diff --git a/Makefile b/Makefile index f7cfb58ea5..27f20dc7a1 100644 --- a/Makefile +++ b/Makefile @@ -494,6 +494,11 @@ codegen-crds-report: $(CONTROLLER_GEN) ## Generate policy reports CRDs @echo Generate policy reports crds... >&2 @$(CONTROLLER_GEN) crd paths=./api/policyreport/... crd:crdVersions=v1 output:dir=$(CRDS_PATH) +.PHONY: codegen-crds-cli +codegen-crds-cli: $(CONTROLLER_GEN) ## Generate policy reports CRDs + @echo Generate cli crds... >&2 + @$(CONTROLLER_GEN) crd paths=./cmd/cli/kubectl-kyverno/apis/... crd:crdVersions=v1 output:dir=${PWD}/cmd/cli/kubectl-kyverno/config/crds + .PHONY: codegen-crds-all codegen-crds-all: codegen-crds-kyverno codegen-crds-report ## Generate all CRDs @@ -512,11 +517,21 @@ codegen-api-docs: $(PACKAGE_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) ## Generate API -template-dir docs/user/template \ -out-file docs/user/crd/index.html +.PHONY: codegen-cli-api-docs +codegen-cli-api-docs: $(PACKAGE_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) ## Generate CLI API docs + @echo Generate CLI api docs... >&2 + @rm -rf docs/user/cli/crd && mkdir -p docs/user/cli/crd + @GOPATH=$(GOPATH_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) -v 4 \ + -api-dir $(PACKAGE)/cmd/cli/kubectl-kyverno/apis \ + -config docs/user/config.json \ + -template-dir docs/user/template \ + -out-file docs/user/cli/crd/index.html + .PHONY: codegen-cli-docs codegen-cli-docs: $(CLI_BIN) ## Generate CLI docs @echo Generate cli docs... >&2 - @rm -rf docs/user/cli && mkdir -p docs/user/cli - @KYVERNO_EXPERIMENTAL=true $(CLI_BIN) docs -o docs/user/cli --autogenTag=false + @rm -rf docs/user/cli/commands && mkdir -p docs/user/cli/commands + @KYVERNO_EXPERIMENTAL=true $(CLI_BIN) docs -o docs/user/cli/commands --autogenTag=false .PHONY: codegen-cli-crds codegen-cli-crds: codegen-crds-kyverno ## Copy generated CRDs to embed in the CLI @@ -531,13 +546,16 @@ codegen-docs-all: codegen-helm-docs codegen-cli-docs codegen-api-docs ## Genera .PHONY: codegen-fix-tests codegen-fix-tests: $(CLI_BIN) ## Fix CLI test files @echo Fix CLI test files... >&2 - @KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix test ./test/cli --save --compress + @KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix test ./test/cli --save --compress --force .PHONY: codegen-fix-policies codegen-fix-policies: $(CLI_BIN) ## Fix CLI policy files @echo Fix CLI policy files... >&2 @KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix policy ./test/cli/test --save +.PHONY: codegen-cli-all +codegen-cli-all: codegen-cli-crds codegen-cli-docs codegen-cli-api-docs codegen-fix-tests ## Generate all CLI related code and docs + .PHONY: codegen-helm-crds codegen-helm-crds: codegen-crds-all ## Generate helm CRDs @echo Generate helm crds... >&2 diff --git a/cmd/cli/kubectl-kyverno/apis/doc.go b/cmd/cli/kubectl-kyverno/apis/doc.go new file mode 100644 index 0000000000..7b272ed514 --- /dev/null +++ b/cmd/cli/kubectl-kyverno/apis/doc.go @@ -0,0 +1 @@ +package apis diff --git a/cmd/cli/kubectl-kyverno/apis/test/test.go b/cmd/cli/kubectl-kyverno/apis/test/test.go deleted file mode 100644 index 2f96a36a8f..0000000000 --- a/cmd/cli/kubectl-kyverno/apis/test/test.go +++ /dev/null @@ -1,15 +0,0 @@ -package test - -import ( - "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" -) - -type Test struct { - Name string `json:"name"` - Policies []string `json:"policies"` - Resources []string `json:"resources"` - Variables string `json:"variables,omitempty"` - UserInfo string `json:"userinfo,omitempty"` - Results []TestResult `json:"results"` - Values *values.Values `json:"values,omitempty"` -} diff --git a/cmd/cli/kubectl-kyverno/apis/v1alpha1/doc.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/doc.go new file mode 100755 index 0000000000..52fa4db9f7 --- /dev/null +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/doc.go @@ -0,0 +1,3 @@ +// +groupName=cli.kyverno.io + +package v1alpha1 diff --git a/cmd/cli/kubectl-kyverno/apis/v1alpha1/namespace_selector.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/namespace_selector.go new file mode 100644 index 0000000000..6cc9c76b90 --- /dev/null +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/namespace_selector.go @@ -0,0 +1,10 @@ +package v1alpha1 + +// NamespaceSelector declares labels for a given namespace +type NamespaceSelector struct { + // Name is the namespace name + Name string `json:"name"` + + // Labels are the labels for the given namespace + Labels map[string]string `json:"labels"` +} diff --git a/cmd/cli/kubectl-kyverno/apis/v1alpha1/policy.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/policy.go new file mode 100644 index 0000000000..1c5ce5740d --- /dev/null +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/policy.go @@ -0,0 +1,13 @@ +package v1alpha1 + +// Policy declares values for a given policy +type Policy struct { + // Name is the policy name + Name string `json:"name"` + + // Resources are values for specific resources + Resources []Resource `json:"resources,omitempty"` + + // Rules are values for specific policy rules + Rules []Rule `json:"rules,omitempty"` +} diff --git a/cmd/cli/kubectl-kyverno/apis/v1alpha1/resource.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/resource.go new file mode 100644 index 0000000000..a78551b721 --- /dev/null +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/resource.go @@ -0,0 +1,13 @@ +package v1alpha1 + +// Resource declares values for a given resource +type Resource struct { + // Name is the name of the resource + Name string `json:"name"` + + // Values are the values for the given resource + // +kubebuilder:validation:Type=object + // +kubebuilder:pruning:PreserveUnknownFields + // +kubebuilder:validation:Schemaless + Values map[string]interface{} `json:"values,omitempty"` +} diff --git a/cmd/cli/kubectl-kyverno/apis/v1alpha1/rule.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/rule.go new file mode 100644 index 0000000000..3a20f2720d --- /dev/null +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/rule.go @@ -0,0 +1,19 @@ +package v1alpha1 + +// Rule declares values for a given policy rule +type Rule struct { + // Name is the name of the ppolicy rule + Name string `json:"name"` + + // Values are the values for the given policy rule + // +kubebuilder:validation:Type=object + // +kubebuilder:pruning:PreserveUnknownFields + // +kubebuilder:validation:Schemaless + Values map[string]interface{} `json:"values,omitempty"` + + // ForeachValues are the foreach values for the given policy rule + // +kubebuilder:validation:Type=object + // +kubebuilder:pruning:PreserveUnknownFields + // +kubebuilder:validation:Schemaless + ForeachValues map[string][]interface{} `json:"foreachValues,omitempty"` +} diff --git a/cmd/cli/kubectl-kyverno/apis/v1alpha1/subresource.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/subresource.go new file mode 100644 index 0000000000..de55e3272f --- /dev/null +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/subresource.go @@ -0,0 +1,14 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// Subresource declares subresource/parent resource mapping +type Subresource struct { + // Subresource declares the subresource api + Subresource metav1.APIResource `json:"subresource"` + + // ParentResource declares the parent resource api + ParentResource metav1.APIResource `json:"parentResource"` +} diff --git a/cmd/cli/kubectl-kyverno/apis/v1alpha1/test.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/test.go new file mode 100644 index 0000000000..19f9e1e059 --- /dev/null +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/test.go @@ -0,0 +1,37 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:resource:scope="Cluster" + +// Test declares a test +type Test struct { + metav1.TypeMeta `json:",inline,omitempty"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Name is the name of the test. + // This field is deprecated, use `metadata.name` instead + Name string `json:"name,omitempty"` + + // Policies are the policies to be used in the test + Policies []string `json:"policies,omitempty"` + + // Resources are the resource to be used in the test + Resources []string `json:"resources,omitempty"` + + // Variables is the values to be used in the test + Variables string `json:"variables,omitempty"` + + // UserInfo is the user info to be used in the test + UserInfo string `json:"userinfo,omitempty"` + + // Results are the results to be checked in the test + Results []TestResult `json:"results,omitempty"` + + // Values are the values to be used in the test + Values *ValuesSpec `json:"values,omitempty"` +} diff --git a/cmd/cli/kubectl-kyverno/apis/test/test_result.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/test_result.go similarity index 93% rename from cmd/cli/kubectl-kyverno/apis/test/test_result.go rename to cmd/cli/kubectl-kyverno/apis/v1alpha1/test_result.go index acbcb02003..8784cb8aef 100644 --- a/cmd/cli/kubectl-kyverno/apis/test/test_result.go +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/test_result.go @@ -1,52 +1,65 @@ -package test +package v1alpha1 import ( policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" ) +// TestResultBase declares a test result base fields type TestResultBase struct { // Policy mentions the name of the policy. Policy string `json:"policy"` + // Rule mentions the name of the rule in the policy. // It's required in case policy is a kyverno policy. // +optional Rule string `json:"rule,omitempty"` + // IsValidatingAdmissionPolicy indicates if the policy is a validating admission policy. // It's required in case policy is a validating admission policy. // +optional IsValidatingAdmissionPolicy bool `json:"isValidatingAdmissionPolicy,omitempty"` + // Result mentions the result that the user is expecting. // Possible values are pass, fail and skip. Result policyreportv1alpha2.PolicyResult `json:"result"` + // Kind mentions the kind of the resource on which the policy is to be applied. Kind string `json:"kind"` + // PatchedResource takes a resource configuration file in yaml format from // the user to compare it against the Kyverno mutated resource configuration. PatchedResource string `json:"patchedResource,omitempty"` + // GeneratedResource takes a resource configuration file in yaml format from // the user to compare it against the Kyverno generated resource configuration. GeneratedResource string `json:"generatedResource,omitempty"` + // CloneSourceResource takes the resource configuration file in yaml format // from the user which is meant to be cloned by the generate rule. CloneSourceResource string `json:"cloneSourceResource,omitempty"` } +// TestResultBase declares a test result deprecated fields type TestResultDeprecated struct { // Status mentions the status that the user is expecting. // Possible values are pass, fail and skip. // This is DEPRECATED, use `Result` instead. Status policyreportv1alpha2.PolicyResult `json:"status,omitempty"` + // Resource mentions the name of the resource on which the policy is to be applied. // This is DEPRECATED, use `Resources` instead. Resource string `json:"resource,omitempty"` + // Namespace mentions the namespace of the policy which has namespace scope. // This is DEPRECATED, use a name in the form `/` for policies and/or resources instead. Namespace string `json:"namespace,omitempty"` } +// TestResultBase declares a test result type TestResult struct { TestResultBase `json:",inline,omitempty"` TestResultDeprecated `json:",inline,omitempty"` + // Resources gives us the list of resources on which the policy is going to be applied. Resources []string `json:"resources"` } diff --git a/cmd/cli/kubectl-kyverno/apis/v1alpha1/user_info.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/user_info.go new file mode 100644 index 0000000000..3c220d2704 --- /dev/null +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/user_info.go @@ -0,0 +1,19 @@ +package v1alpha1 + +import ( + kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:resource:scope="Cluster" + +// UserInfo declares user infos to be loaded by the Kyverno CLI +type UserInfo struct { + metav1.TypeMeta `json:",inline,omitempty"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // RequestInfo declares user infos + kyvernov1beta1.RequestInfo `json:",inline"` +} diff --git a/cmd/cli/kubectl-kyverno/apis/v1alpha1/values.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/values.go new file mode 100644 index 0000000000..eb2c232817 --- /dev/null +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/values.go @@ -0,0 +1,18 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +kubebuilder:object:root=true +// +kubebuilder:resource:scope="Cluster" + +// Values declares values to be loaded by the Kyverno CLI +type Values struct { + metav1.TypeMeta `json:",inline,omitempty"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // ValuesSpec declares values + ValuesSpec `json:",inline"` +} diff --git a/cmd/cli/kubectl-kyverno/apis/v1alpha1/values_spec.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/values_spec.go new file mode 100644 index 0000000000..de6d828340 --- /dev/null +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/values_spec.go @@ -0,0 +1,19 @@ +package v1alpha1 + +// ValuesSpec declares values to be loaded by the Kyverno CLI +type ValuesSpec struct { + // GlobalValues are the global values + // +kubebuilder:validation:Type=object + // +kubebuilder:pruning:PreserveUnknownFields + // +kubebuilder:validation:Schemaless + GlobalValues map[string]interface{} `json:"globalValues,omitempty"` + + // Policies are the policy values + Policies []Policy `json:"policies,omitempty"` + + // NamespaceSelectors are the namespace labels + NamespaceSelectors []NamespaceSelector `json:"namespaceSelector,omitempty"` + + // Subresources are the subresource/parent resource mappings + Subresources []Subresource `json:"subresources,omitempty"` +} diff --git a/cmd/cli/kubectl-kyverno/apis/values/namespace_selector.go b/cmd/cli/kubectl-kyverno/apis/values/namespace_selector.go deleted file mode 100644 index 1fe1d4ddf0..0000000000 --- a/cmd/cli/kubectl-kyverno/apis/values/namespace_selector.go +++ /dev/null @@ -1,6 +0,0 @@ -package values - -type NamespaceSelector struct { - Name string `json:"name"` - Labels map[string]string `json:"labels"` -} diff --git a/cmd/cli/kubectl-kyverno/apis/values/policy.go b/cmd/cli/kubectl-kyverno/apis/values/policy.go deleted file mode 100644 index be9d347c52..0000000000 --- a/cmd/cli/kubectl-kyverno/apis/values/policy.go +++ /dev/null @@ -1,7 +0,0 @@ -package values - -type Policy struct { - Name string `json:"name"` - Resources []Resource `json:"resources"` - Rules []Rule `json:"rules"` -} diff --git a/cmd/cli/kubectl-kyverno/apis/values/resource.go b/cmd/cli/kubectl-kyverno/apis/values/resource.go deleted file mode 100644 index 3551082e58..0000000000 --- a/cmd/cli/kubectl-kyverno/apis/values/resource.go +++ /dev/null @@ -1,6 +0,0 @@ -package values - -type Resource struct { - Name string `json:"name"` - Values map[string]interface{} `json:"values"` -} diff --git a/cmd/cli/kubectl-kyverno/apis/values/rule.go b/cmd/cli/kubectl-kyverno/apis/values/rule.go deleted file mode 100644 index 61ec63260d..0000000000 --- a/cmd/cli/kubectl-kyverno/apis/values/rule.go +++ /dev/null @@ -1,7 +0,0 @@ -package values - -type Rule struct { - Name string `json:"name"` - Values map[string]interface{} `json:"values"` - ForeachValues map[string][]interface{} `json:"foreachValues"` -} diff --git a/cmd/cli/kubectl-kyverno/apis/values/subresource.go b/cmd/cli/kubectl-kyverno/apis/values/subresource.go deleted file mode 100644 index 09c5600e29..0000000000 --- a/cmd/cli/kubectl-kyverno/apis/values/subresource.go +++ /dev/null @@ -1,10 +0,0 @@ -package values - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -type Subresource struct { - APIResource metav1.APIResource `json:"subresource"` - ParentResource metav1.APIResource `json:"parentResource"` -} diff --git a/cmd/cli/kubectl-kyverno/apis/values/values.go b/cmd/cli/kubectl-kyverno/apis/values/values.go deleted file mode 100644 index 3bbc803231..0000000000 --- a/cmd/cli/kubectl-kyverno/apis/values/values.go +++ /dev/null @@ -1,8 +0,0 @@ -package values - -type Values struct { - Policies []Policy `json:"policies"` - GlobalValues map[string]interface{} `json:"globalValues"` - NamespaceSelectors []NamespaceSelector `json:"namespaceSelector"` - Subresources []Subresource `json:"subresources"` -} diff --git a/cmd/cli/kubectl-kyverno/commands/create/values/command.go b/cmd/cli/kubectl-kyverno/commands/create/values/command.go index c5c86e9f60..b26d49467a 100644 --- a/cmd/cli/kubectl-kyverno/commands/create/values/command.go +++ b/cmd/cli/kubectl-kyverno/commands/create/values/command.go @@ -5,7 +5,7 @@ import ( "strings" "text/template" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/commands/create/templates" "github.com/spf13/cobra" @@ -35,9 +35,8 @@ func Command() *cobra.Command { defer file.Close() output = file } - values := valuesapi.Values{ - GlobalValues: map[string]interface{}{}, - } + values := v1alpha1.ValuesSpec{} + values.GlobalValues = map[string]interface{}{} for _, result := range namespaceSelector { result := parseNamespaceSelector(result) if result != nil { @@ -73,12 +72,12 @@ func Command() *cobra.Command { return cmd } -func parseNamespaceSelector(in string) *valuesapi.NamespaceSelector { +func parseNamespaceSelector(in string) *v1alpha1.NamespaceSelector { parts := strings.Split(in, ",") if len(parts) < 2 { return nil } - nsSelector := valuesapi.NamespaceSelector{ + nsSelector := v1alpha1.NamespaceSelector{ Name: parts[0], Labels: map[string]string{}, } @@ -99,12 +98,12 @@ func parseKeyValue(in string) (string, string) { return "", "" } -func parseRule(in string) *valuesapi.Policy { +func parseRule(in string) *v1alpha1.Policy { parts := strings.Split(in, ",") if len(parts) < 2 { return nil } - rule := valuesapi.Rule{ + rule := v1alpha1.Rule{ Name: parts[1], Values: map[string]interface{}{}, } @@ -114,18 +113,18 @@ func parseRule(in string) *valuesapi.Policy { rule.Values[k] = v } } - return &valuesapi.Policy{ + return &v1alpha1.Policy{ Name: parts[0], - Rules: []valuesapi.Rule{rule}, + Rules: []v1alpha1.Rule{rule}, } } -func parseResource(in string) *valuesapi.Policy { +func parseResource(in string) *v1alpha1.Policy { parts := strings.Split(in, ",") if len(parts) < 2 { return nil } - resource := valuesapi.Resource{ + resource := v1alpha1.Resource{ Name: parts[1], Values: map[string]interface{}{}, } @@ -135,8 +134,8 @@ func parseResource(in string) *valuesapi.Policy { resource.Values[k] = v } } - return &valuesapi.Policy{ + return &v1alpha1.Policy{ Name: parts[0], - Resources: []valuesapi.Resource{resource}, + Resources: []v1alpha1.Resource{resource}, } } diff --git a/cmd/cli/kubectl-kyverno/commands/fix/policy/options.go b/cmd/cli/kubectl-kyverno/commands/fix/policy/options.go index 36269a2751..d3ad834ee9 100644 --- a/cmd/cli/kubectl-kyverno/commands/fix/policy/options.go +++ b/cmd/cli/kubectl-kyverno/commands/fix/policy/options.go @@ -90,7 +90,7 @@ func (o options) processFile(out io.Writer, path string) { for _, policy := range fixed { untyped, err := kubeutils.ObjToUnstructured(policy) if err != nil { - fmt.Fprintf(out, " ERROR: converting to yaml: %s", err) + fmt.Fprintf(out, " ERROR: converting to unstructured: %s", err) fmt.Fprintln(out) return } @@ -134,7 +134,7 @@ func (o options) processFile(out io.Writer, path string) { } jsonBytes, err := untyped.MarshalJSON() if err != nil { - fmt.Fprintf(out, " ERROR: converting to yaml: %s", err) + fmt.Fprintf(out, " ERROR: converting to json: %s", err) fmt.Fprintln(out) return } diff --git a/cmd/cli/kubectl-kyverno/commands/fix/test/command.go b/cmd/cli/kubectl-kyverno/commands/fix/test/command.go index dbd5aaa69e..023f7be528 100644 --- a/cmd/cli/kubectl-kyverno/commands/fix/test/command.go +++ b/cmd/cli/kubectl-kyverno/commands/fix/test/command.go @@ -23,6 +23,7 @@ func Command() *cobra.Command { } cmd.Flags().StringVarP(&options.fileName, "file-name", "f", "kyverno-test.yaml", "Test filename") cmd.Flags().BoolVar(&options.save, "save", false, "Save fixed file") + cmd.Flags().BoolVar(&options.force, "force", false, "Force save file") cmd.Flags().BoolVar(&options.compress, "compress", false, "Compress test results") return cmd } diff --git a/cmd/cli/kubectl-kyverno/commands/fix/test/options.go b/cmd/cli/kubectl-kyverno/commands/fix/test/options.go index 60c3a24dc4..59b1a558b8 100644 --- a/cmd/cli/kubectl-kyverno/commands/fix/test/options.go +++ b/cmd/cli/kubectl-kyverno/commands/fix/test/options.go @@ -10,12 +10,15 @@ import ( "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/fix" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test" + kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "sigs.k8s.io/yaml" ) type options struct { fileName string save bool + force bool compress bool } @@ -47,9 +50,9 @@ func (o options) execute(out io.Writer, dirs ...string) error { continue } fixed := *testCase.Test - if fixed.Name == "" { + if fixed.ObjectMeta.Name == "" && fixed.Name == "" { fmt.Fprintln(out, " WARNING: name is not set") - fixed.Name = filepath.Base(testCase.Path) + fixed.ObjectMeta.Name = filepath.Base(testCase.Path) } fixed, messages, err := fix.FixTest(fixed, o.compress) for _, warning := range messages { @@ -60,12 +63,27 @@ func (o options) execute(out io.Writer, dirs ...string) error { continue } needsSave := !reflect.DeepEqual(testCase.Test, &fixed) - if o.save && needsSave { + if o.save && (o.force || needsSave) { fmt.Fprintf(out, " Saving test file (%s)...", testCase.Path) fmt.Fprintln(out) - yamlBytes, err := yaml.Marshal(fixed) + untyped, err := kubeutils.ObjToUnstructured(fixed) if err != nil { - fmt.Fprintf(out, " ERROR: converting test to yaml: %s", err) + fmt.Fprintf(out, " ERROR: converting to unstructured: %s", err) + fmt.Fprintln(out) + continue + } + unstructured.RemoveNestedField(untyped.UnstructuredContent(), "metadata", "creationTimestamp") + unstructured.RemoveNestedField(untyped.UnstructuredContent(), "metadata", "generation") + unstructured.RemoveNestedField(untyped.UnstructuredContent(), "metadata", "uid") + jsonBytes, err := untyped.MarshalJSON() + if err != nil { + fmt.Fprintf(out, " ERROR: converting to json: %s", err) + fmt.Fprintln(out) + continue + } + yamlBytes, err := yaml.JSONToYAML(jsonBytes) + if err != nil { + fmt.Fprintf(out, " ERROR: converting to yaml: %s", err) fmt.Fprintln(out) continue } diff --git a/cmd/cli/kubectl-kyverno/commands/test/command.go b/cmd/cli/kubectl-kyverno/commands/test/command.go index 488fd47abb..c00ad26f11 100644 --- a/cmd/cli/kubectl-kyverno/commands/test/command.go +++ b/cmd/cli/kubectl-kyverno/commands/test/command.go @@ -6,7 +6,7 @@ import ( "path/filepath" "github.com/go-git/go-billy/v5" - testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color" @@ -112,7 +112,7 @@ func testCommandExecute( for _, test := range tests { if test.Err == nil { // filter results - var filteredResults []testapi.TestResult + var filteredResults []v1alpha1.TestResult for _, res := range test.Test.Results { if filter.Apply(res) { filteredResults = append(filteredResults, res) @@ -149,7 +149,7 @@ func testCommandExecute( return nil } -func checkResult(test testapi.TestResult, fs billy.Filesystem, resoucePath string, response engineapi.EngineResponse, rule engineapi.RuleResponse) (bool, string, string) { +func checkResult(test v1alpha1.TestResult, fs billy.Filesystem, resoucePath string, response engineapi.EngineResponse, rule engineapi.RuleResponse) (bool, string, string) { expected := test.Result // fallback to the deprecated field if expected == "" { @@ -181,7 +181,7 @@ func checkResult(test testapi.TestResult, fs billy.Filesystem, resoucePath strin return true, result.Message, "Ok" } -func lookupEngineResponses(test testapi.TestResult, resourceName string, responses ...engineapi.EngineResponse) []engineapi.EngineResponse { +func lookupEngineResponses(test v1alpha1.TestResult, resourceName string, responses ...engineapi.EngineResponse) []engineapi.EngineResponse { var matches []engineapi.EngineResponse for _, response := range responses { policy := response.Policy() @@ -202,7 +202,7 @@ func lookupEngineResponses(test testapi.TestResult, resourceName string, respons return matches } -func lookupRuleResponses(test testapi.TestResult, responses ...engineapi.RuleResponse) []engineapi.RuleResponse { +func lookupRuleResponses(test v1alpha1.TestResult, responses ...engineapi.RuleResponse) []engineapi.RuleResponse { var matches []engineapi.RuleResponse // Since there are no rules in case of validating admission policies, responses are returned without checking rule names. if test.IsValidatingAdmissionPolicy { diff --git a/cmd/cli/kubectl-kyverno/commands/test/output.go b/cmd/cli/kubectl-kyverno/commands/test/output.go index c29c4baf6b..40b41d381f 100644 --- a/cmd/cli/kubectl-kyverno/commands/test/output.go +++ b/cmd/cli/kubectl-kyverno/commands/test/output.go @@ -6,7 +6,7 @@ import ( "github.com/go-git/go-billy/v5" policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" - testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/table" engineapi "github.com/kyverno/kyverno/pkg/engine/api" @@ -14,7 +14,7 @@ import ( func printTestResult( out io.Writer, - tests []testapi.TestResult, + tests []v1alpha1.TestResult, responses []engineapi.EngineResponse, rc *resultCounts, failOnly bool, diff --git a/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_tests.yaml b/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_tests.yaml new file mode 100644 index 0000000000..43e3639148 --- /dev/null +++ b/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_tests.yaml @@ -0,0 +1,362 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: tests.cli.kyverno.io +spec: + group: cli.kyverno.io + names: + kind: Test + listKind: TestList + plural: tests + singular: test + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Test declares a test + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + name: + description: Name is the name of the test. This field is deprecated, use + `metadata.name` instead + type: string + policies: + description: Policies are the policies to be used in the test + items: + type: string + type: array + resources: + description: Resources are the resource to be used in the test + items: + type: string + type: array + results: + description: Results are the results to be checked in the test + items: + description: TestResultBase declares a test result + properties: + cloneSourceResource: + description: CloneSourceResource takes the resource configuration + file in yaml format from the user which is meant to be cloned + by the generate rule. + type: string + generatedResource: + description: GeneratedResource takes a resource configuration file + in yaml format from the user to compare it against the Kyverno + generated resource configuration. + type: string + isValidatingAdmissionPolicy: + description: IsValidatingAdmissionPolicy indicates if the policy + is a validating admission policy. It's required in case policy + is a validating admission policy. + type: boolean + kind: + description: Kind mentions the kind of the resource on which the + policy is to be applied. + type: string + namespace: + description: Namespace mentions the namespace of the policy which + has namespace scope. This is DEPRECATED, use a name in the form + `/` for policies and/or resources instead. + type: string + patchedResource: + description: PatchedResource takes a resource configuration file + in yaml format from the user to compare it against the Kyverno + mutated resource configuration. + type: string + policy: + description: Policy mentions the name of the policy. + type: string + resource: + description: Resource mentions the name of the resource on which + the policy is to be applied. This is DEPRECATED, use `Resources` + instead. + type: string + resources: + description: Resources gives us the list of resources on which the + policy is going to be applied. + items: + type: string + type: array + result: + description: Result mentions the result that the user is expecting. + Possible values are pass, fail and skip. + enum: + - pass + - fail + - warn + - error + - skip + type: string + rule: + description: Rule mentions the name of the rule in the policy. It's + required in case policy is a kyverno policy. + type: string + status: + description: Status mentions the status that the user is expecting. + Possible values are pass, fail and skip. This is DEPRECATED, use + `Result` instead. + enum: + - pass + - fail + - warn + - error + - skip + type: string + required: + - kind + - policy + - resources + - result + type: object + type: array + userinfo: + description: UserInfo is the user info to be used in the test + type: string + values: + description: Values are the values to be used in the test + properties: + globalValues: + description: GlobalValues are the global values + type: object + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + description: NamespaceSelectors are the namespace labels + items: + description: NamespaceSelector declares labels for a given namespace + properties: + labels: + additionalProperties: + type: string + description: Labels are the labels for the given namespace + type: object + name: + description: Name is the namespace name + type: string + required: + - labels + - name + type: object + type: array + policies: + description: Policies are the policy values + items: + description: Policy declares values for a given policy + properties: + name: + description: Name is the policy name + type: string + resources: + description: Resources are values for specific resources + items: + description: Resource declares values for a given resource + properties: + name: + description: Name is the name of the resource + type: string + values: + description: Values are the values for the given resource + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - name + type: object + type: array + rules: + description: Rules are values for specific policy rules + items: + description: Rule declares values for a given policy rule + properties: + foreachValues: + description: ForeachValues are the foreach values for + the given policy rule + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name is the name of the ppolicy rule + type: string + values: + description: Values are the values for the given policy + rule + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - name + type: object + type: array + required: + - name + type: object + type: array + subresources: + description: Subresources are the subresource/parent resource mappings + items: + description: Subresource declares subresource/parent resource mapping + properties: + parentResource: + description: ParentResource declares the parent resource api + properties: + categories: + description: categories is a list of the grouped resources + this resource belongs to (e.g. 'all') + items: + type: string + type: array + group: + description: 'group is the preferred group of the resource. Empty + implies the group of the containing resource list. For + subresources, this may have a different value, for example: + Scale".' + type: string + kind: + description: kind is the kind for the resource (e.g. 'Foo' + is the kind for a resource 'foo') + type: string + name: + description: name is the plural name of the resource. + type: string + namespaced: + description: namespaced indicates if a resource is namespaced + or not. + type: boolean + shortNames: + description: shortNames is a list of suggested short names + of the resource. + items: + type: string + type: array + singularName: + description: singularName is the singular name of the resource. This + allows clients to handle plural and singular opaquely. + The singularName is more correct for reporting status + on a single item and both singular and plural are allowed + from the kubectl CLI interface. + type: string + storageVersionHash: + description: The hash value of the storage version, the + version this resource is converted to when written to + the data store. Value must be treated as opaque by clients. + Only equality comparison on the value is valid. This is + an alpha feature and may change or be removed in the future. + The field is populated by the apiserver only if the StorageVersionHash + feature gate is enabled. This field will remain optional + even if it graduates. + type: string + verbs: + description: verbs is a list of supported kube verbs (this + includes get, list, watch, create, update, patch, delete, + deletecollection, and proxy) + items: + type: string + type: array + version: + description: 'version is the preferred version of the resource. Empty + implies the version of the containing resource list For + subresources, this may have a different value, for example: + v1 (while inside a v1beta1 version of the core resource''s + group)".' + type: string + required: + - kind + - name + - namespaced + - singularName + - verbs + type: object + subresource: + description: Subresource declares the subresource api + properties: + categories: + description: categories is a list of the grouped resources + this resource belongs to (e.g. 'all') + items: + type: string + type: array + group: + description: 'group is the preferred group of the resource. Empty + implies the group of the containing resource list. For + subresources, this may have a different value, for example: + Scale".' + type: string + kind: + description: kind is the kind for the resource (e.g. 'Foo' + is the kind for a resource 'foo') + type: string + name: + description: name is the plural name of the resource. + type: string + namespaced: + description: namespaced indicates if a resource is namespaced + or not. + type: boolean + shortNames: + description: shortNames is a list of suggested short names + of the resource. + items: + type: string + type: array + singularName: + description: singularName is the singular name of the resource. This + allows clients to handle plural and singular opaquely. + The singularName is more correct for reporting status + on a single item and both singular and plural are allowed + from the kubectl CLI interface. + type: string + storageVersionHash: + description: The hash value of the storage version, the + version this resource is converted to when written to + the data store. Value must be treated as opaque by clients. + Only equality comparison on the value is valid. This is + an alpha feature and may change or be removed in the future. + The field is populated by the apiserver only if the StorageVersionHash + feature gate is enabled. This field will remain optional + even if it graduates. + type: string + verbs: + description: verbs is a list of supported kube verbs (this + includes get, list, watch, create, update, patch, delete, + deletecollection, and proxy) + items: + type: string + type: array + version: + description: 'version is the preferred version of the resource. Empty + implies the version of the containing resource list For + subresources, this may have a different value, for example: + v1 (while inside a v1beta1 version of the core resource''s + group)".' + type: string + required: + - kind + - name + - namespaced + - singularName + - verbs + type: object + required: + - parentResource + - subresource + type: object + type: array + type: object + variables: + description: Variables is the values to be used in the test + type: string + type: object + served: true + storage: true diff --git a/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_userinfoes.yaml b/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_userinfoes.yaml new file mode 100644 index 0000000000..45fc4e1b10 --- /dev/null +++ b/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_userinfoes.yaml @@ -0,0 +1,75 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: userinfoes.cli.kyverno.io +spec: + group: cli.kyverno.io + names: + kind: UserInfo + listKind: UserInfoList + plural: userinfoes + singular: userinfo + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: UserInfo declares user infos to be loaded by the Kyverno CLI + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + clusterRoles: + description: ClusterRoles is a list of possible clusterRoles send the + request. + items: + type: string + nullable: true + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + roles: + description: Roles is a list of possible role send the request. + items: + type: string + nullable: true + type: array + userInfo: + description: UserInfo is the userInfo carried in the admission request. + properties: + extra: + additionalProperties: + description: ExtraValue masks the value so protobuf can generate + items: + type: string + type: array + description: Any additional information provided by the authenticator. + type: object + groups: + description: The names of groups this user is a part of. + items: + type: string + type: array + uid: + description: A unique value that identifies this user across time. + If this user is deleted and another user by the same name is added, + they will have different UIDs. + type: string + username: + description: The name that uniquely identifies this user among all + active users. + type: string + type: object + type: object + served: true + storage: true diff --git a/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_values.yaml b/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_values.yaml new file mode 100644 index 0000000000..10139f5fc9 --- /dev/null +++ b/cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_values.yaml @@ -0,0 +1,251 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: values.cli.kyverno.io +spec: + group: cli.kyverno.io + names: + kind: Values + listKind: ValuesList + plural: values + singular: values + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Values declares values to be loaded by the Kyverno CLI + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + globalValues: + description: GlobalValues are the global values + type: object + x-kubernetes-preserve-unknown-fields: true + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + namespaceSelector: + description: NamespaceSelectors are the namespace labels + items: + description: NamespaceSelector declares labels for a given namespace + properties: + labels: + additionalProperties: + type: string + description: Labels are the labels for the given namespace + type: object + name: + description: Name is the namespace name + type: string + required: + - labels + - name + type: object + type: array + policies: + description: Policies are the policy values + items: + description: Policy declares values for a given policy + properties: + name: + description: Name is the policy name + type: string + resources: + description: Resources are values for specific resources + items: + description: Resource declares values for a given resource + properties: + name: + description: Name is the name of the resource + type: string + values: + description: Values are the values for the given resource + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - name + type: object + type: array + rules: + description: Rules are values for specific policy rules + items: + description: Rule declares values for a given policy rule + properties: + foreachValues: + description: ForeachValues are the foreach values for the + given policy rule + type: object + x-kubernetes-preserve-unknown-fields: true + name: + description: Name is the name of the ppolicy rule + type: string + values: + description: Values are the values for the given policy rule + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - name + type: object + type: array + required: + - name + type: object + type: array + subresources: + description: Subresources are the subresource/parent resource mappings + items: + description: Subresource declares subresource/parent resource mapping + properties: + parentResource: + description: ParentResource declares the parent resource api + properties: + categories: + description: categories is a list of the grouped resources this + resource belongs to (e.g. 