mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-15 20:20:22 +00:00
feat: add cli api schemas (#8422)
* feat: add cli values schema Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * docs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v1alpha1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nits Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
parent
9361100f17
commit
a43a20adb9
153 changed files with 2323 additions and 415 deletions
24
Makefile
24
Makefile
|
@ -494,6 +494,11 @@ codegen-crds-report: $(CONTROLLER_GEN) ## Generate policy reports CRDs
|
||||||
@echo Generate policy reports crds... >&2
|
@echo Generate policy reports crds... >&2
|
||||||
@$(CONTROLLER_GEN) crd paths=./api/policyreport/... crd:crdVersions=v1 output:dir=$(CRDS_PATH)
|
@$(CONTROLLER_GEN) crd paths=./api/policyreport/... crd:crdVersions=v1 output:dir=$(CRDS_PATH)
|
||||||
|
|
||||||
|
.PHONY: codegen-crds-cli
|
||||||
|
codegen-crds-cli: $(CONTROLLER_GEN) ## Generate policy reports CRDs
|
||||||
|
@echo Generate cli crds... >&2
|
||||||
|
@$(CONTROLLER_GEN) crd paths=./cmd/cli/kubectl-kyverno/apis/... crd:crdVersions=v1 output:dir=${PWD}/cmd/cli/kubectl-kyverno/config/crds
|
||||||
|
|
||||||
.PHONY: codegen-crds-all
|
.PHONY: codegen-crds-all
|
||||||
codegen-crds-all: codegen-crds-kyverno codegen-crds-report ## Generate all CRDs
|
codegen-crds-all: codegen-crds-kyverno codegen-crds-report ## Generate all CRDs
|
||||||
|
|
||||||
|
@ -512,11 +517,21 @@ codegen-api-docs: $(PACKAGE_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) ## Generate API
|
||||||
-template-dir docs/user/template \
|
-template-dir docs/user/template \
|
||||||
-out-file docs/user/crd/index.html
|
-out-file docs/user/crd/index.html
|
||||||
|
|
||||||
|
.PHONY: codegen-cli-api-docs
|
||||||
|
codegen-cli-api-docs: $(PACKAGE_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) ## Generate CLI API docs
|
||||||
|
@echo Generate CLI api docs... >&2
|
||||||
|
@rm -rf docs/user/cli/crd && mkdir -p docs/user/cli/crd
|
||||||
|
@GOPATH=$(GOPATH_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) -v 4 \
|
||||||
|
-api-dir $(PACKAGE)/cmd/cli/kubectl-kyverno/apis \
|
||||||
|
-config docs/user/config.json \
|
||||||
|
-template-dir docs/user/template \
|
||||||
|
-out-file docs/user/cli/crd/index.html
|
||||||
|
|
||||||
.PHONY: codegen-cli-docs
|
.PHONY: codegen-cli-docs
|
||||||
codegen-cli-docs: $(CLI_BIN) ## Generate CLI docs
|
codegen-cli-docs: $(CLI_BIN) ## Generate CLI docs
|
||||||
@echo Generate cli docs... >&2
|
@echo Generate cli docs... >&2
|
||||||
@rm -rf docs/user/cli && mkdir -p docs/user/cli
|
@rm -rf docs/user/cli/commands && mkdir -p docs/user/cli/commands
|
||||||
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) docs -o docs/user/cli --autogenTag=false
|
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) docs -o docs/user/cli/commands --autogenTag=false
|
||||||
|
|
||||||
.PHONY: codegen-cli-crds
|
.PHONY: codegen-cli-crds
|
||||||
codegen-cli-crds: codegen-crds-kyverno ## Copy generated CRDs to embed in the CLI
|
codegen-cli-crds: codegen-crds-kyverno ## Copy generated CRDs to embed in the CLI
|
||||||
|
@ -531,13 +546,16 @@ codegen-docs-all: codegen-helm-docs codegen-cli-docs codegen-api-docs ## Genera
|
||||||
.PHONY: codegen-fix-tests
|
.PHONY: codegen-fix-tests
|
||||||
codegen-fix-tests: $(CLI_BIN) ## Fix CLI test files
|
codegen-fix-tests: $(CLI_BIN) ## Fix CLI test files
|
||||||
@echo Fix CLI test files... >&2
|
@echo Fix CLI test files... >&2
|
||||||
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix test ./test/cli --save --compress
|
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix test ./test/cli --save --compress --force
|
||||||
|
|
||||||
.PHONY: codegen-fix-policies
|
.PHONY: codegen-fix-policies
|
||||||
codegen-fix-policies: $(CLI_BIN) ## Fix CLI policy files
|
codegen-fix-policies: $(CLI_BIN) ## Fix CLI policy files
|
||||||
@echo Fix CLI policy files... >&2
|
@echo Fix CLI policy files... >&2
|
||||||
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix policy ./test/cli/test --save
|
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix policy ./test/cli/test --save
|
||||||
|
|
||||||
|
.PHONY: codegen-cli-all
|
||||||
|
codegen-cli-all: codegen-cli-crds codegen-cli-docs codegen-cli-api-docs codegen-fix-tests ## Generate all CLI related code and docs
|
||||||
|
|
||||||
.PHONY: codegen-helm-crds
|
.PHONY: codegen-helm-crds
|
||||||
codegen-helm-crds: codegen-crds-all ## Generate helm CRDs
|
codegen-helm-crds: codegen-crds-all ## Generate helm CRDs
|
||||||
@echo Generate helm crds... >&2
|
@echo Generate helm crds... >&2
|
||||||
|
|
1
cmd/cli/kubectl-kyverno/apis/doc.go
Normal file
1
cmd/cli/kubectl-kyverno/apis/doc.go
Normal file
|
@ -0,0 +1 @@
|
||||||
|
package apis
|
|
@ -1,15 +0,0 @@
|
||||||
package test
|
|
||||||
|
|
||||||
import (
|
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
|
||||||
)
|
|
||||||
|
|
||||||
type Test struct {
|
|
||||||
Name string `json:"name"`
|
|
||||||
Policies []string `json:"policies"`
|
|
||||||
Resources []string `json:"resources"`
|
|
||||||
Variables string `json:"variables,omitempty"`
|
|
||||||
UserInfo string `json:"userinfo,omitempty"`
|
|
||||||
Results []TestResult `json:"results"`
|
|
||||||
Values *values.Values `json:"values,omitempty"`
|
|
||||||
}
|
|
3
cmd/cli/kubectl-kyverno/apis/v1alpha1/doc.go
Executable file
3
cmd/cli/kubectl-kyverno/apis/v1alpha1/doc.go
Executable file
|
@ -0,0 +1,3 @@
|
||||||
|
// +groupName=cli.kyverno.io
|
||||||
|
|
||||||
|
package v1alpha1
|
10
cmd/cli/kubectl-kyverno/apis/v1alpha1/namespace_selector.go
Normal file
10
cmd/cli/kubectl-kyverno/apis/v1alpha1/namespace_selector.go
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
// NamespaceSelector declares labels for a given namespace
|
||||||
|
type NamespaceSelector struct {
|
||||||
|
// Name is the namespace name
|
||||||
|
Name string `json:"name"`
|
||||||
|
|
||||||
|
// Labels are the labels for the given namespace
|
||||||
|
Labels map[string]string `json:"labels"`
|
||||||
|
}
|
13
cmd/cli/kubectl-kyverno/apis/v1alpha1/policy.go
Normal file
13
cmd/cli/kubectl-kyverno/apis/v1alpha1/policy.go
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
// Policy declares values for a given policy
|
||||||
|
type Policy struct {
|
||||||
|
// Name is the policy name
|
||||||
|
Name string `json:"name"`
|
||||||
|
|
||||||
|
// Resources are values for specific resources
|
||||||
|
Resources []Resource `json:"resources,omitempty"`
|
||||||
|
|
||||||
|
// Rules are values for specific policy rules
|
||||||
|
Rules []Rule `json:"rules,omitempty"`
|
||||||
|
}
|
13
cmd/cli/kubectl-kyverno/apis/v1alpha1/resource.go
Normal file
13
cmd/cli/kubectl-kyverno/apis/v1alpha1/resource.go
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
// Resource declares values for a given resource
|
||||||
|
type Resource struct {
|
||||||
|
// Name is the name of the resource
|
||||||
|
Name string `json:"name"`
|
||||||
|
|
||||||
|
// Values are the values for the given resource
|
||||||
|
// +kubebuilder:validation:Type=object
|
||||||
|
// +kubebuilder:pruning:PreserveUnknownFields
|
||||||
|
// +kubebuilder:validation:Schemaless
|
||||||
|
Values map[string]interface{} `json:"values,omitempty"`
|
||||||
|
}
|
19
cmd/cli/kubectl-kyverno/apis/v1alpha1/rule.go
Normal file
19
cmd/cli/kubectl-kyverno/apis/v1alpha1/rule.go
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
// Rule declares values for a given policy rule
|
||||||
|
type Rule struct {
|
||||||
|
// Name is the name of the ppolicy rule
|
||||||
|
Name string `json:"name"`
|
||||||
|
|
||||||
|
// Values are the values for the given policy rule
|
||||||
|
// +kubebuilder:validation:Type=object
|
||||||
|
// +kubebuilder:pruning:PreserveUnknownFields
|
||||||
|
// +kubebuilder:validation:Schemaless
|
||||||
|
Values map[string]interface{} `json:"values,omitempty"`
|
||||||
|
|
||||||
|
// ForeachValues are the foreach values for the given policy rule
|
||||||
|
// +kubebuilder:validation:Type=object
|
||||||
|
// +kubebuilder:pruning:PreserveUnknownFields
|
||||||
|
// +kubebuilder:validation:Schemaless
|
||||||
|
ForeachValues map[string][]interface{} `json:"foreachValues,omitempty"`
|
||||||
|
}
|
14
cmd/cli/kubectl-kyverno/apis/v1alpha1/subresource.go
Normal file
14
cmd/cli/kubectl-kyverno/apis/v1alpha1/subresource.go
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
import (
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Subresource declares subresource/parent resource mapping
|
||||||
|
type Subresource struct {
|
||||||
|
// Subresource declares the subresource api
|
||||||
|
Subresource metav1.APIResource `json:"subresource"`
|
||||||
|
|
||||||
|
// ParentResource declares the parent resource api
|
||||||
|
ParentResource metav1.APIResource `json:"parentResource"`
|
||||||
|
}
|
37
cmd/cli/kubectl-kyverno/apis/v1alpha1/test.go
Normal file
37
cmd/cli/kubectl-kyverno/apis/v1alpha1/test.go
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
import (
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
)
|
||||||
|
|
||||||
|
// +genclient
|
||||||
|
// +kubebuilder:object:root=true
|
||||||
|
// +kubebuilder:resource:scope="Cluster"
|
||||||
|
|
||||||
|
// Test declares a test
|
||||||
|
type Test struct {
|
||||||
|
metav1.TypeMeta `json:",inline,omitempty"`
|
||||||
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
|
// Name is the name of the test.
