add a kuttl test (#6622)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

pkg/event/controller.go

@@ -196,6 +196,7 @@ func (gen *generator) syncHandler(key Info) error {
 		eventType = corev1.EventTypeNormal
 	}
 
+	logger.V(2).Info("creating the event", "source", key.Source, "type", eventType, "resource", key.Resource())
 	// based on the source of event generation, use different event recorders
 	switch key.Source {
 	case AdmissionController:

pkg/event/info.go

@@ -1,5 +1,7 @@
 package event
 
+import "strings"
+
 // Info defines the event details
 type Info struct {
 	Kind      string
@@ -9,3 +11,10 @@ type Info struct {
 	Message   string
 	Source    Source
 }
+
+func (i *Info) Resource() string {
+	if i.Namespace == "" {
+		return strings.Join([]string{i.Kind, i.Name}, "/")
+	}
+	return strings.Join([]string{i.Kind, i.Namespace, i.Name}, "/")
+}

test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/01-clusterrole.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app: kyverno
+    app.kubernetes.io/instance: kyverno
+    app.kubernetes.io/name: kyverno
+  name: kyverno:generate-events
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create

test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/02-assert.yaml

@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app: kyverno
+    app.kubernetes.io/instance: kyverno
+    app.kubernetes.io/name: kyverno
+  name: kyverno:generate-events
+---
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: generate-event-upon-edit
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready

test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/02-clusterpolicy.yaml

@@ -0,0 +1,38 @@
+apiVersion: kyverno.io/v2beta1
+kind: ClusterPolicy
+metadata:
+  name: generate-event-upon-edit
+spec:
+  background: false
+  rules:
+  - name: generate-event-on-edit
+    match:
+      any:
+      - resources:
+          kinds:
+          - ConfigMap
+    preconditions:
+      any:
+      - key: "{{ request.operation }}"
+        operator: Equals
+        value: UPDATE
+    generate:
+      apiVersion: v1
+      kind: Event
+      name: "edit.{{ random('[a-z0-9]{12}') }}"
+      namespace: "{{request.object.metadata.namespace}}"
+      synchronize: false
+      data:
+        firstTimestamp: "{{ time_now_utc() }}"
+        involvedObject:
+          apiVersion: v1
+          kind: ConfigMap
+          name: "{{ request.name }}"
+          namespace: "{{ request.namespace }}"
+          uid: "{{request.object.metadata.uid}}"
+        lastTimestamp: "{{ time_now_utc() }}"
+        message: This resource was updated by {{ request.userInfo | to_string(@) }}
+        reason: Edit
+        source:
+          component: kyverno
+        type: Warning

test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/03-configmap_orig.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: generate-event-on-edit-ns
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: generate-event-on-edit-configmap
+  namespace: generate-event-on-edit-ns
+data:
+  food: cheese
+  day: monday
+  color: red

test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/04-configmap_edit_1.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: generate-event-on-edit-configmap
+  namespace: generate-event-on-edit-ns
+data:
+  food: cheese
+  day: wednesday
+  color: red

test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+involvedObject:
+  apiVersion: v1
+  kind: ConfigMap
+  name: generate-event-on-edit-configmap
+  namespace: generate-event-on-edit-ns
+kind: Event
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+    generate.kyverno.io/policy-name: generate-event-upon-edit
+    generate.kyverno.io/policy-namespace: ""
+    generate.kyverno.io/rule-name: generate-event-on-edit
+    generate.kyverno.io/trigger-apiversion: v1
+    generate.kyverno.io/trigger-kind: ConfigMap
+    generate.kyverno.io/trigger-name: generate-event-on-edit-configmap
+    generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns
+  namespace: generate-event-on-edit-ns
+source:
+  component: kyverno

test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/06-configmap_edit_2.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: generate-event-on-edit-configmap
+  namespace: generate-event-on-edit-ns
+data:
+  food: cheese
+  day: friday
+  color: red

test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml

@@ -0,0 +1,41 @@
+apiVersion: v1
+involvedObject:
+  apiVersion: v1
+  kind: ConfigMap
+  name: generate-event-on-edit-configmap
+  namespace: generate-event-on-edit-ns
+kind: Event
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+    generate.kyverno.io/policy-name: generate-event-upon-edit
+    generate.kyverno.io/policy-namespace: ""
+    generate.kyverno.io/rule-name: generate-event-on-edit
+    generate.kyverno.io/trigger-apiversion: v1
+    generate.kyverno.io/trigger-kind: ConfigMap
+    generate.kyverno.io/trigger-name: generate-event-on-edit-configmap
+    generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns
+  namespace: generate-event-on-edit-ns
+source:
+  component: kyverno
+---
+apiVersion: v1
+involvedObject:
+  apiVersion: v1
+  kind: ConfigMap
+  name: generate-event-on-edit-configmap
+  namespace: generate-event-on-edit-ns
+kind: Event
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kyverno
+    generate.kyverno.io/policy-name: generate-event-upon-edit
+    generate.kyverno.io/policy-namespace: ""
+    generate.kyverno.io/rule-name: generate-event-on-edit
+    generate.kyverno.io/trigger-apiversion: v1
+    generate.kyverno.io/trigger-kind: ConfigMap
+    generate.kyverno.io/trigger-name: generate-event-on-edit-configmap
+    generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns
+  namespace: generate-event-on-edit-ns
+source:
+  component: kyverno

test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/08-reset-clusterrole.yaml

@@ -0,0 +1,27 @@
+## reset changed clusterrole for the rest of the tests
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kyverno:background-controller:additional
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - configmaps
+  - networkpolicies
+  - resourcequotas
+  - secrets
+  - roles
+  - rolebindings
+  - limitranges
+  - namespaces
+  - nodes
+  - nodes/status
+  - pods
+  verbs:
+  - create
+  - update
+  - patch
+  - delete
+  - get
+  - list

test/conformance/kuttl/generate/clusterpolicy/cornercases/generate-event-upon-edit/README.md

@@ -0,0 +1,11 @@
+## Description
+
+This test checks an event should be created when updates a configmap.
+
+## Expected Behavior
+
+Total number of two events should be created at the end, one per UPDATE operation of the configmap.
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/issues/6458