mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

feat: add cli api schemas (#8422)

Browse source 
* feat: add cli values schema

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* docs

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* makefile

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* v1alpha1

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nits

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-09-17 22:50:17 +02:00 committed by GitHub
parent 9361100f17
commit a43a20adb9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
153 changed files with 2323 additions and 415 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
Makefile
View file

@ -494,6 +494,11 @@ codegen-crds-report: $(CONTROLLER_GEN) ## Generate policy reports CRDs
@echo Generate policy reports crds... >&2
@$(CONTROLLER_GEN) crd paths=./api/policyreport/... crd:crdVersions=v1 output:dir=$(CRDS_PATH)
.PHONY: codegen-crds-cli
codegen-crds-cli: $(CONTROLLER_GEN) ## Generate policy reports CRDs
@echo Generate cli crds... >&2
@$(CONTROLLER_GEN) crd paths=./cmd/cli/kubectl-kyverno/apis/... crd:crdVersions=v1 output:dir=${PWD}/cmd/cli/kubectl-kyverno/config/crds
.PHONY: codegen-crds-all
codegen-crds-all: codegen-crds-kyverno codegen-crds-report ## Generate all CRDs
@ -512,11 +517,21 @@ codegen-api-docs: $(PACKAGE_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) ## Generate API
-template-dir docs/user/template \
-out-file docs/user/crd/index.html
.PHONY: codegen-cli-api-docs
codegen-cli-api-docs: $(PACKAGE_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) ## Generate CLI API docs
@echo Generate CLI api docs... >&2
@rm -rf docs/user/cli/crd && mkdir -p docs/user/cli/crd
@GOPATH=$(GOPATH_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) -v 4 \
-api-dir $(PACKAGE)/cmd/cli/kubectl-kyverno/apis \
-config docs/user/config.json \
-template-dir docs/user/template \
-out-file docs/user/cli/crd/index.html
.PHONY: codegen-cli-docs
codegen-cli-docs: $(CLI_BIN) ## Generate CLI docs
@echo Generate cli docs... >&2
@rm -rf docs/user/cli && mkdir -p docs/user/cli
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) docs -o docs/user/cli --autogenTag=false
@rm -rf docs/user/cli/commands && mkdir -p docs/user/cli/commands
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) docs -o docs/user/cli/commands --autogenTag=false
.PHONY: codegen-cli-crds
codegen-cli-crds: codegen-crds-kyverno ## Copy generated CRDs to embed in the CLI
@ -531,13 +546,16 @@ codegen-docs-all: codegen-helm-docs codegen-cli-docs codegen-api-docs ## Genera
.PHONY: codegen-fix-tests
codegen-fix-tests: $(CLI_BIN) ## Fix CLI test files
@echo Fix CLI test files... >&2
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix test ./test/cli --save --compress
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix test ./test/cli --save --compress --force
.PHONY: codegen-fix-policies
codegen-fix-policies: $(CLI_BIN) ## Fix CLI policy files
@echo Fix CLI policy files... >&2
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix policy ./test/cli/test --save
.PHONY: codegen-cli-all
codegen-cli-all: codegen-cli-crds codegen-cli-docs codegen-cli-api-docs codegen-fix-tests ## Generate all CLI related code and docs
.PHONY: codegen-helm-crds
codegen-helm-crds: codegen-crds-all ## Generate helm CRDs
@echo Generate helm crds... >&2

1
cmd/cli/kubectl-kyverno/apis/doc.go Normal file
View file

@ -0,0 +1 @@
package apis

15
cmd/cli/kubectl-kyverno/apis/test/test.go
View file

@ -1,15 +0,0 @@
package test
import (
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
)
type Test struct {
Name string `json:"name"`
Policies []string `json:"policies"`
Resources []string `json:"resources"`
Variables string `json:"variables,omitempty"`
UserInfo string `json:"userinfo,omitempty"`
Results []TestResult `json:"results"`
Values *values.Values `json:"values,omitempty"`
}

3
cmd/cli/kubectl-kyverno/apis/v1alpha1/doc.go Executable file
View file

@ -0,0 +1,3 @@
// +groupName=cli.kyverno.io
package v1alpha1

10
cmd/cli/kubectl-kyverno/apis/v1alpha1/namespace_selector.go Normal file
View file

@ -0,0 +1,10 @@
package v1alpha1
// NamespaceSelector declares labels for a given namespace
type NamespaceSelector struct {
// Name is the namespace name
Name string `json:"name"`
// Labels are the labels for the given namespace
Labels map[string]string `json:"labels"`
}

13
cmd/cli/kubectl-kyverno/apis/v1alpha1/policy.go Normal file
View file

@ -0,0 +1,13 @@
package v1alpha1
// Policy declares values for a given policy
type Policy struct {
// Name is the policy name
Name string `json:"name"`
// Resources are values for specific resources
Resources []Resource `json:"resources,omitempty"`
// Rules are values for specific policy rules
Rules []Rule `json:"rules,omitempty"`
}

13
cmd/cli/kubectl-kyverno/apis/v1alpha1/resource.go Normal file
View file

@ -0,0 +1,13 @@
package v1alpha1
// Resource declares values for a given resource
type Resource struct {
// Name is the name of the resource
Name string `json:"name"`
// Values are the values for the given resource
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
Values map[string]interface{} `json:"values,omitempty"`
}

19
cmd/cli/kubectl-kyverno/apis/v1alpha1/rule.go Normal file
View file

@ -0,0 +1,19 @@
package v1alpha1
// Rule declares values for a given policy rule
type Rule struct {
// Name is the name of the ppolicy rule
Name string `json:"name"`
// Values are the values for the given policy rule
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
Values map[string]interface{} `json:"values,omitempty"`
// ForeachValues are the foreach values for the given policy rule
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
ForeachValues map[string][]interface{} `json:"foreachValues,omitempty"`
}

14
cmd/cli/kubectl-kyverno/apis/v1alpha1/subresource.go Normal file
View file

@ -0,0 +1,14 @@
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// Subresource declares subresource/parent resource mapping
type Subresource struct {
// Subresource declares the subresource api
Subresource metav1.APIResource `json:"subresource"`
// ParentResource declares the parent resource api
ParentResource metav1.APIResource `json:"parentResource"`
}

37
cmd/cli/kubectl-kyverno/apis/v1alpha1/test.go Normal file
View file

@ -0,0 +1,37 @@
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +kubebuilder:object:root=true
// +kubebuilder:resource:scope="Cluster"
// Test declares a test
type Test struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Name is the name of the test.
// This field is deprecated, use `metadata.name` instead
Name string `json:"name,omitempty"`
// Policies are the policies to be used in the test
Policies []string `json:"policies,omitempty"`
// Resources are the resource to be used in the test
Resources []string `json:"resources,omitempty"`
// Variables is the values to be used in the test
Variables string `json:"variables,omitempty"`
// UserInfo is the user info to be used in the test
UserInfo string `json:"userinfo,omitempty"`
// Results are the results to be checked in the test
Results []TestResult `json:"results,omitempty"`
// Values are the values to be used in the test
Values *ValuesSpec `json:"values,omitempty"`
}

15
cmd/cli/kubectl-kyverno/apis/test/test_result.go → cmd/cli/kubectl-kyverno/apis/v1alpha1/test_result.go
View file

@ -1,52 +1,65 @@
package test
package v1alpha1
import (
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
)
// TestResultBase declares a test result base fields
type TestResultBase struct {
// Policy mentions the name of the policy.
Policy string `json:"policy"`
// Rule mentions the name of the rule in the policy.
// It's required in case policy is a kyverno policy.
// +optional
Rule string `json:"rule,omitempty"`
// IsValidatingAdmissionPolicy indicates if the policy is a validating admission policy.
// It's required in case policy is a validating admission policy.
// +optional
IsValidatingAdmissionPolicy bool `json:"isValidatingAdmissionPolicy,omitempty"`
// Result mentions the result that the user is expecting.
// Possible values are pass, fail and skip.
Result policyreportv1alpha2.PolicyResult `json:"result"`
// Kind mentions the kind of the resource on which the policy is to be applied.
Kind string `json:"kind"`
// PatchedResource takes a resource configuration file in yaml format from
// the user to compare it against the Kyverno mutated resource configuration.
PatchedResource string `json:"patchedResource,omitempty"`
// GeneratedResource takes a resource configuration file in yaml format from
// the user to compare it against the Kyverno generated resource configuration.
GeneratedResource string `json:"generatedResource,omitempty"`
// CloneSourceResource takes the resource configuration file in yaml format
// from the user which is meant to be cloned by the generate rule.
CloneSourceResource string `json:"cloneSourceResource,omitempty"`
}
// TestResultBase declares a test result deprecated fields
type TestResultDeprecated struct {
// Status mentions the status that the user is expecting.
// Possible values are pass, fail and skip.
// This is DEPRECATED, use `Result` instead.
Status policyreportv1alpha2.PolicyResult `json:"status,omitempty"`
// Resource mentions the name of the resource on which the policy is to be applied.
// This is DEPRECATED, use `Resources` instead.
Resource string `json:"resource,omitempty"`
// Namespace mentions the namespace of the policy which has namespace scope.
// This is DEPRECATED, use a name in the form `<namespace>/<name>` for policies and/or resources instead.
Namespace string `json:"namespace,omitempty"`
}
// TestResultBase declares a test result
type TestResult struct {
TestResultBase `json:",inline,omitempty"`
TestResultDeprecated `json:",inline,omitempty"`
// Resources gives us the list of resources on which the policy is going to be applied.
Resources []string `json:"resources"`
}

19
cmd/cli/kubectl-kyverno/apis/v1alpha1/user_info.go Normal file
View file

@ -0,0 +1,19 @@
package v1alpha1
import (
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +kubebuilder:object:root=true
// +kubebuilder:resource:scope="Cluster"
// UserInfo declares user infos to be loaded by the Kyverno CLI
type UserInfo struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// RequestInfo declares user infos
kyvernov1beta1.RequestInfo `json:",inline"`
}

18
cmd/cli/kubectl-kyverno/apis/v1alpha1/values.go Normal file
View file

@ -0,0 +1,18 @@
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +kubebuilder:object:root=true
// +kubebuilder:resource:scope="Cluster"
// Values declares values to be loaded by the Kyverno CLI
type Values struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// ValuesSpec declares values
ValuesSpec `json:",inline"`
}

19
cmd/cli/kubectl-kyverno/apis/v1alpha1/values_spec.go Normal file
View file

@ -0,0 +1,19 @@
package v1alpha1
// ValuesSpec declares values to be loaded by the Kyverno CLI
type ValuesSpec struct {
// GlobalValues are the global values
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
GlobalValues map[string]interface{} `json:"globalValues,omitempty"`
// Policies are the policy values
Policies []Policy `json:"policies,omitempty"`
// NamespaceSelectors are the namespace labels
NamespaceSelectors []NamespaceSelector `json:"namespaceSelector,omitempty"`
// Subresources are the subresource/parent resource mappings
Subresources []Subresource `json:"subresources,omitempty"`
}

6
cmd/cli/kubectl-kyverno/apis/values/namespace_selector.go
View file

@ -1,6 +0,0 @@
package values
type NamespaceSelector struct {
Name string `json:"name"`
Labels map[string]string `json:"labels"`
}

