Add e2e test for mutation (#1761)

Signed-off-by: MarcelMue <marcel.mueller1@rwth-aachen.de> Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
2025-03-31 03:45:17 +00:00 · 2021-04-09 01:14:08 +02:00 · 2021-04-09 01:14:08 +02:00 · 9a6f7043b0
commit 9a6f7043b0
parent f3ca1d78f1
6 changed files with 242 additions and 27 deletions
--- a/17
+++ b/17
@ -35,7 +35,7 @@ build: kyverno
 PWD := $(CURDIR)
 ##################################
-# INIT CONTAINER 
+# INIT CONTAINER
 ##################################
 INITC_PATH := cmd/initContainer
 INITC_IMAGE := kyvernopre
@ -117,7 +117,7 @@ docker-build-cli-amd64:
 docker-push-cli:
 	@docker buildx build --file $(PWD)/$(CLI_PATH)/Dockerfile --progress plane --push --platform linux/arm64,linux/amd64 --tag $(REPO)/$(KYVERNO_CLI_IMAGE):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS)
 	@docker buildx build --file $(PWD)/$(CLI_PATH)/Dockerfile --progress plane --push --platform linux/arm64,linux/amd64 --tag $(REPO)/$(KYVERNO_CLI_IMAGE):latest . --build-arg LD_FLAGS=$(LD_FLAGS)
- 
+
 ##################################
 docker-publish-all: docker-publish-initContainer docker-publish-kyverno docker-publish-cli
@ -137,7 +137,7 @@ create-e2e-infrastruture:
 ##################################
 ##################################
-# Testing & Code-Coverage 
+# Testing & Code-Coverage
 ##################################
 ## variables
@ -153,7 +153,7 @@ $(GO_ACC):
 	go get -v github.com/ory/go-acc
 	$(eval export PATH=$(GO_ACC):$(PATH))
 # go test provides code coverage per packages only.
-# go-acc merges the result for pks so that it be used by	
+# go-acc merges the result for pks so that it be used by
 # go tool cover for reporting
 # go get downloads and installs the binary
@ -171,7 +171,8 @@ code-cov-report: $(CODE_COVERAGE_FILE_TXT)
 # Test E2E
 test-e2e:
 	$(eval export E2E="ok")
-	go test ./test/e2e/... -v
+	go test ./test/e2e/mutate -v
 	go test ./test/e2e/generate -v
 	$(eval export E2E="")
 #Test TestCmd Policy
@ -183,9 +184,9 @@ run_testcmd_policy:
 godownloader:
 	godownloader .goreleaser.yml --repo kyverno/kyverno -o ./scripts/install-cli.sh  --source="raw"
-# kustomize-crd will create install.yaml 
+# kustomize-crd will create install.yaml
 kustomize-crd:
-	# Create CRD for helm deployment Helm 
+	# Create CRD for helm deployment Helm
 	kustomize build ./definitions/crds > ./charts/kyverno/crds/crds.yaml
 	# Generate install.yaml that have all resources for kyverno
 	kustomize build ./definitions > ./definitions/install.yaml
@ -204,7 +205,7 @@ kyverno-crd: controller-gen
 report-crd: controller-gen
 	$(CONTROLLER_GEN) crd paths=./pkg/api/policyreport/v1alpha1 output:dir=./definitions/crds
-# install the right version of controller-gen 
+# install the right version of controller-gen
 install-controller-gen:
 	@{ \
 	set -e ;\
--- a/test/e2e/generate/generate_test.go
+++ b/test/e2e/generate/generate_test.go
@ -3,26 +3,29 @@ package generate
 import (
 	"errors"
 	"fmt"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"os"
 	"testing"
 	"time"
 	"github.com/kyverno/kyverno/test/e2e"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 )
 var (
 	// Cluster Polict GVR
-	clPolGVR = GetGVR("kyverno.io", "v1", "clusterpolicies")
+	clPolGVR = e2e.GetGVR("kyverno.io", "v1", "clusterpolicies")
 	// Namespace GVR
-	nsGVR = GetGVR("", "v1", "namespaces")
+	nsGVR = e2e.GetGVR("", "v1", "namespaces")
 	// ClusterRole GVR