'all') + items: + type: string + type: array + group: + description: 'group is the preferred group of the resource. Empty + implies the group of the containing resource list. For subresources, + this may have a different value, for example: Scale".' + type: string + kind: + description: kind is the kind for the resource (e.g. 'Foo' is + the kind for a resource 'foo') + type: string + name: + description: name is the plural name of the resource. + type: string + namespaced: + description: namespaced indicates if a resource is namespaced + or not. + type: boolean + shortNames: + description: shortNames is a list of suggested short names of + the resource. + items: + type: string + type: array + singularName: + description: singularName is the singular name of the resource. This + allows clients to handle plural and singular opaquely. The + singularName is more correct for reporting status on a single + item and both singular and plural are allowed from the kubectl + CLI interface. + type: string + storageVersionHash: + description: The hash value of the storage version, the version + this resource is converted to when written to the data store. + Value must be treated as opaque by clients. Only equality + comparison on the value is valid. This is an alpha feature + and may change or be removed in the future. The field is populated + by the apiserver only if the StorageVersionHash feature gate + is enabled. This field will remain optional even if it graduates. + type: string + verbs: + description: verbs is a list of supported kube verbs (this includes + get, list, watch, create, update, patch, delete, deletecollection, + and proxy) + items: + type: string + type: array + version: + description: 'version is the preferred version of the resource. Empty + implies the version of the containing resource list For subresources, + this may have a different value, for example: v1 (while inside + a v1beta1 version of the core resource''s group)".' + type: string + required: + - kind + - name + - namespaced + - singularName + - verbs + type: object + subresource: + description: Subresource declares the subresource api + properties: + categories: + description: categories is a list of the grouped resources this + resource belongs to (e.g. 'all') + items: + type: string + type: array + group: + description: 'group is the preferred group of the resource. Empty + implies the group of the containing resource list. For subresources, + this may have a different value, for example: Scale".' + type: string + kind: + description: kind is the kind for the resource (e.g. 'Foo' is + the kind for a resource 'foo') + type: string + name: + description: name is the plural name of the resource. + type: string + namespaced: + description: namespaced indicates if a resource is namespaced + or not. + type: boolean + shortNames: + description: shortNames is a list of suggested short names of + the resource. + items: + type: string + type: array + singularName: + description: singularName is the singular name of the resource. This + allows clients to handle plural and singular opaquely. The + singularName is more correct for reporting status on a single + item and both singular and plural are allowed from the kubectl + CLI interface. + type: string + storageVersionHash: + description: The hash value of the storage version, the version + this resource is converted to when written to the data store. + Value must be treated as opaque by clients. Only equality + comparison on the value is valid. This is an alpha feature + and may change or be removed in the future. The field is populated + by the apiserver only if the StorageVersionHash feature gate + is enabled. This field will remain optional even if it graduates. + type: string + verbs: + description: verbs is a list of supported kube verbs (this includes + get, list, watch, create, update, patch, delete, deletecollection, + and proxy) + items: + type: string + type: array + version: + description: 'version is the preferred version of the resource. Empty + implies the version of the containing resource list For subresources, + this may have a different value, for example: v1 (while inside + a v1beta1 version of the core resource''s group)".' + type: string + required: + - kind + - name + - namespaced + - singularName + - verbs + type: object + required: + - parentResource + - subresource + type: object + type: array + type: object + served: true + storage: true diff --git a/cmd/cli/kubectl-kyverno/fix/test.go b/cmd/cli/kubectl-kyverno/fix/test.go index 6947f76383..9a745b2395 100644 --- a/cmd/cli/kubectl-kyverno/fix/test.go +++ b/cmd/cli/kubectl-kyverno/fix/test.go @@ -4,16 +4,26 @@ import ( "errors" "fmt" - testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" datautils "github.com/kyverno/kyverno/pkg/utils/data" "golang.org/x/exp/slices" "k8s.io/apimachinery/pkg/util/sets" ) -func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) { +func FixTest(test v1alpha1.Test, compress bool) (v1alpha1.Test, []string, error) { var messages []string - if test.Name == "" { - messages = append(messages, "name is not set") + if test.APIVersion == "" { + messages = append(messages, "api version is not set, setting `cli.kyverno.io/v1alpha1`") + test.APIVersion = "cli.kyverno.io/v1alpha1" + } + if test.Kind == "" { + messages = append(messages, "kind is not set, setting `Test`") + test.Kind = "Test" + } + if test.Name != "" { + messages = append(messages, "name is deprecated, moving it into `metadata.name`") + test.ObjectMeta.Name = test.Name + test.Name = "" } if len(test.Policies) == 0 { messages = append(messages, "test has no policies") @@ -21,7 +31,7 @@ func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) { if len(test.Resources) == 0 { messages = append(messages, "test has no resources") } - var results []testapi.TestResult + var results []v1alpha1.TestResult for _, result := range test.Results { if result.Resource != "" && len(result.Resources) != 0 { messages = append(messages, "test result should not use both `resource` and `resources` fields") @@ -55,7 +65,7 @@ func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) { results = append(results, result) } if compress { - compressed := map[testapi.TestResultBase][]string{} + compressed := map[v1alpha1.TestResultBase][]string{} for _, result := range results { compressed[result.TestResultBase] = append(compressed[result.TestResultBase], result.Resources...) } @@ -66,13 +76,13 @@ func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) { messages = append(messages, "test results contains duplicate resources") v = unique.UnsortedList() } - results = append(results, testapi.TestResult{ + results = append(results, v1alpha1.TestResult{ TestResultBase: k, Resources: v, }) } } - slices.SortFunc(results, func(a, b testapi.TestResult) int { + slices.SortFunc(results, func(a, b v1alpha1.TestResult) int { if x := datautils.Compare(a.Policy, b.Policy); x != 0 { return x } diff --git a/cmd/cli/kubectl-kyverno/processor/policy_processor.go b/cmd/cli/kubectl-kyverno/processor/policy_processor.go index 35b62dcae4..cf693d8004 100644 --- a/cmd/cli/kubectl-kyverno/processor/policy_processor.go +++ b/cmd/cli/kubectl-kyverno/processor/policy_processor.go @@ -11,7 +11,7 @@ import ( json_patch "github.com/evanphx/json-patch/v5" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common" @@ -49,7 +49,7 @@ type PolicyProcessor struct { RuleToCloneSourceResource map[string]string Client dclient.Interface AuditWarn bool - Subresources []valuesapi.Subresource + Subresources []v1alpha1.Subresource Out io.Writer } @@ -79,9 +79,9 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse, if p.Client == nil { for _, s := range p.Subresources { subgvk := schema.GroupVersionKind{ - Group: s.APIResource.Group, - Version: s.APIResource.Version, - Kind: s.APIResource.Kind, + Group: s.Subresource.Group, + Version: s.Subresource.Version, + Kind: s.Subresource.Kind, } if gvk == subgvk { gvk = schema.GroupVersionKind{ @@ -89,7 +89,7 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse, Version: s.ParentResource.Version, Kind: s.ParentResource.Kind, } - parts := strings.Split(s.APIResource.Name, "/") + parts := strings.Split(s.Subresource.Name, "/") subresource = parts[1] } } diff --git a/cmd/cli/kubectl-kyverno/test/filter/filter.go b/cmd/cli/kubectl-kyverno/test/filter/filter.go index 11ce11e303..08e68d5603 100644 --- a/cmd/cli/kubectl-kyverno/test/filter/filter.go +++ b/cmd/cli/kubectl-kyverno/test/filter/filter.go @@ -4,19 +4,19 @@ import ( "fmt" "strings" - testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/pkg/utils/wildcard" ) type Filter interface { - Apply(testapi.TestResult) bool + Apply(v1alpha1.TestResult) bool } type policy struct { value string } -func (f policy) Apply(result testapi.TestResult) bool { +func (f policy) Apply(result v1alpha1.TestResult) bool { if result.Policy == "" { return true } @@ -30,7 +30,7 @@ type rule struct { value string } -func (f rule) Apply(result testapi.TestResult) bool { +func (f rule) Apply(result v1alpha1.TestResult) bool { if result.Rule == "" { return true } @@ -44,7 +44,7 @@ type resource struct { value string } -func (f resource) Apply(result testapi.TestResult) bool { +func (f resource) Apply(result v1alpha1.TestResult) bool { if result.Resource == "" { return true } @@ -58,7 +58,7 @@ type composite struct { filters []Filter } -func (f composite) Apply(result testapi.TestResult) bool { +func (f composite) Apply(result v1alpha1.TestResult) bool { for _, f := range f.filters { if !f.Apply(result) { return false diff --git a/cmd/cli/kubectl-kyverno/test/filter/filter_test.go b/cmd/cli/kubectl-kyverno/test/filter/filter_test.go index ea92d5a099..08e1319eb5 100644 --- a/cmd/cli/kubectl-kyverno/test/filter/filter_test.go +++ b/cmd/cli/kubectl-kyverno/test/filter/filter_test.go @@ -5,58 +5,58 @@ import ( "reflect" "testing" - testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" ) func Test_policy_Apply(t *testing.T) { tests := []struct { name string value string - result testapi.TestResult + result v1alpha1.TestResult want bool }{{ name: "empty result", value: "test", - result: testapi.TestResult{}, + result: v1alpha1.TestResult{}, want: true, }, { name: "empty value", value: "", - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Policy: "test"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Policy: "test"}, }, want: false, }, { name: "empty value and result", value: "", - result: testapi.TestResult{}, + result: v1alpha1.TestResult{}, want: true, }, { name: "match", value: "test", - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Policy: "test"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Policy: "test"}, }, want: true, }, { name: "no match", value: "test", - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Policy: "not-test"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Policy: "not-test"}, }, want: false, }, { name: "wildcard match", value: "disallow-*", - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Policy: "disallow-latest-tag"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Policy: "disallow-latest-tag"}, }, want: true, }, { name: "wildcard does not match", value: "allow-*", - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Policy: "disallow-latest-tag"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Policy: "disallow-latest-tag"}, }, want: false, }} @@ -76,51 +76,51 @@ func Test_rule_Apply(t *testing.T) { tests := []struct { name string value string - result testapi.TestResult + result v1alpha1.TestResult want bool }{{ name: "empty result", value: "test", - result: testapi.TestResult{}, + result: v1alpha1.TestResult{}, want: true, }, { name: "empty value", value: "", - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Rule: "test"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Rule: "test"}, }, want: false, }, { name: "empty value and result", value: "", - result: testapi.TestResult{}, + result: v1alpha1.TestResult{}, want: true, }, { name: "match", value: "test", - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Rule: "test"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Rule: "test"}, }, want: true, }, { name: "no match", value: "test", - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Rule: "not-test"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Rule: "not-test"}, }, want: false, }, { name: "wildcard match", value: "*-image-tag", - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Rule: "validate-image-tag"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Rule: "validate-image-tag"}, }, want: true, }, { name: "wildcard does not match", value: "require-*", - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Rule: "validate-image-tag"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Rule: "validate-image-tag"}, }, want: false, }} @@ -140,51 +140,51 @@ func Test_resource_Apply(t *testing.T) { tests := []struct { name string value string - result testapi.TestResult + result v1alpha1.TestResult want bool }{{ name: "empty result", value: "test", - result: testapi.TestResult{}, + result: v1alpha1.TestResult{}, want: true, }, { name: "empty value", value: "", - result: testapi.TestResult{ - TestResultDeprecated: testapi.TestResultDeprecated{Resource: "test"}, + result: v1alpha1.TestResult{ + TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "test"}, }, want: false, }, { name: "empty value and result", value: "", - result: testapi.TestResult{}, + result: v1alpha1.TestResult{}, want: true, }, { name: "match", value: "test", - result: testapi.TestResult{ - TestResultDeprecated: testapi.TestResultDeprecated{Resource: "test"}, + result: v1alpha1.TestResult{ + TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "test"}, }, want: true, }, { name: "no match", value: "test", - result: testapi.TestResult{ - TestResultDeprecated: testapi.TestResultDeprecated{Resource: "not-test"}, + result: v1alpha1.TestResult{ + TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "not-test"}, }, want: false, }, { name: "wildcard match", value: "good*01", - result: testapi.TestResult{ - TestResultDeprecated: testapi.TestResultDeprecated{Resource: "good-deployment-01"}, + result: v1alpha1.TestResult{ + TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "good-deployment-01"}, }, want: true, }, { name: "wildcard does not match", value: "good*01", - result: testapi.TestResult{ - TestResultDeprecated: testapi.TestResultDeprecated{Resource: "bad-deployment-01"}, + result: v1alpha1.TestResult{ + TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "bad-deployment-01"}, }, want: false, }} @@ -204,46 +204,46 @@ func Test_composite_Apply(t *testing.T) { tests := []struct { name string filters []Filter - result testapi.TestResult + result v1alpha1.TestResult want bool }{{ name: "nil", filters: nil, - result: testapi.TestResult{}, + result: v1alpha1.TestResult{}, want: true, }, { name: "empty", filters: []Filter{}, - result: testapi.TestResult{}, + result: v1alpha1.TestResult{}, want: true, }, { name: "policy match", filters: []Filter{policy{"test"}}, - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Policy: "test"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Policy: "test"}, }, want: true, }, { name: "policy no match", filters: []Filter{policy{"test"}}, - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Policy: "not-test"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Policy: "not-test"}, }, want: false, }, { name: "policy and resource match", filters: []Filter{policy{"test"}, resource{"resource"}}, - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Policy: "test"}, - TestResultDeprecated: testapi.TestResultDeprecated{Resource: "resource"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Policy: "test"}, + TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "resource"}, }, want: true, }, { name: "policy match and resource no match", filters: []Filter{policy{"test"}, resource{"resource"}}, - result: testapi.TestResult{ - TestResultBase: testapi.TestResultBase{Policy: "test"}, - TestResultDeprecated: testapi.TestResultDeprecated{Resource: "not-resource"}, + result: v1alpha1.TestResult{ + TestResultBase: v1alpha1.TestResultBase{Policy: "test"}, + TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "not-resource"}, }, want: false, }, diff --git a/cmd/cli/kubectl-kyverno/test/load.go b/cmd/cli/kubectl-kyverno/test/load.go index 3998323738..4a1b4ef1de 100644 --- a/cmd/cli/kubectl-kyverno/test/load.go +++ b/cmd/cli/kubectl-kyverno/test/load.go @@ -6,7 +6,7 @@ import ( "path/filepath" "github.com/go-git/go-billy/v5" - testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "k8s.io/apimachinery/pkg/util/yaml" ) @@ -65,7 +65,7 @@ func LoadTest(fs billy.Filesystem, path string) TestCase { } yamlBytes = data } - var test testapi.Test + var test v1alpha1.Test if err := yaml.UnmarshalStrict(yamlBytes, &test); err != nil { return TestCase{ Path: path, diff --git a/cmd/cli/kubectl-kyverno/test/load_test.go b/cmd/cli/kubectl-kyverno/test/load_test.go index 5cd344ce29..db21f58aef 100644 --- a/cmd/cli/kubectl-kyverno/test/load_test.go +++ b/cmd/cli/kubectl-kyverno/test/load_test.go @@ -9,7 +9,7 @@ import ( "github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5/memfs" policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" - testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" ) func TestLoadTests(t *testing.T) { @@ -46,12 +46,12 @@ func TestLoadTests(t *testing.T) { fileName: "kyverno-test.yaml", want: []TestCase{{ Path: "../_testdata/tests/test-1/kyverno-test.yaml", - Test: &testapi.Test{ + Test: &v1alpha1.Test{ Name: "test-registry", Policies: []string{"image-example.yaml"}, Resources: []string{"resources.yaml"}, - Results: []testapi.TestResult{{ - TestResultBase: testapi.TestResultBase{ + Results: []v1alpha1.TestResult{{ + TestResultBase: v1alpha1.TestResultBase{ Kind: "Pod", Policy: "images", Result: policyreportv1alpha2.StatusPass, @@ -59,7 +59,7 @@ func TestLoadTests(t *testing.T) { }, Resources: []string{"test-pod-with-non-root-user-image"}, }, { - TestResultBase: testapi.TestResultBase{ + TestResultBase: v1alpha1.TestResultBase{ Kind: "Pod", Policy: "images", Result: policyreportv1alpha2.StatusPass, @@ -76,12 +76,12 @@ func TestLoadTests(t *testing.T) { fileName: "kyverno-test.yaml", want: []TestCase{{ Path: "../_testdata/tests/test-2/kyverno-test.yaml", - Test: &testapi.Test{ + Test: &v1alpha1.Test{ Name: "add-quota", Policies: []string{"policy.yaml"}, Resources: []string{"resource.yaml"}, - Results: []testapi.TestResult{{ - TestResultBase: testapi.TestResultBase{ + Results: []v1alpha1.TestResult{{ + TestResultBase: v1alpha1.TestResultBase{ Kind: "Namespace", Policy: "add-ns-quota", Result: policyreportv1alpha2.StatusPass, @@ -90,7 +90,7 @@ func TestLoadTests(t *testing.T) { }, Resources: []string{"hello-world-namespace"}, }, { - TestResultBase: testapi.TestResultBase{ + TestResultBase: v1alpha1.TestResultBase{ Kind: "Namespace", Policy: "add-ns-quota", Result: policyreportv1alpha2.StatusPass, @@ -108,12 +108,12 @@ func TestLoadTests(t *testing.T) { fileName: "kyverno-test.yaml", want: []TestCase{{ Path: "../_testdata/tests/test-1/kyverno-test.yaml", - Test: &testapi.Test{ + Test: &v1alpha1.Test{ Name: "test-registry", Policies: []string{"image-example.yaml"}, Resources: []string{"resources.yaml"}, - Results: []testapi.TestResult{{ - TestResultBase: testapi.TestResultBase{ + Results: []v1alpha1.TestResult{{ + TestResultBase: v1alpha1.TestResultBase{ Kind: "Pod", Policy: "images", Result: policyreportv1alpha2.StatusPass, @@ -121,7 +121,7 @@ func TestLoadTests(t *testing.T) { }, Resources: []string{"test-pod-with-non-root-user-image"}, }, { - TestResultBase: testapi.TestResultBase{ + TestResultBase: v1alpha1.TestResultBase{ Kind: "Pod", Policy: "images", Result: policyreportv1alpha2.StatusPass, @@ -132,12 +132,12 @@ func TestLoadTests(t *testing.T) { }, }, { Path: "../_testdata/tests/test-2/kyverno-test.yaml", - Test: &testapi.Test{ + Test: &v1alpha1.Test{ Name: "add-quota", Policies: []string{"policy.yaml"}, Resources: []string{"resource.yaml"}, - Results: []testapi.TestResult{{ - TestResultBase: testapi.TestResultBase{ + Results: []v1alpha1.TestResult{{ + TestResultBase: v1alpha1.TestResultBase{ Kind: "Namespace", Policy: "add-ns-quota", Result: policyreportv1alpha2.StatusPass, @@ -146,7 +146,7 @@ func TestLoadTests(t *testing.T) { }, Resources: []string{"hello-world-namespace"}, }, { - TestResultBase: testapi.TestResultBase{ + TestResultBase: v1alpha1.TestResultBase{ Kind: "Namespace", Policy: "add-ns-quota", Result: policyreportv1alpha2.StatusPass, @@ -197,12 +197,12 @@ func TestLoadTest(t *testing.T) { path: "../_testdata/tests/test-1/kyverno-test.yaml", want: TestCase{ Path: "../_testdata/tests/test-1/kyverno-test.yaml", - Test: &testapi.Test{ + Test: &v1alpha1.Test{ Name: "test-registry", Policies: []string{"image-example.yaml"}, Resources: []string{"resources.yaml"}, - Results: []testapi.TestResult{{ - TestResultBase: testapi.TestResultBase{ + Results: []v1alpha1.TestResult{{ + TestResultBase: v1alpha1.TestResultBase{ Kind: "Pod", Policy: "images", Result: policyreportv1alpha2.StatusPass, @@ -210,7 +210,7 @@ func TestLoadTest(t *testing.T) { }, Resources: []string{"test-pod-with-non-root-user-image"}, }, { - TestResultBase: testapi.TestResultBase{ + TestResultBase: v1alpha1.TestResultBase{ Kind: "Pod", Policy: "images", Result: policyreportv1alpha2.StatusPass, @@ -225,12 +225,12 @@ func TestLoadTest(t *testing.T) { path: "kyverno-test.yaml", want: TestCase{ Path: "kyverno-test.yaml", - Test: &testapi.Test{ + Test: &v1alpha1.Test{ Name: "test-registry", Policies: []string{"image-example.yaml"}, Resources: []string{"resources.yaml"}, - Results: []testapi.TestResult{{ - TestResultBase: testapi.TestResultBase{ + Results: []v1alpha1.TestResult{{ + TestResultBase: v1alpha1.TestResultBase{ Kind: "Pod", Policy: "images", Result: policyreportv1alpha2.StatusPass, @@ -238,7 +238,7 @@ func TestLoadTest(t *testing.T) { }, Resources: []string{"test-pod-with-non-root-user-image"}, }, { - TestResultBase: testapi.TestResultBase{ + TestResultBase: v1alpha1.TestResultBase{ Kind: "Pod", Policy: "images", Result: policyreportv1alpha2.StatusPass, diff --git a/cmd/cli/kubectl-kyverno/test/test_case.go b/cmd/cli/kubectl-kyverno/test/test_case.go index 73c91d91dd..58f8363319 100644 --- a/cmd/cli/kubectl-kyverno/test/test_case.go +++ b/cmd/cli/kubectl-kyverno/test/test_case.go @@ -4,13 +4,13 @@ import ( "path/filepath" "github.com/go-git/go-billy/v5" - testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" ) type TestCase struct { Path string Fs billy.Filesystem - Test *testapi.Test + Test *v1alpha1.Test Err error } diff --git a/cmd/cli/kubectl-kyverno/test/test_case_test.go b/cmd/cli/kubectl-kyverno/test/test_case_test.go index e74d9b18a8..e81b66fb94 100644 --- a/cmd/cli/kubectl-kyverno/test/test_case_test.go +++ b/cmd/cli/kubectl-kyverno/test/test_case_test.go @@ -4,7 +4,7 @@ import ( "testing" "github.com/go-git/go-billy/v5" - testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" ) func TestTestCase_Dir(t *testing.T) { @@ -14,7 +14,7 @@ func TestTestCase_Dir(t *testing.T) { name string Path string Fs billy.Filesystem - Test *testapi.Test + Test *v1alpha1.Test Err error want string }{{ diff --git a/cmd/cli/kubectl-kyverno/utils/common/common.go b/cmd/cli/kubectl-kyverno/utils/common/common.go index 59bede9ab3..ba05ec6e66 100644 --- a/cmd/cli/kubectl-kyverno/utils/common/common.go +++ b/cmd/cli/kubectl-kyverno/utils/common/common.go @@ -10,13 +10,13 @@ import ( "github.com/go-git/go-billy/v5" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/source" "github.com/kyverno/kyverno/pkg/autogen" "github.com/kyverno/kyverno/pkg/clients/dclient" kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" - "k8s.io/api/admissionregistration/v1alpha1" + admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" @@ -30,7 +30,7 @@ func GetResourceAccordingToResourcePath( resourcePaths []string, cluster bool, policies []kyvernov1.PolicyInterface, - validatingAdmissionPolicies []v1alpha1.ValidatingAdmissionPolicy, + validatingAdmissionPolicies []admissionregistrationv1alpha1.ValidatingAdmissionPolicy, dClient dclient.Interface, namespace string, policyReport bool, @@ -87,7 +87,7 @@ func GetResourceAccordingToResourcePath( return resources, err } -func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subresources []valuesapi.Subresource, dClient dclient.Interface) sets.Set[string] { +func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subresources []v1alpha1.Subresource, dClient dclient.Interface) sets.Set[string] { knownkinds := sets.New[string]() for _, rule := range autogen.ComputeRules(policy) { for _, kind := range rule.MatchResources.ResourceDescription.Kinds { @@ -110,7 +110,7 @@ func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subreso return knownkinds } -func getKind(kind string, subresources []valuesapi.Subresource, dClient dclient.Interface) (string, error) { +func getKind(kind string, subresources []v1alpha1.Subresource, dClient dclient.Interface) (string, error) { group, version, kind, subresource := kubeutils.ParseKindSelector(kind) if subresource == "" { return kind, nil @@ -132,7 +132,7 @@ func getKind(kind string, subresources []valuesapi.Subresource, dClient dclient. return kind, nil } -func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []valuesapi.Subresource) (string, error) { +func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []v1alpha1.Subresource) (string, error) { for _, subresource := range subresources { parentResourceGroupVersion := metav1.GroupVersion{ Group: subresource.ParentResource.Group, @@ -140,8 +140,8 @@ func getSubresourceKind(groupVersion, parentKind, subresourceName string, subres }.String() if groupVersion == "" || kubeutils.GroupVersionMatches(groupVersion, parentResourceGroupVersion) { if parentKind == subresource.ParentResource.Kind { - if strings.ToLower(subresourceName) == strings.Split(subresource.APIResource.Name, "/")[1] { - return subresource.APIResource.Kind, nil + if strings.ToLower(subresourceName) == strings.Split(subresource.Subresource.Name, "/")[1] { + return subresource.Subresource.Kind, nil } } } diff --git a/cmd/cli/kubectl-kyverno/utils/common/common_test.go b/cmd/cli/kubectl-kyverno/utils/common/common_test.go index 2a9e17b934..ad8cb7bcf9 100644 --- a/cmd/cli/kubectl-kyverno/utils/common/common_test.go +++ b/cmd/cli/kubectl-kyverno/utils/common/common_test.go @@ -3,8 +3,7 @@ package common import ( "testing" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" - + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "gotest.tools/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -97,9 +96,9 @@ func Test_getSubresourceKind(t *testing.T) { podAPIResource := metav1.APIResource{Name: "pods", SingularName: "", Namespaced: true, Kind: "Pod"} podEvictionAPIResource := metav1.APIResource{Name: "pods/eviction", SingularName: "", Namespaced: true, Group: "policy", Version: "v1", Kind: "Eviction"} - subresources := []valuesapi.Subresource{ + subresources := []v1alpha1.Subresource{ { - APIResource: podEvictionAPIResource, + Subresource: podEvictionAPIResource, ParentResource: podAPIResource, }, } diff --git a/cmd/cli/kubectl-kyverno/utils/common/fetch.go b/cmd/cli/kubectl-kyverno/utils/common/fetch.go index 726362660f..227aed32e7 100644 --- a/cmd/cli/kubectl-kyverno/utils/common/fetch.go +++ b/cmd/cli/kubectl-kyverno/utils/common/fetch.go @@ -9,14 +9,14 @@ import ( "github.com/go-git/go-billy/v5" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource" "github.com/kyverno/kyverno/pkg/autogen" "github.com/kyverno/kyverno/pkg/clients/dclient" kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" "github.com/kyverno/kyverno/pkg/validatingadmissionpolicy" - "k8s.io/api/admissionregistration/v1alpha1" + admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" @@ -29,7 +29,7 @@ import ( func GetResources( out io.Writer, policies []kyvernov1.PolicyInterface, - validatingAdmissionPolicies []v1alpha1.ValidatingAdmissionPolicy, + validatingAdmissionPolicies []admissionregistrationv1alpha1.ValidatingAdmissionPolicy, resourcePaths []string, dClient dclient.Interface, cluster bool, @@ -70,7 +70,7 @@ func GetResources( return resources, err } -func whenClusterIsTrue(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, dClient dclient.Interface, namespace string, resourcePaths []string, policyReport bool) ([]*unstructured.Unstructured, error) { +func whenClusterIsTrue(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource, dClient dclient.Interface, namespace string, resourcePaths []string, policyReport bool) ([]*unstructured.Unstructured, error) { resources := make([]*unstructured.Unstructured, 0) resourceMap, err := getResourcesOfTypeFromCluster(out, resourceTypes, subresourceMap, dClient, namespace) if err != nil { @@ -166,7 +166,7 @@ func GetResourcesWithTest(out io.Writer, fs billy.Filesystem, policies []kyverno return resources, nil } -func getResourcesOfTypeFromCluster(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) { +func getResourcesOfTypeFromCluster(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) { r := make(map[string]*unstructured.Unstructured) for _, kind := range resourceTypes { resourceList, err := dClient.ListResource(context.TODO(), kind.GroupVersion().String(), kind.Kind, namespace, nil) @@ -195,17 +195,17 @@ func getResourcesOfTypeFromCluster(out io.Writer, resourceTypes []schema.GroupVe parentResourceNames = append(parentResourceNames, resource.GetName()) } for _, parentResourceName := range parentResourceNames { - subresourceName := strings.Split(subresource.APIResource.Name, "/")[1] + subresourceName := strings.Split(subresource.Subresource.Name, "/")[1] resource, err := dClient.GetResource(context.TODO(), parentGV.String(), subresource.ParentResource.Kind, namespace, parentResourceName, subresourceName) if err != nil { fmt.Fprintf(out, "Error: %s", err.Error()) continue } - key := subresource.APIResource.Kind + "-" + resource.GetNamespace() + "-" + resource.GetName() + key := subresource.Subresource.Kind + "-" + resource.GetNamespace() + "-" + resource.GetName() resource.SetGroupVersionKind(schema.GroupVersionKind{ - Group: subresource.APIResource.Group, - Version: subresource.APIResource.Version, - Kind: subresource.APIResource.Kind, + Group: subresource.Subresource.Group, + Version: subresource.Subresource.Version, + Kind: subresource.Subresource.Kind, }) r[key] = resource.DeepCopy() } @@ -227,9 +227,9 @@ func GetPatchedAndGeneratedResource(resourceBytes []byte) (unstructured.Unstruct } // GetKindsFromRule will return the kinds from policy match block -func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]valuesapi.Subresource) { +func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]v1alpha1.Subresource) { resourceTypesMap := make(map[schema.GroupVersionKind]bool) - subresourceMap := make(map[schema.GroupVersionKind]valuesapi.Subresource) + subresourceMap := make(map[schema.GroupVersionKind]v1alpha1.Subresource) for _, kind := range rule.MatchResources.Kinds { addGVKToResourceTypesMap(kind, resourceTypesMap, subresourceMap, client) } @@ -250,9 +250,9 @@ func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema return resourceTypesMap, subresourceMap } -func getKindsFromValidatingAdmissionPolicy(policy v1alpha1.ValidatingAdmissionPolicy, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]valuesapi.Subresource) { +func getKindsFromValidatingAdmissionPolicy(policy admissionregistrationv1alpha1.ValidatingAdmissionPolicy, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]v1alpha1.Subresource) { resourceTypesMap := make(map[schema.GroupVersionKind]bool) - subresourceMap := make(map[schema.GroupVersionKind]valuesapi.Subresource) + subresourceMap := make(map[schema.GroupVersionKind]v1alpha1.Subresource) kinds := validatingadmissionpolicy.GetKinds(policy) for _, kind := range kinds { @@ -262,7 +262,7 @@ func getKindsFromValidatingAdmissionPolicy(policy v1alpha1.ValidatingAdmissionPo return resourceTypesMap, subresourceMap } -func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, client dclient.Interface) { +func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource, client dclient.Interface) { group, version, kind, subresource := kubeutils.ParseKindSelector(kind) gvrss, err := client.Discovery().FindResources(group, version, kind, subresource) if err != nil { @@ -277,8 +277,8 @@ func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVers gvk := schema.GroupVersionKind{ Group: child.Group, Version: child.Version, Kind: child.Kind, } - subresourceMap[gvk] = valuesapi.Subresource{ - APIResource: child, + subresourceMap[gvk] = v1alpha1.Subresource{ + Subresource: child, ParentResource: metav1.APIResource{ Group: parent.Group, Version: parent.Version, diff --git a/cmd/cli/kubectl-kyverno/utils/common/kyverno_resources_types.go b/cmd/cli/kubectl-kyverno/utils/common/kyverno_resources_types.go index ad98246988..60a05a89e6 100644 --- a/cmd/cli/kubectl-kyverno/utils/common/kyverno_resources_types.go +++ b/cmd/cli/kubectl-kyverno/utils/common/kyverno_resources_types.go @@ -4,7 +4,7 @@ import ( "io" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/pkg/autogen" "github.com/kyverno/kyverno/pkg/clients/dclient" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -21,7 +21,7 @@ func (r *KyvernoResources) FetchResourcesFromPolicy(out io.Writer, resourcePaths resourceTypesMap := make(map[schema.GroupVersionKind]bool) var resourceTypes []schema.GroupVersionKind - var subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource + var subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource for _, policy := range r.policies { for _, rule := range autogen.ComputeRules(policy) { diff --git a/cmd/cli/kubectl-kyverno/utils/common/validating_admission_resources.go b/cmd/cli/kubectl-kyverno/utils/common/validating_admission_resources.go index 6964a7c342..ff60f5a733 100644 --- a/cmd/cli/kubectl-kyverno/utils/common/validating_admission_resources.go +++ b/cmd/cli/kubectl-kyverno/utils/common/validating_admission_resources.go @@ -3,15 +3,15 @@ package common import ( "io" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/pkg/clients/dclient" - "k8s.io/api/admissionregistration/v1alpha1" + admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" ) type ValidatingAdmissionResources struct { - policies []v1alpha1.ValidatingAdmissionPolicy + policies []admissionregistrationv1alpha1.ValidatingAdmissionPolicy } func (r *ValidatingAdmissionResources) FetchResourcesFromPolicy(out io.Writer, resourcePaths []string, dClient dclient.Interface, namespace string, policyReport bool) ([]*unstructured.Unstructured, error) { @@ -20,7 +20,7 @@ func (r *ValidatingAdmissionResources) FetchResourcesFromPolicy(out io.Writer, r resourceTypesMap := make(map[schema.GroupVersionKind]bool) var