7
cmd/cli/kubectl-kyverno/apis/values/policy.go
View file

@ -1,7 +0,0 @@
package values
type Policy struct {
Name string `json:"name"`
Resources []Resource `json:"resources"`
Rules []Rule `json:"rules"`
}

6
cmd/cli/kubectl-kyverno/apis/values/resource.go
View file

@ -1,6 +0,0 @@
package values
type Resource struct {
Name string `json:"name"`
Values map[string]interface{} `json:"values"`
}

7
cmd/cli/kubectl-kyverno/apis/values/rule.go
View file

@ -1,7 +0,0 @@
package values
type Rule struct {
Name string `json:"name"`
Values map[string]interface{} `json:"values"`
ForeachValues map[string][]interface{} `json:"foreachValues"`
}

10
cmd/cli/kubectl-kyverno/apis/values/subresource.go
View file

@ -1,10 +0,0 @@
package values
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type Subresource struct {
APIResource metav1.APIResource `json:"subresource"`
ParentResource metav1.APIResource `json:"parentResource"`
}

8
cmd/cli/kubectl-kyverno/apis/values/values.go
View file

@ -1,8 +0,0 @@
package values
type Values struct {
Policies []Policy `json:"policies"`
GlobalValues map[string]interface{} `json:"globalValues"`
NamespaceSelectors []NamespaceSelector `json:"namespaceSelector"`
Subresources []Subresource `json:"subresources"`
}

27
cmd/cli/kubectl-kyverno/commands/create/values/command.go
View file

@ -5,7 +5,7 @@ import (
"strings"
"text/template"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/commands/create/templates"
"github.com/spf13/cobra"
@ -35,9 +35,8 @@ func Command() *cobra.Command {
defer file.Close()
output = file
}
values := valuesapi.Values{
GlobalValues: map[string]interface{}{},
}
values := v1alpha1.ValuesSpec{}
values.GlobalValues = map[string]interface{}{}
for _, result := range namespaceSelector {
result := parseNamespaceSelector(result)
if result != nil {
@ -73,12 +72,12 @@ func Command() *cobra.Command {
return cmd
}
func parseNamespaceSelector(in string) *valuesapi.NamespaceSelector {
func parseNamespaceSelector(in string) *v1alpha1.NamespaceSelector {
parts := strings.Split(in, ",")
if len(parts) < 2 {
return nil
}
nsSelector := valuesapi.NamespaceSelector{
nsSelector := v1alpha1.NamespaceSelector{
Name: parts[0],
Labels: map[string]string{},
}
@ -99,12 +98,12 @@ func parseKeyValue(in string) (string, string) {
return "", ""
}
func parseRule(in string) *valuesapi.Policy {
func parseRule(in string) *v1alpha1.Policy {
parts := strings.Split(in, ",")
if len(parts) < 2 {
return nil
}
rule := valuesapi.Rule{
rule := v1alpha1.Rule{
Name: parts[1],
Values: map[string]interface{}{},
}
@ -114,18 +113,18 @@ func parseRule(in string) *valuesapi.Policy {
rule.Values[k] = v
}
}
return &valuesapi.Policy{
return &v1alpha1.Policy{
Name: parts[0],
Rules: []valuesapi.Rule{rule},
Rules: []v1alpha1.Rule{rule},
}
}
func parseResource(in string) *valuesapi.Policy {
func parseResource(in string) *v1alpha1.Policy {
parts := strings.Split(in, ",")
if len(parts) < 2 {
return nil
}
resource := valuesapi.Resource{
resource := v1alpha1.Resource{
Name: parts[1],
Values: map[string]interface{}{},
}
@ -135,8 +134,8 @@ func parseResource(in string) *valuesapi.Policy {
resource.Values[k] = v
}
}
return &valuesapi.Policy{
return &v1alpha1.Policy{
Name: parts[0],
Resources: []valuesapi.Resource{resource},
Resources: []v1alpha1.Resource{resource},
}
}

4
cmd/cli/kubectl-kyverno/commands/fix/policy/options.go
View file

@ -90,7 +90,7 @@ func (o options) processFile(out io.Writer, path string) {
for _, policy := range fixed {
untyped, err := kubeutils.ObjToUnstructured(policy)
if err != nil {
fmt.Fprintf(out, " ERROR: converting to yaml: %s", err)
fmt.Fprintf(out, " ERROR: converting to unstructured: %s", err)
fmt.Fprintln(out)
return
}
@ -134,7 +134,7 @@ func (o options) processFile(out io.Writer, path string) {
}
jsonBytes, err := untyped.MarshalJSON()
if err != nil {
fmt.Fprintf(out, " ERROR: converting to yaml: %s", err)
fmt.Fprintf(out, " ERROR: converting to json: %s", err)
fmt.Fprintln(out)
return
}

1
cmd/cli/kubectl-kyverno/commands/fix/test/command.go
View file

@ -23,6 +23,7 @@ func Command() *cobra.Command {
}
cmd.Flags().StringVarP(&options.fileName, "file-name", "f", "kyverno-test.yaml", "Test filename")
cmd.Flags().BoolVar(&options.save, "save", false, "Save fixed file")
cmd.Flags().BoolVar(&options.force, "force", false, "Force save file")
cmd.Flags().BoolVar(&options.compress, "compress", false, "Compress test results")
return cmd
}

28
cmd/cli/kubectl-kyverno/commands/fix/test/options.go
View file

@ -10,12 +10,15 @@ import (
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/fix"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"sigs.k8s.io/yaml"
)
type options struct {
fileName string
save bool
force bool
compress bool
}
@ -47,9 +50,9 @@ func (o options) execute(out io.Writer, dirs ...string) error {
continue
}
fixed := *testCase.Test
if fixed.Name == "" {
if fixed.ObjectMeta.Name == "" && fixed.Name == "" {
fmt.Fprintln(out, " WARNING: name is not set")
fixed.Name = filepath.Base(testCase.Path)
fixed.ObjectMeta.Name = filepath.Base(testCase.Path)
}
fixed, messages, err := fix.FixTest(fixed, o.compress)
for _, warning := range messages {
@ -60,12 +63,27 @@ func (o options) execute(out io.Writer, dirs ...string) error {
continue
}
needsSave := !reflect.DeepEqual(testCase.Test, &fixed)
if o.save && needsSave {
if o.save && (o.force || needsSave) {
fmt.Fprintf(out, " Saving test file (%s)...", testCase.Path)
fmt.Fprintln(out)
yamlBytes, err := yaml.Marshal(fixed)
untyped, err := kubeutils.ObjToUnstructured(fixed)
if err != nil {
fmt.Fprintf(out, " ERROR: converting test to yaml: %s", err)
fmt.Fprintf(out, " ERROR: converting to unstructured: %s", err)
fmt.Fprintln(out)
continue
}
unstructured.RemoveNestedField(untyped.UnstructuredContent(), "metadata", "creationTimestamp")
unstructured.RemoveNestedField(untyped.UnstructuredContent(), "metadata", "generation")
unstructured.RemoveNestedField(untyped.UnstructuredContent(), "metadata", "uid")
jsonBytes, err := untyped.MarshalJSON()
if err != nil {
fmt.Fprintf(out, " ERROR: converting to json: %s", err)
fmt.Fprintln(out)
continue
}
yamlBytes, err := yaml.JSONToYAML(jsonBytes)
if err != nil {
fmt.Fprintf(out, " ERROR: converting to yaml: %s", err)
fmt.Fprintln(out)
continue
}

10
cmd/cli/kubectl-kyverno/commands/test/command.go
View file

@ -6,7 +6,7 @@ import (
"path/filepath"
"github.com/go-git/go-billy/v5"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color"
@ -112,7 +112,7 @@ func testCommandExecute(
for _, test := range tests {
if test.Err == nil {
// filter results
var filteredResults []testapi.TestResult
var filteredResults []v1alpha1.TestResult
for _, res := range test.Test.Results {
if filter.Apply(res) {
filteredResults = append(filteredResults, res)
@ -149,7 +149,7 @@ func testCommandExecute(
return nil
}
func checkResult(test testapi.TestResult, fs billy.Filesystem, resoucePath string, response engineapi.EngineResponse, rule engineapi.RuleResponse) (bool, string, string) {
func checkResult(test v1alpha1.TestResult, fs billy.Filesystem, resoucePath string, response engineapi.EngineResponse, rule engineapi.RuleResponse) (bool, string, string) {
expected := test.Result
// fallback to the deprecated field
if expected == "" {
@ -181,7 +181,7 @@ func checkResult(test testapi.TestResult, fs billy.Filesystem, resoucePath strin
return true, result.Message, "Ok"
}
func lookupEngineResponses(test testapi.TestResult, resourceName string, responses ...engineapi.EngineResponse) []engineapi.EngineResponse {
func lookupEngineResponses(test v1alpha1.TestResult, resourceName string, responses ...engineapi.EngineResponse) []engineapi.EngineResponse {
var matches []engineapi.EngineResponse
for _, response := range responses {
policy := response.Policy()
@ -202,7 +202,7 @@ func lookupEngineResponses(test testapi.TestResult, resourceName string, respons
return matches
}
func lookupRuleResponses(test testapi.TestResult, responses ...engineapi.RuleResponse) []engineapi.RuleResponse {
func lookupRuleResponses(test v1alpha1.TestResult, responses ...engineapi.RuleResponse) []engineapi.RuleResponse {
var matches []engineapi.RuleResponse
// Since there are no rules in case of validating admission policies, responses are returned without checking rule names.
if test.IsValidatingAdmissionPolicy {

4
cmd/cli/kubectl-kyverno/commands/test/output.go
View file

@ -6,7 +6,7 @@ import (
"github.com/go-git/go-billy/v5"
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/table"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
@ -14,7 +14,7 @@ import (
func printTestResult(
out io.Writer,
tests []testapi.TestResult,
tests []v1alpha1.TestResult,
responses []engineapi.EngineResponse,
rc *resultCounts,
failOnly bool,

362
cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_tests.yaml Normal file
View file