-	crGVR = GetGVR("rbac.authorization.k8s.io", "v1", "clusterroles")
+	crGVR = e2e.GetGVR("rbac.authorization.k8s.io", "v1", "clusterroles")
 	// ClusterRoleBinding GVR
-	crbGVR = GetGVR("rbac.authorization.k8s.io", "v1", "clusterrolebindings")
+	crbGVR = e2e.GetGVR("rbac.authorization.k8s.io", "v1", "clusterrolebindings")
 	// Role GVR
-	rGVR = GetGVR("rbac.authorization.k8s.io", "v1", "roles")
+	rGVR = e2e.GetGVR("rbac.authorization.k8s.io", "v1", "roles")
 	// RoleBinding GVR
-	rbGVR = GetGVR("rbac.authorization.k8s.io", "v1", "rolebindings")
+	rbGVR = e2e.GetGVR("rbac.authorization.k8s.io", "v1", "rolebindings")
 	// ClusterPolicy Namespace
 	clPolNS = ""
@ -37,7 +40,7 @@ func Test_ClusterRole_ClusterRoleBinding_Sets(t *testing.T) {
 		t.Skip("Skipping E2E Test")
 	}
 	// Generate E2E Client ==================
-	e2eClient, err := NewE2EClient()
+	e2eClient, err := e2e.NewE2EClient()
 	Expect(err).To(BeNil())
 	// ======================================
@ -65,7 +68,7 @@ func Test_ClusterRole_ClusterRoleBinding_Sets(t *testing.T) {
 		e2eClient.DeleteClusteredResource(nsGVR, tests.ResourceNamespace)
 		// Wait Till Deletion of Namespace
-		GetWithRetry(time.Duration(1), 15, func() error {
+		e2e.GetWithRetry(time.Duration(1), 15, func() error {
 			_, err := e2eClient.GetClusteredResource(nsGVR, tests.ResourceNamespace)
 			if err != nil {
 				return nil
@ -100,7 +103,7 @@ func Test_ClusterRole_ClusterRoleBinding_Sets(t *testing.T) {
 		Expect(err).NotTo(HaveOccurred())
 		// Wait Till Creation of Namespace
-		GetWithRetry(time.Duration(1), 15, func() error {
+		e2e.GetWithRetry(time.Duration(1), 15, func() error {
 			_, err := e2eClient.GetClusteredResource(nsGVR, tests.ResourceNamespace)
 			if err != nil {
 				return err
@ -112,7 +115,7 @@ func Test_ClusterRole_ClusterRoleBinding_Sets(t *testing.T) {
 		// ======== Verify ClusterRole Creation =====
 		By("Verifying ClusterRole")
 		// Wait Till Creation of ClusterRole
-		GetWithRetry(time.Duration(1), 15, func() error {
+		e2e.GetWithRetry(time.Duration(1), 15, func() error {
 			_, err := e2eClient.GetClusteredResource(crGVR, tests.ClusterRoleName)
 			if err != nil {
 				return err
@ -136,7 +139,7 @@ func Test_ClusterRole_ClusterRoleBinding_Sets(t *testing.T) {
 		// Clear Namespace
 		e2eClient.DeleteClusteredResource(nsGVR, tests.ResourceNamespace)
 		// Wait Till Deletion of Namespace
-		GetWithRetry(time.Duration(1), 15, func() error {
+		e2e.GetWithRetry(time.Duration(1), 15, func() error {
 			_, err := e2eClient.GetClusteredResource(nsGVR, tests.ResourceNamespace)
 			if err != nil {
 				return nil
@ -154,7 +157,7 @@ func Test_Role_RoleBinding_Sets(t *testing.T) {
 		t.Skip("Skipping E2E Test")
 	}
 	// Generate E2E Client ==================
-	e2eClient, err := NewE2EClient()
+	e2eClient, err := e2e.NewE2EClient()
 	Expect(err).To(BeNil())
 	// ======================================
@ -179,7 +182,7 @@ func Test_Role_RoleBinding_Sets(t *testing.T) {
 		}
 		// Wait Till Deletion of Namespace
-		GetWithRetry(time.Duration(1), 15, func() error {
+		e2e.GetWithRetry(time.Duration(1), 15, func() error {
 			_, err := e2eClient.GetClusteredResource(nsGVR, tests.ResourceNamespace)
 			if err != nil {
 				return nil
@ -210,7 +213,7 @@ func Test_Role_RoleBinding_Sets(t *testing.T) {
 		Expect(err).NotTo(HaveOccurred())
 		// Wait Till Creation of Namespace
-		GetWithRetry(time.Duration(1), 15, func() error {
