return helpful error message on invalid patched resources. (#4129)

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2025-03-29 10:55:05 +00:00 · 2022-07-06 13:24:28 +05:30 · 2022-07-06 13:24:28 +05:30 · a37901425f
commit a37901425f
parent d05a0759ca
5 changed files with 123 additions and 1 deletions
--- a/cmd/cli/kubectl-kyverno/test/test_command.go
+++ b/cmd/cli/kubectl-kyverno/test/test_command.go
@ -775,7 +775,8 @@ func getAndCompareResource(path string, engineResource unstructured.Unstructured

 	userResource, err := common.GetResourceFromPath(fs, path, isGit, policyResourcePath, resourceType)
 	if err != nil {
-		os.Exit(1)
+		fmt.Printf("Error: failed to load resources\nCause: %s\n", err)
+		return ""
 	}
 	matched, err := generate.ValidateResourceWithPattern(log.Log, engineResource.UnstructuredContent(), userResource.UnstructuredContent())
 	if err != nil {
--- a/test/cli/test/kasten-invalid-patchedResource/backup-export-policy.yaml
+++ b/test/cli/test/kasten-invalid-patchedResource/backup-export-policy.yaml
@ -0,0 +1,36 @@
+# An example compliant K10 Policy
+apiVersion: config.kio.kasten.io/v1alpha1
+kind: Policy
+metadata:
+  name: hourly-policy
+  namespace: kasten-io
+  labels:
+    appPriority: Mission-Critical
+spec:
+  comment: My sample custom backup policy
+  frequency: '@hourly' # change this to @daily to test the 'audit_mission_critical_RPO' policy
+  subFrequency:
+    minutes: [30]
+    hours: [22,7]
+    weekdays: [5]
+    days: [15]
+  retention:
+    daily: 14
+    weekly: 4
+    monthly: 6
+  actions:
+  - action: backup
+  - action: export  # comment this line out to test 'enforce_3-2-1' policy
+    exportParameters:
+      frequency: '@monthly'
+      profile:
+        name: my-profile
+        namespace: kasten-io
+      exportData:
+        enabled: true
+    retention:
+      monthly: 12
+      yearly: 5
+  selector:
+    matchLabels:
+      k10.kasten.io/appNamespace: sampleApp
--- a/test/cli/test/kasten-invalid-patchedResource/k10-override-minimum-retentions.yaml
+++ b/test/cli/test/kasten-invalid-patchedResource/k10-override-minimum-retentions.yaml
@ -0,0 +1,32 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: k10-policy-minimum-retention
+  annotations:
+    policies.kyverno.io/title: Minimum Backup Retention
+    policies.kyverno.io/category: Kasten K10
+    kyverno.io/kyverno-version: 1.6.2
+    policies.kyverno.io/minversion: 1.6.2
+    kyverno.io/kubernetes-version: "1.21-1.22"
+    policies.kyverno.io/subject: Policy
+    policies.kyverno.io/description: >-
+      K10 Policy resources can be validated to adhere to common compliance retention standards. 
+      Uncomment the regulation/compliance standards you want to enforce for according to GFS retention.
+      This policy deletes the retention value in the backup operation and replaces it with the specified retention.
+      Note: K10 Policy uses the GFS retention scheme and export operations default to use the retention of the backup operation.
+      To use different 
+      This policy can also be used go reduce retentions lengths to enforce cost optimization.
+spec:
+  rules:
+  - name: k10-policy-minimum-retention
+    match:
+      any:
+      - resources:
+          kinds:
+          - config.kio.kasten.io/v1alpha1/Policy
+    mutate: 
+      # Cost Optimization (Maximum Retention: 3 Months)
+      patchesJson6902: |-
+        - path: "/spec/retention"
+          op: replace
+          value: {"hourly":24,"daily":30,"weekly":4,"monthly":3}
--- a/test/cli/test/kasten-invalid-patchedResource/kyverno-test.yaml
+++ b/test/cli/test/kasten-invalid-patchedResource/kyverno-test.yaml
@ -0,0 +1,12 @@
+name: kyverno_data_protection_tests
+policies:
+  - k10-override-minimum-retentions.yaml
+resources:
+  - backup-export-policy.yaml
+results:
+- policy: k10-policy-minimum-retention
+  rule: k10-policy-minimum-retention
+  resource: hourly-policy
+  kind: Policy
+  patchedResource: patched.yaml
+  result: fail
--- a/test/cli/test/kasten-invalid-patchedResource/patched.yaml
+++ b/test/cli/test/kasten-invalid-patchedResource/patched.yaml
@ -0,0 +1,41 @@
+kind: Policy
+apiVersion: config.kio.kasten.io/v1alpha1
+metadata:
+  name: hourly-policy
+  namespace: kasten-io
+  # labels:
+    appPriority: Mission-Critical
+spec:
+  comment: My sample custom backup policy
+  frequency: "@hourly"
+  subFrequency:
+    minutes:
+      - 30
+    hours:
+      - 22
+      - 7
+    weekdays:
+      - 5
+    days:
+      - 15
+  retention:
+    hourly: 24
+    daily: 30
+    weekly: 4
+    monthly: 3
+  selector:
+    matchLabels:
+      k10.kasten.io/appNamespace: sampleApp
+  actions:
+    - action: backup
+    - action: export
+      exportParameters:
+        frequency: "@monthly"
+        profile:
+          name: my-profile
+          namespace: kasten-io
+        exportData:
+          enabled: true
+      retention:
+        monthly: 12
+        yearly: 5