@ -0,0 +1,362 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
name: tests.cli.kyverno.io
spec:
group: cli.kyverno.io
names:
kind: Test
listKind: TestList
plural: tests
singular: test
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Test declares a test
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
name:
description: Name is the name of the test. This field is deprecated, use
`metadata.name` instead
type: string
policies:
description: Policies are the policies to be used in the test
items:
type: string
type: array
resources:
description: Resources are the resource to be used in the test
items:
type: string
type: array
results:
description: Results are the results to be checked in the test
items:
description: TestResultBase declares a test result
properties:
cloneSourceResource:
description: CloneSourceResource takes the resource configuration
file in yaml format from the user which is meant to be cloned
by the generate rule.
type: string
generatedResource:
description: GeneratedResource takes a resource configuration file
in yaml format from the user to compare it against the Kyverno
generated resource configuration.
type: string
isValidatingAdmissionPolicy:
description: IsValidatingAdmissionPolicy indicates if the policy
is a validating admission policy. It's required in case policy
is a validating admission policy.
type: boolean
kind:
description: Kind mentions the kind of the resource on which the
policy is to be applied.
type: string
namespace:
description: Namespace mentions the namespace of the policy which
has namespace scope. This is DEPRECATED, use a name in the form
`<namespace>/<name>` for policies and/or resources instead.
type: string
patchedResource:
description: PatchedResource takes a resource configuration file
in yaml format from the user to compare it against the Kyverno
mutated resource configuration.
type: string
policy:
description: Policy mentions the name of the policy.
type: string
resource:
description: Resource mentions the name of the resource on which
the policy is to be applied. This is DEPRECATED, use `Resources`
instead.
type: string
resources:
description: Resources gives us the list of resources on which the
policy is going to be applied.
items:
type: string
type: array
result:
description: Result mentions the result that the user is expecting.
Possible values are pass, fail and skip.
enum:
- pass
- fail
- warn
- error
- skip
type: string
rule:
description: Rule mentions the name of the rule in the policy. It's
required in case policy is a kyverno policy.
type: string
status:
description: Status mentions the status that the user is expecting.
Possible values are pass, fail and skip. This is DEPRECATED, use
`Result` instead.
enum:
- pass
- fail
- warn
- error
- skip
type: string
required:
- kind
- policy
- resources
- result
type: object
type: array
userinfo:
description: UserInfo is the user info to be used in the test
type: string
values:
description: Values are the values to be used in the test
properties:
globalValues:
description: GlobalValues are the global values
type: object
x-kubernetes-preserve-unknown-fields: true
namespaceSelector:
description: NamespaceSelectors are the namespace labels
items:
description: NamespaceSelector declares labels for a given namespace
properties:
labels:
additionalProperties:
type: string
description: Labels are the labels for the given namespace
type: object
name:
description: Name is the namespace name
type: string
required:
- labels
- name
type: object
type: array
policies:
description: Policies are the policy values
items:
description: Policy declares values for a given policy
properties:
name:
description: Name is the policy name
type: string
resources:
description: Resources are values for specific resources
items:
description: Resource declares values for a given resource
properties:
name:
description: Name is the name of the resource
type: string
values:
description: Values are the values for the given resource
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- name
type: object
type: array
rules:
description: Rules are values for specific policy rules
items:
description: Rule declares values for a given policy rule
properties:
foreachValues:
description: ForeachValues are the foreach values for
the given policy rule
type: object
x-kubernetes-preserve-unknown-fields: true
name:
description: Name is the name of the ppolicy rule
type: string
values:
description: Values are the values for the given policy
rule
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- name
type: object
type: array
required:
- name
type: object
type: array
subresources:
description: Subresources are the subresource/parent resource mappings
items:
description: Subresource declares subresource/parent resource mapping
properties:
parentResource:
description: ParentResource declares the parent resource api
properties:
categories:
description: categories is a list of the grouped resources
this resource belongs to (e.g. 'all')
items:
type: string
type: array
group:
description: 'group is the preferred group of the resource. Empty
implies the group of the containing resource list. For
subresources, this may have a different value, for example:
Scale".'
type: string
kind:
description: kind is the kind for the resource (e.g. 'Foo'
is the kind for a resource 'foo')
type: string
name:
description: name is the plural name of the resource.
type: string
namespaced:
description: namespaced indicates if a resource is namespaced
or not.
type: boolean
shortNames:
description: shortNames is a list of suggested short names
of the resource.
items:
type: string
type: array
singularName:
description: singularName is the singular name of the resource. This
allows clients to handle plural and singular opaquely.
The singularName is more correct for reporting status
on a single item and both singular and plural are allowed
from the kubectl CLI interface.
type: string
storageVersionHash:
description: The hash value of the storage version, the
version this resource is converted to when written to
the data store. Value must be treated as opaque by clients.
Only equality comparison on the value is valid. This is
an alpha feature and may change or be removed in the future.
The field is populated by the apiserver only if the StorageVersionHash
feature gate is enabled. This field will remain optional
even if it graduates.
type: string
verbs:
description: verbs is a list of supported kube verbs (this
includes get, list, watch, create, update, patch, delete,
deletecollection, and proxy)
items:
type: string
type: array
version:
description: 'version is the preferred version of the resource. Empty
implies the version of the containing resource list For
subresources, this may have a different value, for example:
v1 (while inside a v1beta1 version of the core resource''s
group)".'
type: string
required:
- kind
- name
- namespaced
- singularName
- verbs
type: object
subresource:
description: Subresource declares the subresource api
properties:
categories:
description: categories is a list of the grouped resources
this resource belongs to (e.g. 'all')
items:
type: string
type: array
group:
description: 'group is the preferred group of the resource. Empty
implies the group of the containing resource list. For
subresources, this may have a different value, for example:
Scale".'
type: string
kind:
description: kind is the kind for the resource (e.g. 'Foo'
is the kind for a resource 'foo')
type: string
name:
description: name is the plural name of the resource.
type: string
namespaced:
description: namespaced indicates if a resource is namespaced
or not.
type: boolean
shortNames:
description: shortNames is a list of suggested short names
of the resource.
items:
type: string
type: array
singularName:
description: singularName is the singular name of the resource. This
allows clients to handle plural and singular opaquely.
The singularName is more correct for reporting status
on a single item and both singular and plural are allowed
from the kubectl CLI interface.
type: string
storageVersionHash:
description: The hash value of the storage version, the
version this resource is converted to when written to
the data store. Value must be treated as opaque by clients.
Only equality comparison on the value is valid. This is
an alpha feature and may change or be removed in the future.
The field is populated by the apiserver only if the StorageVersionHash
feature gate is enabled. This field will remain optional
even if it graduates.
type: string
verbs:
description: verbs is a list of supported kube verbs (this
includes get, list, watch, create, update, patch, delete,
deletecollection, and proxy)
items:
type: string
type: array
version:
description: 'version is the preferred version of the resource. Empty
implies the version of the containing resource list For
subresources, this may have a different value, for example:
v1 (while inside a v1beta1 version of the core resource''s
group)".'
type: string
required:
- kind
- name
- namespaced
- singularName
- verbs
type: object
required:
- parentResource
- subresource
type: object
type: array
type: object
variables:
description: Variables is the values to be used in the test
type: string
type: object
served: true
storage: true

75
cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_userinfoes.yaml Normal file
View file

@ -0,0 +1,75 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
name: userinfoes.cli.kyverno.io
spec:
group: cli.kyverno.io
names:
kind: UserInfo
listKind: UserInfoList
plural: userinfoes
singular: userinfo
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: UserInfo declares user infos to be loaded by the Kyverno CLI
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
clusterRoles:
description: ClusterRoles is a list of possible clusterRoles send the
request.
items:
type: string
nullable: true
type: array
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
roles:
description: Roles is a list of possible role send the request.
items:
type: string
nullable: true
type: array
userInfo:
description: UserInfo is the userInfo carried in the admission request.
properties:
extra:
additionalProperties:
description: ExtraValue masks the value so protobuf can generate
items:
type: string
type: array
description: Any additional information provided by the authenticator.
type: object
groups:
description: The names of groups this user is a part of.
items:
type: string
type: array
uid:
description: A unique value that identifies this user across time.
If this user is deleted and another user by the same name is added,
they will have different UIDs.
type: string
username:
description: The name that uniquely identifies this user among all
active users.
type: string
type: object
type: object
served: true
storage: true

251
cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_values.yaml Normal file
View file

@ -0,0 +1,251 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
name: values.cli.kyverno.io
spec:
group: cli.kyverno.io
names:
kind: Values
listKind: ValuesList
plural: values
singular: values
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Values declares values to be loaded by the Kyverno CLI
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
globalValues:
description: GlobalValues are the global values
type: object
x-kubernetes-preserve-unknown-fields: true
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
namespaceSelector:
description: NamespaceSelectors are the namespace labels
items:
description: NamespaceSelector declares labels for a given namespace
properties:
labels:
additionalProperties:
type: string
description: Labels are the labels for the given namespace
type: object
name:
description: Name is the namespace name
type: string
required:
- labels
- name
type: object
type: array
policies:
description: Policies are the policy values
items:
description: Policy declares values for a given policy
properties:
name:
description: Name is the policy name
type: string
resources:
description: Resources are values for specific resources
items:
description: Resource declares values for a given resource
properties:
name:
description: Name is the name of the resource
type: string
values:
description: Values are the values for the given resource
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- name
type: object
type: array
rules:
description: Rules are values for specific policy rules
items:
description: Rule declares values for a given policy rule
properties:
foreachValues:
description: ForeachValues are the foreach values for the
given policy rule
type: object
x-kubernetes-preserve-unknown-fields: true
name:
description: Name is the name of the ppolicy rule
type: string
values:
description: Values are the values for the given policy rule
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- name
type: object
type: array
required:
- name
type: object
type: array
subresources:
description: Subresources are the subresource/parent resource mappings
items:
description: Subresource declares subresource/parent resource mapping
properties:
parentResource:
description: ParentResource declares the parent resource api
properties:
categories:
description: categories is a list of the grouped resources this
resource belongs to (e.g. 'all')
items:
type: string
type: array
group:
description: 'group is the preferred group of the resource. Empty
implies the group of the containing resource list. For subresources,
this may have a different value, for example: Scale".'
type: string
kind:
description: kind is the kind for the resource (e.g. 'Foo' is
the kind for a resource 'foo')
type: string
name:
description: name is the plural name of the resource.
type: string
namespaced:
description: namespaced indicates if a resource is namespaced
or not.
type: boolean
shortNames:
description: shortNames is a list of suggested short names of
the resource.
items:
type: string
type: array
singularName:
description: singularName is the singular name of the resource. This
allows clients to handle plural and singular opaquely. The
singularName is more correct for reporting status on a single
item and both singular and plural are allowed from the kubectl
CLI interface.
type: string
storageVersionHash:
description: The hash value of the storage version, the version
this resource is converted to when written to the data store.
Value must be treated as opaque by clients. Only equality
comparison on the value is valid. This is an alpha feature
and may change or be removed in the future. The field is populated
by the apiserver only if the StorageVersionHash feature gate
is enabled. This field will remain optional even if it graduates.
type: string
verbs:
description: verbs is a list of supported kube verbs (this includes
get, list, watch, create, update, patch, delete, deletecollection,
and proxy)
items:
type: string
type: array
version:
description: 'version is the preferred version of the resource. Empty
implies the version of the containing resource list For subresources,
this may have a different value, for example: v1 (while inside
a v1beta1 version of the core resource''s group)".'
type: string
required:
- kind
- name
- namespaced
- singularName
- verbs
type: object
subresource:
description: Subresource declares the subresource api
properties:
categories:
description: categories is a list of the grouped resources this
resource belongs to (e.g. 'all')
items:
type: string
type: array
group:
description: 'group is the preferred group of the resource. Empty
implies the group of the containing resource list. For subresources,
this may have a different value, for example: Scale".'
type: string
kind:
description: kind is the kind for the resource (e.g. 'Foo' is
the kind for a resource 'foo')
type: string
name:
description: name is the plural name of the resource.
type: string
namespaced:
description: namespaced indicates if a resource is namespaced
or not.
type: boolean
shortNames:
description: shortNames is a list of suggested short names of
the resource.
items:
type: string
type: array
singularName:
description: singularName is the singular name of the resource. This
allows clients to handle plural and singular opaquely. The
singularName is more correct for reporting status on a single
item and both singular and plural are allowed from the kubectl
CLI interface.
type: string
storageVersionHash:
description: The hash value of the storage version, the version
this resource is converted to when written to the data store.
Value must be treated as opaque by clients. Only equality
comparison on the value is valid. This is an alpha feature
and may change or be removed in the future. The field is populated
by the apiserver only if the StorageVersionHash feature gate
is enabled. This field will remain optional even if it graduates.
type: string
verbs:
description: verbs is a list of supported kube verbs (this includes
get, list, watch, create, update, patch, delete, deletecollection,
and proxy)
items:
type: string
type: array
version:
description: 'version is the preferred version of the resource. Empty
implies the version of the containing resource list For subresources,
this may have a different value, for example: v1 (while inside
a v1beta1 version of the core resource''s group)".'
type: string
required:
- kind
- name
- namespaced
- singularName
- verbs
type: object
required:
- parentResource
- subresource
type: object
type: array
type: object
served: true
storage: true