resourceTypes []schema.GroupVersionKind - var subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource + var subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource for _, policy := range r.policies { var resourceTypesInRule map[schema.GroupVersionKind]bool diff --git a/cmd/cli/kubectl-kyverno/values/load.go b/cmd/cli/kubectl-kyverno/values/load.go index 646ceb0d45..09e7e5e44d 100644 --- a/cmd/cli/kubectl-kyverno/values/load.go +++ b/cmd/cli/kubectl-kyverno/values/load.go @@ -5,16 +5,16 @@ import ( "os" "github.com/go-git/go-billy/v5" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "k8s.io/apimachinery/pkg/util/yaml" ) -func Load(f billy.Filesystem, filepath string) (*valuesapi.Values, error) { +func Load(f billy.Filesystem, filepath string) (*v1alpha1.Values, error) { yamlBytes, err := readFile(f, filepath) if err != nil { return nil, err } - vals := &valuesapi.Values{} + vals := &v1alpha1.Values{} if err := yaml.UnmarshalStrict(yamlBytes, vals); err != nil { return nil, err } diff --git a/cmd/cli/kubectl-kyverno/values/load_test.go b/cmd/cli/kubectl-kyverno/values/load_test.go index c32f43a1ec..681fca295a 100644 --- a/cmd/cli/kubectl-kyverno/values/load_test.go +++ b/cmd/cli/kubectl-kyverno/values/load_test.go @@ -7,7 +7,7 @@ import ( "github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5/memfs" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" ) func Test_readFile(t *testing.T) { @@ -88,7 +88,7 @@ func TestLoad(t *testing.T) { name string f billy.Filesystem filepath string - want *valuesapi.Values + want *v1alpha1.Values wantErr bool }{{ name: "empty", @@ -108,27 +108,29 @@ func TestLoad(t *testing.T) { }, { name: "valid", filepath: "../_testdata/values/limit-configmap-for-sa.yaml", - want: &valuesapi.Values{ - NamespaceSelectors: []valuesapi.NamespaceSelector{{ - Name: "test1", - Labels: map[string]string{ - "foo.com/managed-state": "managed", - }, - }}, - Policies: []valuesapi.Policy{{ - Name: "limit-configmap-for-sa", - Resources: []valuesapi.Resource{{ - Name: "any-configmap-name-good", - Values: map[string]interface{}{ - "request.operation": "UPDATE", - }, - }, { - Name: "any-configmap-name-bad", - Values: map[string]interface{}{ - "request.operation": "UPDATE", + want: &v1alpha1.Values{ + ValuesSpec: v1alpha1.ValuesSpec{ + NamespaceSelectors: []v1alpha1.NamespaceSelector{{ + Name: "test1", + Labels: map[string]string{ + "foo.com/managed-state": "managed", }, }}, - }}, + Policies: []v1alpha1.Policy{{ + Name: "limit-configmap-for-sa", + Resources: []v1alpha1.Resource{{ + Name: "any-configmap-name-good", + Values: map[string]interface{}{ + "request.operation": "UPDATE", + }, + }, { + Name: "any-configmap-name-bad", + Values: map[string]interface{}{ + "request.operation": "UPDATE", + }, + }}, + }}, + }, }, wantErr: false, }} diff --git a/cmd/cli/kubectl-kyverno/variables/new.go b/cmd/cli/kubectl-kyverno/variables/new.go index ab47dfc689..378b285034 100644 --- a/cmd/cli/kubectl-kyverno/variables/new.go +++ b/cmd/cli/kubectl-kyverno/variables/new.go @@ -5,18 +5,18 @@ import ( "path/filepath" "github.com/go-git/go-billy/v5" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values" ) -func New(fs billy.Filesystem, resourcePath string, path string, vals *valuesapi.Values, vars ...string) (*Variables, error) { +func New(fs billy.Filesystem, resourcePath string, path string, vals *v1alpha1.ValuesSpec, vars ...string) (*Variables, error) { // if we already have values, skip the file if vals == nil && path != "" { v, err := values.Load(fs, filepath.Join(resourcePath, path)) if err != nil { return nil, fmt.Errorf("Unable to load variable file: %s (%w)", path, err) } - vals = v + vals = &v.ValuesSpec } variables := Variables{ values: vals, diff --git a/cmd/cli/kubectl-kyverno/variables/new_test.go b/cmd/cli/kubectl-kyverno/variables/new_test.go index 1b64623b95..8eacf15613 100644 --- a/cmd/cli/kubectl-kyverno/variables/new_test.go +++ b/cmd/cli/kubectl-kyverno/variables/new_test.go @@ -5,7 +5,7 @@ import ( "testing" "github.com/go-git/go-billy/v5" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" ) func TestNew(t *testing.T) { @@ -14,7 +14,7 @@ func TestNew(t *testing.T) { fs billy.Filesystem resourcePath string path string - vals *valuesapi.Values + vals *v1alpha1.ValuesSpec vars []string want *Variables wantErr bool @@ -47,14 +47,14 @@ func TestNew(t *testing.T) { fs: nil, resourcePath: "", path: "", - vals: &valuesapi.Values{ + vals: &v1alpha1.ValuesSpec{ GlobalValues: map[string]interface{}{ "bar": "baz", }, }, vars: nil, want: &Variables{ - values: &valuesapi.Values{ + values: &v1alpha1.ValuesSpec{ GlobalValues: map[string]interface{}{ "bar": "baz", }, @@ -66,7 +66,7 @@ func TestNew(t *testing.T) { fs: nil, resourcePath: "", path: "", - vals: &valuesapi.Values{ + vals: &v1alpha1.ValuesSpec{ GlobalValues: map[string]interface{}{ "bar": "baz", }, @@ -75,7 +75,7 @@ func TestNew(t *testing.T) { "foo=bar", }, want: &Variables{ - values: &valuesapi.Values{ + values: &v1alpha1.ValuesSpec{ GlobalValues: map[string]interface{}{ "bar": "baz", }, @@ -93,16 +93,16 @@ func TestNew(t *testing.T) { vals: nil, vars: nil, want: &Variables{ - values: &valuesapi.Values{ - NamespaceSelectors: []valuesapi.NamespaceSelector{{ + values: &v1alpha1.ValuesSpec{ + NamespaceSelectors: []v1alpha1.NamespaceSelector{{ Name: "test1", Labels: map[string]string{ "foo.com/managed-state": "managed", }, }}, - Policies: []valuesapi.Policy{{ + Policies: []v1alpha1.Policy{{ Name: "limit-configmap-for-sa", - Resources: []valuesapi.Resource{{ + Resources: []v1alpha1.Resource{{ Name: "any-configmap-name-good", Values: map[string]interface{}{ "request.operation": "UPDATE", @@ -127,16 +127,16 @@ func TestNew(t *testing.T) { "foo=bar", }, want: &Variables{ - values: &valuesapi.Values{ - NamespaceSelectors: []valuesapi.NamespaceSelector{{ + values: &v1alpha1.ValuesSpec{ + NamespaceSelectors: []v1alpha1.NamespaceSelector{{ Name: "test1", Labels: map[string]string{ "foo.com/managed-state": "managed", }, }}, - Policies: []valuesapi.Policy{{ + Policies: []v1alpha1.Policy{{ Name: "limit-configmap-for-sa", - Resources: []valuesapi.Resource{{ + Resources: []v1alpha1.Resource{{ Name: "any-configmap-name-good", Values: map[string]interface{}{ "request.operation": "UPDATE", @@ -168,14 +168,14 @@ func TestNew(t *testing.T) { fs: nil, resourcePath: "", path: "../_testdata/values/limit-configmap-for-sa.yaml", - vals: &valuesapi.Values{ + vals: &v1alpha1.ValuesSpec{ GlobalValues: map[string]interface{}{ "bar": "baz", }, }, vars: nil, want: &Variables{ - values: &valuesapi.Values{ + values: &v1alpha1.ValuesSpec{ GlobalValues: map[string]interface{}{ "bar": "baz", }, diff --git a/cmd/cli/kubectl-kyverno/variables/variables.go b/cmd/cli/kubectl-kyverno/variables/variables.go index 9c90dd637d..7d9901354e 100644 --- a/cmd/cli/kubectl-kyverno/variables/variables.go +++ b/cmd/cli/kubectl-kyverno/variables/variables.go @@ -3,13 +3,13 @@ package variables import ( "fmt" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store" "k8s.io/apimachinery/pkg/util/sets" ) type Variables struct { - values *valuesapi.Values + values *v1alpha1.ValuesSpec variables map[string]string } @@ -29,7 +29,7 @@ func (v Variables) HasPolicyVariables(policy string) bool { return false } -func (v Variables) Subresources() []valuesapi.Subresource { +func (v Variables) Subresources() []v1alpha1.Subresource { if v.values == nil { return nil } diff --git a/cmd/cli/kubectl-kyverno/variables/variables_test.go b/cmd/cli/kubectl-kyverno/variables/variables_test.go index cfb01d7a18..3021674966 100644 --- a/cmd/cli/kubectl-kyverno/variables/variables_test.go +++ b/cmd/cli/kubectl-kyverno/variables/variables_test.go @@ -4,7 +4,7 @@ import ( "reflect" "testing" - valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" + "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values" "github.com/stretchr/testify/assert" "k8s.io/apimachinery/pkg/util/sets" @@ -13,7 +13,7 @@ import ( func TestVariables_HasVariables(t *testing.T) { tests := []struct { name string - values *valuesapi.Values + values *v1alpha1.ValuesSpec variables map[string]string want bool }{{ @@ -50,9 +50,9 @@ func TestVariables_HasVariables(t *testing.T) { func TestVariables_Subresources(t *testing.T) { tests := []struct { name string - values *valuesapi.Values + values *v1alpha1.ValuesSpec variables map[string]string - want []valuesapi.Subresource + want []v1alpha1.Subresource }{{ name: "nil values", values: nil, @@ -60,25 +60,25 @@ func TestVariables_Subresources(t *testing.T) { want: nil, }, { name: "nil subresources", - values: &valuesapi.Values{ + values: &v1alpha1.ValuesSpec{ Subresources: nil, }, variables: nil, want: nil, }, { name: "empty subresources", - values: &valuesapi.Values{ - Subresources: []valuesapi.Subresource{}, + values: &v1alpha1.ValuesSpec{ + Subresources: []v1alpha1.Subresource{}, }, variables: nil, want: nil, }, { name: "subresources", - values: &valuesapi.Values{ - Subresources: []valuesapi.Subresource{{}}, + values: &v1alpha1.ValuesSpec{ + Subresources: []v1alpha1.Subresource{{}}, }, variables: nil, - want: []valuesapi.Subresource{{}}, + want: []v1alpha1.Subresource{{}}, }} for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -98,7 +98,7 @@ func TestVariables_NamespaceSelectors(t *testing.T) { assert.NoError(t, err) tests := []struct { name string - values *valuesapi.Values + values *v1alpha1.ValuesSpec variables map[string]string want map[string]Labels }{{ @@ -108,12 +108,12 @@ func TestVariables_NamespaceSelectors(t *testing.T) { want: nil, }, { name: "empty", - values: &valuesapi.Values{}, + values: &v1alpha1.ValuesSpec{}, variables: nil, want: nil, }, { name: "values", - values: vals, + values: &vals.ValuesSpec, variables: nil, want: map[string]map[string]string{ "test1": { @@ -137,9 +137,9 @@ func TestVariables_NamespaceSelectors(t *testing.T) { func TestVariables_SetInStore(t *testing.T) { vals, err := values.Load(nil, "../_testdata/values/limit-configmap-for-sa.yaml") assert.NoError(t, err) - vals.Policies = append(vals.Policies, valuesapi.Policy{ + vals.ValuesSpec.Policies = append(vals.ValuesSpec.Policies, v1alpha1.Policy{ Name: "limit-configmap-for-sa", - Rules: []valuesapi.Rule{{ + Rules: []v1alpha1.Rule{{ Name: "rule", Values: map[string]interface{}{ "foo": "bar", @@ -151,7 +151,7 @@ func TestVariables_SetInStore(t *testing.T) { }) tests := []struct { name string - values *valuesapi.Values + values *v1alpha1.ValuesSpec variables map[string]string }{{ name: "nil", @@ -159,11 +159,11 @@ func TestVariables_SetInStore(t *testing.T) { variables: nil, }, { name: "empty", - values: &valuesapi.Values{}, + values: &v1alpha1.ValuesSpec{}, variables: nil, }, { name: "values", - values: vals, + values: &vals.ValuesSpec, variables: nil, }} for _, tt := range tests { @@ -180,9 +180,9 @@ func TestVariables_SetInStore(t *testing.T) { func TestVariables_HasPolicyVariables(t *testing.T) { vals, err := values.Load(nil, "../_testdata/values/limit-configmap-for-sa.yaml") assert.NoError(t, err) - vals.Policies = append(vals.Policies, valuesapi.Policy{ + vals.ValuesSpec.Policies = append(vals.ValuesSpec.Policies, v1alpha1.Policy{ Name: "limit-configmap-for-sa", - Rules: []valuesapi.Rule{{ + Rules: []v1alpha1.Rule{{ Name: "rule", Values: map[string]interface{}{ "foo": "bar", @@ -194,7 +194,7 @@ func TestVariables_HasPolicyVariables(t *testing.T) { }) tests := []struct { name string - values *valuesapi.Values + values *v1alpha1.ValuesSpec variables map[string]string policy string want bool @@ -206,19 +206,19 @@ func TestVariables_HasPolicyVariables(t *testing.T) { want: false, }, { name: "empty", - values: &valuesapi.Values{}, + values: &v1alpha1.ValuesSpec{}, variables: nil, policy: "test", want: false, }, { name: "values - test", - values: vals, + values: &vals.ValuesSpec, variables: nil, policy: "test", want: false, }, { name: "values - limit-configmap-for-sa", - values: vals, + values: &vals.ValuesSpec, variables: nil, policy: "limit-configmap-for-sa", want: true, @@ -237,14 +237,14 @@ func TestVariables_HasPolicyVariables(t *testing.T) { } func TestVariables_ComputeVariables(t *testing.T) { - loadValues := func(path string) *valuesapi.Values { + loadValues := func(path string) *v1alpha1.ValuesSpec { t.Helper() vals, err := values.Load(nil, path) assert.NoError(t, err) - return vals + return &vals.ValuesSpec } type fields struct { - values *valuesapi.Values + values *v1alpha1.ValuesSpec variables map[string]string } type args struct { diff --git a/docs/user/cli/kyverno.md b/docs/user/cli/commands/kyverno.md similarity index 100% rename from docs/user/cli/kyverno.md rename to docs/user/cli/commands/kyverno.md diff --git a/docs/user/cli/kyverno_apply.md b/docs/user/cli/commands/kyverno_apply.md similarity index 100% rename from docs/user/cli/kyverno_apply.md rename to docs/user/cli/commands/kyverno_apply.md diff --git a/docs/user/cli/kyverno_completion.md b/docs/user/cli/commands/kyverno_completion.md similarity index 100% rename from docs/user/cli/kyverno_completion.md rename to docs/user/cli/commands/kyverno_completion.md diff --git a/docs/user/cli/kyverno_completion_bash.md b/docs/user/cli/commands/kyverno_completion_bash.md similarity index 100% rename from docs/user/cli/kyverno_completion_bash.md rename to docs/user/cli/commands/kyverno_completion_bash.md diff --git a/docs/user/cli/kyverno_completion_fish.md b/docs/user/cli/commands/kyverno_completion_fish.md similarity index 100% rename from docs/user/cli/kyverno_completion_fish.md rename to docs/user/cli/commands/kyverno_completion_fish.md diff --git a/docs/user/cli/kyverno_completion_powershell.md b/docs/user/cli/commands/kyverno_completion_powershell.md similarity index 100% rename from docs/user/cli/kyverno_completion_powershell.md rename to docs/user/cli/commands/kyverno_completion_powershell.md diff --git a/docs/user/cli/kyverno_completion_zsh.md b/docs/user/cli/commands/kyverno_completion_zsh.md similarity index 100% rename from docs/user/cli/kyverno_completion_zsh.md rename to docs/user/cli/commands/kyverno_completion_zsh.md diff --git a/docs/user/cli/kyverno_create.md b/docs/user/cli/commands/kyverno_create.md similarity index 100% rename from docs/user/cli/kyverno_create.md rename to docs/user/cli/commands/kyverno_create.md diff --git a/docs/user/cli/kyverno_create_exception.md b/docs/user/cli/commands/kyverno_create_exception.md similarity index 100% rename from docs/user/cli/kyverno_create_exception.md rename to docs/user/cli/commands/kyverno_create_exception.md diff --git a/docs/user/cli/kyverno_create_metrics-config.md b/docs/user/cli/commands/kyverno_create_metrics-config.md similarity index 100% rename from docs/user/cli/kyverno_create_metrics-config.md rename to docs/user/cli/commands/kyverno_create_metrics-config.md diff --git a/docs/user/cli/kyverno_create_test.md b/docs/user/cli/commands/kyverno_create_test.md similarity index 100% rename from docs/user/cli/kyverno_create_test.md rename to docs/user/cli/commands/kyverno_create_test.md diff --git a/docs/user/cli/kyverno_create_user-info.md b/docs/user/cli/commands/kyverno_create_user-info.md similarity index 100% rename from docs/user/cli/kyverno_create_user-info.md rename to docs/user/cli/commands/kyverno_create_user-info.md diff --git a/docs/user/cli/kyverno_create_values.md b/docs/user/cli/commands/kyverno_create_values.md similarity index 100% rename from docs/user/cli/kyverno_create_values.md rename to docs/user/cli/commands/kyverno_create_values.md diff --git a/docs/user/cli/kyverno_docs.md b/docs/user/cli/commands/kyverno_docs.md similarity index 100% rename from docs/user/cli/kyverno_docs.md rename to docs/user/cli/commands/kyverno_docs.md diff --git a/docs/user/cli/kyverno_fix.md b/docs/user/cli/commands/kyverno_fix.md similarity index 100% rename from docs/user/cli/kyverno_fix.md rename to docs/user/cli/commands/kyverno_fix.md diff --git a/docs/user/cli/kyverno_fix_policy.md b/docs/user/cli/commands/kyverno_fix_policy.md similarity index 100% rename from docs/user/cli/kyverno_fix_policy.md rename to docs/user/cli/commands/kyverno_fix_policy.md diff --git a/docs/user/cli/kyverno_fix_test.md b/docs/user/cli/commands/kyverno_fix_test.md similarity index 98% rename from docs/user/cli/kyverno_fix_test.md rename to docs/user/cli/commands/kyverno_fix_test.md index a17b477543..4e108c1270 100644 --- a/docs/user/cli/kyverno_fix_test.md +++ b/docs/user/cli/commands/kyverno_fix_test.md @@ -30,6 +30,7 @@ kyverno fix test [dir]... [flags] ``` --compress Compress test results -f, --file-name string Test filename (default "kyverno-test.yaml") + --force Force save file -h, --help help for test --save Save fixed file ``` diff --git a/docs/user/cli/kyverno_jp.md b/docs/user/cli/commands/kyverno_jp.md similarity index 100% rename from docs/user/cli/kyverno_jp.md rename to docs/user/cli/commands/kyverno_jp.md diff --git a/docs/user/cli/kyverno_jp_function.md b/docs/user/cli/commands/kyverno_jp_function.md similarity index 100% rename from docs/user/cli/kyverno_jp_function.md rename to docs/user/cli/commands/kyverno_jp_function.md diff --git a/docs/user/cli/kyverno_jp_parse.md b/docs/user/cli/commands/kyverno_jp_parse.md similarity index 100% rename from docs/user/cli/kyverno_jp_parse.md rename to docs/user/cli/commands/kyverno_jp_parse.md diff --git a/docs/user/cli/kyverno_jp_query.md b/docs/user/cli/commands/kyverno_jp_query.md similarity index 100% rename from docs/user/cli/kyverno_jp_query.md rename to docs/user/cli/commands/kyverno_jp_query.md diff --git a/docs/user/cli/kyverno_oci.md b/docs/user/cli/commands/kyverno_oci.md similarity index 100% rename from docs/user/cli/kyverno_oci.md rename to docs/user/cli/commands/kyverno_oci.md diff --git a/docs/user/cli/kyverno_oci_pull.md b/docs/user/cli/commands/kyverno_oci_pull.md similarity index 100% rename from docs/user/cli/kyverno_oci_pull.md rename to docs/user/cli/commands/kyverno_oci_pull.md diff --git a/docs/user/cli/kyverno_oci_push.md b/docs/user/cli/commands/kyverno_oci_push.md similarity index 100% rename from docs/user/cli/kyverno_oci_push.md rename to docs/user/cli/commands/kyverno_oci_push.md diff --git a/docs/user/cli/kyverno_test.md b/docs/user/cli/commands/kyverno_test.md similarity index 100% rename from docs/user/cli/kyverno_test.md rename to docs/user/cli/commands/kyverno_test.md diff --git a/docs/user/cli/kyverno_version.md b/docs/user/cli/commands/kyverno_version.md similarity index 100% rename from docs/user/cli/kyverno_version.md rename to docs/user/cli/commands/kyverno_version.md diff --git a/docs/user/cli/crd/index.html b/docs/user/cli/crd/index.html new file mode 100644 index 0000000000..769f0122d2 --- /dev/null +++ b/docs/user/cli/crd/index.html @@ -0,0 +1,838 @@ + + + + + + +Kyverno API + + + +
+ +

