead --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-delete-rule diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..911052ec42 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-delete-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: secret.yaml + - assert: + file: configmap.yaml + - name: step-04 + try: + - apply: + file: delete-rule.yaml + - assert: + file: policy-ready.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: secret.yaml + - error: + file: configmap.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/configmap.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/configmap.yaml new file mode 100644 index 0000000000..860b6bb8f1 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-delete-rule \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/delete-rule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/delete-rule.yaml new file mode 100644 index 0000000000..d24c7e4397 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/delete-rule.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: multiple-gens +spec: + generateExisting: false + rules: + - name: super-secret + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: true + apiVersion: v1 + kind: Secret + name: supersecret + namespace: "{{request.object.metadata.name}}" + data: + kind: Secret + type: Opaque + metadata: + labels: + somekey: somesecretvalue + data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/policy-ready.yaml new file mode 100644 index 0000000000..1a5b4fb467 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: multiple-gens +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/policy.yaml new file mode 100644 index 0000000000..4176708f9a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/policy.yaml @@ -0,0 +1,63 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: multiple-gens +spec: + generateExisting: false + rules: + - name: k-kafka-address + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: true + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: "{{request.object.metadata.name}}" + data: + kind: ConfigMap + metadata: + labels: + somekey: somevalue + data: + ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" + KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + - name: super-secret + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: true + apiVersion: v1 + kind: Secret + name: supersecret + namespace: "{{request.object.metadata.name}}" + data: + kind: Secret + type: Opaque + metadata: + labels: + somekey: somesecretvalue + data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/secret.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/secret.yaml new file mode 100644 index 0000000000..5ca961ce2f --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-delete-rule/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl +kind: Secret +metadata: + labels: + somekey: somesecretvalue + name: supersecret + namespace: cpol-data-sync-delete-rule +type: Opaque \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/README.md new file mode 100644 index 0000000000..bc6af6d614 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that updates to a trigger which cause it to no longer match a precondition of the rule, with a generate data declaration and sync enabled, results in the downstream resource's deletion. + +## Expected Behavior + +If the downstream resource is deleted, the test passes. If it remains, the test fails. + +## Reference Issue(s) + +https://github.com/kyverno/kyverno/issues/7481 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..8b080eed9e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: background-controller + app.kubernetes.io/instance: kyverno + app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:pdb +rules: +- apiGroups: + - '*' + resources: + - poddisruptionbudgets + verbs: + - create + - update + - patch + - delete + - get + - list diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-2-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-2-1.yaml new file mode 100755 index 0000000000..5985035e71 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-2-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-existing-update-trigger-no-precondition-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-2-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-2-2.yaml new file mode 100755 index 0000000000..35f2b85c8e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-2-2.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: test + namespace: cpol-data-sync-existing-update-trigger-no-precondition-ns +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: test + app.kubernetes.io/name: nginx + template: + metadata: + labels: + app.kubernetes.io/instance: test + app.kubernetes.io/name: nginx + spec: + containers: + - image: nginx:1.14.2 + name: nginx + ports: + - containerPort: 80 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..4e0127dbe0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,31 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-existing-update-trigger-no-precondition +spec: + generateExisting: true + rules: + - generate: + apiVersion: policy/v1 + data: + spec: + minAvailable: 50% + selector: + matchLabels: '{{ not_null(request.object.spec.selector.matchLabels, request.object.spec.template.metadata.labels) + }}' + kind: PodDisruptionBudget + name: '{{request.object.metadata.name}}-default' + namespace: '{{request.object.metadata.namespace}}' + synchronize: true + match: + all: + - resources: + kinds: + - Deployment + - StatefulSet + name: create-default-pdb + preconditions: + all: + - key: '{{ request.object.spec.replicas }}' + operator: GreaterThan + value: 1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..91808cd3e9 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-existing-update-trigger-no-precondition +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-03-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-03-apply-1-1.yaml new file mode 100755 index 0000000000..0a148b31f0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-03-apply-1-1.