26
cmd/cli/kubectl-kyverno/fix/test.go
View file

@ -4,16 +4,26 @@ import (
"errors"
"fmt"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
datautils "github.com/kyverno/kyverno/pkg/utils/data"
"golang.org/x/exp/slices"
"k8s.io/apimachinery/pkg/util/sets"
)
func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) {
func FixTest(test v1alpha1.Test, compress bool) (v1alpha1.Test, []string, error) {
var messages []string
if test.Name == "" {
messages = append(messages, "name is not set")
if test.APIVersion == "" {
messages = append(messages, "api version is not set, setting `cli.kyverno.io/v1alpha1`")
test.APIVersion = "cli.kyverno.io/v1alpha1"
}
if test.Kind == "" {
messages = append(messages, "kind is not set, setting `Test`")
test.Kind = "Test"
}
if test.Name != "" {
messages = append(messages, "name is deprecated, moving it into `metadata.name`")
test.ObjectMeta.Name = test.Name
test.Name = ""
}
if len(test.Policies) == 0 {
messages = append(messages, "test has no policies")
@ -21,7 +31,7 @@ func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) {
if len(test.Resources) == 0 {
messages = append(messages, "test has no resources")
}
var results []testapi.TestResult
var results []v1alpha1.TestResult
for _, result := range test.Results {
if result.Resource != "" && len(result.Resources) != 0 {
messages = append(messages, "test result should not use both `resource` and `resources` fields")
@ -55,7 +65,7 @@ func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) {
results = append(results, result)
}
if compress {
compressed := map[testapi.TestResultBase][]string{}
compressed := map[v1alpha1.TestResultBase][]string{}
for _, result := range results {
compressed[result.TestResultBase] = append(compressed[result.TestResultBase], result.Resources...)
}
@ -66,13 +76,13 @@ func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) {
messages = append(messages, "test results contains duplicate resources")
v = unique.UnsortedList()
}
results = append(results, testapi.TestResult{
results = append(results, v1alpha1.TestResult{
TestResultBase: k,
Resources: v,
})
}
}
slices.SortFunc(results, func(a, b testapi.TestResult) int {
slices.SortFunc(results, func(a, b v1alpha1.TestResult) int {
if x := datautils.Compare(a.Policy, b.Policy); x != 0 {
return x
}

12
cmd/cli/kubectl-kyverno/processor/policy_processor.go
View file

@ -11,7 +11,7 @@ import (
json_patch "github.com/evanphx/json-patch/v5"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common"
@ -49,7 +49,7 @@ type PolicyProcessor struct {
RuleToCloneSourceResource map[string]string
Client dclient.Interface
AuditWarn bool
Subresources []valuesapi.Subresource
Subresources []v1alpha1.Subresource
Out io.Writer
}
@ -79,9 +79,9 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
if p.Client == nil {
for _, s := range p.Subresources {
subgvk := schema.GroupVersionKind{
Group: s.APIResource.Group,
Version: s.APIResource.Version,
Kind: s.APIResource.Kind,
Group: s.Subresource.Group,
Version: s.Subresource.Version,
Kind: s.Subresource.Kind,
}
if gvk == subgvk {
gvk = schema.GroupVersionKind{
@ -89,7 +89,7 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
Version: s.ParentResource.Version,
Kind: s.ParentResource.Kind,
}
parts := strings.Split(s.APIResource.Name, "/")
parts := strings.Split(s.Subresource.Name, "/")
subresource = parts[1]
}
}

12
cmd/cli/kubectl-kyverno/test/filter/filter.go
View file

@ -4,19 +4,19 @@ import (
"fmt"
"strings"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/pkg/utils/wildcard"
)
type Filter interface {
Apply(testapi.TestResult) bool
Apply(v1alpha1.TestResult) bool
}
type policy struct {
value string
}
func (f policy) Apply(result testapi.TestResult) bool {
func (f policy) Apply(result v1alpha1.TestResult) bool {
if result.Policy == "" {
return true
}
@ -30,7 +30,7 @@ type rule struct {
value string
}
func (f rule) Apply(result testapi.TestResult) bool {
func (f rule) Apply(result v1alpha1.TestResult) bool {
if result.Rule == "" {
return true
}
@ -44,7 +44,7 @@ type resource struct {
value string
}
func (f resource) Apply(result testapi.TestResult) bool {
func (f resource) Apply(result v1alpha1.TestResult) bool {
if result.Resource == "" {
return true
}
@ -58,7 +58,7 @@ type composite struct {
filters []Filter
}
func (f composite) Apply(result testapi.TestResult) bool {
func (f composite) Apply(result v1alpha1.TestResult) bool {
for _, f := range f.filters {
if !f.Apply(result) {
return false

106
cmd/cli/kubectl-kyverno/test/filter/filter_test.go
View file

@ -5,58 +5,58 @@ import (
"reflect"
"testing"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
)
func Test_policy_Apply(t *testing.T) {
tests := []struct {
name string
value string
result testapi.TestResult
result v1alpha1.TestResult
want bool
}{{
name: "empty result",
value: "test",
result: testapi.TestResult{},
result: v1alpha1.TestResult{},
want: true,
}, {
name: "empty value",
value: "",
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "test"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
},
want: false,
}, {
name: "empty value and result",
value: "",
result: testapi.TestResult{},
result: v1alpha1.TestResult{},
want: true,
}, {
name: "match",
value: "test",
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "test"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
},
want: true,
}, {
name: "no match",
value: "test",
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "not-test"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Policy: "not-test"},
},
want: false,
}, {
name: "wildcard match",
value: "disallow-*",
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "disallow-latest-tag"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Policy: "disallow-latest-tag"},
},
want: true,
}, {
name: "wildcard does not match",
value: "allow-*",
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "disallow-latest-tag"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Policy: "disallow-latest-tag"},
},
want: false,
}}
@ -76,51 +76,51 @@ func Test_rule_Apply(t *testing.T) {
tests := []struct {
name string
value string
result testapi.TestResult
result v1alpha1.TestResult
want bool
}{{
name: "empty result",
value: "test",
result: testapi.TestResult{},
result: v1alpha1.TestResult{},
want: true,
}, {
name: "empty value",
value: "",
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Rule: "test"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Rule: "test"},
},
want: false,
}, {
name: "empty value and result",
value: "",
result: testapi.TestResult{},
result: v1alpha1.TestResult{},
want: true,
}, {
name: "match",
value: "test",
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Rule: "test"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Rule: "test"},
},
want: true,
}, {
name: "no match",
value: "test",
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Rule: "not-test"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Rule: "not-test"},
},
want: false,
}, {
name: "wildcard match",
value: "*-image-tag",
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Rule: "validate-image-tag"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Rule: "validate-image-tag"},
},
want: true,
}, {
name: "wildcard does not match",
value: "require-*",
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Rule: "validate-image-tag"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Rule: "validate-image-tag"},
},
want: false,
}}
@ -140,51 +140,51 @@ func Test_resource_Apply(t *testing.T) {
tests := []struct {
name string
value string
result testapi.TestResult
result v1alpha1.TestResult
want bool
}{{
name: "empty result",
value: "test",
result: testapi.TestResult{},
result: v1alpha1.TestResult{},
want: true,
}, {
name: "empty value",
value: "",
result: testapi.TestResult{
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "test"},
result: v1alpha1.TestResult{
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "test"},
},
want: false,
}, {
name: "empty value and result",
value: "",
result: testapi.TestResult{},
result: v1alpha1.TestResult{},
want: true,
}, {
name: "match",
value: "test",
result: testapi.TestResult{
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "test"},
result: v1alpha1.TestResult{
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "test"},
},
want: true,
}, {
name: "no match",
value: "test",
result: testapi.TestResult{
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "not-test"},
result: v1alpha1.TestResult{
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "not-test"},
},
want: false,
}, {
name: "wildcard match",
value: "good*01",
result: testapi.TestResult{
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "good-deployment-01"},
result: v1alpha1.TestResult{
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "good-deployment-01"},
},
want: true,
}, {
name: "wildcard does not match",
value: "good*01",
result: testapi.TestResult{
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "bad-deployment-01"},
result: v1alpha1.TestResult{
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "bad-deployment-01"},
},
want: false,
}}
@ -204,46 +204,46 @@ func Test_composite_Apply(t *testing.T) {
tests := []struct {
name string
filters []Filter
result testapi.TestResult
result v1alpha1.TestResult
want bool
}{{
name: "nil",
filters: nil,
result: testapi.TestResult{},
result: v1alpha1.TestResult{},
want: true,
}, {
name: "empty",
filters: []Filter{},
result: testapi.TestResult{},
result: v1alpha1.TestResult{},
want: true,
}, {
name: "policy match",
filters: []Filter{policy{"test"}},
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "test"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
},
want: true,
}, {
name: "policy no match",
filters: []Filter{policy{"test"}},
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "not-test"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Policy: "not-test"},
},
want: false,
}, {
name: "policy and resource match",
filters: []Filter{policy{"test"}, resource{"resource"}},
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "test"},
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "resource"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "resource"},
},
want: true,
}, {
name: "policy match and resource no match",
filters: []Filter{policy{"test"}, resource{"resource"}},
result: testapi.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "test"},
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "not-resource"},
result: v1alpha1.TestResult{
TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "not-resource"},
},
want: false,
},

4
cmd/cli/kubectl-kyverno/test/load.go
View file

@ -6,7 +6,7 @@ import (
"path/filepath"
"github.com/go-git/go-billy/v5"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"k8s.io/apimachinery/pkg/util/yaml"
)
@ -65,7 +65,7 @@ func LoadTest(fs billy.Filesystem, path string) TestCase {
}
yamlBytes = data
}
var test testapi.Test
var test v1alpha1.Test
if err := yaml.UnmarshalStrict(yamlBytes, &test); err != nil {
return TestCase{
Path: path,