|
||||||
|
// This field is deprecated, use `metadata.name` instead
|
||||||
|
Name string `json:"name,omitempty"`
|
||||||
|
|
||||||
|
// Policies are the policies to be used in the test
|
||||||
|
Policies []string `json:"policies,omitempty"`
|
||||||
|
|
||||||
|
// Resources are the resource to be used in the test
|
||||||
|
Resources []string `json:"resources,omitempty"`
|
||||||
|
|
||||||
|
// Variables is the values to be used in the test
|
||||||
|
Variables string `json:"variables,omitempty"`
|
||||||
|
|
||||||
|
// UserInfo is the user info to be used in the test
|
||||||
|
UserInfo string `json:"userinfo,omitempty"`
|
||||||
|
|
||||||
|
// Results are the results to be checked in the test
|
||||||
|
Results []TestResult `json:"results,omitempty"`
|
||||||
|
|
||||||
|
// Values are the values to be used in the test
|
||||||
|
Values *ValuesSpec `json:"values,omitempty"`
|
||||||
|
}
|
|
@ -1,52 +1,65 @@
|
||||||
package test
|
package v1alpha1
|
||||||
|
|
||||||
import (
|
import (
|
||||||
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
|
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// TestResultBase declares a test result base fields
|
||||||
type TestResultBase struct {
|
type TestResultBase struct {
|
||||||
// Policy mentions the name of the policy.
|
// Policy mentions the name of the policy.
|
||||||
Policy string `json:"policy"`
|
Policy string `json:"policy"`
|
||||||
|
|
||||||
// Rule mentions the name of the rule in the policy.
|
// Rule mentions the name of the rule in the policy.
|
||||||
// It's required in case policy is a kyverno policy.
|
// It's required in case policy is a kyverno policy.
|
||||||
// +optional
|
// +optional
|
||||||
Rule string `json:"rule,omitempty"`
|
Rule string `json:"rule,omitempty"`
|
||||||
|
|
||||||
// IsValidatingAdmissionPolicy indicates if the policy is a validating admission policy.
|
// IsValidatingAdmissionPolicy indicates if the policy is a validating admission policy.
|
||||||
// It's required in case policy is a validating admission policy.
|
// It's required in case policy is a validating admission policy.
|
||||||
// +optional
|
// +optional
|
||||||
IsValidatingAdmissionPolicy bool `json:"isValidatingAdmissionPolicy,omitempty"`
|
IsValidatingAdmissionPolicy bool `json:"isValidatingAdmissionPolicy,omitempty"`
|
||||||
|
|
||||||
// Result mentions the result that the user is expecting.
|
// Result mentions the result that the user is expecting.
|
||||||
// Possible values are pass, fail and skip.
|
// Possible values are pass, fail and skip.
|
||||||
Result policyreportv1alpha2.PolicyResult `json:"result"`
|
Result policyreportv1alpha2.PolicyResult `json:"result"`
|
||||||
|
|
||||||
// Kind mentions the kind of the resource on which the policy is to be applied.
|
// Kind mentions the kind of the resource on which the policy is to be applied.
|
||||||
Kind string `json:"kind"`
|
Kind string `json:"kind"`
|
||||||
|
|
||||||
// PatchedResource takes a resource configuration file in yaml format from
|
// PatchedResource takes a resource configuration file in yaml format from
|
||||||
// the user to compare it against the Kyverno mutated resource configuration.
|
// the user to compare it against the Kyverno mutated resource configuration.
|
||||||
PatchedResource string `json:"patchedResource,omitempty"`
|
PatchedResource string `json:"patchedResource,omitempty"`
|
||||||
|
|
||||||
// GeneratedResource takes a resource configuration file in yaml format from
|
// GeneratedResource takes a resource configuration file in yaml format from
|
||||||
// the user to compare it against the Kyverno generated resource configuration.
|
// the user to compare it against the Kyverno generated resource configuration.
|
||||||
GeneratedResource string `json:"generatedResource,omitempty"`
|
GeneratedResource string `json:"generatedResource,omitempty"`
|
||||||
|
|
||||||
// CloneSourceResource takes the resource configuration file in yaml format
|
// CloneSourceResource takes the resource configuration file in yaml format
|
||||||
// from the user which is meant to be cloned by the generate rule.
|
// from the user which is meant to be cloned by the generate rule.
|
||||||
CloneSourceResource string `json:"cloneSourceResource,omitempty"`
|
CloneSourceResource string `json:"cloneSourceResource,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestResultBase declares a test result deprecated fields
|
||||||
type TestResultDeprecated struct {
|
type TestResultDeprecated struct {
|
||||||
// Status mentions the status that the user is expecting.
|
// Status mentions the status that the user is expecting.
|
||||||
// Possible values are pass, fail and skip.
|
// Possible values are pass, fail and skip.
|
||||||
// This is DEPRECATED, use `Result` instead.
|
// This is DEPRECATED, use `Result` instead.
|
||||||
Status policyreportv1alpha2.PolicyResult `json:"status,omitempty"`
|
Status policyreportv1alpha2.PolicyResult `json:"status,omitempty"`
|
||||||
|
|
||||||
// Resource mentions the name of the resource on which the policy is to be applied.
|
// Resource mentions the name of the resource on which the policy is to be applied.
|
||||||
// This is DEPRECATED, use `Resources` instead.
|
// This is DEPRECATED, use `Resources` instead.
|
||||||
Resource string `json:"resource,omitempty"`
|
Resource string `json:"resource,omitempty"`
|
||||||
|
|
||||||
// Namespace mentions the namespace of the policy which has namespace scope.
|
// Namespace mentions the namespace of the policy which has namespace scope.
|
||||||
// This is DEPRECATED, use a name in the form `<namespace>/<name>` for policies and/or resources instead.
|
// This is DEPRECATED, use a name in the form `<namespace>/<name>` for policies and/or resources instead.
|
||||||
Namespace string `json:"namespace,omitempty"`
|
Namespace string `json:"namespace,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestResultBase declares a test result
|
||||||
type TestResult struct {
|
type TestResult struct {
|
||||||
TestResultBase `json:",inline,omitempty"`
|
TestResultBase `json:",inline,omitempty"`
|
||||||
TestResultDeprecated `json:",inline,omitempty"`
|
TestResultDeprecated `json:",inline,omitempty"`
|
||||||
|
|
||||||
// Resources gives us the list of resources on which the policy is going to be applied.
|
// Resources gives us the list of resources on which the policy is going to be applied.
|
||||||
Resources []string `json:"resources"`
|
Resources []string `json:"resources"`
|
||||||
}
|
}
|
19
cmd/cli/kubectl-kyverno/apis/v1alpha1/user_info.go
Normal file
19
cmd/cli/kubectl-kyverno/apis/v1alpha1/user_info.go
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
import (
|
||||||
|
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
)
|
||||||
|
|
||||||
|
// +genclient
|
||||||
|
// +kubebuilder:object:root=true
|
||||||
|
// +kubebuilder:resource:scope="Cluster"
|
||||||
|
|
||||||
|
// UserInfo declares user infos to be loaded by the Kyverno CLI
|
||||||
|
type UserInfo struct {
|
||||||
|
metav1.TypeMeta `json:",inline,omitempty"`
|
||||||
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
|
// RequestInfo declares user infos
|
||||||
|
kyvernov1beta1.RequestInfo `json:",inline"`
|
||||||
|
}
|
18
cmd/cli/kubectl-kyverno/apis/v1alpha1/values.go
Normal file
18
cmd/cli/kubectl-kyverno/apis/v1alpha1/values.go
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
import (
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
)
|
||||||
|
|
||||||
|
// +genclient
|
||||||
|
// +kubebuilder:object:root=true
|
||||||
|
// +kubebuilder:resource:scope="Cluster"
|
||||||
|
|
||||||
|
// Values declares values to be loaded by the Kyverno CLI
|
||||||
|
type Values struct {
|
||||||
|
metav1.TypeMeta `json:",inline,omitempty"`
|
||||||
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
|
// ValuesSpec declares values
|
||||||
|
ValuesSpec `json:",inline"`
|
||||||
|
}
|
19
cmd/cli/kubectl-kyverno/apis/v1alpha1/values_spec.go
Normal file
19
cmd/cli/kubectl-kyverno/apis/v1alpha1/values_spec.go
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
// ValuesSpec declares values to be loaded by the Kyverno CLI
|
||||||
|
type ValuesSpec struct {
|
||||||
|
// GlobalValues are the global values
|
||||||
|
// +kubebuilder:validation:Type=object
|
||||||
|
// +kubebuilder:pruning:PreserveUnknownFields
|
||||||
|
// +kubebuilder:validation:Schemaless
|
||||||
|
GlobalValues map[string]interface{} `json:"globalValues,omitempty"`
|
||||||
|
|
||||||
|
// Policies are the policy values
|
||||||
|
Policies []Policy `json:"policies,omitempty"`
|
||||||
|
|
||||||
|
// NamespaceSelectors are the namespace labels
|
||||||
|
NamespaceSelectors []NamespaceSelector `json:"namespaceSelector,omitempty"`
|
||||||
|
|
||||||
|
// Subresources are the subresource/parent resource mappings
|
||||||
|
Subresources []Subresource `json:"subresources,omitempty"`
|
||||||
|
}
|
|
@ -1,6 +0,0 @@
|
||||||
package values
|
|
||||||
|
|
||||||
type NamespaceSelector struct {
|
|
||||||
Name string `json:"name"`
|
|
||||||
Labels map[string]string `json:"labels"`
|
|
||||||
}
|
|
|
@ -1,7 +0,0 @@
|
||||||
package values
|
|
||||||
|
|
||||||
type Policy struct {
|
|
||||||
Name string `json:"name"`
|
|
||||||
Resources []Resource `json:"resources"`
|
|
||||||
Rules []Rule `json:"rules"`
|
|
||||||
}
|
|
|
@ -1,6 +0,0 @@
|
||||||
package values
|
|
||||||
|
|
||||||
type Resource struct {
|
|
||||||
Name string `json:"name"`
|
|
||||||
Values map[string]interface{} `json:"values"`
|
|
||||||
}
|
|
|
@ -1,7 +0,0 @@
|
||||||
package values
|
|
||||||
|
|
||||||
type Rule struct {
|
|
||||||
Name string `json:"name"`
|
|
||||||
Values map[string]interface{} `json:"values"`
|
|
||||||
ForeachValues map[string][]interface{} `json:"foreachValues"`
|
|
||||||
}
|
|
|
@ -1,10 +0,0 @@
|
||||||
package values
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
type Subresource struct {
|
|
||||||
APIResource metav1.APIResource `json:"subresource"`
|
|
||||||
ParentResource metav1.APIResource `json:"parentResource"`
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
package values
|
|
||||||
|
|
||||||
type Values struct {
|
|
||||||
Policies []Policy `json:"policies"`
|
|
||||||
GlobalValues map[string]interface{} `json:"globalValues"`
|
|
||||||
NamespaceSelectors []NamespaceSelector `json:"namespaceSelector"`
|
|
||||||
Subresources []Subresource `json:"subresources"`
|
|
||||||
}
|
|
|
@ -5,7 +5,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"text/template"
|
"text/template"
|
||||||
|