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: test + namespace: cpol-data-sync-existing-update-trigger-no-precondition-ns +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/instance: test + app.kubernetes.io/name: nginx + template: + metadata: + labels: + app.kubernetes.io/instance: test + app.kubernetes.io/name: nginx + spec: + containers: + - image: nginx:1.14.2 + name: nginx + ports: + - containerPort: 80 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-05-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-05-apply-1-1.yaml new file mode 100755 index 0000000000..35f2b85c8e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-05-apply-1-1.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: test + namespace: cpol-data-sync-existing-update-trigger-no-precondition-ns +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: test + app.kubernetes.io/name: nginx + template: + metadata: + labels: + app.kubernetes.io/instance: test + app.kubernetes.io/name: nginx + spec: + containers: + - image: nginx:1.14.2 + name: nginx + ports: + - containerPort: 80 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-test.yaml new file mode 100755 index 0000000000..bdca6f811a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-test.yaml @@ -0,0 +1,41 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-existing-update-trigger-no-precondition +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-2-1.yaml + - apply: + file: chainsaw-step-01-apply-2-2.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - assert: + file: downstream.yaml + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1-1.yaml + - name: step-06 + try: + - sleep: + duration: 3s + - name: step-07 + try: + - error: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/downstream.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/downstream.yaml new file mode 100644 index 0000000000..17cbd08458 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-existing-update-trigger-no-precondition/downstream.yaml @@ -0,0 +1,11 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: test-default + namespace: cpol-data-sync-existing-update-trigger-no-precondition-ns +spec: + minAvailable: 50% + selector: + matchLabels: + app.kubernetes.io/instance: test + app.kubernetes.io/name: nginx diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/README.md new file mode 100644 index 0000000000..afc0164abd --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that when a standard generate policy with data type and sync enabled is used, modification of the generated/downstream resource causes Kyverno to sync the resource from the definition in the rule. + +## Expected Behavior + +If the resource is synced from the definition in the rule, the test passes. If it is not and remains in the modified state, the test fails. + +## Reference Issue(s) + +N/A \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..01090a3186 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-modify-downstream-policy +spec: + generateExisting: false + rules: + - exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: cpol-data-sync-modify-downstream-rule diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..f16b1b504a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-modify-downstream-policy +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..f6ebf5ad9f --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: trainer diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..2d4279c9fb --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: trainer diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-03-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-03-apply-1-1.yaml new file mode 100755 index 0000000000..f6d022901e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-03-apply-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: ichangedthis +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: trainer diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-05-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-05-assert-1-1.yaml new file mode 100755 index 0000000000..2d4279c9fb --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-05-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: trainer diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-06-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-06-apply-1-1.yaml new file mode 100755 index 0000000000..c07802cbd9 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-06-apply-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: trainer diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-08-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-08-assert-1-1.yaml new file mode 100755 index 0000000000..2d4279c9fb --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-step-08-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: trainer diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..9b1f2e07d9 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-downstream/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-modify-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml + - name: step-06 + try: + - apply: + file: chainsaw-step-06-apply-1-1.yaml + - name: step-07 + try: + - sleep: + duration: 3s + - name: step-08 + try: + - assert: + file: chainsaw-step-08-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/README.md new file mode 100644 index 0000000000..10c3b6432d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/README.md @@ -0,0 +1,3 @@ +# Title + +This is a generate test to ensure a generate policy using a data declaration with sync enabled and modifying the policy/rule propagates those changes to a downstream ConfigMap. diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..689cb83536 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: zk-kafka-address +spec: + generateExisting: true + rules: + - exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..a74a39118d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: zk-kafka-address +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..af01f91c0e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-modify-rule-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..ab0662b3a5 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-modify-rule-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml new file