+		e2e.GetWithRetry(time.Duration(1), 15, func() error {
 			_, err := e2eClient.GetClusteredResource(nsGVR, tests.ResourceNamespace)
 			if err != nil {
 				return err
@ -222,7 +225,7 @@ func Test_Role_RoleBinding_Sets(t *testing.T) {
 		// ======== Verify Role Creation =====
 		By(fmt.Sprintf("Verifying Role in the Namespace : %s", tests.ResourceNamespace))
 		// Wait Till Creation of Role
-		GetWithRetry(time.Duration(1), 15, func() error {
+		e2e.GetWithRetry(time.Duration(1), 15, func() error {
 			_, err := e2eClient.GetNamespacedResource(rGVR, tests.ResourceNamespace, tests.RoleName)
 			if err != nil {
 				return err
@ -255,7 +258,7 @@ func Test_Role_RoleBinding_Sets(t *testing.T) {
 		// Clear Namespace
 		e2eClient.DeleteClusteredResource(nsGVR, tests.ResourceNamespace)
 		// Wait Till Deletion of Namespace
-		GetWithRetry(time.Duration(1), 15, func() error {
+		e2e.GetWithRetry(time.Duration(1), 15, func() error {
 			_, err := e2eClient.GetClusteredResource(nsGVR, tests.ResourceNamespace)
 			if err != nil {
 				return nil
--- a/test/e2e/mutate/config.go
+++ b/test/e2e/mutate/config.go
@ -0,0 +1,18 @@
 package mutate
 // MutateTests is E2E Test Config for mutation
 var MutateTests = []struct {
 	//TestName - Name of the Test
 	TestName string
 	// Data - The Yaml file of the ClusterPolicy
 	Data []byte
 }{
 	{
 		TestName: "test-mutate-with-context",
 		Data:     configMapMutationYaml,
 	},
 	{
 		TestName: "test-mutate-with-logic-in-context",
 		Data:     configMapMutationWithContextLogicYaml,
 	},
 }
--- a/test/e2e/mutate/mutate_test.go
+++ b/test/e2e/mutate/mutate_test.go
@ -0,0 +1,109 @@
 package mutate
 import (
 	"errors"
 	"fmt"
 	"os"
 	"testing"
 	"time"
 	"github.com/kyverno/kyverno/test/e2e"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 )
 var (
 	// Cluster Polict GVR
 	clPolGVR = e2e.GetGVR("kyverno.io", "v1", "clusterpolicies")
 	// Namespace GVR
 	nsGVR = e2e.GetGVR("", "v1", "namespaces")
 	// ConfigMap GVR
 	cmGVR = e2e.GetGVR("", "v1", "configmaps")
 	// ClusterPolicy Namespace
 	clPolNS = ""
 	// Namespace Name
 	// Hardcoded in YAML Definition
 	nspace = "test-mutate"
 )
 func Test_Mutate_Sets(t *testing.T) {
 	RegisterTestingT(t)
 	if os.Getenv("E2E") == "" {
 		t.Skip("Skipping E2E Test")
 	}
 	// Generate E2E Client
 	e2eClient, err := e2e.NewE2EClient()
 	Expect(err).To(BeNil())
 	for _, tests := range MutateTests {
 		By(fmt.Sprintf("Test to mutate objects : %s", tests.TestName))
 		// Clean up Resources
 		By(fmt.Sprintf("Cleaning Cluster Policies"))
 		e2eClient.CleanClusterPolicies(clPolGVR)
 		// Clear Namespace
 		By(fmt.Sprintf("Deleting Namespace : %s", nspace))
 		e2eClient.DeleteClusteredResource(nsGVR, nspace)
 		// Wait Till Deletion of Namespace
 		e2e.GetWithRetry(time.Duration(1), 15, func() error {
 			_, err := e2eClient.GetClusteredResource(nsGVR, nspace)
 			if err != nil {
 				return nil
 			}
 			return errors.New("Deleting Namespace")
 		})
 		// Create Namespace
 		By(fmt.Sprintf("Creating Namespace %s", clPolNS))
 		_, err = e2eClient.CreateClusteredResourceYaml(nsGVR, namespaceYaml)
 		Expect(err).NotTo(HaveOccurred())
 		// Create source CM
 		By(fmt.Sprintf("\nCreating source ConfigMap in %s", nspace))
 		_, err = e2eClient.CreateNamespacedResourceYaml(cmGVR, nspace, sourceConfigMapYaml)
 		Expect(err).NotTo(HaveOccurred())
 		// Create CM Policy
 		By(fmt.Sprintf("\nCreating Mutate ConfigMap Policy in %s", clPolNS))