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/commands/create/templates"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/commands/create/templates"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
@ -35,9 +35,8 @@ func Command() *cobra.Command {
|
||||||
defer file.Close()
|
defer file.Close()
|
||||||
output = file
|
output = file
|
||||||
}
|
}
|
||||||
values := valuesapi.Values{
|
values := v1alpha1.ValuesSpec{}
|
||||||
GlobalValues: map[string]interface{}{},
|
values.GlobalValues = map[string]interface{}{}
|
||||||
}
|
|
||||||
for _, result := range namespaceSelector {
|
for _, result := range namespaceSelector {
|
||||||
result := parseNamespaceSelector(result)
|
result := parseNamespaceSelector(result)
|
||||||
if result != nil {
|
if result != nil {
|
||||||
|
@ -73,12 +72,12 @@ func Command() *cobra.Command {
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
||||||
func parseNamespaceSelector(in string) *valuesapi.NamespaceSelector {
|
func parseNamespaceSelector(in string) *v1alpha1.NamespaceSelector {
|
||||||
parts := strings.Split(in, ",")
|
parts := strings.Split(in, ",")
|
||||||
if len(parts) < 2 {
|
if len(parts) < 2 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
nsSelector := valuesapi.NamespaceSelector{
|
nsSelector := v1alpha1.NamespaceSelector{
|
||||||
Name: parts[0],
|
Name: parts[0],
|
||||||
Labels: map[string]string{},
|
Labels: map[string]string{},
|
||||||
}
|
}
|
||||||
|
@ -99,12 +98,12 @@ func parseKeyValue(in string) (string, string) {
|
||||||
return "", ""
|
return "", ""
|
||||||
}
|
}
|
||||||
|
|
||||||
func parseRule(in string) *valuesapi.Policy {
|
func parseRule(in string) *v1alpha1.Policy {
|
||||||
parts := strings.Split(in, ",")
|
parts := strings.Split(in, ",")
|
||||||
if len(parts) < 2 {
|
if len(parts) < 2 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
rule := valuesapi.Rule{
|
rule := v1alpha1.Rule{
|
||||||
Name: parts[1],
|
Name: parts[1],
|
||||||
Values: map[string]interface{}{},
|
Values: map[string]interface{}{},
|
||||||
}
|
}
|
||||||
|
@ -114,18 +113,18 @@ func parseRule(in string) *valuesapi.Policy {
|
||||||
rule.Values[k] = v
|
rule.Values[k] = v
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return &valuesapi.Policy{
|
return &v1alpha1.Policy{
|
||||||
Name: parts[0],
|
Name: parts[0],
|
||||||
Rules: []valuesapi.Rule{rule},
|
Rules: []v1alpha1.Rule{rule},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func parseResource(in string) *valuesapi.Policy {
|
func parseResource(in string) *v1alpha1.Policy {
|
||||||
parts := strings.Split(in, ",")
|
parts := strings.Split(in, ",")
|
||||||
if len(parts) < 2 {
|
if len(parts) < 2 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
resource := valuesapi.Resource{
|
resource := v1alpha1.Resource{
|
||||||
Name: parts[1],
|
Name: parts[1],
|
||||||
Values: map[string]interface{}{},
|
Values: map[string]interface{}{},
|
||||||
}
|
}
|
||||||
|
@ -135,8 +134,8 @@ func parseResource(in string) *valuesapi.Policy {
|
||||||
resource.Values[k] = v
|
resource.Values[k] = v
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return &valuesapi.Policy{
|
return &v1alpha1.Policy{
|
||||||
Name: parts[0],
|
Name: parts[0],
|
||||||
Resources: []valuesapi.Resource{resource},
|
Resources: []v1alpha1.Resource{resource},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -90,7 +90,7 @@ func (o options) processFile(out io.Writer, path string) {
|
||||||
for _, policy := range fixed {
|
for _, policy := range fixed {
|
||||||
untyped, err := kubeutils.ObjToUnstructured(policy)
|
untyped, err := kubeutils.ObjToUnstructured(policy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Fprintf(out, " ERROR: converting to yaml: %s", err)
|
fmt.Fprintf(out, " ERROR: converting to unstructured: %s", err)
|
||||||
fmt.Fprintln(out)
|
fmt.Fprintln(out)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -134,7 +134,7 @@ func (o options) processFile(out io.Writer, path string) {
|
||||||
}
|
}
|
||||||
jsonBytes, err := untyped.MarshalJSON()
|
jsonBytes, err := untyped.MarshalJSON()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Fprintf(out, " ERROR: converting to yaml: %s", err)
|
fmt.Fprintf(out, " ERROR: converting to json: %s", err)
|
||||||
fmt.Fprintln(out)
|
fmt.Fprintln(out)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,7 @@ func Command() *cobra.Command {
|
||||||
}
|
}
|
||||||
cmd.Flags().StringVarP(&options.fileName, "file-name", "f", "kyverno-test.yaml", "Test filename")
|
cmd.Flags().StringVarP(&options.fileName, "file-name", "f", "kyverno-test.yaml", "Test filename")
|
||||||
cmd.Flags().BoolVar(&options.save, "save", false, "Save fixed file")
|
cmd.Flags().BoolVar(&options.save, "save", false, "Save fixed file")
|
||||||
|
cmd.Flags().BoolVar(&options.force, "force", false, "Force save file")
|
||||||
cmd.Flags().BoolVar(&options.compress, "compress", false, "Compress test results")
|
cmd.Flags().BoolVar(&options.compress, "compress", false, "Compress test results")
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,12 +10,15 @@ import (
|
||||||
|
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/fix"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/fix"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test"
|
||||||
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
"sigs.k8s.io/yaml"
|
"sigs.k8s.io/yaml"
|
||||||
)
|
)
|
||||||
|
|
||||||
type options struct {
|
type options struct {
|
||||||
fileName string
|
fileName string
|
||||||
save bool
|
save bool
|
||||||
|
force bool
|
||||||
compress bool
|
compress bool
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -47,9 +50,9 @@ func (o options) execute(out io.Writer, dirs ...string) error {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
fixed := *testCase.Test
|
fixed := *testCase.Test
|
||||||
if fixed.Name == "" {
|
if fixed.ObjectMeta.Name == "" && fixed.Name == "" {
|
||||||
fmt.Fprintln(out, " WARNING: name is not set")
|
fmt.Fprintln(out, " WARNING: name is not set")
|
||||||
fixed.Name = filepath.Base(testCase.Path)
|
fixed.ObjectMeta.Name = filepath.Base(testCase.Path)
|
||||||
}
|
}
|
||||||
fixed, messages, err := fix.FixTest(fixed, o.compress)
|
fixed, messages, err := fix.FixTest(fixed, o.compress)
|
||||||
for _, warning := range messages {
|
for _, warning := range messages {
|
||||||
|
@ -60,12 +63,27 @@ func (o options) execute(out io.Writer, dirs ...string) error {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
needsSave := !reflect.DeepEqual(testCase.Test, &fixed)
|
needsSave := !reflect.DeepEqual(testCase.Test, &fixed)
|
||||||
if o.save && needsSave {
|
if o.save && (o.force || needsSave) {
|
||||||
fmt.Fprintf(out, " Saving test file (%s)...", testCase.Path)
|
fmt.Fprintf(out, " Saving test file (%s)...", testCase.Path)
|
||||||
fmt.Fprintln(out)
|
fmt.Fprintln(out)
|
||||||
yamlBytes, err := yaml.Marshal(fixed)
|
untyped, err := kubeutils.ObjToUnstructured(fixed)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Fprintf(out, " ERROR: converting test to yaml: %s", err)
|
fmt.Fprintf(out, " ERROR: converting to unstructured: %s", err)
|
||||||
|
fmt.Fprintln(out)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
unstructured.RemoveNestedField(untyped.UnstructuredContent(), "metadata", "creationTimestamp")
|
||||||
|
unstructured.RemoveNestedField(untyped.UnstructuredContent(), "metadata", "generation")
|
||||||
|
unstructured.RemoveNestedField(untyped.UnstructuredContent(), "metadata", "uid")
|
||||||
|
jsonBytes, err := untyped.MarshalJSON()
|
||||||
|
if err != nil {
|
||||||
|
fmt.Fprintf(out, " ERROR: converting to json: %s", err)
|
||||||
|
fmt.Fprintln(out)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
yamlBytes, err := yaml.JSONToYAML(jsonBytes)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Fprintf(out, " ERROR: converting to yaml: %s", err)
|
||||||
fmt.Fprintln(out)
|
fmt.Fprintln(out)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,7 +6,7 @@ import (
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
"github.com/go-git/go-billy/v5"
|
"github.com/go-git/go-billy/v5"
|
||||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color"
|
||||||
|
@ -112,7 +112,7 @@ func testCommandExecute(
|
||||||
for _, test := range tests {
|
for _, test := range tests {
|
||||||
if test.Err == nil {
|
if test.Err == nil {
|
||||||
// filter results
|
// filter results
|
||||||
var filteredResults []testapi.TestResult
|
var filteredResults []v1alpha1.TestResult
|
||||||
for _, res := range test.Test.Results {
|
for _, res := range test.Test.Results {
|
||||||
if filter.Apply(res) {
|
if filter.Apply(res) {
|
||||||
filteredResults = append(filteredResults, res)
|
filteredResults = append(filteredResults, res)
|
||||||
|
@ -149,7 +149,7 @@ func testCommandExecute(
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func checkResult(test testapi.TestResult, fs billy.Filesystem, resoucePath string, response engineapi.EngineResponse, rule engineapi.RuleResponse) (bool, string, string) {
|
func checkResult(test v1alpha1.TestResult, fs billy.Filesystem, resoucePath string, response engineapi.EngineResponse, rule engineapi.RuleResponse) (bool, string, string) {
|
||||||
expected := test.Result
|
expected := test.Result
|
||||||
// fallback to the deprecated field
|
// fallback to the deprecated field
|
||||||
if expected == "" {
|
if expected == "" {
|
||||||
|
@ -181,7 +181,7 @@ func checkResult(test testapi.TestResult, fs billy.Filesystem, resoucePath strin
|
||||||
return true, result.Message, "Ok"
|
return true, result.Message, "Ok"
|
||||||
}
|
}
|
||||||
|
|
||||||
func lookupEngineResponses(test testapi.TestResult, resourceName string, responses ...engineapi.EngineResponse) []engineapi.EngineResponse {
|
func lookupEngineResponses(test v1alpha1.TestResult, resourceName string, responses ...engineapi.EngineResponse) []engineapi.EngineResponse {
|
||||||
var matches []engineapi.EngineResponse
|
var matches []engineapi.EngineResponse
|
||||||
for _, response := range responses {
|
for _, response := range responses {
|
||||||
policy := response.Policy()
|
policy := response.Policy()
|
||||||
|
@ -202,7 +202,7 @@ func lookupEngineResponses(test testapi.TestResult, resourceName string, respons
|
||||||
return matches
|
return matches
|
||||||
}
|
}
|
||||||
|
|
||||||
func lookupRuleResponses(test testapi.TestResult, responses ...engineapi.RuleResponse) []engineapi.RuleResponse {
|
func lookupRuleResponses(test v1alpha1.TestResult, responses ...engineapi.RuleResponse) []engineapi.RuleResponse {
|
||||||
var matches []engineapi.RuleResponse
|
var matches []engineapi.RuleResponse
|
||||||
// Since there are no rules in case of validating admission policies, responses are returned without checking rule names.