50
cmd/cli/kubectl-kyverno/test/load_test.go
View file

@ -9,7 +9,7 @@ import (
"github.com/go-git/go-billy/v5"
"github.com/go-git/go-billy/v5/memfs"
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
)
func TestLoadTests(t *testing.T) {
@ -46,12 +46,12 @@ func TestLoadTests(t *testing.T) {
fileName: "kyverno-test.yaml",
want: []TestCase{{
Path: "../_testdata/tests/test-1/kyverno-test.yaml",
Test: &testapi.Test{
Test: &v1alpha1.Test{
Name: "test-registry",
Policies: []string{"image-example.yaml"},
Resources: []string{"resources.yaml"},
Results: []testapi.TestResult{{
TestResultBase: testapi.TestResultBase{
Results: []v1alpha1.TestResult{{
TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod",
Policy: "images",
Result: policyreportv1alpha2.StatusPass,
@ -59,7 +59,7 @@ func TestLoadTests(t *testing.T) {
},
Resources: []string{"test-pod-with-non-root-user-image"},
}, {
TestResultBase: testapi.TestResultBase{
TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod",
Policy: "images",
Result: policyreportv1alpha2.StatusPass,
@ -76,12 +76,12 @@ func TestLoadTests(t *testing.T) {
fileName: "kyverno-test.yaml",
want: []TestCase{{
Path: "../_testdata/tests/test-2/kyverno-test.yaml",
Test: &testapi.Test{
Test: &v1alpha1.Test{
Name: "add-quota",
Policies: []string{"policy.yaml"},
Resources: []string{"resource.yaml"},
Results: []testapi.TestResult{{
TestResultBase: testapi.TestResultBase{
Results: []v1alpha1.TestResult{{
TestResultBase: v1alpha1.TestResultBase{
Kind: "Namespace",
Policy: "add-ns-quota",
Result: policyreportv1alpha2.StatusPass,
@ -90,7 +90,7 @@ func TestLoadTests(t *testing.T) {
},
Resources: []string{"hello-world-namespace"},
}, {
TestResultBase: testapi.TestResultBase{
TestResultBase: v1alpha1.TestResultBase{
Kind: "Namespace",
Policy: "add-ns-quota",
Result: policyreportv1alpha2.StatusPass,
@ -108,12 +108,12 @@ func TestLoadTests(t *testing.T) {
fileName: "kyverno-test.yaml",
want: []TestCase{{
Path: "../_testdata/tests/test-1/kyverno-test.yaml",
Test: &testapi.Test{
Test: &v1alpha1.Test{
Name: "test-registry",
Policies: []string{"image-example.yaml"},
Resources: []string{"resources.yaml"},
Results: []testapi.TestResult{{
TestResultBase: testapi.TestResultBase{
Results: []v1alpha1.TestResult{{
TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod",
Policy: "images",
Result: policyreportv1alpha2.StatusPass,
@ -121,7 +121,7 @@ func TestLoadTests(t *testing.T) {
},
Resources: []string{"test-pod-with-non-root-user-image"},
}, {
TestResultBase: testapi.TestResultBase{
TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod",
Policy: "images",
Result: policyreportv1alpha2.StatusPass,
@ -132,12 +132,12 @@ func TestLoadTests(t *testing.T) {
},
}, {
Path: "../_testdata/tests/test-2/kyverno-test.yaml",
Test: &testapi.Test{
Test: &v1alpha1.Test{
Name: "add-quota",
Policies: []string{"policy.yaml"},
Resources: []string{"resource.yaml"},
Results: []testapi.TestResult{{
TestResultBase: testapi.TestResultBase{
Results: []v1alpha1.TestResult{{
TestResultBase: v1alpha1.TestResultBase{
Kind: "Namespace",
Policy: "add-ns-quota",
Result: policyreportv1alpha2.StatusPass,
@ -146,7 +146,7 @@ func TestLoadTests(t *testing.T) {
},
Resources: []string{"hello-world-namespace"},
}, {
TestResultBase: testapi.TestResultBase{
TestResultBase: v1alpha1.TestResultBase{
Kind: "Namespace",
Policy: "add-ns-quota",
Result: policyreportv1alpha2.StatusPass,
@ -197,12 +197,12 @@ func TestLoadTest(t *testing.T) {
path: "../_testdata/tests/test-1/kyverno-test.yaml",
want: TestCase{
Path: "../_testdata/tests/test-1/kyverno-test.yaml",
Test: &testapi.Test{
Test: &v1alpha1.Test{
Name: "test-registry",
Policies: []string{"image-example.yaml"},
Resources: []string{"resources.yaml"},
Results: []testapi.TestResult{{
TestResultBase: testapi.TestResultBase{
Results: []v1alpha1.TestResult{{
TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod",
Policy: "images",
Result: policyreportv1alpha2.StatusPass,
@ -210,7 +210,7 @@ func TestLoadTest(t *testing.T) {
},
Resources: []string{"test-pod-with-non-root-user-image"},
}, {
TestResultBase: testapi.TestResultBase{
TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod",
Policy: "images",
Result: policyreportv1alpha2.StatusPass,
@ -225,12 +225,12 @@ func TestLoadTest(t *testing.T) {
path: "kyverno-test.yaml",
want: TestCase{
Path: "kyverno-test.yaml",
Test: &testapi.Test{
Test: &v1alpha1.Test{
Name: "test-registry",
Policies: []string{"image-example.yaml"},
Resources: []string{"resources.yaml"},
Results: []testapi.TestResult{{
TestResultBase: testapi.TestResultBase{
Results: []v1alpha1.TestResult{{
TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod",
Policy: "images",
Result: policyreportv1alpha2.StatusPass,
@ -238,7 +238,7 @@ func TestLoadTest(t *testing.T) {
},
Resources: []string{"test-pod-with-non-root-user-image"},
}, {
TestResultBase: testapi.TestResultBase{
TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod",
Policy: "images",
Result: policyreportv1alpha2.StatusPass,

4
cmd/cli/kubectl-kyverno/test/test_case.go
View file

@ -4,13 +4,13 @@ import (
"path/filepath"
"github.com/go-git/go-billy/v5"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
)
type TestCase struct {
Path string
Fs billy.Filesystem
Test *testapi.Test
Test *v1alpha1.Test
Err error
}

4
cmd/cli/kubectl-kyverno/test/test_case_test.go
View file

@ -4,7 +4,7 @@ import (
"testing"
"github.com/go-git/go-billy/v5"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
)
func TestTestCase_Dir(t *testing.T) {
@ -14,7 +14,7 @@ func TestTestCase_Dir(t *testing.T) {
name string
Path string
Fs billy.Filesystem
Test *testapi.Test
Test *v1alpha1.Test
Err error
want string
}{{

16
cmd/cli/kubectl-kyverno/utils/common/common.go
View file

@ -10,13 +10,13 @@ import (
"github.com/go-git/go-billy/v5"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/source"
"github.com/kyverno/kyverno/pkg/autogen"
"github.com/kyverno/kyverno/pkg/clients/dclient"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"k8s.io/api/admissionregistration/v1alpha1"
admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
@ -30,7 +30,7 @@ func GetResourceAccordingToResourcePath(
resourcePaths []string,
cluster bool,
policies []kyvernov1.PolicyInterface,
validatingAdmissionPolicies []v1alpha1.ValidatingAdmissionPolicy,
validatingAdmissionPolicies []admissionregistrationv1alpha1.ValidatingAdmissionPolicy,
dClient dclient.Interface,
namespace string,
policyReport bool,
@ -87,7 +87,7 @@ func GetResourceAccordingToResourcePath(
return resources, err
}
func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subresources []valuesapi.Subresource, dClient dclient.Interface) sets.Set[string] {
func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subresources []v1alpha1.Subresource, dClient dclient.Interface) sets.Set[string] {
knownkinds := sets.New[string]()
for _, rule := range autogen.ComputeRules(policy) {
for _, kind := range rule.MatchResources.ResourceDescription.Kinds {
@ -110,7 +110,7 @@ func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subreso
return knownkinds
}
func getKind(kind string, subresources []valuesapi.Subresource, dClient dclient.Interface) (string, error) {
func getKind(kind string, subresources []v1alpha1.Subresource, dClient dclient.Interface) (string, error) {
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
if subresource == "" {
return kind, nil
@ -132,7 +132,7 @@ func getKind(kind string, subresources []valuesapi.Subresource, dClient dclient.
return kind, nil
}
func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []valuesapi.Subresource) (string, error) {
func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []v1alpha1.Subresource) (string, error) {
for _, subresource := range subresources {
parentResourceGroupVersion := metav1.GroupVersion{
Group: subresource.ParentResource.Group,
@ -140,8 +140,8 @@ func getSubresourceKind(groupVersion, parentKind, subresourceName string, subres
}.String()
if groupVersion == "" || kubeutils.GroupVersionMatches(groupVersion, parentResourceGroupVersion) {
if parentKind == subresource.ParentResource.Kind {
if strings.ToLower(subresourceName) == strings.Split(subresource.APIResource.Name, "/")[1] {
return subresource.APIResource.Kind, nil
if strings.ToLower(subresourceName) == strings.Split(subresource.Subresource.Name, "/")[1] {
return subresource.Subresource.Kind, nil
}
}
}

7
cmd/cli/kubectl-kyverno/utils/common/common_test.go
View file

@ -3,8 +3,7 @@ package common
import (
"testing"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"gotest.tools/assert"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
@ -97,9 +96,9 @@ func Test_getSubresourceKind(t *testing.T) {
podAPIResource := metav1.APIResource{Name: "pods", SingularName: "", Namespaced: true, Kind: "Pod"}
podEvictionAPIResource := metav1.APIResource{Name: "pods/eviction", SingularName: "", Namespaced: true, Group: "policy", Version: "v1", Kind: "Eviction"}
subresources := []valuesapi.Subresource{
subresources := []v1alpha1.Subresource{
{
APIResource: podEvictionAPIResource,
Subresource: podEvictionAPIResource,
ParentResource: podAPIResource,
},
}