cli.kyverno.io/v1alpha1

+Resource Types: + +
+

Test +

+

+

Test declares a test

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +cli.kyverno.io/v1alpha1 + +
+kind
+string +		Test
+metadata
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+name
+ +string + +		 +

Name is the name of the test. +This field is deprecated, use metadata.name instead

+
+policies
+ +[]string + +		 +

Policies are the policies to be used in the test

+
+resources
+ +[]string + +		 +

Resources are the resource to be used in the test

+
+variables
+ +string + +		 +

Variables is the values to be used in the test

+
+userinfo
+ +string + +		 +

UserInfo is the user info to be used in the test

+
+results
+ + +[]TestResult + + +		 +

Results are the results to be checked in the test

+
+values
+ + +ValuesSpec + + +		 +

Values are the values to be used in the test

+
+
+

UserInfo +

+

+

UserInfo declares user infos to be loaded by the Kyverno CLI

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +cli.kyverno.io/v1alpha1 + +
+kind
+string +		UserInfo
+metadata
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+RequestInfo
+ +github.com/kyverno/kyverno/api/kyverno/v1beta1.RequestInfo + +		 +

+(Members of RequestInfo are embedded into this type.) +

+

RequestInfo declares user infos

+
+
+

Values +

+

+

Values declares values to be loaded by the Kyverno CLI

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +cli.kyverno.io/v1alpha1 + +
+kind
+string +		Values
+metadata
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+ValuesSpec
+ + +ValuesSpec + + +		 +

+(Members of ValuesSpec are embedded into this type.) +

+

ValuesSpec declares values

+
+
+

NamespaceSelector +

+

+(Appears on: +ValuesSpec) +

+

+

NamespaceSelector declares labels for a given namespace

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +		 +

Name is the namespace name

+
+labels
+ +map[string]string + +		 +

Labels are the labels for the given namespace

+
+
+

Policy +

+

+(Appears on: +ValuesSpec) +

+

+

Policy declares values for a given policy

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +		 +

Name is the policy name

+
+resources
+ + +[]Resource + + +		 +

Resources are values for specific resources

+
+rules
+ + +[]Rule + + +		 +

Rules are values for specific policy rules

+
+
+

Resource +

+

+(Appears on: +Policy) +

+

+

Resource declares values for a given resource

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +		 +

Name is the name of the resource

+
+values
+ +map[string]interface{} + +		 +

Values are the values for the given resource

+
+
+

Rule +

+

+(Appears on: +Policy) +

+

+

Rule declares values for a given policy rule

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +		 +

Name is the name of the ppolicy rule

+
+values
+ +map[string]interface{} + +		 +

Values are the values for the given policy rule

+
+foreachValues
+ +map[string][]interface{} + +		 +

ForeachValues are the foreach values for the given policy rule

+
+
+

Subresource +

+

+(Appears on: +ValuesSpec) +

+

+

Subresource declares subresource/parent resource mapping

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+subresource
+ + +Kubernetes meta/v1.APIResource + + +		 +

Subresource declares the subresource api

+
+parentResource
+ + +Kubernetes meta/v1.APIResource + + +		 +

ParentResource declares the parent resource api

+
+
+

TestResult +

+

+(Appears on: +Test) +

+

+

TestResultBase declares a test result

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+TestResultBase
+ + +TestResultBase + + +		 +

+(Members of TestResultBase are embedded into this type.) +

+
+TestResultDeprecated
+ + +TestResultDeprecated + + +		 +

+(Members of TestResultDeprecated are embedded into this type.) +

+
+resources
+ +[]string + +		 +

Resources gives us the list of resources on which the policy is going to be applied.

+
+
+

TestResultBase +

+

+(Appears on: +TestResult) +

+

+

TestResultBase declares a test result base fields

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+policy
+ +string + +		 +

Policy mentions the name of the policy.

+
+rule
+ +string + +		 +(Optional) +

Rule mentions the name of the rule in the policy. +It’s required in case policy is a kyverno policy.

+
+isValidatingAdmissionPolicy
+ +bool + +		 +(Optional) +

IsValidatingAdmissionPolicy indicates if the policy is a validating admission policy. +It’s required in case policy is a validating admission policy.