mode 100755 index 0000000000..07c3c664e2 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: zk-kafka-address +spec: + generateExisting: true + rules: + - exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9999 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-03-assert-1-1.yaml new file mode 100755 index 0000000000..59eba16d92 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-step-03-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9999 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-modify-rule-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..15b2cfa647 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-modify-rule/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-modify-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - assert: + file: chainsaw-step-03-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/README.md new file mode 100644 index 0000000000..fe942eb018 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/README.md @@ -0,0 +1,11 @@ +## Description + +This is a generate test to ensure deleting a generate policy using a data declaration with sync enabled, orphanDownstreamOnPolicyDelete preserves the downstream ConfigMap. + +## Expected Behavior + +If the generated configmap is retained, the test passes. If it is not, the test fails. + +## Reference Issue(s) + +https://github.com/kyverno/kyverno/issues/9578 \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..6277148d56 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/chainsaw-test.yaml @@ -0,0 +1,62 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-delete-policy-with-orphan +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: namespace.yaml + - assert: + file: configmap.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-data-sync-orphan-downstream-delete-policy + - error: + file: configmap-assert.yaml + - name: step-04 + try: + - delete: + ref: + apiVersion: v1 + kind: Namespace + name: cpol-data-sync-orphan-downstream-delete-policy-ns + - name: step-05 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-06 + try: + - apply: + file: policy-orphan.yaml + - assert: + file: policy-ready.yaml + - name: step-07 + try: + - apply: + file: namespace.yaml + - assert: + file: configmap.yaml + - name: step-08 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-data-sync-orphan-downstream-delete-policy + - assert: + file: configmap.yaml \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/configmap-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/configmap-assert.yaml new file mode 100755 index 0000000000..9dcf695191 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/configmap-assert.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: zk-kafka-address + namespace: cpol-data-sync-delete-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/configmap.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/configmap.yaml new file mode 100644 index 0000000000..e6733a490e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-orphan-downstream-delete-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/namespace.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/namespace.yaml new file mode 100755 index 0000000000..65e71f6cdc --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-orphan-downstream-delete-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/policy-orphan.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/policy-orphan.yaml new file mode 100755 index 0000000000..eef03ad0c1 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/policy-orphan.yaml @@ -0,0 +1,36 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-orphan-downstream-delete-policy +spec: + generateExisting: false + rules: + - exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + orphanDownstreamOnPolicyDelete: true + match: + any: + - resources: + kinds: + - Namespace + name: cpol-data-sync-delete-rule diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/policy-ready.yaml new file mode 100755 index 0000000000..d2ac636871 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-orphan-downstream-delete-policy +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/policy.yaml new file mode 100755 index 0000000000..d5660a15c9 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync-deprecated/cpol-data-sync-orphan-downstream-delete-policy/policy.yaml @@ -0,0 +1,36 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-orphan-downstream-delete-policy +spec: + generateExisting: false + rules: + - exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + orphanDownstreamOnPolicyDelete: false + match: + any: + - resources: + kinds: + - Namespace + name: cpol-data-sync-delete-rule diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-01-apply-1-1.yaml index f3400e8caa..785bc26989 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-01-apply-1-1.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-01-apply-1-1.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: zk-kafka-address spec: - generateExisting: false rules: - exclude: any: @@ -14,6 +13,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false apiVersion: v1 data: data: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml index 823e4d47a8..29db215344 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-sync-delete-downstream-policy spec: - generateExisting: false rules: - exclude: any: @@ -14,6 +13,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false apiVersion: v1 data: data: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-01-apply-1-1.yaml index 1bfd91e834..7232b10197 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-01-apply-1-1.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-01-apply-1-1.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-sync-delete-policy spec: - generateExisting: false rules: - exclude: any: @@ -14,6 +13,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false apiVersion: v1 data: data: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/delete-rule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/delete-rule.yaml index d24c7e4397..20fd582920 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/delete-rule.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/delete-rule.