From a37901425fbab76fb79a777a961f0af613a69a2d Mon Sep 17 00:00:00 2001 From: vivek kumar sahu Date: Wed, 6 Jul 2022 13:24:28 +0530 Subject: [PATCH] return helpful error message on invalid patched resources. (#4129) Signed-off-by: viveksahu26 Co-authored-by: Vyankatesh Kudtarkar --- cmd/cli/kubectl-kyverno/test/test_command.go | 3 +- .../backup-export-policy.yaml | 36 ++++++++++++++++ .../k10-override-minimum-retentions.yaml | 32 +++++++++++++++ .../kyverno-test.yaml | 12 ++++++ .../patched.yaml | 41 +++++++++++++++++++ 5 files changed, 123 insertions(+), 1 deletion(-) create mode 100644 test/cli/test/kasten-invalid-patchedResource/backup-export-policy.yaml create mode 100644 test/cli/test/kasten-invalid-patchedResource/k10-override-minimum-retentions.yaml create mode 100644 test/cli/test/kasten-invalid-patchedResource/kyverno-test.yaml create mode 100644 test/cli/test/kasten-invalid-patchedResource/patched.yaml diff --git a/cmd/cli/kubectl-kyverno/test/test_command.go b/cmd/cli/kubectl-kyverno/test/test_command.go index 7021fa6116..af14a53df6 100644 --- a/cmd/cli/kubectl-kyverno/test/test_command.go +++ b/cmd/cli/kubectl-kyverno/test/test_command.go @@ -775,7 +775,8 @@ func getAndCompareResource(path string, engineResource unstructured.Unstructured userResource, err := common.GetResourceFromPath(fs, path, isGit, policyResourcePath, resourceType) if err != nil { - os.Exit(1) + fmt.Printf("Error: failed to load resources\nCause: %s\n", err) + return "" } matched, err := generate.ValidateResourceWithPattern(log.Log, engineResource.UnstructuredContent(), userResource.UnstructuredContent()) if err != nil { diff --git a/test/cli/test/kasten-invalid-patchedResource/backup-export-policy.yaml b/test/cli/test/kasten-invalid-patchedResource/backup-export-policy.yaml new file mode 100644 index 0000000000..6abb9a37f4 --- /dev/null +++ b/test/cli/test/kasten-invalid-patchedResource/backup-export-policy.yaml @@ -0,0 +1,36 @@ +# An example compliant K10 Policy +apiVersion: config.kio.kasten.io/v1alpha1 +kind: Policy +metadata: + name: hourly-policy + namespace: kasten-io + labels: + appPriority: Mission-Critical +spec: + comment: My sample custom backup policy + frequency: '@hourly' # change this to @daily to test the 'audit_mission_critical_RPO' policy + subFrequency: + minutes: [30] + hours: [22,7] + weekdays: [5] + days: [15] + retention: + daily: 14 + weekly: 4 + monthly: 6 + actions: + - action: backup + - action: export # comment this line out to test 'enforce_3-2-1' policy + exportParameters: + frequency: '@monthly' + profile: + name: my-profile + namespace: kasten-io + exportData: + enabled: true + retention: + monthly: 12 + yearly: 5 + selector: + matchLabels: + k10.kasten.io/appNamespace: sampleApp \ No newline at end of file diff --git a/test/cli/test/kasten-invalid-patchedResource/k10-override-minimum-retentions.yaml b/test/cli/test/kasten-invalid-patchedResource/k10-override-minimum-retentions.yaml new file mode 100644 index 0000000000..096c311e3a --- /dev/null +++ b/test/cli/test/kasten-invalid-patchedResource/k10-override-minimum-retentions.yaml @@ -0,0 +1,32 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: k10-policy-minimum-retention + annotations: + policies.kyverno.io/title: Minimum Backup Retention + policies.kyverno.io/category: Kasten K10 + kyverno.io/kyverno-version: 1.6.2 + policies.kyverno.io/minversion: 1.6.2 + kyverno.io/kubernetes-version: "1.21-1.22" + policies.kyverno.io/subject: Policy + policies.kyverno.io/description: >- + K10 Policy resources can be validated to adhere to common compliance retention standards. + Uncomment the regulation/compliance standards you want to enforce for according to GFS retention. + This policy deletes the retention value in the backup operation and replaces it with the specified retention. + Note: K10 Policy uses the GFS retention scheme and export operations default to use the retention of the backup operation. + To use different + This policy can also be used go reduce retentions lengths to enforce cost optimization. +spec: + rules: + - name: k10-policy-minimum-retention + match: + any: + - resources: + kinds: + - config.kio.kasten.io/v1alpha1/Policy + mutate: + # Cost Optimization (Maximum Retention: 3 Months) + patchesJson6902: |- + - path: "/spec/retention" + op: replace + value: {"hourly":24,"daily":30,"weekly":4,"monthly":3} \ No newline at end of file diff --git a/test/cli/test/kasten-invalid-patchedResource/kyverno-test.yaml b/test/cli/test/kasten-invalid-patchedResource/kyverno-test.yaml new file mode 100644 index 0000000000..0f7b621778 --- /dev/null +++ b/test/cli/test/kasten-invalid-patchedResource/kyverno-test.yaml @@ -0,0 +1,12 @@ +name: kyverno_data_protection_tests +policies: + - k10-override-minimum-retentions.yaml +resources: + - backup-export-policy.yaml +results: +- policy: k10-policy-minimum-retention + rule: k10-policy-minimum-retention + resource: hourly-policy + kind: Policy + patchedResource: patched.yaml + result: fail \ No newline at end of file diff --git a/test/cli/test/kasten-invalid-patchedResource/patched.yaml b/test/cli/test/kasten-invalid-patchedResource/patched.yaml new file mode 100644 index 0000000000..8f37172ae6 --- /dev/null +++ b/test/cli/test/kasten-invalid-patchedResource/patched.yaml @@ -0,0 +1,41 @@ +kind: Policy +apiVersion: config.kio.kasten.io/v1alpha1 +metadata: + name: hourly-policy + namespace: kasten-io + # labels: + appPriority: Mission-Critical +spec: + comment: My sample custom backup policy + frequency: "@hourly" + subFrequency: + minutes: + - 30 + hours: + - 22 + - 7 + weekdays: + - 5 + days: + - 15 + retention: + hourly: 24 + daily: 30 + weekly: 4 + monthly: 3 + selector: + matchLabels: + k10.kasten.io/appNamespace: sampleApp + actions: + - action: backup + - action: export + exportParameters: + frequency: "@monthly" + profile: + name: my-profile + namespace: kasten-io + exportData: + enabled: true + retention: + monthly: 12 + yearly: 5 \ No newline at end of file