|
// Since there are no rules in case of validating admission policies, responses are returned without checking rule names.
|
||||||
if test.IsValidatingAdmissionPolicy {
|
if test.IsValidatingAdmissionPolicy {
|
||||||
|
|
|
@ -6,7 +6,7 @@ import (
|
||||||
|
|
||||||
"github.com/go-git/go-billy/v5"
|
"github.com/go-git/go-billy/v5"
|
||||||
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
|
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
|
||||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/table"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/table"
|
||||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||||
|
@ -14,7 +14,7 @@ import (
|
||||||
|
|
||||||
func printTestResult(
|
func printTestResult(
|
||||||
out io.Writer,
|
out io.Writer,
|
||||||
tests []testapi.TestResult,
|
tests []v1alpha1.TestResult,
|
||||||
responses []engineapi.EngineResponse,
|
responses []engineapi.EngineResponse,
|
||||||
rc *resultCounts,
|
rc *resultCounts,
|
||||||
failOnly bool,
|
failOnly bool,
|
||||||
|
|
362
cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_tests.yaml
Normal file
362
cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_tests.yaml
Normal file
|
@ -0,0 +1,362 @@
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.12.0
|
||||||
|
name: tests.cli.kyverno.io
|
||||||
|
spec:
|
||||||
|
group: cli.kyverno.io
|
||||||
|
names:
|
||||||
|
kind: Test
|
||||||
|
listKind: TestList
|
||||||
|
plural: tests
|
||||||
|
singular: test
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: Test declares a test
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
name:
|
||||||
|
description: Name is the name of the test. This field is deprecated, use
|
||||||
|
`metadata.name` instead
|
||||||
|
type: string
|
||||||
|
policies:
|
||||||
|
description: Policies are the policies to be used in the test
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
resources:
|
||||||
|
description: Resources are the resource to be used in the test
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
results:
|
||||||
|
description: Results are the results to be checked in the test
|
||||||
|
items:
|
||||||
|
description: TestResultBase declares a test result
|
||||||
|
properties:
|
||||||
|
cloneSourceResource:
|
||||||
|
description: CloneSourceResource takes the resource configuration
|
||||||
|
file in yaml format from the user which is meant to be cloned
|
||||||
|
by the generate rule.
|
||||||
|
type: string
|
||||||
|
generatedResource:
|
||||||
|
description: GeneratedResource takes a resource configuration file
|
||||||
|
in yaml format from the user to compare it against the Kyverno
|
||||||
|
generated resource configuration.
|
||||||
|
type: string
|
||||||
|
isValidatingAdmissionPolicy:
|
||||||
|
description: IsValidatingAdmissionPolicy indicates if the policy
|
||||||
|
is a validating admission policy. It's required in case policy
|
||||||
|
is a validating admission policy.
|
||||||
|
type: boolean
|
||||||
|
kind:
|
||||||
|
description: Kind mentions the kind of the resource on which the
|
||||||
|
policy is to be applied.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace mentions the namespace of the policy which
|
||||||
|
has namespace scope. This is DEPRECATED, use a name in the form
|
||||||
|
`<namespace>/<name>` for policies and/or resources instead.
|
||||||
|
type: string
|
||||||
|
patchedResource:
|
||||||
|
description: PatchedResource takes a resource configuration file
|
||||||
|
in yaml format from the user to compare it against the Kyverno
|
||||||
|
mutated resource configuration.
|
||||||
|
type: string
|
||||||
|
policy:
|
||||||
|
description: Policy mentions the name of the policy.
|
||||||
|
type: string
|
||||||
|
resource:
|
||||||
|
description: Resource mentions the name of the resource on which
|
||||||
|
the policy is to be applied. This is DEPRECATED, use `Resources`
|
||||||
|
instead.
|
||||||
|
type: string
|
||||||
|
resources:
|
||||||
|
description: Resources gives us the list of resources on which the
|
||||||
|
policy is going to be applied.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
result:
|
||||||
|
description: Result mentions the result that the user is expecting.
|
||||||
|
Possible values are pass, fail and skip.
|
||||||
|
enum:
|
||||||
|
- pass
|
||||||
|
- fail
|
||||||
|
- warn
|
||||||
|
- error
|
||||||
|
- skip
|
||||||
|
type: string
|
||||||
|
rule:
|
||||||
|
description: Rule mentions the name of the rule in the policy. It's
|
||||||
|
required in case policy is a kyverno policy.
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
description: Status mentions the status that the user is expecting.
|
||||||
|
Possible values are pass, fail and skip. This is DEPRECATED, use
|
||||||
|
`Result` instead.
|
||||||
|
enum:
|
||||||
|
- pass
|
||||||
|
- fail
|
||||||
|
- warn
|
||||||
|
- error
|
||||||
|
- skip
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- kind
|
||||||
|
- policy
|
||||||
|
- resources
|
||||||
|
- result
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
userinfo:
|
||||||
|
description: UserInfo is the user info to be used in the test
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: Values are the values to be used in the test
|
||||||
|
properties:
|
||||||
|
globalValues:
|
||||||
|
description: GlobalValues are the global values
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
namespaceSelector:
|
||||||
|
description: NamespaceSelectors are the namespace labels
|
||||||
|
items:
|
||||||
|
description: NamespaceSelector declares labels for a given namespace
|
||||||
|
properties:
|
||||||
|
labels:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: Labels are the labels for the given namespace
|
||||||
|
type: object
|
||||||
|
name:
|
||||||
|
description: Name is the namespace name
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- labels
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
policies:
|
||||||
|
description: Policies are the policy values
|
||||||
|
items:
|
||||||
|
description: Policy declares values for a given policy
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: Name is the policy name
|
||||||
|
type: string
|
||||||
|
resources:
|
||||||
|
description: Resources are values for specific resources
|
||||||
|
items:
|
||||||
|
description: Resource declares values for a given resource
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: Name is the name of the resource
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: Values are the values for the given resource
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
rules:
|
||||||
|
description: Rules are values for specific policy rules
|
||||||
|
items:
|
||||||
|
description: Rule declares values for a given policy rule
|
||||||
|
properties:
|
||||||
|
foreachValues:
|
||||||
|
description: ForeachValues are the foreach values for
|
||||||
|
the given policy rule
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
name:
|
||||||
|
description: Name is the name of the ppolicy rule
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: Values are the values for the given policy
|
||||||
|
rule
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
subresources:
|
||||||
|
description: Subresources are the subresource/parent resource mappings
|
||||||
|
items:
|
||||||
|
description: Subresource declares subresource/parent resource mapping
|
||||||
|
properties:
|
||||||
|
parentResource:
|
||||||
|
description: ParentResource declares the parent resource api
|
||||||
|
properties:
|
||||||
|
categories:
|
||||||
|
description: categories is a list of the grouped resources
|
||||||
|
this resource belongs to (e.g. 'all')
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
group:
|
||||||
|
description: 'group is the preferred group of the resource. Empty
|
||||||
|
implies the group of the containing resource list. For
|
||||||
|
subresources, this may have a different value, for example:
|
||||||
|
Scale".'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: kind is the kind for the resource (e.g. 'Foo'
|
||||||
|
is the kind for a resource 'foo')
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: name is the plural name of the resource.
|
||||||
|
type: string
|
||||||
|
namespaced:
|
||||||
|
description: namespaced indicates if a resource is namespaced
|
||||||
|
or not.
|
||||||
|
type: boolean
|
||||||
|
shortNames:
|
||||||
|
description: shortNames is a list of suggested short names
|
||||||
|
of the resource.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
singularName:
|
||||||
|
description: singularName is the singular name of the resource. This
|
||||||
|
allows clients to handle plural and singular opaquely.
|
||||||
|
The singularName is more correct for reporting status
|
||||||
|
on a single item and both singular and plural are allowed
|
||||||
|
from the kubectl CLI interface.
|
||||||
|
type: string
|
||||||
|
storageVersionHash:
|
||||||
|
description: The hash value of the storage version, the
|
||||||
|
version this resource is converted to when written to
|
||||||
|
the data store. Value must be treated as opaque by clients.
|
||||||
|
Only equality comparison on the value is valid. This is
|
||||||
|
an alpha feature and may change or be removed in the future.
|
||||||
|
The field is populated by the apiserver only if the StorageVersionHash
|
||||||
|
feature gate is enabled. This field will remain optional
|
||||||
|
even if it graduates.
|
||||||
|
type: string
|
||||||
|
verbs:
|
||||||
|
description: verbs is a list of supported kube verbs (this
|
||||||
|
includes get, list, watch, create, update, patch, delete,
|
||||||
|
deletecollection, and proxy)
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
version:
|
||||||
|
description: 'version is the preferred version of the resource. Empty
|
||||||
|
implies the version of the containing resource list For
|
||||||
|
subresources, this may have a different value, for example:
|
||||||
|
v1 (while inside a v1beta1 version of the core resource''s
|
||||||
|
group)".'