34
cmd/cli/kubectl-kyverno/utils/common/fetch.go
View file

@ -9,14 +9,14 @@ import (
"github.com/go-git/go-billy/v5"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
"github.com/kyverno/kyverno/pkg/autogen"
"github.com/kyverno/kyverno/pkg/clients/dclient"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"github.com/kyverno/kyverno/pkg/validatingadmissionpolicy"
"k8s.io/api/admissionregistration/v1alpha1"
admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
@ -29,7 +29,7 @@ import (
func GetResources(
out io.Writer,
policies []kyvernov1.PolicyInterface,
validatingAdmissionPolicies []v1alpha1.ValidatingAdmissionPolicy,
validatingAdmissionPolicies []admissionregistrationv1alpha1.ValidatingAdmissionPolicy,
resourcePaths []string,
dClient dclient.Interface,
cluster bool,
@ -70,7 +70,7 @@ func GetResources(
return resources, err
}
func whenClusterIsTrue(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, dClient dclient.Interface, namespace string, resourcePaths []string, policyReport bool) ([]*unstructured.Unstructured, error) {
func whenClusterIsTrue(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource, dClient dclient.Interface, namespace string, resourcePaths []string, policyReport bool) ([]*unstructured.Unstructured, error) {
resources := make([]*unstructured.Unstructured, 0)
resourceMap, err := getResourcesOfTypeFromCluster(out, resourceTypes, subresourceMap, dClient, namespace)
if err != nil {
@ -166,7 +166,7 @@ func GetResourcesWithTest(out io.Writer, fs billy.Filesystem, policies []kyverno
return resources, nil
}
func getResourcesOfTypeFromCluster(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) {
func getResourcesOfTypeFromCluster(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) {
r := make(map[string]*unstructured.Unstructured)
for _, kind := range resourceTypes {
resourceList, err := dClient.ListResource(context.TODO(), kind.GroupVersion().String(), kind.Kind, namespace, nil)
@ -195,17 +195,17 @@ func getResourcesOfTypeFromCluster(out io.Writer, resourceTypes []schema.GroupVe
parentResourceNames = append(parentResourceNames, resource.GetName())
}
for _, parentResourceName := range parentResourceNames {
subresourceName := strings.Split(subresource.APIResource.Name, "/")[1]
subresourceName := strings.Split(subresource.Subresource.Name, "/")[1]
resource, err := dClient.GetResource(context.TODO(), parentGV.String(), subresource.ParentResource.Kind, namespace, parentResourceName, subresourceName)
if err != nil {
fmt.Fprintf(out, "Error: %s", err.Error())
continue
}
key := subresource.APIResource.Kind + "-" + resource.GetNamespace() + "-" + resource.GetName()
key := subresource.Subresource.Kind + "-" + resource.GetNamespace() + "-" + resource.GetName()
resource.SetGroupVersionKind(schema.GroupVersionKind{
Group: subresource.APIResource.Group,
Version: subresource.APIResource.Version,
Kind: subresource.APIResource.Kind,
Group: subresource.Subresource.Group,
Version: subresource.Subresource.Version,
Kind: subresource.Subresource.Kind,
})
r[key] = resource.DeepCopy()
}
@ -227,9 +227,9 @@ func GetPatchedAndGeneratedResource(resourceBytes []byte) (unstructured.Unstruct
}
// GetKindsFromRule will return the kinds from policy match block
func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]valuesapi.Subresource) {
func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]v1alpha1.Subresource) {
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
subresourceMap := make(map[schema.GroupVersionKind]valuesapi.Subresource)
subresourceMap := make(map[schema.GroupVersionKind]v1alpha1.Subresource)
for _, kind := range rule.MatchResources.Kinds {
addGVKToResourceTypesMap(kind, resourceTypesMap, subresourceMap, client)
}
@ -250,9 +250,9 @@ func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema
return resourceTypesMap, subresourceMap
}
func getKindsFromValidatingAdmissionPolicy(policy v1alpha1.ValidatingAdmissionPolicy, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]valuesapi.Subresource) {
func getKindsFromValidatingAdmissionPolicy(policy admissionregistrationv1alpha1.ValidatingAdmissionPolicy, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]v1alpha1.Subresource) {
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
subresourceMap := make(map[schema.GroupVersionKind]valuesapi.Subresource)
subresourceMap := make(map[schema.GroupVersionKind]v1alpha1.Subresource)
kinds := validatingadmissionpolicy.GetKinds(policy)
for _, kind := range kinds {
@ -262,7 +262,7 @@ func getKindsFromValidatingAdmissionPolicy(policy v1alpha1.ValidatingAdmissionPo
return resourceTypesMap, subresourceMap
}
func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, client dclient.Interface) {
func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource, client dclient.Interface) {
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
gvrss, err := client.Discovery().FindResources(group, version, kind, subresource)
if err != nil {
@ -277,8 +277,8 @@ func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVers
gvk := schema.GroupVersionKind{
Group: child.Group, Version: child.Version, Kind: child.Kind,
}
subresourceMap[gvk] = valuesapi.Subresource{
APIResource: child,
subresourceMap[gvk] = v1alpha1.Subresource{
Subresource: child,
ParentResource: metav1.APIResource{
Group: parent.Group,
Version: parent.Version,

4
cmd/cli/kubectl-kyverno/utils/common/kyverno_resources_types.go
View file

@ -4,7 +4,7 @@ import (
"io"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/pkg/autogen"
"github.com/kyverno/kyverno/pkg/clients/dclient"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -21,7 +21,7 @@ func (r *KyvernoResources) FetchResourcesFromPolicy(out io.Writer, resourcePaths
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
var resourceTypes []schema.GroupVersionKind
var subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource
var subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource
for _, policy := range r.policies {
for _, rule := range autogen.ComputeRules(policy) {

8
cmd/cli/kubectl-kyverno/utils/common/validating_admission_resources.go
View file

@ -3,15 +3,15 @@ package common
import (
"io"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/pkg/clients/dclient"
"k8s.io/api/admissionregistration/v1alpha1"
admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
)
type ValidatingAdmissionResources struct {
policies []v1alpha1.ValidatingAdmissionPolicy
policies []admissionregistrationv1alpha1.ValidatingAdmissionPolicy
}
func (r *ValidatingAdmissionResources) FetchResourcesFromPolicy(out io.Writer, resourcePaths []string, dClient dclient.Interface, namespace string, policyReport bool) ([]*unstructured.Unstructured, error) {
@ -20,7 +20,7 @@ func (r *ValidatingAdmissionResources) FetchResourcesFromPolicy(out io.Writer, r
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
var resourceTypes []schema.GroupVersionKind
var subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource
var subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource
for _, policy := range r.policies {
var resourceTypesInRule map[schema.GroupVersionKind]bool

6
cmd/cli/kubectl-kyverno/values/load.go
View file

@ -5,16 +5,16 @@ import (
"os"
"github.com/go-git/go-billy/v5"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"k8s.io/apimachinery/pkg/util/yaml"
)
func Load(f billy.Filesystem, filepath string) (*valuesapi.Values, error) {
func Load(f billy.Filesystem, filepath string) (*v1alpha1.Values, error) {
yamlBytes, err := readFile(f, filepath)
if err != nil {
return nil, err
}
vals := &valuesapi.Values{}
vals := &v1alpha1.Values{}
if err := yaml.UnmarshalStrict(yamlBytes, vals); err != nil {
return nil, err
}

44
cmd/cli/kubectl-kyverno/values/load_test.go
View file

@ -7,7 +7,7 @@ import (
"github.com/go-git/go-billy/v5"
"github.com/go-git/go-billy/v5/memfs"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
)
func Test_readFile(t *testing.T) {
@ -88,7 +88,7 @@ func TestLoad(t *testing.T) {
name string
f billy.Filesystem
filepath string
want *valuesapi.Values
want *v1alpha1.Values
wantErr bool
}{{
name: "empty",
@ -108,27 +108,29 @@ func TestLoad(t *testing.T) {
}, {
name: "valid",
filepath: "../_testdata/values/limit-configmap-for-sa.yaml",
want: &valuesapi.Values{
NamespaceSelectors: []valuesapi.NamespaceSelector{{
Name: "test1",
Labels: map[string]string{
"foo.com/managed-state": "managed",
},
}},
Policies: []valuesapi.Policy{{
Name: "limit-configmap-for-sa",
Resources: []valuesapi.Resource{{
Name: "any-configmap-name-good",
Values: map[string]interface{}{
"request.operation": "UPDATE",
},
}, {
Name: "any-configmap-name-bad",
Values: map[string]interface{}{
"request.operation": "UPDATE",
want: &v1alpha1.Values{
ValuesSpec: v1alpha1.ValuesSpec{
NamespaceSelectors: []v1alpha1.NamespaceSelector{{
Name: "test1",
Labels: map[string]string{
"foo.com/managed-state": "managed",
},
}},
}},
Policies: []v1alpha1.Policy{{
Name: "limit-configmap-for-sa",
Resources: []v1alpha1.Resource{{
Name: "any-configmap-name-good",
Values: map[string]interface{}{
"request.operation": "UPDATE",
},
}, {
Name: "any-configmap-name-bad",
Values: map[string]interface{}{
"request.operation": "UPDATE",
},
}},
}},
},
},
wantErr: false,
}}

6
cmd/cli/kubectl-kyverno/variables/new.go
View file

@ -5,18 +5,18 @@ import (
"path/filepath"
"github.com/go-git/go-billy/v5"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values"
)
func New(fs billy.Filesystem, resourcePath string, path string, vals *valuesapi.Values, vars ...string) (*Variables, error) {
func New(fs billy.Filesystem, resourcePath string, path string, vals *v1alpha1.ValuesSpec, vars ...string) (*Variables, error) {
// if we already have values, skip the file
if vals == nil && path != "" {
v, err := values.Load(fs, filepath.Join(resourcePath, path))
if err != nil {
return nil, fmt.Errorf("Unable to load variable file: %s (%w)", path, err)
}
vals = v
vals = &v.ValuesSpec
}
variables := Variables{
values: vals,

32
cmd/cli/kubectl-kyverno/variables/new_test.go
View file

@ -5,7 +5,7 @@ import (
"testing"
"github.com/go-git/go-billy/v5"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
)
func TestNew(t *testing.T) {
@ -14,7 +14,7 @@ func TestNew(t *testing.T) {
fs billy.Filesystem
resourcePath string
path string
vals *valuesapi.Values
vals *v1alpha1.ValuesSpec
vars []string
want *Variables
wantErr bool
@ -47,14 +47,14 @@ func TestNew(t *testing.T) {
fs: nil,
resourcePath: "",
path: "",
vals: &valuesapi.Values{
vals: &v1alpha1.ValuesSpec{
GlobalValues: map[string]interface{}{
"bar": "baz",
},
},
vars: nil,
want: &Variables{
values: &valuesapi.Values{
values: &v1alpha1.ValuesSpec{
GlobalValues: map[string]interface{}{
"bar": "baz",
},
@ -66,7 +66,7 @@ func TestNew(t *testing.T) {
fs: nil,
resourcePath: "",
path: "",
vals: &valuesapi.Values{
vals: &v1alpha1.ValuesSpec{
GlobalValues: map[string]interface{}{
"bar": "baz",
},
@ -75,7 +75,7 @@ func TestNew(t *testing.T) {
"foo=bar",
},
want: &Variables{
values: &valuesapi.Values{
values: &v1alpha1.ValuesSpec{
GlobalValues: map[string]interface{}{
"bar": "baz",
},
@ -93,16 +93,16 @@ func TestNew(t *testing.T) {
vals: nil,
vars: nil,
want: &Variables{
values: &valuesapi.Values{
NamespaceSelectors: []valuesapi.NamespaceSelector{{
values: &v1alpha1.ValuesSpec{
NamespaceSelectors: []v1alpha1.NamespaceSelector{{
Name: "test1",
Labels: map[string]string{
"foo.com/managed-state": "managed",
},
}},
Policies: []valuesapi.Policy{{
Policies: []v1alpha1.Policy{{
Name: "limit-configmap-for-sa",
Resources: []valuesapi.Resource{{
Resources: []v1alpha1.Resource{{
Name: "any-configmap-name-good",
Values: map[string]interface{}{
"request.operation": "UPDATE",
@ -127,16 +127,16 @@ func TestNew(t *testing.T) {
"foo=bar",
},
want: &Variables{
values: &valuesapi.Values{
NamespaceSelectors: []valuesapi.NamespaceSelector{{
values: &v1alpha1.ValuesSpec{
NamespaceSelectors: []v1alpha1.NamespaceSelector{{
Name: "test1",
Labels: map[string]string{
"foo.com/managed-state": "managed",
},
}},
Policies: []valuesapi.Policy{{
Policies: []v1alpha1.Policy{{
Name: "limit-configmap-for-sa",
Resources: []valuesapi.Resource{{
Resources: []v1alpha1.Resource{{
Name: "any-configmap-name-good",
Values: map[string]interface{}{
"request.operation": "UPDATE",
@ -168,14 +168,14 @@ func TestNew(t *testing.T) {
fs: nil,
resourcePath: "",
path: "../_testdata/values/limit-configmap-for-sa.yaml",
vals: &valuesapi.Values{
vals: &v1alpha1.ValuesSpec{
GlobalValues: map[string]interface{}{
"bar": "baz",
},
},
vars: nil,
want: &Variables{
values: &valuesapi.Values{
values: &v1alpha1.ValuesSpec{
GlobalValues: map[string]interface{}{
"bar": "baz",
},

6
cmd/cli/kubectl-kyverno/variables/variables.go
View file

@ -3,13 +3,13 @@ package variables
import (
"fmt"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store"
"k8s.io/apimachinery/pkg/util/sets"
)
type Variables struct {
values *valuesapi.Values
values *v1alpha1.ValuesSpec
variables map[string]string
}
@ -29,7 +29,7 @@ func (v Variables) HasPolicyVariables(policy string) bool {
return false
}
func (v Variables) Subresources() []valuesapi.Subresource {
func (v Variables) Subresources() []v1alpha1.Subresource {
if v.values == nil {
return nil
}