+
+result
+ +github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyResult + +		 +

Result mentions the result that the user is expecting. +Possible values are pass, fail and skip.

+
+kind
+ +string + +		 +

Kind mentions the kind of the resource on which the policy is to be applied.

+
+patchedResource
+ +string + +		 +

PatchedResource takes a resource configuration file in yaml format from +the user to compare it against the Kyverno mutated resource configuration.

+
+generatedResource
+ +string + +		 +

GeneratedResource takes a resource configuration file in yaml format from +the user to compare it against the Kyverno generated resource configuration.

+
+cloneSourceResource
+ +string + +		 +

CloneSourceResource takes the resource configuration file in yaml format +from the user which is meant to be cloned by the generate rule.

+
+
+

TestResultDeprecated +

+

+(Appears on: +TestResult) +

+

+

TestResultBase declares a test result deprecated fields

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+status
+ +github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyResult + +		 +

Status mentions the status that the user is expecting. +Possible values are pass, fail and skip. +This is DEPRECATED, use Result instead.

+
+resource
+ +string + +		 +

Resource mentions the name of the resource on which the policy is to be applied. +This is DEPRECATED, use Resources instead.

+
+namespace
+ +string + +		 +

Namespace mentions the namespace of the policy which has namespace scope. +This is DEPRECATED, use a name in the form <namespace>/<name> for policies and/or resources instead.

+
+
+

ValuesSpec +

+

+(Appears on: +Test, +Values) +

+

+

ValuesSpec declares values to be loaded by the Kyverno CLI

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+globalValues
+ +map[string]interface{} + +		 +