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: multiple-gens spec: - generateExisting: false rules: - name: super-secret match: @@ -20,6 +19,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: true apiVersion: v1 kind: Secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/policy.yaml index 4176708f9a..2b8ea62330 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/policy.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: multiple-gens spec: - generateExisting: false rules: - name: k-kafka-address match: @@ -20,6 +19,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: true apiVersion: v1 kind: ConfigMap @@ -48,6 +48,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false synchronize: true apiVersion: v1 kind: Secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml index 4e0127dbe0..18ae42dfaf 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml @@ -3,9 +3,9 @@ kind: ClusterPolicy metadata: name: cpol-data-sync-existing-update-trigger-no-precondition spec: - generateExisting: true rules: - generate: + generateExisting: true apiVersion: policy/v1 data: spec: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml index 01090a3186..60b89666f0 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-sync-modify-downstream-policy spec: - generateExisting: false rules: - exclude: any: @@ -14,6 +13,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false apiVersion: v1 data: data: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml index 689cb83536..6d5bf3e428 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: zk-kafka-address spec: - generateExisting: true rules: - exclude: any: @@ -14,6 +13,7 @@ spec: - kube-public - kyverno generate: + generateExisting: true apiVersion: v1 data: data: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml index 07c3c664e2..de4341187c 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: zk-kafka-address spec: - generateExisting: true rules: - exclude: any: @@ -14,6 +13,7 @@ spec: - kube-public - kyverno generate: + generateExisting: true apiVersion: v1 data: data: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-orphan-downstream-delete-policy/policy-orphan.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-orphan-downstream-delete-policy/policy-orphan.yaml index eef03ad0c1..0da18e86f0 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-orphan-downstream-delete-policy/policy-orphan.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-orphan-downstream-delete-policy/policy-orphan.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-sync-orphan-downstream-delete-policy spec: - generateExisting: false rules: - exclude: any: @@ -14,6 +13,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false apiVersion: v1 data: data: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-orphan-downstream-delete-policy/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-orphan-downstream-delete-policy/policy.yaml index d5660a15c9..bb889196ef 100755 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-orphan-downstream-delete-policy/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-orphan-downstream-delete-policy/policy.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: cpol-data-sync-orphan-downstream-delete-policy spec: - generateExisting: false rules: - exclude: any: @@ -14,6 +13,7 @@ spec: - kube-public - kyverno generate: + generateExisting: false apiVersion: v1 data: data: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/README.md new file mode 100644 index 0000000000..1ddf1dde73 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/README.md @@ -0,0 +1,11 @@ +## Description + +This is a basic creation test for a "generate existing" policy. It checks that the basic functionality works whereby creation of a new rule causes correct evaluation of the match block resulting in generation of resources in only the matching result. + +## Expected Behavior + +If both `blue-ns` and `yellow-ns` Namespaces receive a generated NetworkPolicy, and `summer-ns` does not receive a NetworkPolicies, the test passes. Otherwise the test fails. + +## Reference Issue(s) + +https://github.com/kyverno/kyverno/issues/6471 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/add-rule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/add-rule.yaml new file mode 100644 index 0000000000..2bebbe7ce1 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/add-rule.yaml @@ -0,0 +1,55 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: existing-basic-add-rule-data +spec: + generateExisting: true + rules: + - name: existing-basic-create-rule + match: + any: + - resources: + kinds: + - Namespace + selector: + matchLabels: + color: blue + generate: + kind: NetworkPolicy + apiVersion: networking.k8s.io/v1 + name: default-deny + namespace: "{{request.object.metadata.name}}" + synchronize: true + data: + metadata: + labels: + created-by: kyverno + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + - name: existing-basic-add-rule + match: + any: + - resources: + kinds: + - Namespace + selector: + matchLabels: + color: yellow + generate: + kind: NetworkPolicy + apiVersion: networking.k8s.io/v1 + name: default-deny + namespace: "{{request.object.metadata.name}}" + synchronize: true + data: + metadata: + labels: + created-by: kyverno + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/chainsaw-test.yaml new file mode 100755 index 0000000000..ff49eaad7b --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/chainsaw-test.yaml @@ -0,0 +1,47 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: existing-basic-add-rule-data +spec: + steps: + - name: step-01 + try: + - apply: + file: existing-resources.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: netpol-blue.yaml + - error: + file: netpol-yellow.yaml + - error: + file: netpol-summer.yaml + - name: step-05 + try: + - apply: + file: add-rule.yaml + - assert: + file: policy-ready.yaml + - name: step-06 + try: + - sleep: + duration: 3s + - name: step-07 + try: + - assert: + file: netpol-blue.yaml + - assert: + file: netpol-yellow.yaml + - error: + file: netpol-summer.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/existing-resources.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/existing-resources.yaml new file mode 100644 index 0000000000..e557f9b4be --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/existing-resources.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: blue-ns + labels: + color: blue +--- +apiVersion: v1 +kind: Namespace +metadata: + name: yellow-ns + labels: + color: yellow +--- +apiVersion: v1 +kind: Namespace +metadata: + name: summer-ns + labels: + season: summer \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/netpol-blue.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/netpol-blue.yaml new file mode 100644 index 0000000000..9940a77b72 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/netpol-blue.yaml @@ -0,0 +1,12 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + created-by: kyverno + name: default-deny + namespace: blue-ns +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/netpol-summer.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/netpol-summer.yaml new file mode 100644 index 0000000000..17817fb4a0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/netpol-summer.yaml @@ -0,0 +1,12 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + created-by: kyverno + name: default-deny + namespace: summer-ns +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/netpol-yellow.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/netpol-yellow.yaml new file mode 100644 index 0000000000..f5530dd351 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/netpol-yellow.yaml @@ -0,0 +1,12 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + created-by: kyverno + name: default-deny + namespace: yellow-ns +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/policy-ready.yaml new file mode 100644 index 0000000000..587423b2c2 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: existing-basic-add-rule-data +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/policy.yaml new file mode 100644 index 0000000000..fd47a1770b --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-add-rule-data/policy.yaml @@ -0,0 +1,31 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: existing-basic-add-rule-data +spec: + generateExisting: true + rules: + - name: existing-basic-create-rule + match: + any: + - resources: + kinds: + - Namespace + selector: + matchLabels: + color: blue + generate: + kind: NetworkPolicy + apiVersion: networking.k8s.io/v1 + name: default-deny + namespace: "{{request.object.metadata.name}}" + synchronize: true + data: + metadata: + labels: + created-by: kyverno + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/README.md new file mode 100644 index 0000000000..b84820f916 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/README.md @@ -0,0 +1,11 @@ +## Description + +This is a basic creation test for a "generate existing" policy. It checks that the basic functionality works whereby installation of the policy causes correct evaluation of the match block resulting in generation of resources in only the matching result. + +## Expected Behavior + +If only the `red-ns` Namespace receives a generated NetworkPolicy, the test passes. If either it does not or `green-ns` or `winter-ns` receive NetworkPolicies, the test fails. + +## Reference Issue(s) + +N/A diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/chainsaw-test.yaml new file mode 100755 index 0000000000..5e621db296 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/chainsaw-test.yaml @@ -0,0 +1,27 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: existing-basic-create-policy-data +spec: + steps: + - name: step-01 + try: + - apply: + file: existing-resources.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: generated-resources.yaml + - error: + file: fail-generated-resources.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/existing-resources.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/existing-resources.yaml new file mode 100644 index 0000000000..6825003a17 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/existing-resources.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: red-ns + labels: + color: red +--- +apiVersion: v1 +kind: Namespace +metadata: + name: green-ns + labels: + color: green +--- +apiVersion: v1 +kind: Namespace +metadata: + name: winter-ns + labels: + season: winter \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/fail-generated-resources.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/fail-generated-resources.yaml new file mode 100644 index 0000000000..70315eb977 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/fail-generated-resources.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + created-by: kyverno + name: default-deny + namespace: green-ns +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + created-by: kyverno + name: default-deny + namespace: winter-ns +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/generated-resources.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/generated-resources.yaml new file mode 100644 index 0000000000..e6ae5538f2 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/generated-resources.yaml @@ -0,0 +1,12 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + created-by: kyverno + name: default-deny + namespace: red-ns +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/policy-ready.yaml new file mode 100644 index 0000000000..325e7aa152 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: existing-basic-create-policy-data +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/policy.yaml new file mode 100644 index 0000000000..cb262bdbfc --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-data/policy.yaml @@ -0,0 +1,31 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: existing-basic-create-policy-data +spec: + generateExisting: true + rules: + - name: existing-basic-create-rule + match: + any: + - resources: + kinds: + - Namespace + selector: + matchLabels: + color: red + generate: + kind: NetworkPolicy + apiVersion: networking.k8s.io/v1 + name: default-deny + namespace: "{{request.object.metadata.name}}" + synchronize: true + data: + metadata: + labels: + created-by: kyverno + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/README.md b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/README.md