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- kind
|
||||||
|
- name
|
||||||
|
- namespaced
|
||||||
|
- singularName
|
||||||
|
- verbs
|
||||||
|
type: object
|
||||||
|
subresource:
|
||||||
|
description: Subresource declares the subresource api
|
||||||
|
properties:
|
||||||
|
categories:
|
||||||
|
description: categories is a list of the grouped resources
|
||||||
|
this resource belongs to (e.g. 'all')
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
group:
|
||||||
|
description: 'group is the preferred group of the resource. Empty
|
||||||
|
implies the group of the containing resource list. For
|
||||||
|
subresources, this may have a different value, for example:
|
||||||
|
Scale".'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: kind is the kind for the resource (e.g. 'Foo'
|
||||||
|
is the kind for a resource 'foo')
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: name is the plural name of the resource.
|
||||||
|
type: string
|
||||||
|
namespaced:
|
||||||
|
description: namespaced indicates if a resource is namespaced
|
||||||
|
or not.
|
||||||
|
type: boolean
|
||||||
|
shortNames:
|
||||||
|
description: shortNames is a list of suggested short names
|
||||||
|
of the resource.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
singularName:
|
||||||
|
description: singularName is the singular name of the resource. This
|
||||||
|
allows clients to handle plural and singular opaquely.
|
||||||
|
The singularName is more correct for reporting status
|
||||||
|
on a single item and both singular and plural are allowed
|
||||||
|
from the kubectl CLI interface.
|
||||||
|
type: string
|
||||||
|
storageVersionHash:
|
||||||
|
description: The hash value of the storage version, the
|
||||||
|
version this resource is converted to when written to
|
||||||
|
the data store. Value must be treated as opaque by clients.
|
||||||
|
Only equality comparison on the value is valid. This is
|
||||||
|
an alpha feature and may change or be removed in the future.
|
||||||
|
The field is populated by the apiserver only if the StorageVersionHash
|
||||||
|
feature gate is enabled. This field will remain optional
|
||||||
|
even if it graduates.
|
||||||
|
type: string
|
||||||
|
verbs:
|
||||||
|
description: verbs is a list of supported kube verbs (this
|
||||||
|
includes get, list, watch, create, update, patch, delete,
|
||||||
|
deletecollection, and proxy)
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
version:
|
||||||
|
description: 'version is the preferred version of the resource. Empty
|
||||||
|
implies the version of the containing resource list For
|
||||||
|
subresources, this may have a different value, for example:
|
||||||
|
v1 (while inside a v1beta1 version of the core resource''s
|
||||||
|
group)".'
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- kind
|
||||||
|
- name
|
||||||
|
- namespaced
|
||||||
|
- singularName
|
||||||
|
- verbs
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- parentResource
|
||||||
|
- subresource
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
variables:
|
||||||
|
description: Variables is the values to be used in the test
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
|
@ -0,0 +1,75 @@
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.12.0
|
||||||
|
name: userinfoes.cli.kyverno.io
|
||||||
|
spec:
|
||||||
|
group: cli.kyverno.io
|
||||||
|
names:
|
||||||
|
kind: UserInfo
|
||||||
|
listKind: UserInfoList
|
||||||
|
plural: userinfoes
|
||||||
|
singular: userinfo
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: UserInfo declares user infos to be loaded by the Kyverno CLI
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
clusterRoles:
|
||||||
|
description: ClusterRoles is a list of possible clusterRoles send the
|
||||||
|
request.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
roles:
|
||||||
|
description: Roles is a list of possible role send the request.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
|
userInfo:
|
||||||
|
description: UserInfo is the userInfo carried in the admission request.
|
||||||
|
properties:
|
||||||
|
extra:
|
||||||
|
additionalProperties:
|
||||||
|
description: ExtraValue masks the value so protobuf can generate
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
description: Any additional information provided by the authenticator.
|
||||||
|
type: object
|
||||||
|
groups:
|
||||||
|
description: The names of groups this user is a part of.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
uid:
|
||||||
|
description: A unique value that identifies this user across time.
|
||||||
|
If this user is deleted and another user by the same name is added,
|
||||||
|
they will have different UIDs.
|
||||||
|
type: string
|
||||||
|
username:
|
||||||
|
description: The name that uniquely identifies this user among all
|
||||||
|
active users.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
251
cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_values.yaml
Normal file
251
cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_values.yaml
Normal file
|
@ -0,0 +1,251 @@
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.12.0
|
||||||
|
name: values.cli.kyverno.io
|
||||||
|
spec:
|
||||||
|
group: cli.kyverno.io
|
||||||
|
names:
|
||||||
|
kind: Values
|
||||||
|
listKind: ValuesList
|
||||||
|
plural: values
|
||||||
|
singular: values
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: Values declares values to be loaded by the Kyverno CLI
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
globalValues:
|
||||||
|
description: GlobalValues are the global values
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
namespaceSelector:
|
||||||
|
description: NamespaceSelectors are the namespace labels
|
||||||
|
items:
|
||||||
|
description: NamespaceSelector declares labels for a given namespace
|
||||||
|
properties:
|
||||||
|
labels:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: Labels are the labels for the given namespace
|
||||||
|
type: object
|
||||||
|
name:
|
||||||
|
description: Name is the namespace name
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- labels
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
policies:
|
||||||
|
description: Policies are the policy values
|
||||||
|
items:
|
||||||
|
description: Policy declares values for a given policy
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: Name is the policy name
|
||||||
|
type: string
|
||||||
|
resources:
|
||||||
|
description: Resources are values for specific resources
|
||||||
|
items:
|
||||||
|
description: Resource declares values for a given resource
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: Name is the name of the resource
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: Values are the values for the given resource
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
rules:
|
||||||
|
description: Rules are values for specific policy rules
|
||||||
|
items:
|
||||||
|
description: Rule declares values for a given policy rule
|
||||||
|
properties:
|
||||||
|
foreachValues:
|
||||||
|
description: ForeachValues are the foreach values for the
|
||||||
|
given policy rule
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
name:
|
||||||
|
description: Name is the name of the ppolicy rule
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: Values are the values for the given policy rule
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
subresources:
|
||||||
|
description: Subresources are the subresource/parent resource mappings
|
||||||
|
items:
|
||||||
|
description: Subresource declares subresource/parent resource mapping
|
||||||
|
properties:
|
||||||
|
parentResource:
|
||||||
|
description: ParentResource declares the parent resource api
|
||||||
|
properties:
|
||||||
|
categories:
|
||||||
|
description: categories is a list of the grouped resources this
|
||||||
|
resource belongs to (e.g. 'all')
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
group:
|
||||||
|
description: 'group is the preferred group of the resource. Empty
|
||||||
|
implies the group of the containing resource list. For subresources,
|
||||||
|
this may have a different value, for example: Scale".'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: kind is the kind for the resource (e.g. 'Foo' is
|
||||||
|
the kind for a resource 'foo')
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: name is the plural name of the resource.
|
||||||
|
type: string
|
||||||
|
namespaced:
|
||||||
|
description: namespaced indicates if a resource is namespaced
|
||||||
|
or not.
|
||||||
|
type: boolean
|
||||||
|
shortNames:
|
||||||
|
description: shortNames is a list of suggested short names of
|
||||||
|
the resource.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
singularName:
|
||||||
|
description: singularName is the singular name of the resource. This
|
||||||
|
allows clients to handle plural and singular opaquely. The
|
||||||
|
singularName is more correct for reporting status on a single
|
||||||
|
item and both singular and plural are allowed from the kubectl
|
||||||
|
CLI interface.
|
||||||
|
type: string
|
||||||
|
storageVersionHash:
|
||||||
|
description: The hash value of the storage version, the version
|
||||||
|
this resource is converted to when written to the data store.
|
||||||
|
Value must be treated as opaque by clients. Only equality
|
||||||
|
comparison on the value is valid. This is an alpha feature
|
||||||
|
and may change or be removed in the future. The field is populated
|
||||||
|
by the apiserver only if the StorageVersionHash feature gate
|
||||||
|
is enabled. This field will remain optional even if it graduates.
|
||||||
|
type: string
|
||||||
|
verbs:
|
||||||
|
description: verbs is a list of supported kube verbs (this includes
|
||||||
|
get, list, watch, create, update, patch, delete, deletecollection,
|
||||||
|
and proxy)
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
version:
|
||||||
|
description: 'version is the preferred version of the resource. Empty
|
||||||
|
implies the version of the containing resource list For subresources,
|
||||||
|
this may have a different value, for example: v1 (while inside
|
||||||
|
a v1beta1 version of the core resource''s group)".'