GlobalValues are the global values

+
+policies
+ + +[]Policy + + +		 +

Policies are the policy values

+
+namespaceSelector
+ + +[]NamespaceSelector + + +		 +

NamespaceSelectors are the namespace labels

+
+subresources
+ + +[]Subresource + + +		 +

Subresources are the subresource/parent resource mappings

+
+
+
+ + + + + diff --git a/test/cli/registry/kyverno-test.yaml b/test/cli/registry/kyverno-test.yaml index 45757f07e3..5cc8ad9fb0 100644 --- a/test/cli/registry/kyverno-test.yaml +++ b/test/cli/registry/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-registry +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - image-example.yaml resources: diff --git a/test/cli/scenarios_to_cli/other/scenario_mutate_endpoint/kyverno-test.yaml b/test/cli/scenarios_to_cli/other/scenario_mutate_endpoint/kyverno-test.yaml index 309bbe1ed3..0f41d9f219 100644 --- a/test/cli/scenarios_to_cli/other/scenario_mutate_endpoint/kyverno-test.yaml +++ b/test/cli/scenarios_to_cli/other/scenario_mutate_endpoint/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: policy-endpoints +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/scenarios_to_cli/other/scenario_mutate_pod_spec/kyverno-test.yaml b/test/cli/scenarios_to_cli/other/scenario_mutate_pod_spec/kyverno-test.yaml index 37d2efe2c2..9df250a9db 100644 --- a/test/cli/scenarios_to_cli/other/scenario_mutate_pod_spec/kyverno-test.yaml +++ b/test/cli/scenarios_to_cli/other/scenario_mutate_pod_spec/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: mutate-pods-spec +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/scenarios_to_cli/other/scenario_validate_default_proc_mount/kyverno-test.yaml b/test/cli/scenarios_to_cli/other/scenario_validate_default_proc_mount/kyverno-test.yaml index 1f2a5b0a77..5fe8ac4593 100644 --- a/test/cli/scenarios_to_cli/other/scenario_validate_default_proc_mount/kyverno-test.yaml +++ b/test/cli/scenarios_to_cli/other/scenario_validate_default_proc_mount/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: validate-default-proc-mount +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/scenarios_to_cli/other/scenario_validate_disallow_default_serviceaccount/kyverno-test.yaml b/test/cli/scenarios_to_cli/other/scenario_validate_disallow_default_serviceaccount/kyverno-test.yaml index becc5887bf..438c6bf042 100644 --- a/test/cli/scenarios_to_cli/other/scenario_validate_disallow_default_serviceaccount/kyverno-test.yaml +++ b/test/cli/scenarios_to_cli/other/scenario_validate_disallow_default_serviceaccount/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: validate-disallow-default-serviceaccount +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/scenarios_to_cli/other/scenario_validate_healthChecks/kyverno-test.yaml b/test/cli/scenarios_to_cli/other/scenario_validate_healthChecks/kyverno-test.yaml index ff45ca08df..3586d7f2ba 100644 --- a/test/cli/scenarios_to_cli/other/scenario_validate_healthChecks/kyverno-test.yaml +++ b/test/cli/scenarios_to_cli/other/scenario_validate_healthChecks/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: check-probe-exists +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/scenarios_to_cli/other/scenario_validate_selinux_context/kyverno-test.yaml b/test/cli/scenarios_to_cli/other/scenario_validate_selinux_context/kyverno-test.yaml index c33da72c4e..3b34a2737c 100644 --- a/test/cli/scenarios_to_cli/other/scenario_validate_selinux_context/kyverno-test.yaml +++ b/test/cli/scenarios_to_cli/other/scenario_validate_selinux_context/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: validate-selinux-options +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/scenarios_to_cli/other/scenario_validate_volume_whitelist/kyverno-test.yaml b/test/cli/scenarios_to_cli/other/scenario_validate_volume_whitelist/kyverno-test.yaml index 99640d28d2..02a157b20d 100644 --- a/test/cli/scenarios_to_cli/other/scenario_validate_volume_whitelist/kyverno-test.yaml +++ b/test/cli/scenarios_to_cli/other/scenario_validate_volume_whitelist/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: validate-volumes-whitelist +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/scenarios_to_cli/samples/more/restrict_ingress_classes/kyverno-test.yaml b/test/cli/scenarios_to_cli/samples/more/restrict_ingress_classes/kyverno-test.yaml index cbc70c23bb..428843e8b9 100644 --- a/test/cli/scenarios_to_cli/samples/more/restrict_ingress_classes/kyverno-test.yaml +++ b/test/cli/scenarios_to_cli/samples/more/restrict_ingress_classes/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: restrict-ingress-classes +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-fail/invalid-ns/kyverno-test.yaml b/test/cli/test-fail/invalid-ns/kyverno-test.yaml index 3344744b86..c1dc942597 100644 --- a/test/cli/test-fail/invalid-ns/kyverno-test.yaml +++ b/test/cli/test-fail/invalid-ns/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-exclude +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-fail/missing-policy/kyverno-test.yaml b/test/cli/test-fail/missing-policy/kyverno-test.yaml index a58aff57fb..d476944101 100644 --- a/test/cli/test-fail/missing-policy/kyverno-test.yaml +++ b/test/cli/test-fail/missing-policy/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-simple +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-fail/missing-resource/kyverno-test.yaml b/test/cli/test-fail/missing-resource/kyverno-test.yaml index cf34d16c02..c4b23aa179 100644 --- a/test/cli/test-fail/missing-resource/kyverno-test.yaml +++ b/test/cli/test-fail/missing-resource/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-simple +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-fail/missing-rule/kyverno-test.yaml b/test/cli/test-fail/missing-rule/kyverno-test.yaml index 02bdcfc1b6..e5cc1acacb 100644 --- a/test/cli/test-fail/missing-rule/kyverno-test.yaml +++ b/test/cli/test-fail/missing-rule/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-simple +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-generate/add-network-policy/kyverno-test.yaml b/test/cli/test-generate/add-network-policy/kyverno-test.yaml index 5d8ad778cf..2736320c32 100644 --- a/test/cli/test-generate/add-network-policy/kyverno-test.yaml +++ b/test/cli/test-generate/add-network-policy/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: deny-all-traffic +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-generate/add-quota/kyverno-test.yaml b/test/cli/test-generate/add-quota/kyverno-test.yaml index 9aad08cd0d..6e6ae4a3f0 100644 --- a/test/cli/test-generate/add-quota/kyverno-test.yaml +++ b/test/cli/test-generate/add-quota/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: add-quota +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-generate/create-default-pdb/kyverno-test.yaml b/test/cli/test-generate/create-default-pdb/kyverno-test.yaml index 3471b46f2f..ffb77cf2cc 100644 --- a/test/cli/test-generate/create-default-pdb/kyverno-test.yaml +++ b/test/cli/test-generate/create-default-pdb/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: pdb-test +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-generate/custom-resource/kyverno-test.yaml b/test/cli/test-generate/custom-resource/kyverno-test.yaml index c186704a59..046a59b74c 100644 --- a/test/cli/test-generate/custom-resource/kyverno-test.yaml +++ b/test/cli/test-generate/custom-resource/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: generate-tests +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-generate/multiple-resources/kyverno-test.yaml b/test/cli/test-generate/multiple-resources/kyverno-test.yaml index b9433de851..dc6d6a43c1 100644 --- a/test/cli/test-generate/multiple-resources/kyverno-test.yaml +++ b/test/cli/test-generate/multiple-resources/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: multiple-resources +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-generate/sync-multiple-resources/kyverno-test.yaml b/test/cli/test-generate/sync-multiple-resources/kyverno-test.yaml index 422d2953f5..abe8dc1e64 100644 --- a/test/cli/test-generate/sync-multiple-resources/kyverno-test.yaml +++ b/test/cli/test-generate/sync-multiple-resources/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: sync-controller-data +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-generate/sync-secrets/kyverno-test.yaml b/test/cli/test-generate/sync-secrets/kyverno-test.yaml index e446659e5f..08016725c1 100644 --- a/test/cli/test-generate/sync-secrets/kyverno-test.yaml +++ b/test/cli/test-generate/sync-secrets/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: sync-secrets +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-mutate/add-default-resources/kyverno-test.yaml b/test/cli/test-mutate/add-default-resources/kyverno-test.yaml index bfa2e50cf3..c09af3ad3a 100644 --- a/test/cli/test-mutate/add-default-resources/kyverno-test.yaml +++ b/test/cli/test-mutate/add-default-resources/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: add-default-resources +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - add-default-resources.yaml resources: diff --git a/test/cli/test-mutate/bug-demo/kyverno-test.yaml b/test/cli/test-mutate/bug-demo/kyverno-test.yaml index 08c5503047..2a3404338f 100644 --- a/test/cli/test-mutate/bug-demo/kyverno-test.yaml +++ b/test/cli/test-mutate/bug-demo/kyverno-test.yaml @@ -1,13 +1,16 @@ -name: bug-demo +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - ./policy.yaml resources: - ./resource.yaml results: -- policy: bug-demo - rule: mutate1 +- kind: Pod + patchedResource: patched-resource-pattern.yaml + policy: bug-demo resources: - pod1 - kind: Pod - patchedResource: patched-resource-pattern.yaml result: pass + rule: mutate1 diff --git a/test/cli/test-mutate/connection-draining/kyverno-test.yaml b/test/cli/test-mutate/connection-draining/kyverno-test.yaml index 2c6f5325a5..7f766edee9 100644 --- a/test/cli/test-mutate/connection-draining/kyverno-test.yaml +++ b/test/cli/test-mutate/connection-draining/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: connection-draining +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-mutate/foreach/addIfNotPresent/kyverno-test.yaml b/test/cli/test-mutate/foreach/addIfNotPresent/kyverno-test.yaml index 34eb10fbe1..6e736987e7 100644 --- a/test/cli/test-mutate/foreach/addIfNotPresent/kyverno-test.yaml +++ b/test/cli/test-mutate/foreach/addIfNotPresent/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: foreach-mutate +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policies.yaml resources: diff --git a/test/cli/test-mutate/foreach/cumulativePatch/kyverno-test.yaml b/test/cli/test-mutate/foreach/cumulativePatch/kyverno-test.yaml index f71ae280b5..22c6b40f8a 100644 --- a/test/cli/test-mutate/foreach/cumulativePatch/kyverno-test.yaml +++ b/test/cli/test-mutate/foreach/cumulativePatch/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: foreach-mutate +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policies.yaml resources: diff --git a/test/cli/test-mutate/foreach/kyverno-test.yaml b/test/cli/test-mutate/foreach/kyverno-test.yaml index bb9fb21df5..9b2ca4d8b5 100644 --- a/test/cli/test-mutate/foreach/kyverno-test.yaml +++ b/test/cli/test-mutate/foreach/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: foreach-mutate +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policies.yaml resources: diff --git a/test/cli/test-mutate/foreach/replaceRegistry/kyverno-test.yaml b/test/cli/test-mutate/foreach/replaceRegistry/kyverno-test.yaml index 505772e098..bb92f4380d 100644 --- a/test/cli/test-mutate/foreach/replaceRegistry/kyverno-test.yaml +++ b/test/cli/test-mutate/foreach/replaceRegistry/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: foreach-mutate +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policies.yaml resources: diff --git a/test/cli/test-mutate/global-anchor/kyverno-test.yaml b/test/cli/test-mutate/global-anchor/kyverno-test.yaml index 5085993bfc..504487c639 100644 --- a/test/cli/test-mutate/global-anchor/kyverno-test.yaml +++ b/test/cli/test-mutate/global-anchor/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: validate-service-loadbalancer +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml b/test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml index 0c5d653831..ea1caa8ac0 100644 --- a/test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml +++ b/test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: karpenter-annotations-to-nodeselector +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-mutate/kyverno-test.yaml b/test/cli/test-mutate/kyverno-test.yaml index 088a18f130..d410c87a75 100644 --- a/test/cli/test-mutate/kyverno-test.yaml +++ b/test/cli/test-mutate/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: add-nodeselector +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test-mutate/patched-resource/kyverno-test.yaml b/test/cli/test-mutate/patched-resource/kyverno-test.yaml index 8dc3fc0c16..554a8969d4 100644 --- a/test/cli/test-mutate/patched-resource/kyverno-test.yaml +++ b/test/cli/test-mutate/patched-resource/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: add-default-resources-test +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: @@ -12,14 +15,10 @@ results: result: pass rule: add-default-requests values: - globalValues: null - namespaceSelector: null policies: - name: add-default-resources resources: - name: nginx-demo values: request.operation: CREATE - rules: null - subresources: null variables: variables.yaml diff --git a/test/cli/test/admission_user_info/kyverno-test.yaml b/test/cli/test/admission_user_info/kyverno-test.yaml index 30683af084..0ab6def4a2 100644 --- a/test/cli/test/admission_user_info/kyverno-test.yaml +++ b/test/cli/test/admission_user_info/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: admission-user-info +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - disallow_latest_tag.yaml resources: diff --git a/test/cli/test/any-all-wildcard/kyverno-test.yaml b/test/cli/test/any-all-wildcard/kyverno-test.yaml index eb4aad000a..f3574e0b8f 100644 --- a/test/cli/test/any-all-wildcard/kyverno-test.yaml +++ b/test/cli/test/any-all-wildcard/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: disallow-protected-namespaces +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/any-namespaceSelector/kyverno-test.yaml b/test/cli/test/any-namespaceSelector/kyverno-test.yaml index 8e51fb3eee..1548fce3f3 100644 --- a/test/cli/test/any-namespaceSelector/kyverno-test.yaml +++ b/test/cli/test/any-namespaceSelector/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: enforce-pod-name +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/anypattern_skip_error/kyverno-test.yaml b/test/cli/test/anypattern_skip_error/kyverno-test.yaml index 14675ba1bb..a7462b9ac5 100644 --- a/test/cli/test/anypattern_skip_error/kyverno-test.yaml +++ b/test/cli/test/anypattern_skip_error/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: validate-service-loadbalancer +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/autogen-values/kyverno-test.yaml b/test/cli/test/autogen-values/kyverno-test.yaml index 8d943728e8..1a8e29fbcf 100644 --- a/test/cli/test/autogen-values/kyverno-test.yaml +++ b/test/cli/test/autogen-values/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/autogen/kyverno-test.yaml b/test/cli/test/autogen/kyverno-test.yaml index 0096f5adaf..1974d0e448 100644 --- a/test/cli/test/autogen/kyverno-test.yaml +++ b/test/cli/test/autogen/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: kyverno-test.yaml +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/container_reorder/kyverno-test.yaml b/test/cli/test/container_reorder/kyverno-test.yaml index 6995556077..c2ebc0800e 100644 --- a/test/cli/test/container_reorder/kyverno-test.yaml +++ b/test/cli/test/container_reorder/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-image-verify-signature +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yml resources: diff --git a/test/cli/test/context-entries/kyverno-test.yaml b/test/cli/test/context-entries/kyverno-test.yaml index 42147a3c99..a3f29d94e9 100644 --- a/test/cli/test/context-entries/kyverno-test.yaml +++ b/test/cli/test/context-entries/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-context-entries +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policies.yaml resources: diff --git a/test/cli/test/context-foreach/kyverno-test.yaml b/test/cli/test/context-foreach/kyverno-test.yaml index 5a8180678b..d6a2bdc3c8 100644 --- a/test/cli/test/context-foreach/kyverno-test.yaml +++ b/test/cli/test/context-foreach/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: block-images +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/custom-functions/kyverno-test.yaml b/test/cli/test/custom-functions/kyverno-test.yaml index d919e0915b..78b2f4cbee 100644 --- a/test/cli/test/custom-functions/kyverno-test.yaml +++ b/test/cli/test/custom-functions/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-custom-funcs +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/default_value_to_create/kyverno-test.yaml b/test/cli/test/default_value_to_create/kyverno-test.yaml index bd81ce4dab..7747fdf506 100644 --- a/test/cli/test/default_value_to_create/kyverno-test.yaml +++ b/test/cli/test/default_value_to_create/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: psp-check-supplemental-groups +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - check-supplemental-groups.yaml resources: diff --git a/test/cli/test/deny-modify-platform-label-2/kyverno-test.yaml b/test/cli/test/deny-modify-platform-label-2/kyverno-test.yaml index f741153328..f5543a7c18 100644 --- a/test/cli/test/deny-modify-platform-label-2/kyverno-test.yaml +++ b/test/cli/test/deny-modify-platform-label-2/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: deny-modify-platform-label-2 +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - deny-modify-platform-label.yaml resources: diff --git a/test/cli/test/deny-modify-platform-label-3/kyverno-test.yaml b/test/cli/test/deny-modify-platform-label-3/kyverno-test.yaml index 338735116e..0c6b672417 100644 --- a/test/cli/test/deny-modify-platform-label-3/kyverno-test.yaml +++ b/test/cli/test/deny-modify-platform-label-3/kyverno-test.yaml @@ -1,9 +1,11 @@ -name: deny-modify-platform-label-2 +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - deny-modify-platform-label.yaml resources: - resource.yaml -variables: variables.yaml results: - kind: Role policy: deny-modify-platform-label @@ -11,3 +13,4 @@ results: - my-role-with-platform result: fail rule: deny-modify-platform-role +variables: variables.yaml diff --git a/test/cli/test/deny-modify-platform-label/kyverno-test.yaml b/test/cli/test/deny-modify-platform-label/kyverno-test.yaml index a9f7d3a6fd..1706d37b30 100644 --- a/test/cli/test/deny-modify-platform-label/kyverno-test.yaml +++ b/test/cli/test/deny-modify-platform-label/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: modify_with_master_access +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - deny-modify-platform-label.yaml resources: diff --git a/test/cli/test/depecated_apis/kyverno-test.yaml b/test/cli/test/depecated_apis/kyverno-test.yaml index d43d30d6e4..625ec6555c 100644 --- a/test/cli/test/depecated_apis/kyverno-test.yaml +++ b/test/cli/test/depecated_apis/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-simple +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/disallow-service/kyverno-test.yaml b/test/cli/test/disallow-service/kyverno-test.yaml index 574cb9c51b..2335ff0fe7 100644 --- a/test/cli/test/disallow-service/kyverno-test.yaml +++ b/test/cli/test/disallow-service/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: disallow-service +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/exec-subresource/kyverno-test.yaml b/test/cli/test/exec-subresource/kyverno-test.yaml index 258b2b7f1d..2311d6b56a 100644 --- a/test/cli/test/exec-subresource/kyverno-test.yaml +++ b/test/cli/test/exec-subresource/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: deny-exec-by-pod-label +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - deny-exec-by-pod-label.yaml resources: @@ -13,13 +16,10 @@ results: values: globalValues: request.operation: CONNECT - namespaceSelector: null policies: - name: deny-exec-by-pod-label - resources: null rules: - - foreachValues: null - name: deny-exec-by-label + - name: deny-exec-by-label values: podexeclabel: "false" subresources: diff --git a/test/cli/test/foreach-preconditions/kyverno-test.yaml b/test/cli/test/foreach-preconditions/kyverno-test.yaml index a5a6f378a4..fd815a818a 100644 --- a/test/cli/test/foreach-preconditions/kyverno-test.yaml +++ b/test/cli/test/foreach-preconditions/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-foreach-precondition +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policies.yaml resources: diff --git a/test/cli/test/foreach/kyverno-test.yaml b/test/cli/test/foreach/kyverno-test.yaml index 352dd093e0..85990a5391 100644 --- a/test/cli/test/foreach/kyverno-test.yaml +++ b/test/cli/test/foreach/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-foreach +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policies.yaml resources: diff --git a/test/cli/test/images/digest/kyverno-test.yaml b/test/cli/test/images/digest/kyverno-test.yaml index c58e3eeade..8df4d88a8f 100644 --- a/test/cli/test/images/digest/kyverno-test.yaml +++ b/test/cli/test/images/digest/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-image-digest +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policies.yaml resources: diff --git a/test/cli/test/images/secure-images/kyverno-test.yaml b/test/cli/test/images/secure-images/kyverno-test.yaml index 256a3aa477..2347df0b39 100644 --- a/test/cli/test/images/secure-images/kyverno-test.yaml +++ b/test/cli/test/images/secure-images/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-image-enforce-signatures +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policies.yaml resources: diff --git a/test/cli/test/images/signatures/kyverno-test.yaml b/test/cli/test/images/signatures/kyverno-test.yaml index 958298771e..615e1138cc 100644 --- a/test/cli/test/images/signatures/kyverno-test.yaml +++ b/test/cli/test/images/signatures/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-image-signature +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policies.yaml resources: diff --git a/test/cli/test/images/verify-signature/kyverno-test.yaml b/test/cli/test/images/verify-signature/kyverno-test.yaml index 112c1f9010..8da8f40bac 100644 --- a/test/cli/test/images/verify-signature/kyverno-test.yaml +++ b/test/cli/test/images/verify-signature/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-image-verify-signature +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policies.yaml resources: diff --git a/test/cli/test/jmespath-brackets/kyverno-test.yaml b/test/cli/test/jmespath-brackets/kyverno-test.yaml index 724c9458f4..daab86e30f 100644 --- a/test/cli/test/jmespath-brackets/kyverno-test.yaml +++ b/test/cli/test/jmespath-brackets/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-preconditions +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/limit-configmap-for-sa/kyverno-test.yaml b/test/cli/test/limit-configmap-for-sa/kyverno-test.yaml index 646ebae57f..ebbc15b65d 100644 --- a/test/cli/test/limit-configmap-for-sa/kyverno-test.yaml +++ b/test/cli/test/limit-configmap-for-sa/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: limit-configmap-for-sa +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - limit_configmap_for_sa.yaml resources: diff --git a/test/cli/test/manifests/verify-signature/kyverno-test.yaml b/test/cli/test/manifests/verify-signature/kyverno-test.yaml index 93cfc6f67e..b04fd73e0b 100644 --- a/test/cli/test/manifests/verify-signature/kyverno-test.yaml +++ b/test/cli/test/manifests/verify-signature/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: yaml-verification +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policies.yaml resources: diff --git a/test/cli/test/mixed/kyverno-test.yaml b/test/cli/test/mixed/kyverno-test.yaml index debc3fb0c3..7adbd64a61 100644 --- a/test/cli/test/mixed/kyverno-test.yaml +++ b/test/cli/test/mixed/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: ondemand +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/multiple_condition_keys/kyverno-test.yaml b/test/cli/test/multiple_condition_keys/kyverno-test.yaml index c8a1e345ef..91401309ac 100644 --- a/test/cli/test/multiple_condition_keys/kyverno-test.yaml +++ b/test/cli/test/multiple_condition_keys/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-simple +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/mutate-keda-scaled-object/kyverno-test.yaml b/test/cli/test/mutate-keda-scaled-object/kyverno-test.yaml index b9e9563a33..4b86e48e9b 100644 --- a/test/cli/test/mutate-keda-scaled-object/kyverno-test.yaml +++ b/test/cli/test/mutate-keda-scaled-object/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: mutate-keda-scaled-object +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/nil-values-in-variables/exclude_namespaces_dynamically/kyverno-test.yaml b/test/cli/test/nil-values-in-variables/exclude_namespaces_dynamically/kyverno-test.yaml index 7446a566a7..8e8b6e6386 100644 --- a/test/cli/test/nil-values-in-variables/exclude_namespaces_dynamically/kyverno-test.yaml +++ b/test/cli/test/nil-values-in-variables/exclude_namespaces_dynamically/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: exclude-namespaces-example +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - exclude_namespaces_dynamically.yaml resources: diff --git a/test/cli/test/nil-values-in-variables/limit-duration/kyverno-test.yaml b/test/cli/test/nil-values-in-variables/limit-duration/kyverno-test.yaml index 82f838e829..bcb98eff23 100644 --- a/test/cli/test/nil-values-in-variables/limit-duration/kyverno-test.yaml +++ b/test/cli/test/nil-values-in-variables/limit-duration/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: limit-duration +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - limit-duration.yaml resources: diff --git a/test/cli/test/node-status/kyverno-test.yaml b/test/cli/test/node-status/kyverno-test.yaml index e215be2b71..07ddf17a0f 100644 --- a/test/cli/test/node-status/kyverno-test.yaml +++ b/test/cli/test/node-status/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: check-kernel +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - check_node_for_cve_2022_0185.yaml resources: diff --git a/test/cli/test/owner_references/kyverno-test.yaml b/test/cli/test/owner_references/kyverno-test.yaml index 44c7fdc103..7d10636d81 100644 --- a/test/cli/test/owner_references/kyverno-test.yaml +++ b/test/cli/test/owner_references/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: pod-probes +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: @@ -10,16 +13,3 @@ results: - pod-fail result: fail rule: require-pod-probes -# TODO CEB FIX -# - kind: Deployment -# policy: require-pod-probes -# resources: -# - deployment-skip -# result: skip -# rule: require-pod-probes -# - kind: CronJob -# policy: require-pod-probes -# resources: -# - cronjob-skip -# result: skip -# rule: require-pod-probes diff --git a/test/cli/test/policy-reports-skip-validation/kyverno-test.yaml b/test/cli/test/policy-reports-skip-validation/kyverno-test.yaml index daaf7bcb31..69b9f4ed22 100644 --- a/test/cli/test/policy-reports-skip-validation/kyverno-test.yaml +++ b/test/cli/test/policy-reports-skip-validation/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: disallow-naked-pods +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/preconditions/kyverno-test.yaml b/test/cli/test/preconditions/kyverno-test.yaml index a22f56eccd..db823a9954 100644 --- a/test/cli/test/preconditions/kyverno-test.yaml +++ b/test/cli/test/preconditions/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-preconditions +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/rangeoperators/kyverno-test.yaml b/test/cli/test/rangeoperators/kyverno-test.yaml index fe70e0e85a..4fb649fc14 100644 --- a/test/cli/test/rangeoperators/kyverno-test.yaml +++ b/test/cli/test/rangeoperators/kyverno-test.yaml @@ -1,12 +1,15 @@ -name: test-rangeoperators +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - - policy.yaml +- policy.yaml resources: - - resources.yaml +- resources.yaml results: - - policy: check-value - rule: check-value - resources: - - test-config-fail - kind: ConfigMap - result: fail \ No newline at end of file +- kind: ConfigMap + policy: check-value + resources: + - test-config-fail + result: fail + rule: check-value diff --git a/test/cli/test/resource_lists/kyverno-test.yaml b/test/cli/test/resource_lists/kyverno-test.yaml index a6b9ea4d79..2dca3278a3 100644 --- a/test/cli/test/resource_lists/kyverno-test.yaml +++ b/test/cli/test/resource_lists/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: resource-lists +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/restrict-something/kyverno-test.yaml b/test/cli/test/restrict-something/kyverno-test.yaml index 5a80383b91..0b1fe4154a 100644 --- a/test/cli/test/restrict-something/kyverno-test.yaml +++ b/test/cli/test/restrict-something/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: repro-dups-bug +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/restrict_ingress_host/kyverno-test.yaml b/test/cli/test/restrict_ingress_host/kyverno-test.yaml index e0d0fbc0cd..c0cbb755b0 100644 --- a/test/cli/test/restrict_ingress_host/kyverno-test.yaml +++ b/test/cli/test/restrict_ingress_host/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: unique-ingress-host +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - restrict_ingress_host.yaml resources: diff --git a/test/cli/test/scale-subresource/kyverno-test.yaml b/test/cli/test/scale-subresource/kyverno-test.yaml index 9e81025b80..88c3da08d8 100644 --- a/test/cli/test/scale-subresource/kyverno-test.yaml +++ b/test/cli/test/scale-subresource/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: enforce-replicas-for-scale-subresource +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - enforce-replicas-for-scale-subresource.yml resources: diff --git a/test/cli/test/secret/kyverno-test.yaml b/test/cli/test/secret/kyverno-test.yaml index 8e50976f6d..b0c7fb9c60 100644 --- a/test/cli/test/secret/kyverno-test.yaml +++ b/test/cli/test/secret/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: add-maintainer +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/simple/kyverno-test.yaml b/test/cli/test/simple/kyverno-test.yaml index d902b931a5..7763008d24 100644 --- a/test/cli/test/simple/kyverno-test.yaml +++ b/test/cli/test/simple/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-simple +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/unordered-context-variables/kyverno-test.yaml b/test/cli/test/unordered-context-variables/kyverno-test.yaml index 78007afc37..53c0a36626 100644 --- a/test/cli/test/unordered-context-variables/kyverno-test.yaml +++ b/test/cli/test/unordered-context-variables/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: chained-variables +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/validating-admission-policies/disallow-host-path/kyverno-test.yaml b/test/cli/test/validating-admission-policies/disallow-host-path/kyverno-test.yaml index ee9e36fce3..b309562872 100644 --- a/test/cli/test/validating-admission-policies/disallow-host-path/kyverno-test.yaml +++ b/test/cli/test/validating-admission-policies/disallow-host-path/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: disallow-host-path-test +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - disallow-host-path.yaml resources: diff --git a/test/cli/test/variables/kyverno-test.yaml b/test/cli/test/variables/kyverno-test.yaml index 912d73eb12..7186411884 100644 --- a/test/cli/test/variables/kyverno-test.yaml +++ b/test/cli/test/variables/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: test-variables +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - cm-variable-example.yaml - cm-multiple-example.yaml diff --git a/test/cli/test/wildcard_match_label_selector/kyverno-test.yaml b/test/cli/test/wildcard_match_label_selector/kyverno-test.yaml index 87e2ed7611..524c07cd48 100644 --- a/test/cli/test/wildcard_match_label_selector/kyverno-test.yaml +++ b/test/cli/test/wildcard_match_label_selector/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: wildcard-support-in-matchlabels +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: diff --git a/test/cli/test/wildcard_mutate/kyverno-test.yaml b/test/cli/test/wildcard_mutate/kyverno-test.yaml index f7db54a53f..7cfad9710d 100644 --- a/test/cli/test/wildcard_mutate/kyverno-test.yaml +++ b/test/cli/test/wildcard_mutate/kyverno-test.yaml @@ -1,4 +1,7 @@ -name: wildcard-support-in-matchlabels +apiVersion: cli.kyverno.io/v1alpha1 +kind: Test +metadata: + name: kyverno-test.yaml policies: - policy.yaml resources: