fix: return nil error when trigger resource not found for a subresouces (#11594)

* fix: return nil error when trigger resource not found for a subresource kind Signed-off-by: Nishanth Reddy <nishanth.reddy@doordash.com> * chore(deps): bump codecov/codecov-action from 4.6.0 to 5.0.0 (#11597) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.6.0 to 5.0.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](b9fd7d16f6...968872560f) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigs.k8s.io/structured-merge-diff/v4 (#11596) Bumps [sigs.k8s.io/structured-merge-diff/v4](https://github.com/kubernetes-sigs/structured-merge-diff) from 4.4.1 to 4.4.3. - [Release notes](https://github.com/kubernetes-sigs/structured-merge-diff/releases) - [Changelog](https://github.com/kubernetes-sigs/structured-merge-diff/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/structured-merge-diff/compare/v4.4.1...v4.4.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/structured-merge-diff/v4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: use generate name for background scan reports (#11586) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump github/codeql-action from 3.27.3 to 3.27.4 (#11598) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.3 to 3.27.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](396bb3e453...ea9e4e3799) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(ci): test upgrade conformance (#11498) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * add chainsaw tests * add kubectl-evict to githubpath * add readme --------- Signed-off-by: Nishanth Reddy <nishanth.reddy@doordash.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Khaled Emara <khaled.emara@nirmata.com>
2024-12-14 11:57:48 +00:00 · 2024-11-19 23:41:06 -08:00 · 2024-11-19 23:41:06 -08:00 · 95baeaa4e9
commit 95baeaa4e9
parent 30d475aaae
8 changed files with 134 additions and 1 deletions
--- a/.github/actions/run-tests/action.yaml
+++ b/.github/actions/run-tests/action.yaml
@ -181,6 +181,15 @@ runs:
        make kind-install-kyverno
    - name: Wait for kyverno ready
      uses: ./.github/actions/kyverno-wait-ready
+    # install kubectl-evict plugin needed for testing eviction subresource trigger
+    - name: Install kubectl-evict
+      shell: bash
+      run: |
+        set -e
+        GOBIN=$(go env GOPATH)/bin
+        go install github.com/ueokande/kubectl-evict@latest
+        echo 'Adding kubectl-evict directory to PATH...'
+        echo "${GOBIN}" >> "${GITHUB_PATH}"
    # run tests
    - name: Test with Chainsaw
      if: ${{ steps.determine-next-version.outputs.next_version != 'main' }}
--- a/pkg/background/generate/controller.go
+++ b/pkg/background/generate/controller.go
@ -193,7 +193,7 @@ func (c *GenerateController) getTriggerForCreateOperation(spec kyvernov2.UpdateR
 				c.log.Error(err, "failed to extract resources from admission review request")
 				return nil, err
 			}
-			trigger = &newResource
+			return &newResource, nil
 		}
 	}
 	return trigger, err
--- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-eviction-subresource-trigger/README.md
+++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-eviction-subresource-trigger/README.md
@ -0,0 +1,11 @@
+## Description
+
+This test assures generation of resource with a pod/eviction sub-resource acting as a trigger.
+
+## Expected Behavior
+
+The test passes and `configmap` `zk-kafka-address` is created.
+
+## Reference Issue(s)
+
+[11573](https://github.com/kyverno/kyverno/issues/11573)
--- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-eviction-subresource-trigger/chainsaw-step-03-assert-1-1.yaml
+++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-eviction-subresource-trigger/chainsaw-step-03-assert-1-1.yaml
@ -0,0 +1,18 @@
+apiVersion: v1
+data:
+  KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092
+  ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+    generate.kyverno.io/policy-name: zk-kafka-address
+    generate.kyverno.io/policy-namespace: ""
+    generate.kyverno.io/rule-name: k-kafka-address
+    generate.kyverno.io/trigger-group: policy
+    generate.kyverno.io/trigger-kind: Eviction
+    generate.kyverno.io/trigger-namespace: test-generate-eviction
+    generate.kyverno.io/trigger-version: v1
+    somekey: somevalue
+  name: zk-kafka-address
+  namespace: test-generate-eviction
--- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-eviction-subresource-trigger/chainsaw-test.yaml
+++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-eviction-subresource-trigger/chainsaw-test.yaml
@ -0,0 +1,56 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: generate-on-eviction-subresource-trigger
+spec:
+  steps:
+  - name: create policy
+    use:
+      template: ../../../../../../_step-templates/create-policy.yaml
+      with:
+        bindings:
+        - name: file
+          value: policy.yaml
+  - name: step-01
+    try:
+    - apply:
+        file: namespace.yaml
+  - name: wait policy ready
+    use:
+      template: ../../../../../../_step-templates/cluster-policy-ready.yaml
+      with:
+        bindings:
+        - name: name
+          value: zk-kafka-address
+  - try:
+    - assert:
+        file: namespace-ready.yaml
+  - name: step-02
+    try:
+    - command:
+        args:
+        - run
+        - nginx
+        - --image=nginx
+        - -n
+        - test-generate-eviction
+        entrypoint: kubectl
+    - command:
+        args:
+        - wait
+        - --for=condition=Ready
+        - pod/nginx
+        - -n
+        - test-generate-eviction
+        entrypoint: kubectl
+    - command:
+        args:
+        - evict
+        - nginx
+        - -n
+        - test-generate-eviction
+        entrypoint: kubectl
+  - name: step-03
+    try:
+    - assert:
+        file: chainsaw-step-03-assert-1-1.yaml
--- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-eviction-subresource-trigger/namespace-ready.yaml
+++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-eviction-subresource-trigger/namespace-ready.yaml
@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: test-generate-eviction
+status:
+  phase: Active
--- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-eviction-subresource-trigger/namespace.yaml
+++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-eviction-subresource-trigger/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: test-generate-eviction
--- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-eviction-subresource-trigger/policy.yaml
+++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-eviction-subresource-trigger/policy.yaml
@ -0,0 +1,29 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: zk-kafka-address
+spec:
+  rules:
+    - name: k-kafka-address
+      match:
+        any:
+          - resources:
+              kinds:
+                - "Pod/eviction"
+      generate:
+        # generateExisting does not work for sub-resources
+        generateExisting: false
+        # synchronization does not work for sub-resources
+        synchronize: false
+        apiVersion: v1
+        kind: ConfigMap
+        name: zk-kafka-address
+        namespace: "{{request.namespace}}"
+        data:
+          kind: ConfigMap
+          metadata:
+            labels:
+              somekey: somevalue
+          data:
+            ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181"
+            KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092"