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- kind
|
||||||
|
- name
|
||||||
|
- namespaced
|
||||||
|
- singularName
|
||||||
|
- verbs
|
||||||
|
type: object
|
||||||
|
subresource:
|
||||||
|
description: Subresource declares the subresource api
|
||||||
|
properties:
|
||||||
|
categories:
|
||||||
|
description: categories is a list of the grouped resources this
|
||||||
|
resource belongs to (e.g. 'all')
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
group:
|
||||||
|
description: 'group is the preferred group of the resource. Empty
|
||||||
|
implies the group of the containing resource list. For subresources,
|
||||||
|
this may have a different value, for example: Scale".'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: kind is the kind for the resource (e.g. 'Foo' is
|
||||||
|
the kind for a resource 'foo')
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: name is the plural name of the resource.
|
||||||
|
type: string
|
||||||
|
namespaced:
|
||||||
|
description: namespaced indicates if a resource is namespaced
|
||||||
|
or not.
|
||||||
|
type: boolean
|
||||||
|
shortNames:
|
||||||
|
description: shortNames is a list of suggested short names of
|
||||||
|
the resource.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
singularName:
|
||||||
|
description: singularName is the singular name of the resource. This
|
||||||
|
allows clients to handle plural and singular opaquely. The
|
||||||
|
singularName is more correct for reporting status on a single
|
||||||
|
item and both singular and plural are allowed from the kubectl
|
||||||
|
CLI interface.
|
||||||
|
type: string
|
||||||
|
storageVersionHash:
|
||||||
|
description: The hash value of the storage version, the version
|
||||||
|
this resource is converted to when written to the data store.
|
||||||
|
Value must be treated as opaque by clients. Only equality
|
||||||
|
comparison on the value is valid. This is an alpha feature
|
||||||
|
and may change or be removed in the future. The field is populated
|
||||||
|
by the apiserver only if the StorageVersionHash feature gate
|
||||||
|
is enabled. This field will remain optional even if it graduates.
|
||||||
|
type: string
|
||||||
|
verbs:
|
||||||
|
description: verbs is a list of supported kube verbs (this includes
|
||||||
|
get, list, watch, create, update, patch, delete, deletecollection,
|
||||||
|
and proxy)
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
version:
|
||||||
|
description: 'version is the preferred version of the resource. Empty
|
||||||
|
implies the version of the containing resource list For subresources,
|
||||||
|
this may have a different value, for example: v1 (while inside
|
||||||
|
a v1beta1 version of the core resource''s group)".'
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- kind
|
||||||
|
- name
|
||||||
|
- namespaced
|
||||||
|
- singularName
|
||||||
|
- verbs
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- parentResource
|
||||||
|
- subresource
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
|
@ -4,16 +4,26 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
datautils "github.com/kyverno/kyverno/pkg/utils/data"
|
datautils "github.com/kyverno/kyverno/pkg/utils/data"
|
||||||
"golang.org/x/exp/slices"
|
"golang.org/x/exp/slices"
|
||||||
"k8s.io/apimachinery/pkg/util/sets"
|
"k8s.io/apimachinery/pkg/util/sets"
|
||||||
)
|
)
|
||||||
|
|
||||||
func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) {
|
func FixTest(test v1alpha1.Test, compress bool) (v1alpha1.Test, []string, error) {
|
||||||
var messages []string
|
var messages []string
|
||||||
if test.Name == "" {
|
if test.APIVersion == "" {
|
||||||
messages = append(messages, "name is not set")
|
messages = append(messages, "api version is not set, setting `cli.kyverno.io/v1alpha1`")
|
||||||
|
test.APIVersion = "cli.kyverno.io/v1alpha1"
|
||||||
|
}
|
||||||
|
if test.Kind == "" {
|
||||||
|
messages = append(messages, "kind is not set, setting `Test`")
|
||||||
|
test.Kind = "Test"
|
||||||
|
}
|
||||||
|
if test.Name != "" {
|
||||||
|
messages = append(messages, "name is deprecated, moving it into `metadata.name`")
|
||||||
|
test.ObjectMeta.Name = test.Name
|
||||||
|
test.Name = ""
|
||||||
}
|
}
|
||||||
if len(test.Policies) == 0 {
|
if len(test.Policies) == 0 {
|
||||||
messages = append(messages, "test has no policies")
|
messages = append(messages, "test has no policies")
|
||||||
|
@ -21,7 +31,7 @@ func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) {
|
||||||
if len(test.Resources) == 0 {
|
if len(test.Resources) == 0 {
|
||||||
messages = append(messages, "test has no resources")
|
messages = append(messages, "test has no resources")
|
||||||
}
|
}
|
||||||
var results []testapi.TestResult
|
var results []v1alpha1.TestResult
|
||||||
for _, result := range test.Results {
|
for _, result := range test.Results {
|
||||||
if result.Resource != "" && len(result.Resources) != 0 {
|
if result.Resource != "" && len(result.Resources) != 0 {
|
||||||
messages = append(messages, "test result should not use both `resource` and `resources` fields")
|
messages = append(messages, "test result should not use both `resource` and `resources` fields")
|
||||||
|
@ -55,7 +65,7 @@ func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) {
|
||||||
results = append(results, result)
|
results = append(results, result)
|
||||||
}
|
}
|
||||||
if compress {
|
if compress {
|
||||||
compressed := map[testapi.TestResultBase][]string{}
|
compressed := map[v1alpha1.TestResultBase][]string{}
|
||||||
for _, result := range results {
|
for _, result := range results {
|
||||||
compressed[result.TestResultBase] = append(compressed[result.TestResultBase], result.Resources...)
|
compressed[result.TestResultBase] = append(compressed[result.TestResultBase], result.Resources...)
|
||||||
}
|
}
|
||||||
|
@ -66,13 +76,13 @@ func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) {
|
||||||
messages = append(messages, "test results contains duplicate resources")
|
messages = append(messages, "test results contains duplicate resources")
|
||||||
v = unique.UnsortedList()
|
v = unique.UnsortedList()
|
||||||
}
|
}
|
||||||
results = append(results, testapi.TestResult{
|
results = append(results, v1alpha1.TestResult{
|
||||||
TestResultBase: k,
|
TestResultBase: k,
|
||||||
Resources: v,
|
Resources: v,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
slices.SortFunc(results, func(a, b testapi.TestResult) int {
|
slices.SortFunc(results, func(a, b v1alpha1.TestResult) int {
|
||||||
if x := datautils.Compare(a.Policy, b.Policy); x != 0 {
|
if x := datautils.Compare(a.Policy, b.Policy); x != 0 {
|
||||||
return x
|
return x
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@ import (
|
||||||
json_patch "github.com/evanphx/json-patch/v5"
|
json_patch "github.com/evanphx/json-patch/v5"
|
||||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common"
|
||||||
|
@ -49,7 +49,7 @@ type PolicyProcessor struct {
|
||||||
RuleToCloneSourceResource map[string]string
|
RuleToCloneSourceResource map[string]string
|
||||||
Client dclient.Interface
|
Client dclient.Interface
|
||||||
AuditWarn bool
|
AuditWarn bool
|
||||||
Subresources []valuesapi.Subresource
|
Subresources []v1alpha1.Subresource
|
||||||
Out io.Writer
|
Out io.Writer
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -79,9 +79,9 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
|
||||||
if p.Client == nil {
|
if p.Client == nil {
|
||||||
for _, s := range p.Subresources {
|
for _, s := range p.Subresources {
|
||||||
subgvk := schema.GroupVersionKind{
|
subgvk := schema.GroupVersionKind{
|
||||||
Group: s.APIResource.Group,
|
Group: s.Subresource.Group,
|
||||||
Version: s.APIResource.Version,
|
Version: s.Subresource.Version,
|
||||||
Kind: s.APIResource.Kind,
|
Kind: s.Subresource.Kind,
|
||||||
}
|
}
|
||||||
if gvk == subgvk {
|
if gvk == subgvk {
|
||||||
gvk = schema.GroupVersionKind{
|
gvk = schema.GroupVersionKind{
|
||||||
|
@ -89,7 +89,7 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
|
||||||
Version: s.ParentResource.Version,
|
Version: s.ParentResource.Version,
|
||||||
Kind: s.ParentResource.Kind,
|
Kind: s.ParentResource.Kind,
|
||||||
}
|
}
|
||||||
parts := strings.Split(s.APIResource.Name, "/")
|
parts := strings.Split(s.Subresource.Name, "/")
|
||||||
subresource = parts[1]
|
subresource = parts[1]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,19 +4,19 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"github.com/kyverno/kyverno/pkg/utils/wildcard"
|
"github.com/kyverno/kyverno/pkg/utils/wildcard"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Filter interface {
|
type Filter interface {
|
||||||
Apply(testapi.TestResult) bool
|
Apply(v1alpha1.TestResult) bool
|
||||||
}
|
}
|
||||||
|
|
||||||
type policy struct {
|
type policy struct {
|
||||||
value string
|
value string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (f policy) Apply(result testapi.TestResult) bool {
|
func (f policy) Apply(result v1alpha1.TestResult) bool {
|
||||||
if result.Policy == "" {
|
if result.Policy == "" {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
@ -30,7 +30,7 @@ type rule struct {
|
||||||
value string
|
value string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (f rule) Apply(result testapi.TestResult) bool {
|
func (f rule) Apply(result v1alpha1.TestResult) bool {
|
||||||
if result.Rule == "" {
|
if result.Rule == "" {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
@ -44,7 +44,7 @@ type resource struct {
|
||||||
value string
|
