scneario file test runner

examples/resource_mutate_imagePullPolicy.yaml

@@ -17,4 +17,4 @@ spec:
       containers:
       - name: nginx
         image: nginx:latest
-        # imagePullPolicy: IfNotPresent
+        imagePullPolicy: Always

examples/resource_validate_healthChecks.yaml

@@ -13,7 +13,7 @@ spec:
     - -c
     - touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600
     readinessProbe:
-      # successThreshold: 3
+      successThreshold: 3
       exec:
         command:
         - cat
@@ -26,6 +26,7 @@ spec:
       httpGet:
         path: /healthz
         port: 8080
+        scheme: HTTP
         httpHeaders:
         - name: Custom-Header
           value: Awesome

pkg/testrunner/testrunner_test.go

@@ -7,10 +7,6 @@ import "testing"
 // 	runner(t, "/test/scenarios/cli")
 // }
 
-func Test_Devlop(t *testing.T) {
-	testScenario(t, "/test/scenarios/test/s1.yaml")
-}
-
 func Test_Mutate_EndPoint(t *testing.T) {
 	testScenario(t, "/test/scenarios/test/scenario_mutate_endPpoint.yaml")
 }

test/output/output_mutate_endpoint.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Endpoints
+metadata:
+  creationTimestamp: 
+  labels:
+    isMutated: 'true'
+    label: test
+  name: test-endpoint
+subsets:
+- addresses:
+  - ip: 192.168.10.171
+  ports:
+  - name: secure-connection
+    port: 9663
+    protocol: TCP

test/output/output_mutate_imagePullPolicy.yaml

@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginxlatest
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginxlatest
+  template:
+    metadata:
+      labels:
+        app: nginxlatest
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:latest
+        imagePullPolicy: IfNotPresent

test/output/output_mutate_validate_qos.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  creationTimestamp: 
+  labels:
+    test: qos
+  name: qos-demo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: 
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - image: nginx:latest
+        name: nginx
+        resources:
+          limits:
+            cpu: 50m
+            memory: 300Mi
+status: {}

test/scenarios/test/scenario_mutate_endPpoint.yaml

@@ -0,0 +1,19 @@
+# file path relative to project root
+input:
+  policy: examples/policy_mutate_endpoint.yaml
+  resource: examples/resource_mutate_endpoint.yaml
+expected:
+  mutation:
+    patchedresource: test/output/output_mutate_endpoint.yaml
+    policyresponse:
+      policy: policy-endpoints
+      resource:
+        kind: Endpoints
+        apiVersion: v1
+        namespace: ''
+        name: test-endpoint
+      rules:
+        - name: pEP
+          type: Mutation
+          success: true
+          message: succesfully process JSON patches

test/scenarios/test/scenario_mutate_imagePullPolicy.yaml

@@ -0,0 +1,19 @@
+# file path relative to project root
+input:
+  policy: examples/policy_mutate_imagePullPolicy.yaml
+  resource: examples/resource_mutate_imagePullPolicy.yaml
+expected:
+  mutation:
+    patchedresource: test/output/output_mutate_endpoint.yaml
+    policyresponse:
+      policy: image-pull-policy
+      resource:
+        kind: Deployment
+        apiVersion: apps/v1
+        namespace: ''
+        name: nginx-deployment
+      rules:
+        - name: image-pull-policy
+          type: Mutation
+          success: true
+          message: succesfully process JSON patches

test/scenarios/test/scenario_mutate_validate_qos.yaml

@@ -0,0 +1,32 @@
+# file path relative to project root
+input:
+  policy: examples/policy_mutate_validate_qos.yaml
+  resource: examples/resource_mutate_validate_qos.yaml
+expected:
+  mutation:
+    patchedresource: test/output/output_mutate_validate_qos.yaml
+    policyresponse:
+      policy: policy-qos
+      resource:
+        kind: Deployment
+        apiVersion: apps/v1
+        namespace: ''
+        name: qos-demo
+      rules:
+        - name: add-memory-limit
+          type: Mutation
+          success: true
+          message: succesfully process JSON patches
+  validation:
+    policyresponse:
+      policy: policy-qos
+      resource:
+        kind: Deployment
+        apiVersion: apps/v1
+        namespace: ''
+        name: qos-demo
+      rules:
+        - name: check-cpu-memory-limits
+          type: Validation
+          meesage: validation pattern succesfully validated
+          success: true     

test/scenarios/test/scenario_validate_containerSecurityContext.yaml

@@ -0,0 +1,18 @@
+# file path relative to project root
+input:
+  policy: examples/policy_validate_containerSecurityContext.yaml
+  resource: examples/resource_validate_containerSecurityContext.yaml
+expected:
+  validation:
+    policyresponse:
+      policy: container-security-context
+      resource:
+        kind: Deployment
+        apiVersion: apps/v1
+        namespace: ''
+        name: csc-demo-unprivileged
+      rules:
+        - name: validate-user-privilege
+          type: Validation
+          meesage: validation pattern succesfully validated
+          success: true     

test/scenarios/test/scenario_validate_healthChecks.yaml

@@ -0,0 +1,22 @@
+# file path relative to project root
+input:
+  policy: examples/policy_validate_healthChecks.yaml
+  resource: examples/resource_validate_healthChecks.yaml
+expected:
+  validation:
+    policyresponse:
+      policy: check-probe-exists
+      resource:
+        kind: Pod
+        apiVersion: v1
+        namespace: ''
+        name: probe
+      rules:
+        - name: check-readinessProbe-exists
+          type: Validation
+          meesage: validation pattern succesfully validated
+          success: true     
+        - name: check-livenessProbe-exists
+          type: Validation
+          meesage: validation pattern succesfully validated
+          success: true     

test/scenarios/test/scenario_validate_imageRegistries.yaml

@@ -0,0 +1,18 @@
+# file path relative to project root
+input:
+  policy: examples/policy_validate_imageRegistries.yaml
+  resource: examples/resource_validate_imageRegistries.yaml
+expected:
+  validation:
+    policyresponse:
+      policy: check-registries
+      resource:
+        kind: Deployment
+        apiVersion: apps/v1
+        namespace: ''
+        name: nirmata-nginx
+      rules:
+        - name: check-registries
+          type: Validation
+          meesage: validation pattern succesfully validated
+          success: true

test/scenarios/test/scenario_validate_nonRootUser.yaml

@@ -0,0 +1,18 @@
+# file path relative to project root
+input:
+  policy: examples/policy_validate_nonRootUser.yaml
+  resource: examples/resource_validate_nonRootUser.yaml
+expected:
+  validation:
+    policyresponse:
+      policy: check-container-security-context
+      resource:
+        kind: Pod
+        apiVersion: v1
+        namespace: ''
+        name: sec-ctx-unprivileged
+      rules:
+        - name: check-root-user
+          type: Validation
+          meesage: 1/2 patterns succesfully validated
+          success: true