new file mode 100644 index 0000000000..35232d3c6e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/README.md @@ -0,0 +1,11 @@ +## Description + +This is a basic creation test for a "generate existing" policy with preconditions. It checks that the basic functionality works whereby installation of the policy causes correct evaluation of the match and preconditions blocks. + +## Expected Behavior + +If only the `jupiter` Namespace receives a generated ConfigMap, the test passes. If either it does not or `venus` receives a ConfigMap, the test fails. + +## Reference Issue(s) + +N/A diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/chainsaw-test.yaml new file mode 100755 index 0000000000..e87045c715 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/chainsaw-test.yaml @@ -0,0 +1,27 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: existing-basic-create-policy-preconditions-data +spec: + steps: + - name: step-01 + try: + - apply: + file: existing-resources.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: generated-resources.yaml + - error: + file: fail-generated-resources.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/existing-resources.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/existing-resources.yaml new file mode 100644 index 0000000000..51a708659c --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/existing-resources.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jupiter +--- +apiVersion: v1 +kind: Service +metadata: + name: test-lb + namespace: jupiter +spec: + ports: + - name: web + port: 80 + protocol: TCP + targetPort: web + selector: + app.kubernetes.io/instance: jupiter-foobar + type: LoadBalancer +--- +apiVersion: v1 +kind: Namespace +metadata: + name: venus +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + name: venus-clusterip-svc + namespace: venus +spec: + ports: + - name: tcp-redis + port: 6379 + protocol: TCP + targetPort: 6379 + selector: + app.kubernetes.io/name: venus-redis + type: ClusterIP diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/fail-generated-resources.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/fail-generated-resources.yaml new file mode 100644 index 0000000000..e908e1a9d1 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/fail-generated-resources.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + doeshavesvclb: "true" +kind: ConfigMap +metadata: + name: mylb-cm + namespace: venus diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/generated-resources.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/generated-resources.yaml new file mode 100644 index 0000000000..24d219c6d7 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/generated-resources.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + doeshavesvclb: "true" +kind: ConfigMap +metadata: + name: mylb-cm + namespace: jupiter diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/policy-ready.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/policy-ready.yaml new file mode 100644 index 0000000000..f062f545d8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: existing-basic-create-policy-preconditions-data +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/policy.yaml new file mode 100644 index 0000000000..077c830ccb --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing-deprecated/existing-basic-create-policy-preconditions-data/policy.yaml @@ -0,0 +1,27 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: existing-basic-create-policy-preconditions-data +spec: + generateExisting: true + rules: + - name: existing-basic-create-data-preconditions-rule + match: + any: + - resources: + kinds: + - Service + preconditions: + any: + - key: "{{request.object.spec.type}}" + operator: Equals + value: LoadBalancer + generate: + kind: ConfigMap + apiVersion: v1 + name: mylb-cm + namespace: "{{request.object.metadata.namespace}}" + synchronize: true + data: + data: + doeshavesvclb: "true" \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/add-rule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/add-rule.yaml index 2bebbe7ce1..9b7a6ea26d 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/add-rule.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/add-rule.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: existing-basic-add-rule-data spec: - generateExisting: true rules: - name: existing-basic-create-rule match: @@ -15,6 +14,7 @@ spec: matchLabels: color: blue generate: + generateExisting: true kind: NetworkPolicy apiVersion: networking.k8s.io/v1 name: default-deny @@ -39,6 +39,7 @@ spec: matchLabels: color: yellow generate: + generateExisting: true kind: NetworkPolicy apiVersion: networking.k8s.io/v1 name: default-deny diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/policy.yaml index fd47a1770b..c123d9eb15 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/policy.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: existing-basic-add-rule-data spec: - generateExisting: true rules: - name: existing-basic-create-rule match: @@ -15,6 +14,7 @@ spec: matchLabels: color: blue generate: + generateExisting: true kind: NetworkPolicy apiVersion: networking.k8s.io/v1 name: default-deny diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/policy.yaml index cb262bdbfc..4425fdee2b 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/policy.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: existing-basic-create-policy-data spec: - generateExisting: true rules: - name: existing-basic-create-rule match: @@ -15,6 +14,7 @@ spec: matchLabels: color: red generate: + generateExisting: true kind: NetworkPolicy apiVersion: networking.k8s.io/v1 name: default-deny diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/policy.yaml index 077c830ccb..6b80068aa0 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/policy.yaml @@ -3,7 +3,6 @@ kind: ClusterPolicy metadata: name: existing-basic-create-policy-preconditions-data spec: - generateExisting: true rules: - name: existing-basic-create-data-preconditions-rule match: @@ -17,6 +16,7 @@ spec: operator: Equals value: LoadBalancer generate: + generateExisting: true kind: ConfigMap apiVersion: v1 name: mylb-cm