value string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (f resource) Apply(result testapi.TestResult) bool {
|
func (f resource) Apply(result v1alpha1.TestResult) bool {
|
||||||
if result.Resource == "" {
|
if result.Resource == "" {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
@ -58,7 +58,7 @@ type composite struct {
|
||||||
filters []Filter
|
filters []Filter
|
||||||
}
|
}
|
||||||
|
|
||||||
func (f composite) Apply(result testapi.TestResult) bool {
|
func (f composite) Apply(result v1alpha1.TestResult) bool {
|
||||||
for _, f := range f.filters {
|
for _, f := range f.filters {
|
||||||
if !f.Apply(result) {
|
if !f.Apply(result) {
|
||||||
return false
|
return false
|
||||||
|
|
|
@ -5,58 +5,58 @@ import (
|
||||||
"reflect"
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
)
|
)
|
||||||
|
|
||||||
func Test_policy_Apply(t *testing.T) {
|
func Test_policy_Apply(t *testing.T) {
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
value string
|
value string
|
||||||
result testapi.TestResult
|
result v1alpha1.TestResult
|
||||||
want bool
|
want bool
|
||||||
}{{
|
}{{
|
||||||
name: "empty result",
|
name: "empty result",
|
||||||
value: "test",
|
value: "test",
|
||||||
result: testapi.TestResult{},
|
result: v1alpha1.TestResult{},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "empty value",
|
name: "empty value",
|
||||||
value: "",
|
value: "",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Policy: "test"},
|
TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
|
||||||
},
|
},
|
||||||
want: false,
|
want: false,
|
||||||
}, {
|
}, {
|
||||||
name: "empty value and result",
|
name: "empty value and result",
|
||||||
value: "",
|
value: "",
|
||||||
result: testapi.TestResult{},
|
result: v1alpha1.TestResult{},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "match",
|
name: "match",
|
||||||
value: "test",
|
value: "test",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Policy: "test"},
|
TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
|
||||||
},
|
},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "no match",
|
name: "no match",
|
||||||
value: "test",
|
value: "test",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Policy: "not-test"},
|
TestResultBase: v1alpha1.TestResultBase{Policy: "not-test"},
|
||||||
},
|
},
|
||||||
want: false,
|
want: false,
|
||||||
}, {
|
}, {
|
||||||
name: "wildcard match",
|
name: "wildcard match",
|
||||||
value: "disallow-*",
|
value: "disallow-*",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Policy: "disallow-latest-tag"},
|
TestResultBase: v1alpha1.TestResultBase{Policy: "disallow-latest-tag"},
|
||||||
},
|
},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "wildcard does not match",
|
name: "wildcard does not match",
|
||||||
value: "allow-*",
|
value: "allow-*",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Policy: "disallow-latest-tag"},
|
TestResultBase: v1alpha1.TestResultBase{Policy: "disallow-latest-tag"},
|
||||||
},
|
},
|
||||||
want: false,
|
want: false,
|
||||||
}}
|
}}
|
||||||
|
@ -76,51 +76,51 @@ func Test_rule_Apply(t *testing.T) {
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
value string
|
value string
|
||||||
result testapi.TestResult
|
result v1alpha1.TestResult
|
||||||
want bool
|
want bool
|
||||||
}{{
|
}{{
|
||||||
name: "empty result",
|
name: "empty result",
|
||||||
value: "test",
|
value: "test",
|
||||||
result: testapi.TestResult{},
|
result: v1alpha1.TestResult{},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "empty value",
|
name: "empty value",
|
||||||
value: "",
|
value: "",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Rule: "test"},
|
TestResultBase: v1alpha1.TestResultBase{Rule: "test"},
|
||||||
},
|
},
|
||||||
want: false,
|
want: false,
|
||||||
}, {
|
}, {
|
||||||
name: "empty value and result",
|
name: "empty value and result",
|
||||||
value: "",
|
value: "",
|
||||||
result: testapi.TestResult{},
|
result: v1alpha1.TestResult{},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "match",
|
name: "match",
|
||||||
value: "test",
|
value: "test",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Rule: "test"},
|
TestResultBase: v1alpha1.TestResultBase{Rule: "test"},
|
||||||
},
|
},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "no match",
|
name: "no match",
|
||||||
value: "test",
|
value: "test",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Rule: "not-test"},
|
TestResultBase: v1alpha1.TestResultBase{Rule: "not-test"},
|
||||||
},
|
},
|
||||||
want: false,
|
want: false,
|
||||||
}, {
|
}, {
|
||||||
name: "wildcard match",
|
name: "wildcard match",
|
||||||
value: "*-image-tag",
|
value: "*-image-tag",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Rule: "validate-image-tag"},
|
TestResultBase: v1alpha1.TestResultBase{Rule: "validate-image-tag"},
|
||||||
},
|
},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "wildcard does not match",
|
name: "wildcard does not match",
|
||||||
value: "require-*",
|
value: "require-*",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Rule: "validate-image-tag"},
|
TestResultBase: v1alpha1.TestResultBase{Rule: "validate-image-tag"},
|
||||||
},
|
},
|
||||||
want: false,
|
want: false,
|
||||||
}}
|
}}
|
||||||
|
@ -140,51 +140,51 @@ func Test_resource_Apply(t *testing.T) {
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
value string
|
value string
|
||||||
result testapi.TestResult
|
result v1alpha1.TestResult
|
||||||
want bool
|
want bool
|
||||||
}{{
|
}{{
|
||||||
name: "empty result",
|
name: "empty result",
|
||||||
value: "test",
|
value: "test",
|
||||||
result: testapi.TestResult{},
|
result: v1alpha1.TestResult{},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "empty value",
|
name: "empty value",
|
||||||
value: "",
|
value: "",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "test"},
|
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "test"},
|
||||||
},
|
},
|
||||||
want: false,
|
want: false,
|
||||||
}, {
|
}, {
|
||||||
name: "empty value and result",
|
name: "empty value and result",
|
||||||
value: "",
|
value: "",
|
||||||
result: testapi.TestResult{},
|
result: v1alpha1.TestResult{},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "match",
|
name: "match",
|
||||||
value: "test",
|
value: "test",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "test"},
|
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "test"},
|
||||||
},
|
},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "no match",
|
name: "no match",
|
||||||
value: "test",
|
value: "test",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "not-test"},
|
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "not-test"},
|
||||||
},
|
},
|
||||||
want: false,
|
want: false,
|
||||||
}, {
|
}, {
|
||||||
name: "wildcard match",
|
name: "wildcard match",
|
||||||
value: "good*01",
|
value: "good*01",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "good-deployment-01"},
|
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "good-deployment-01"},
|
||||||
},
|
},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "wildcard does not match",
|
name: "wildcard does not match",
|
||||||
value: "good*01",
|
value: "good*01",
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "bad-deployment-01"},
|
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "bad-deployment-01"},
|
||||||
},
|
},
|
||||||
want: false,
|
want: false,
|
||||||
}}
|
}}
|
||||||
|
@ -204,46 +204,46 @@ func Test_composite_Apply(t *testing.T) {
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
filters []Filter
|
filters []Filter
|
||||||
result testapi.TestResult
|
result v1alpha1.TestResult
|
||||||
want bool
|
want bool
|
||||||
}{{
|
}{{
|
||||||
name: "nil",
|
name: "nil",
|
||||||
filters: nil,
|
filters: nil,
|
||||||
result: testapi.TestResult{},
|
result: v1alpha1.TestResult{},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "empty",
|
name: "empty",
|
||||||
filters: []Filter{},
|
filters: []Filter{},
|
||||||
result: testapi.TestResult{},
|
result: v1alpha1.TestResult{},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "policy match",
|
name: "policy match",
|
||||||
filters: []Filter{policy{"test"}},
|
filters: []Filter{policy{"test"}},
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Policy: "test"},
|
TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
|
||||||
},
|
},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "policy no match",
|
name: "policy no match",
|
||||||
filters: []Filter{policy{"test"}},
|
filters: []Filter{policy{"test"}},
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Policy: "not-test"},
|
TestResultBase: v1alpha1.TestResultBase{Policy: "not-test"},
|
||||||
},
|
},
|
||||||
want: false,
|
want: false,
|
||||||
}, {
|
}, {
|
||||||
name: "policy and resource match",
|
name: "policy and resource match",
|
||||||
filters: []Filter{policy{"test"}, resource{"resource"}},
|
filters: []Filter{policy{"test"}, resource{"resource"}},
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Policy: "test"},
|
TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
|
||||||
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "resource"},
|
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "resource"},
|
||||||
},
|
},
|
||||||
want: true,
|
want: true,
|
||||||
}, {
|
}, {
|
||||||
name: "policy match and resource no match",
|
name: "policy match and resource no match",
|
||||||
filters: []Filter{policy{"test"}, resource{"resource"}},
|
filters: []Filter{policy{"test"}, resource{"resource"}},
|
||||||
result: testapi.TestResult{
|
