1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

fix: return nil error when trigger resource not found for a subresouces (#11594)

* fix: return nil error when trigger resource not found for a subresource kind

Signed-off-by: Nishanth Reddy <nishanth.reddy@doordash.com>

* chore(deps): bump codecov/codecov-action from 4.6.0 to 5.0.0 (#11597)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.6.0 to 5.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](b9fd7d16f6...968872560f)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump sigs.k8s.io/structured-merge-diff/v4 (#11596)

Bumps [sigs.k8s.io/structured-merge-diff/v4](https://github.com/kubernetes-sigs/structured-merge-diff) from 4.4.1 to 4.4.3.
- [Release notes](https://github.com/kubernetes-sigs/structured-merge-diff/releases)
- [Changelog](https://github.com/kubernetes-sigs/structured-merge-diff/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/structured-merge-diff/compare/v4.4.1...v4.4.3)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/structured-merge-diff/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: use generate name for background scan reports (#11586)

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

* chore(deps): bump github/codeql-action from 3.27.3 to 3.27.4 (#11598)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.3 to 3.27.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](396bb3e453...ea9e4e3799)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat(ci): test upgrade conformance (#11498)

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

* add chainsaw tests

* add kubectl-evict to githubpath

* add readme

---------

Signed-off-by: Nishanth Reddy <nishanth.reddy@doordash.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Khaled Emara <khaled.emara@nirmata.com>
This commit is contained in:
Nishanth Reddy 2024-11-19 23:41:06 -08:00 committed by GitHub
parent 30d475aaae
commit 95baeaa4e9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 134 additions and 1 deletions

View file

@ -181,6 +181,15 @@ runs:
make kind-install-kyverno make kind-install-kyverno
- name: Wait for kyverno ready - name: Wait for kyverno ready
uses: ./.github/actions/kyverno-wait-ready uses: ./.github/actions/kyverno-wait-ready
# install kubectl-evict plugin needed for testing eviction subresource trigger
- name: Install kubectl-evict
shell: bash
run: |
set -e
GOBIN=$(go env GOPATH)/bin
go install github.com/ueokande/kubectl-evict@latest
echo 'Adding kubectl-evict directory to PATH...'
echo "${GOBIN}" >> "${GITHUB_PATH}"
# run tests # run tests
- name: Test with Chainsaw - name: Test with Chainsaw
if: ${{ steps.determine-next-version.outputs.next_version != 'main' }} if: ${{ steps.determine-next-version.outputs.next_version != 'main' }}

View file

@ -193,7 +193,7 @@ func (c *GenerateController) getTriggerForCreateOperation(spec kyvernov2.UpdateR
c.log.Error(err, "failed to extract resources from admission review request") c.log.Error(err, "failed to extract resources from admission review request")
return nil, err return nil, err
} }
trigger = &newResource return &newResource, nil
} }
} }
return trigger, err return trigger, err

View file

@ -0,0 +1,11 @@
## Description
This test assures generation of resource with a pod/eviction sub-resource acting as a trigger.
## Expected Behavior
The test passes and `configmap` `zk-kafka-address` is created.
## Reference Issue(s)
[11573](https://github.com/kyverno/kyverno/issues/11573)

View file

@ -0,0 +1,18 @@
apiVersion: v1
data:
KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092
ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/managed-by: kyverno
generate.kyverno.io/policy-name: zk-kafka-address
generate.kyverno.io/policy-namespace: ""
generate.kyverno.io/rule-name: k-kafka-address
generate.kyverno.io/trigger-group: policy
generate.kyverno.io/trigger-kind: Eviction
generate.kyverno.io/trigger-namespace: test-generate-eviction
generate.kyverno.io/trigger-version: v1
somekey: somevalue
name: zk-kafka-address
namespace: test-generate-eviction

View file

@ -0,0 +1,56 @@
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
name: generate-on-eviction-subresource-trigger
spec:
steps:
- name: create policy
use:
template: ../../../../../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy.yaml
- name: step-01
try:
- apply:
file: namespace.yaml
- name: wait policy ready
use:
template: ../../../../../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: zk-kafka-address
- try:
- assert:
file: namespace-ready.yaml
- name: step-02
try:
- command:
args:
- run
- nginx
- --image=nginx
- -n
- test-generate-eviction
entrypoint: kubectl
- command:
args:
- wait
- --for=condition=Ready
- pod/nginx
- -n
- test-generate-eviction
entrypoint: kubectl
- command:
args:
- evict
- nginx
- -n
- test-generate-eviction
entrypoint: kubectl
- name: step-03
try:
- assert:
file: chainsaw-step-03-assert-1-1.yaml

View file

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: test-generate-eviction
status:
phase: Active

View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: test-generate-eviction

View file

@ -0,0 +1,29 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: zk-kafka-address
spec:
rules:
- name: k-kafka-address
match:
any:
- resources:
kinds:
- "Pod/eviction"
generate:
# generateExisting does not work for sub-resources
generateExisting: false
# synchronization does not work for sub-resources
synchronize: false
apiVersion: v1
kind: ConfigMap
name: zk-kafka-address
namespace: "{{request.namespace}}"
data:
kind: ConfigMap
metadata:
labels:
somekey: somevalue
data:
ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181"
KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092"