 		_, err = e2eClient.CreateNamespacedResourceYaml(clPolGVR, clPolNS, tests.Data)
 		Expect(err).NotTo(HaveOccurred())
 		// Create target CM
 		By(fmt.Sprintf("\nCreating target ConfigMap in %s", nspace))
 		_, err = e2eClient.CreateNamespacedResourceYaml(cmGVR, nspace, targetConfigMapYaml)
 		Expect(err).NotTo(HaveOccurred())
 		// Verify created ConfigMap
 		By(fmt.Sprintf("Verifying ConfigMap in the Namespace : %s", nspace))
 		// Wait Till Creation of ConfigMap
 		e2e.GetWithRetry(time.Duration(1), 15, func() error {
 			_, err := e2eClient.GetNamespacedResource(cmGVR, nspace, "target")
 			if err != nil {
 				return err
 			}
 			return nil
 		})
 		cmRes, err := e2eClient.GetNamespacedResource(cmGVR, nspace, "target")
 		Expect(err).NotTo(HaveOccurred())
 		Expect(cmRes.GetLabels()["kyverno.key/copy-me"]).To(Equal("sample-value"))
 		//CleanUp Resources
 		e2eClient.CleanClusterPolicies(clPolGVR)
 		// Clear Namespace
 		e2eClient.DeleteClusteredResource(nsGVR, nspace)
 		// Wait Till Deletion of Namespace
 		e2e.GetWithRetry(time.Duration(1), 15, func() error {
 			_, err := e2eClient.GetClusteredResource(nsGVR, nspace)
 			if err != nil {
 				return nil
 			}
 			return errors.New("Deleting Namespace")
 		})
 		By(fmt.Sprintf("Test %s Completed \n\n\n", tests.TestName))
 	}
 }
--- a/test/e2e/mutate/resources.go
+++ b/test/e2e/mutate/resources.go
@ -0,0 +1,84 @@
 package mutate
 // Namespace Description
 var namespaceYaml = []byte(`
 apiVersion: v1
 kind: Namespace
 metadata:
  name: test-mutate
 `)
 // Cluster Policy to copy the copy me label from one configmap to the target
 var configMapMutationYaml = []byte(`
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: "mutate-policy"
 spec:
  rules:
  - name: "gen-role"
    match:
      resources:
        kinds:
          - ConfigMap
    context:
    - name: labelValue
      apiCall:
        urlPath: "/api/v1/namespaces/{{ request.object.metadata.namespace }}/configmaps"
        jmesPath: "items[*]"
    mutate:
      patchStrategicMerge:
        metadata:
          labels:
            +(kyverno.key/copy-me): "{{ labelValue[?metadata.name == 'source'].metadata.labels.\"kyverno.key/copy-me\" | [0] }}"
 `)
 var configMapMutationWithContextLogicYaml = []byte(`
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: "mutate-policy"
 spec:
  rules:
  - name: "gen-role"
    match:
      resources:
        kinds:
          - ConfigMap
    context:
    - name: labelValue
      apiCall:
        urlPath: "/api/v1/namespaces/{{ request.object.metadata.namespace }}/configmaps"
        jmesPath: "items[?metadata.name == 'source'].metadata.labels.\"kyverno.key/copy-me\" | [0]"
    mutate:
      patchStrategicMerge:
        metadata:
          labels:
            +(kyverno.key/copy-me): "{{ labelValue }}"
 `)
 // Source ConfigMap from which data is taken to copy
 var sourceConfigMapYaml = []byte(`
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: source
  namespace: test-mutate
  labels:
    kyverno.key/copy-me: sample-value
 data:
  data.yaml: |
    some: data
 `)
 // Target ConfigMap which is mutated
 var targetConfigMapYaml = []byte(`
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: target
  namespace: test-mutate
 data:
  data.yaml: |
    some: data
 `)
--- a/test/e2e/generate/utils.go
+++ b/test/e2e/generate/utils.go
@ -1,4 +1,4 @@
-package generate
+package e2e
 import (
 	"context"