54
cmd/cli/kubectl-kyverno/variables/variables_test.go
View file

@ -4,7 +4,7 @@ import (
"reflect"
"testing"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values"
"github.com/stretchr/testify/assert"
"k8s.io/apimachinery/pkg/util/sets"
@ -13,7 +13,7 @@ import (
func TestVariables_HasVariables(t *testing.T) {
tests := []struct {
name string
values *valuesapi.Values
values *v1alpha1.ValuesSpec
variables map[string]string
want bool
}{{
@ -50,9 +50,9 @@ func TestVariables_HasVariables(t *testing.T) {
func TestVariables_Subresources(t *testing.T) {
tests := []struct {
name string
values *valuesapi.Values
values *v1alpha1.ValuesSpec
variables map[string]string
want []valuesapi.Subresource
want []v1alpha1.Subresource
}{{
name: "nil values",
values: nil,
@ -60,25 +60,25 @@ func TestVariables_Subresources(t *testing.T) {
want: nil,
}, {
name: "nil subresources",
values: &valuesapi.Values{
values: &v1alpha1.ValuesSpec{
Subresources: nil,
},
variables: nil,
want: nil,
}, {
name: "empty subresources",
values: &valuesapi.Values{
Subresources: []valuesapi.Subresource{},
values: &v1alpha1.ValuesSpec{
Subresources: []v1alpha1.Subresource{},
},
variables: nil,
want: nil,
}, {
name: "subresources",
values: &valuesapi.Values{
Subresources: []valuesapi.Subresource{{}},
values: &v1alpha1.ValuesSpec{
Subresources: []v1alpha1.Subresource{{}},
},
variables: nil,
want: []valuesapi.Subresource{{}},
want: []v1alpha1.Subresource{{}},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
@ -98,7 +98,7 @@ func TestVariables_NamespaceSelectors(t *testing.T) {
assert.NoError(t, err)
tests := []struct {
name string
values *valuesapi.Values
values *v1alpha1.ValuesSpec
variables map[string]string
want map[string]Labels
}{{
@ -108,12 +108,12 @@ func TestVariables_NamespaceSelectors(t *testing.T) {
want: nil,
}, {
name: "empty",
values: &valuesapi.Values{},
values: &v1alpha1.ValuesSpec{},
variables: nil,
want: nil,
}, {
name: "values",
values: vals,
values: &vals.ValuesSpec,
variables: nil,
want: map[string]map[string]string{
"test1": {
@ -137,9 +137,9 @@ func TestVariables_NamespaceSelectors(t *testing.T) {
func TestVariables_SetInStore(t *testing.T) {
vals, err := values.Load(nil, "../_testdata/values/limit-configmap-for-sa.yaml")
assert.NoError(t, err)
vals.Policies = append(vals.Policies, valuesapi.Policy{
vals.ValuesSpec.Policies = append(vals.ValuesSpec.Policies, v1alpha1.Policy{
Name: "limit-configmap-for-sa",
Rules: []valuesapi.Rule{{
Rules: []v1alpha1.Rule{{
Name: "rule",
Values: map[string]interface{}{
"foo": "bar",
@ -151,7 +151,7 @@ func TestVariables_SetInStore(t *testing.T) {
})
tests := []struct {
name string
values *valuesapi.Values
values *v1alpha1.ValuesSpec
variables map[string]string
}{{
name: "nil",
@ -159,11 +159,11 @@ func TestVariables_SetInStore(t *testing.T) {
variables: nil,
}, {
name: "empty",
values: &valuesapi.Values{},
values: &v1alpha1.ValuesSpec{},
variables: nil,
}, {
name: "values",
values: vals,
values: &vals.ValuesSpec,
variables: nil,
}}
for _, tt := range tests {
@ -180,9 +180,9 @@ func TestVariables_SetInStore(t *testing.T) {
func TestVariables_HasPolicyVariables(t *testing.T) {
vals, err := values.Load(nil, "../_testdata/values/limit-configmap-for-sa.yaml")
assert.NoError(t, err)
vals.Policies = append(vals.Policies, valuesapi.Policy{
vals.ValuesSpec.Policies = append(vals.ValuesSpec.Policies, v1alpha1.Policy{
Name: "limit-configmap-for-sa",
Rules: []valuesapi.Rule{{
Rules: []v1alpha1.Rule{{
Name: "rule",
Values: map[string]interface{}{
"foo": "bar",
@ -194,7 +194,7 @@ func TestVariables_HasPolicyVariables(t *testing.T) {
})
tests := []struct {
name string
values *valuesapi.Values
values *v1alpha1.ValuesSpec
variables map[string]string
policy string
want bool
@ -206,19 +206,19 @@ func TestVariables_HasPolicyVariables(t *testing.T) {
want: false,
}, {
name: "empty",
values: &valuesapi.Values{},
values: &v1alpha1.ValuesSpec{},
variables: nil,
policy: "test",
want: false,
}, {
name: "values - test",
values: vals,
values: &vals.ValuesSpec,
variables: nil,
policy: "test",
want: false,
}, {
name: "values - limit-configmap-for-sa",
values: vals,
values: &vals.ValuesSpec,
variables: nil,
policy: "limit-configmap-for-sa",
want: true,
@ -237,14 +237,14 @@ func TestVariables_HasPolicyVariables(t *testing.T) {
}
func TestVariables_ComputeVariables(t *testing.T) {
loadValues := func(path string) *valuesapi.Values {
loadValues := func(path string) *v1alpha1.ValuesSpec {
t.Helper()
vals, err := values.Load(nil, path)
assert.NoError(t, err)
return vals
return &vals.ValuesSpec
}
type fields struct {
values *valuesapi.Values
values *v1alpha1.ValuesSpec
variables map[string]string
}
type args struct {

0
docs/user/cli/kyverno.md → docs/user/cli/commands/kyverno.md
View file

0
docs/user/cli/kyverno_apply.md → docs/user/cli/commands/kyverno_apply.md
View file

0
docs/user/cli/kyverno_completion.md → docs/user/cli/commands/kyverno_completion.md
View file

0
docs/user/cli/kyverno_completion_bash.md → docs/user/cli/commands/kyverno_completion_bash.md
View file

0
docs/user/cli/kyverno_completion_fish.md → docs/user/cli/commands/kyverno_completion_fish.md
View file

0
docs/user/cli/kyverno_completion_powershell.md → docs/user/cli/commands/kyverno_completion_powershell.md
View file

0
docs/user/cli/kyverno_completion_zsh.md → docs/user/cli/commands/kyverno_completion_zsh.md
View file

0
docs/user/cli/kyverno_create.md → docs/user/cli/commands/kyverno_create.md
View file

0
docs/user/cli/kyverno_create_exception.md → docs/user/cli/commands/kyverno_create_exception.md
View file

0
docs/user/cli/kyverno_create_metrics-config.md → docs/user/cli/commands/kyverno_create_metrics-config.md
View file

0
docs/user/cli/kyverno_create_test.md → docs/user/cli/commands/kyverno_create_test.md
View file

0
docs/user/cli/kyverno_create_user-info.md → docs/user/cli/commands/kyverno_create_user-info.md
View file

0
docs/user/cli/kyverno_create_values.md → docs/user/cli/commands/kyverno_create_values.md
View file

0
docs/user/cli/kyverno_docs.md → docs/user/cli/commands/kyverno_docs.md
View file

0
docs/user/cli/kyverno_fix.md → docs/user/cli/commands/kyverno_fix.md
View file

0
docs/user/cli/kyverno_fix_policy.md → docs/user/cli/commands/kyverno_fix_policy.md
View file

1
docs/user/cli/kyverno_fix_test.md → docs/user/cli/commands/kyverno_fix_test.md
View file

@ -30,6 +30,7 @@ kyverno fix test [dir]... [flags]
```
--compress Compress test results
-f, --file-name string Test filename (default "kyverno-test.yaml")
--force Force save file
-h, --help help for test
--save Save fixed file
```

0
docs/user/cli/kyverno_jp.md → docs/user/cli/commands/kyverno_jp.md
View file

0
docs/user/cli/kyverno_jp_function.md → docs/user/cli/commands/kyverno_jp_function.md
View file

0
docs/user/cli/kyverno_jp_parse.md → docs/user/cli/commands/kyverno_jp_parse.md
View file

0
docs/user/cli/kyverno_jp_query.md → docs/user/cli/commands/kyverno_jp_query.md
View file

0
docs/user/cli/kyverno_oci.md → docs/user/cli/commands/kyverno_oci.md
View file

0
docs/user/cli/kyverno_oci_pull.md → docs/user/cli/commands/kyverno_oci_pull.md
View file

0
docs/user/cli/kyverno_oci_push.md → docs/user/cli/commands/kyverno_oci_push.md
View file

0
docs/user/cli/kyverno_test.md → docs/user/cli/commands/kyverno_test.md
View file

0
docs/user/cli/kyverno_version.md → docs/user/cli/commands/kyverno_version.md
View file

