fix: Kyverno test fails to load resources (#8349)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-12-14 11:57:48 +00:00 · 2023-09-12 11:45:24 +02:00 · 2023-09-12 11:45:24 +02:00 · 9e950b9892
commit 9e950b9892
parent 889117da60
4 changed files with 125 additions and 0 deletions
--- a/test/cli/test-mutate/connection-draining/kyverno-test.yaml
+++ b/test/cli/test-mutate/connection-draining/kyverno-test.yaml
@ -0,0 +1,17 @@
+name: connection-draining
+policies:
+  - policy.yaml
+resources:
+  - resource.yaml
+results:
+- policy: disable-connection-draining
+  rule: clb
+  resource: nlb-aws-controller-no-attributes
+  kind: Service
+  result: skip
+- policy: disable-connection-draining
+  rule: nlb-no-attributes
+  patchedResource: patched.yaml
+  resource: nlb-aws-controller-no-attributes
+  kind: Service
+  result: pass
--- a/test/cli/test-mutate/connection-draining/patched.yaml
+++ b/test/cli/test-mutate/connection-draining/patched.yaml
@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nlb-aws-controller-no-attributes
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+    service.beta.kubernetes.io/aws-load-balancer-type: external
+    service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: deregistration_delay.connection_termination.enabled=true,deregistration_delay.timeout_seconds=0
+spec:
+  type: LoadBalancer
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
--- a/test/cli/test-mutate/connection-draining/policy.yaml
+++ b/test/cli/test-mutate/connection-draining/policy.yaml
@ -0,0 +1,71 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disable-connection-draining
+  annotations:
+    policies.kyverno.io/title: Configure Connection Draining
+    policies.kyverno.io/category: Best Practices
+    policies.kyverno.io/subject: Service
+spec:
+  background: true
+  rules:
+  - name: clb
+    match:
+      resources:
+        kinds:
+        - Service
+    context:
+    - name: connection_draining_check
+      variable:
+        default: "empty"
+        jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled"
+    - name: nlb_check
+      variable:
+        default: "false"
+        jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-type"
+    preconditions:
+      all:
+      - key: "{{ request.object.spec.type }}"
+        operator: Equals
+        value: "LoadBalancer"
+      - key: "{{ connection_draining_check }}"
+        operator: AnyIn
+        value: ["true", "empty"]
+      - key: "{{ nlb_check }}"
+        operator: AnyNotIn
+        value: ["external", "nlb"]
+    mutate:
+      patchStrategicMerge:
+        metadata:
+          annotations:
+            service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled: "false"
+  - name: nlb-no-attributes
+    match:
+      resources:
+        kinds:
+        - Service
+    context:
+    - name: nlb_check
+      variable:
+        default: "false"
+        jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-type"
+    - name: tg_attributes
+      variable:
+        default: "false"
+        jmesPath: request.object.metadata.annotations."service.beta.kubernetes.io/aws-load-balancer-target-group-attributes"
+    preconditions:
+      all:
+      - key: "{{ request.object.spec.type }}"
+        operator: Equals
+        value: "LoadBalancer"
+      - key: "{{ nlb_check }}"
+        operator: Equals
+        value: "external"
+      - key: "{{ tg_attributes }}"
+        operator: Equals
+        value: "false"
+    mutate:
+      patchStrategicMerge:
+        metadata:
+          annotations:
+            service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: "deregistration_delay.connection_termination.enabled=true,deregistration_delay.timeout_seconds=0"
--- a/test/cli/test-mutate/connection-draining/resource.yaml
+++ b/test/cli/test-mutate/connection-draining/resource.yaml
@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nlb-aws-controller-no-attributes
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+    service.beta.kubernetes.io/aws-load-balancer-type: external
+spec:
+  type: LoadBalancer
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80