838
docs/user/cli/crd/index.html Normal file
View file

@ -0,0 +1,838 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<title>Kyverno API</title>
<style>
.bg-blue {
color: #ffffff;
background-color: #1589dd;
}
</style>
</head>
<body>
<div class="container">
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<a class="navbar-brand" href="#"><p><b>Packages : </b></p></a>
<ul style="list-style:none">
<li>
<a href="#cli.kyverno.io%2fv1alpha1"><b style="color: white">cli.kyverno.io/v1alpha1</b></a>
</li>
</ul>
</nav>
<h2 id="cli.kyverno.io/v1alpha1">cli.kyverno.io/v1alpha1</h2>
Resource Types:
<ul><li>
<a href="#cli.kyverno.io/v1alpha1.Test">Test</a>
</li><li>
<a href="#cli.kyverno.io/v1alpha1.UserInfo">UserInfo</a>
</li><li>
<a href="#cli.kyverno.io/v1alpha1.Values">Values</a>
</li></ul>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.Test">Test
</h3>
<p>
<p>Test declares a test</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>apiVersion</code><br/>
string</td>
<td>
<code>
cli.kyverno.io/v1alpha1
</code>
</td>
</tr>
<tr>
<td>
<code>kind</code><br/>
string
</td>
<td><code>Test</code></td>
</tr>
<tr>
<td>
<code>metadata</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
Kubernetes meta/v1.ObjectMeta
</a>
</em>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td>
<code>name</code><br/>
<em>
string
</em>
</td>
<td>
<p>Name is the name of the test.
This field is deprecated, use <code>metadata.name</code> instead</p>
</td>
</tr>
<tr>
<td>
<code>policies</code><br/>
<em>
[]string
</em>
</td>
<td>
<p>Policies are the policies to be used in the test</p>
</td>
</tr>
<tr>
<td>
<code>resources</code><br/>
<em>
[]string
</em>
</td>
<td>
<p>Resources are the resource to be used in the test</p>
</td>
</tr>
<tr>
<td>
<code>variables</code><br/>
<em>
string
</em>
</td>
<td>
<p>Variables is the values to be used in the test</p>
</td>
</tr>
<tr>
<td>
<code>userinfo</code><br/>
<em>
string
</em>
</td>
<td>
<p>UserInfo is the user info to be used in the test</p>
</td>
</tr>
<tr>
<td>
<code>results</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.TestResult">
[]TestResult
</a>
</em>
</td>
<td>
<p>Results are the results to be checked in the test</p>
</td>
</tr>
<tr>
<td>
<code>values</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">
ValuesSpec
</a>
</em>
</td>
<td>
<p>Values are the values to be used in the test</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.UserInfo">UserInfo
</h3>
<p>
<p>UserInfo declares user infos to be loaded by the Kyverno CLI</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>apiVersion</code><br/>
string</td>
<td>
<code>
cli.kyverno.io/v1alpha1
</code>
</td>
</tr>
<tr>
<td>
<code>kind</code><br/>
string
</td>
<td><code>UserInfo</code></td>
</tr>
<tr>
<td>
<code>metadata</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
Kubernetes meta/v1.ObjectMeta
</a>
</em>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td>
<code>RequestInfo</code><br/>
<em>
github.com/kyverno/kyverno/api/kyverno/v1beta1.RequestInfo
</em>
</td>
<td>
<p>
(Members of <code>RequestInfo</code> are embedded into this type.)
</p>
<p>RequestInfo declares user infos</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.Values">Values
</h3>
<p>
<p>Values declares values to be loaded by the Kyverno CLI</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>apiVersion</code><br/>
string</td>
<td>
<code>
cli.kyverno.io/v1alpha1
</code>
</td>
</tr>
<tr>
<td>
<code>kind</code><br/>
string
</td>
<td><code>Values</code></td>
</tr>
<tr>
<td>
<code>metadata</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
Kubernetes meta/v1.ObjectMeta
</a>
</em>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td>
<code>ValuesSpec</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">
ValuesSpec
</a>
</em>
</td>
<td>
<p>
(Members of <code>ValuesSpec</code> are embedded into this type.)
</p>
<p>ValuesSpec declares values</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.NamespaceSelector">NamespaceSelector
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">ValuesSpec</a>)
</p>
<p>
<p>NamespaceSelector declares labels for a given namespace</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>name</code><br/>
<em>
string
</em>
</td>
<td>
<p>Name is the namespace name</p>
</td>
</tr>
<tr>
<td>
<code>labels</code><br/>
<em>
map[string]string
</em>
</td>
<td>
<p>Labels are the labels for the given namespace</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.Policy">Policy
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">ValuesSpec</a>)
</p>
<p>
<p>Policy declares values for a given policy</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>name</code><br/>
<em>
string
</em>
</td>
<td>
<p>Name is the policy name</p>
</td>
</tr>
<tr>
<td>
<code>resources</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.Resource">
[]Resource
</a>
</em>
</td>
<td>
<p>Resources are values for specific resources</p>
</td>
</tr>
<tr>
<td>
<code>rules</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.Rule">
[]Rule
</a>
</em>
</td>
<td>
<p>Rules are values for specific policy rules</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.Resource">Resource
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.Policy">Policy</a>)
</p>
<p>
<p>Resource declares values for a given resource</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>name</code><br/>
<em>
string
</em>
</td>
<td>
<p>Name is the name of the resource</p>
</td>
</tr>
<tr>
<td>
<code>values</code><br/>
<em>
map[string]interface{}
</em>
</td>
<td>
<p>Values are the values for the given resource</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.Rule">Rule
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.Policy">Policy</a>)
</p>
<p>
<p>Rule declares values for a given policy rule</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>name</code><br/>
<em>
string
</em>
</td>
<td>
<p>Name is the name of the ppolicy rule</p>
</td>
</tr>
<tr>
<td>
<code>values</code><br/>
<em>
map[string]interface{}
</em>
</td>
<td>
<p>Values are the values for the given policy rule</p>
</td>
</tr>
<tr>
<td>
<code>foreachValues</code><br/>
<em>
map[string][]interface{}
</em>
</td>
<td>
<p>ForeachValues are the foreach values for the given policy rule</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.Subresource">Subresource
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">ValuesSpec</a>)
</p>
<p>
<p>Subresource declares subresource/parent resource mapping</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>subresource</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#apiresource-v1-meta">
Kubernetes meta/v1.APIResource
</a>
</em>
</td>
<td>
<p>Subresource declares the subresource api</p>
</td>
</tr>
<tr>
<td>
<code>parentResource</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#apiresource-v1-meta">
Kubernetes meta/v1.APIResource
</a>
</em>
</td>
<td>
<p>ParentResource declares the parent resource api</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.TestResult">TestResult
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.Test">Test</a>)
</p>
<p>
<p>TestResultBase declares a test result</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>TestResultBase</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.TestResultBase">
TestResultBase
</a>
</em>
</td>
<td>
<p>
(Members of <code>TestResultBase</code> are embedded into this type.)
</p>
</td>
</tr>
<tr>
<td>
<code>TestResultDeprecated</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.TestResultDeprecated">
TestResultDeprecated
</a>
</em>
</td>
<td>
<p>
(Members of <code>TestResultDeprecated</code> are embedded into this type.)
</p>
</td>
</tr>
<tr>
<td>
<code>resources</code><br/>
<em>
[]string
</em>
</td>
<td>
<p>Resources gives us the list of resources on which the policy is going to be applied.</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.TestResultBase">TestResultBase
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.TestResult">TestResult</a>)
</p>
<p>
<p>TestResultBase declares a test result base fields</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>policy</code><br/>
<em>
string
</em>
</td>
<td>
<p>Policy mentions the name of the policy.</p>
</td>
</tr>
<tr>
<td>
<code>rule</code><br/>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Rule mentions the name of the rule in the policy.
It&rsquo;s required in case policy is a kyverno policy.</p>
</td>
</tr>
<tr>
<td>
<code>isValidatingAdmissionPolicy</code><br/>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>IsValidatingAdmissionPolicy indicates if the policy is a validating admission policy.
It&rsquo;s required in case policy is a validating admission policy.</p>
</td>
</tr>
<tr>
<td>
<code>result</code><br/>
<em>
github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyResult
</em>
</td>
<td>
<p>Result mentions the result that the user is expecting.
Possible values are pass, fail and skip.</p>
</td>
</tr>
<tr>
<td>
<code>kind</code><br/>
<em>
string
</em>
</td>
<td>
<p>Kind mentions the kind of the resource on which the policy is to be applied.</p>
</td>
</tr>
<tr>
<td>
<code>patchedResource</code><br/>
<em>
string
</em>
</td>
<td>
<p>PatchedResource takes a resource configuration file in yaml format from
the user to compare it against the Kyverno mutated resource configuration.</p>
</td>
</tr>
<tr>
<td>
<code>generatedResource</code><br/>
<em>
string
</em>
</td>
<td>
<p>GeneratedResource takes a resource configuration file in yaml format from
the user to compare it against the Kyverno generated resource configuration.</p>
</td>
</tr>
<tr>
<td>
<code>cloneSourceResource</code><br/>
<em>
string
</em>
</td>
<td>
<p>CloneSourceResource takes the resource configuration file in yaml format
from the user which is meant to be cloned by the generate rule.</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.TestResultDeprecated">TestResultDeprecated
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.TestResult">TestResult</a>)
</p>
<p>
<p>TestResultBase declares a test result deprecated fields</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>status</code><br/>
<em>
github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyResult
</em>
</td>
<td>
<p>Status mentions the status that the user is expecting.
Possible values are pass, fail and skip.
This is DEPRECATED, use <code>Result</code> instead.</p>
</td>
</tr>
<tr>
<td>
<code>resource</code><br/>
<em>
string
</em>
</td>
<td>
<p>Resource mentions the name of the resource on which the policy is to be applied.
This is DEPRECATED, use <code>Resources</code> instead.</p>
</td>
</tr>
<tr>
<td>
<code>namespace</code><br/>
<em>
string
</em>
</td>
<td>
<p>Namespace mentions the namespace of the policy which has namespace scope.
This is DEPRECATED, use a name in the form <code>&lt;namespace&gt;/&lt;name&gt;</code> for policies and/or resources instead.</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.ValuesSpec">ValuesSpec
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.Test">Test</a>,
<a href="#cli.kyverno.io/v1alpha1.Values">Values</a>)
</p>
<p>
<p>ValuesSpec declares values to be loaded by the Kyverno CLI</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>globalValues</code><br/>
<em>
map[string]interface{}
</em>
</td>
<td>
<p>GlobalValues are the global values</p>
</td>
</tr>
<tr>
<td>
<code>policies</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.Policy">
[]Policy
</a>
</em>
</td>
<td>
<p>Policies are the policy values</p>
</td>
</tr>
<tr>
<td>
<code>namespaceSelector</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.NamespaceSelector">
[]NamespaceSelector
</a>
</em>
</td>
<td>
<p>NamespaceSelectors are the namespace labels</p>
</td>
</tr>
<tr>
<td>
<code>subresources</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.Subresource">
[]Subresource
</a>
</em>
</td>
<td>
<p>Subresources are the subresource/parent resource mappings</p>
</td>
</tr>
</tbody>
</table>
<hr />
</div>
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
</body>
</html>

5
test/cli/registry/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: test-registry
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- image-example.yaml
resources:

5
test/cli/scenarios_to_cli/other/scenario_mutate_endpoint/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: policy-endpoints
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/scenarios_to_cli/other/scenario_mutate_pod_spec/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: mutate-pods-spec
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/scenarios_to_cli/other/scenario_validate_default_proc_mount/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: validate-default-proc-mount
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/scenarios_to_cli/other/scenario_validate_disallow_default_serviceaccount/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: validate-disallow-default-serviceaccount
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/scenarios_to_cli/other/scenario_validate_healthChecks/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: check-probe-exists
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/scenarios_to_cli/other/scenario_validate_selinux_context/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: validate-selinux-options
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/scenarios_to_cli/other/scenario_validate_volume_whitelist/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: validate-volumes-whitelist
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/scenarios_to_cli/samples/more/restrict_ingress_classes/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: restrict-ingress-classes
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-fail/invalid-ns/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: test-exclude
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-fail/missing-policy/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: test-simple
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-fail/missing-resource/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: test-simple
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-fail/missing-rule/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: test-simple
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-generate/add-network-policy/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: deny-all-traffic
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-generate/add-quota/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: add-quota
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-generate/create-default-pdb/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: pdb-test
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-generate/custom-resource/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: generate-tests
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-generate/multiple-resources/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: multiple-resources
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-generate/sync-multiple-resources/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: sync-controller-data
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-generate/sync-secrets/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: sync-secrets
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-mutate/add-default-resources/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: add-default-resources
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- add-default-resources.yaml
resources:

13
test/cli/test-mutate/bug-demo/kyverno-test.yaml
View file

@ -1,13 +1,16 @@
name: bug-demo
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- ./policy.yaml
resources:
- ./resource.yaml
results:
- policy: bug-demo
rule: mutate1
- kind: Pod
patchedResource: patched-resource-pattern.yaml
policy: bug-demo
resources:
- pod1
kind: Pod
patchedResource: patched-resource-pattern.yaml
result: pass
rule: mutate1

5
test/cli/test-mutate/connection-draining/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: connection-draining
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policy.yaml
resources:

5
test/cli/test-mutate/foreach/addIfNotPresent/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: foreach-mutate
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policies.yaml
resources:

5
test/cli/test-mutate/foreach/cumulativePatch/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: foreach-mutate
apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies:
- policies.yaml
resources:

Some files were not shown because too many files have changed in this diff Show more