result: v1alpha1.TestResult{
|
||||||
TestResultBase: testapi.TestResultBase{Policy: "test"},
|
TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
|
||||||
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "not-resource"},
|
TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "not-resource"},
|
||||||
},
|
},
|
||||||
want: false,
|
want: false,
|
||||||
},
|
},
|
||||||
|
|
|
@ -6,7 +6,7 @@ import (
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
"github.com/go-git/go-billy/v5"
|
"github.com/go-git/go-billy/v5"
|
||||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"k8s.io/apimachinery/pkg/util/yaml"
|
"k8s.io/apimachinery/pkg/util/yaml"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -65,7 +65,7 @@ func LoadTest(fs billy.Filesystem, path string) TestCase {
|
||||||
}
|
}
|
||||||
yamlBytes = data
|
yamlBytes = data
|
||||||
}
|
}
|
||||||
var test testapi.Test
|
var test v1alpha1.Test
|
||||||
if err := yaml.UnmarshalStrict(yamlBytes, &test); err != nil {
|
if err := yaml.UnmarshalStrict(yamlBytes, &test); err != nil {
|
||||||
return TestCase{
|
return TestCase{
|
||||||
Path: path,
|
Path: path,
|
||||||
|
|
|
@ -9,7 +9,7 @@ import (
|
||||||
"github.com/go-git/go-billy/v5"
|
"github.com/go-git/go-billy/v5"
|
||||||
"github.com/go-git/go-billy/v5/memfs"
|
"github.com/go-git/go-billy/v5/memfs"
|
||||||
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
|
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
|
||||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestLoadTests(t *testing.T) {
|
func TestLoadTests(t *testing.T) {
|
||||||
|
@ -46,12 +46,12 @@ func TestLoadTests(t *testing.T) {
|
||||||
fileName: "kyverno-test.yaml",
|
fileName: "kyverno-test.yaml",
|
||||||
want: []TestCase{{
|
want: []TestCase{{
|
||||||
Path: "../_testdata/tests/test-1/kyverno-test.yaml",
|
Path: "../_testdata/tests/test-1/kyverno-test.yaml",
|
||||||
Test: &testapi.Test{
|
Test: &v1alpha1.Test{
|
||||||
Name: "test-registry",
|
Name: "test-registry",
|
||||||
Policies: []string{"image-example.yaml"},
|
Policies: []string{"image-example.yaml"},
|
||||||
Resources: []string{"resources.yaml"},
|
Resources: []string{"resources.yaml"},
|
||||||
Results: []testapi.TestResult{{
|
Results: []v1alpha1.TestResult{{
|
||||||
TestResultBase: testapi.TestResultBase{
|
TestResultBase: v1alpha1.TestResultBase{
|
||||||
Kind: "Pod",
|
Kind: "Pod",
|
||||||
Policy: "images",
|
Policy: "images",
|
||||||
Result: policyreportv1alpha2.StatusPass,
|
Result: policyreportv1alpha2.StatusPass,
|
||||||
|
@ -59,7 +59,7 @@ func TestLoadTests(t *testing.T) {
|
||||||
},
|
},
|
||||||
Resources: []string{"test-pod-with-non-root-user-image"},
|
Resources: []string{"test-pod-with-non-root-user-image"},
|
||||||
}, {
|
}, {
|
||||||
TestResultBase: testapi.TestResultBase{
|
TestResultBase: v1alpha1.TestResultBase{
|
||||||
Kind: "Pod",
|
Kind: "Pod",
|
||||||
Policy: "images",
|
Policy: "images",
|
||||||
Result: policyreportv1alpha2.StatusPass,
|
Result: policyreportv1alpha2.StatusPass,
|
||||||
|
@ -76,12 +76,12 @@ func TestLoadTests(t *testing.T) {
|
||||||
fileName: "kyverno-test.yaml",
|
fileName: "kyverno-test.yaml",
|
||||||
want: []TestCase{{
|
want: []TestCase{{
|
||||||
Path: "../_testdata/tests/test-2/kyverno-test.yaml",
|
Path: "../_testdata/tests/test-2/kyverno-test.yaml",
|
||||||
Test: &testapi.Test{
|
Test: &v1alpha1.Test{
|
||||||
Name: "add-quota",
|
Name: "add-quota",
|
||||||
Policies: []string{"policy.yaml"},
|
Policies: []string{"policy.yaml"},
|
||||||
Resources: []string{"resource.yaml"},
|
Resources: []string{"resource.yaml"},
|
||||||
Results: []testapi.TestResult{{
|
Results: []v1alpha1.TestResult{{
|
||||||
TestResultBase: testapi.TestResultBase{
|
TestResultBase: v1alpha1.TestResultBase{
|
||||||
Kind: "Namespace",
|
Kind: "Namespace",
|
||||||
Policy: "add-ns-quota",
|
Policy: "add-ns-quota",
|
||||||
Result: policyreportv1alpha2.StatusPass,
|
Result: policyreportv1alpha2.StatusPass,
|
||||||
|
@ -90,7 +90,7 @@ func TestLoadTests(t *testing.T) {
|
||||||
},
|
},
|
||||||
Resources: []string{"hello-world-namespace"},
|
Resources: []string{"hello-world-namespace"},
|
||||||
}, {
|
}, {
|
||||||
TestResultBase: testapi.TestResultBase{
|
TestResultBase: v1alpha1.TestResultBase{
|
||||||
Kind: "Namespace",
|
Kind: "Namespace",
|
||||||
Policy: "add-ns-quota",
|
Policy: "add-ns-quota",
|
||||||
Result: policyreportv1alpha2.StatusPass,
|
Result: policyreportv1alpha2.StatusPass,
|
||||||
|
@ -108,12 +108,12 @@ func TestLoadTests(t *testing.T) {
|
||||||
fileName: "kyverno-test.yaml",
|
fileName: "kyverno-test.yaml",
|
||||||
want: []TestCase{{
|
want: []TestCase{{
|
||||||
Path: "../_testdata/tests/test-1/kyverno-test.yaml",
|
Path: "../_testdata/tests/test-1/kyverno-test.yaml",
|
||||||
Test: &testapi.Test{
|
Test: &v1alpha1.Test{
|
||||||
Name: "test-registry",
|
Name: "test-registry",
|
||||||
Policies: []string{"image-example.yaml"},
|
Policies: []string{"image-example.yaml"},
|
||||||
Resources: []string{"resources.yaml"},
|
Resources: []string{"resources.yaml"},
|
||||||
Results: []testapi.TestResult{{
|
Results: []v1alpha1.TestResult{{
|
||||||
TestResultBase: testapi.TestResultBase{
|
TestResultBase: v1alpha1.TestResultBase{
|
||||||
Kind: "Pod",
|
Kind: "Pod",
|
||||||
Policy: "images",
|
Policy: "images",
|
||||||
Result: policyreportv1alpha2.StatusPass,
|
Result: policyreportv1alpha2.StatusPass,
|
||||||
|
@ -121,7 +121,7 @@ func TestLoadTests(t *testing.T) {
|
||||||
},
|
},
|
||||||
Resources: []string{"test-pod-with-non-root-user-image"},
|
Resources: []string{"test-pod-with-non-root-user-image"},
|
||||||
}, {
|
}, {
|
||||||
TestResultBase: testapi.TestResultBase{
|
TestResultBase: v1alpha1.TestResultBase{
|
||||||
Kind: "Pod",
|
Kind: "Pod",
|
||||||
Policy: "images",
|
Policy: "images",
|
||||||
Result: policyreportv1alpha2.StatusPass,
|
Result: policyreportv1alpha2.StatusPass,
|
||||||
|
@ -132,12 +132,12 @@ func TestLoadTests(t *testing.T) {
|
||||||
},
|
},
|
||||||
}, {
|
}, {
|
||||||
Path: "../_testdata/tests/test-2/kyverno-test.yaml",
|
Path: "../_testdata/tests/test-2/kyverno-test.yaml",
|
||||||
Test: &testapi.Test{
|
Test: &v1alpha1.Test{
|
||||||
Name: "add-quota",
|
Name: "add-quota",
|
||||||
Policies: []string{"policy.yaml"},
|
Policies: []string{"policy.yaml"},
|
||||||
Resources: []string{"resource.yaml"},
|
Resources: []string{"resource.yaml"},
|
||||||
Results: []testapi.TestResult{{
|
Results: []v1alpha1.TestResult{{
|
||||||
TestResultBase: testapi.TestResultBase{
|
TestResultBase: v1alpha1.TestResultBase{
|
||||||
Kind: "Namespace",
|
Kind: "Namespace",
|
||||||
Policy: "add-ns-quota",
|
Policy: "add-ns-quota",
|
||||||
Result: policyreportv1alpha2.StatusPass,
|
Result: policyreportv1alpha2.StatusPass,
|
||||||
|
@ -146,7 +146,7 @@ func TestLoadTests(t *testing.T) {
|
||||||
},
|
},
|
||||||
Resources: []string{"hello-world-namespace"},
|
Resources: []string{"hello-world-namespace"},
|
||||||
}, {
|
}, {
|
||||||
TestResultBase: testapi.TestResultBase{
|
TestResultBase: v1alpha1.TestResultBase{
|
||||||
Kind: "Namespace",
|
Kind: "Namespace",
|
||||||
Policy: "add-ns-quota",
|
Policy: "add-ns-quota",
|
||||||
Result: policyreportv1alpha2.StatusPass,
|
Result: policyreportv1alpha2.StatusPass,
|
||||||
|
@ -197,12 +197,12 @@ func TestLoadTest(t *testing.T) {
|
||||||
path: "../_testdata/tests/test-1/kyverno-test.yaml",
|
path: "../_testdata/tests/test-1/kyverno-test.yaml",
|
||||||
want: TestCase{
|
want: TestCase{
|
||||||
Path: "../_testdata/tests/test-1/kyverno-test.yaml",
|
Path: "../_testdata/tests/test-1/kyverno-test.yaml",
|
||||||
Test: &testapi.Test{
|
Test: &v1alpha1.Test{
|
||||||
Name: "test-registry",
|
Name: "test-registry",
|
||||||
Policies: []string{"image-example.yaml"},
|
Policies: []string{"image-example.yaml"},
|
||||||
Resources: []string{"resources.yaml"},
|
Resources: []string{"resources.yaml"},
|
||||||
Results: []testapi.TestResult{{
|
Results: []v1alpha1.TestResult{{
|
||||||
TestResultBase: testapi.TestResultBase{
|
TestResultBase: v1alpha1.TestResultBase{
|
||||||
Kind: "Pod",
|
Kind: "Pod",
|
||||||
Policy: "images",
|
Policy: "images",
|
||||||
Result: policyreportv1alpha2.StatusPass,
|
Result: policyreportv1alpha2.StatusPass,
|
||||||
|
@ -210,7 +210,7 @@ func TestLoadTest(t *testing.T) {
|
||||||
},
|
},
|
||||||
Resources: []string{"test-pod-with-non-root-user-image"},
|
Resources: []string{"test-pod-with-non-root-user-image"},
|
||||||
}, {
|
}, {
|
||||||
TestResultBase: testapi.TestResultBase{
|
TestResultBase: v1alpha1.TestResultBase{
|
||||||
Kind: "Pod",
|
Kind: "Pod",
|
||||||
Policy: "images",
|
Policy: "images",
|
||||||
Result: policyreportv1alpha2.StatusPass,
|
Result: policyreportv1alpha2.StatusPass,
|
||||||
|
@ -225,12 +225,12 @@ func TestLoadTest(t *testing.T) {
|
||||||
path: "kyverno-test.yaml",
|
path: "kyverno-test.yaml",
|
||||||
want: TestCase{
|
want: TestCase{
|
||||||
Path: "kyverno-test.yaml",
|
Path: "kyverno-test.yaml",
|
||||||
Test: &testapi.Test{
|
Test: &v1alpha1.Test{
|
||||||
Name: "test-registry",
|
Name: "test-registry",
|
||||||
Policies: []string{"image-example.yaml"},
|
Policies: []string{"image-example.yaml"},
|
||||||
Resources: []string{"resources.yaml"},
|
Resources: []string{"resources.yaml"},
|
||||||
Results: []testapi.TestResult{{
|
Results: []v1alpha1.TestResult{{
|
||||||
TestResultBase: testapi.TestResultBase{
|
TestResultBase: v1alpha1.TestResultBase{
|
||||||
Kind: "Pod",
|
Kind: "Pod",
|
||||||
Policy: "images",
|
Policy: "images",
|
||||||
Result: policyreportv1alpha2.StatusPass,
|
Result: policyreportv1alpha2.StatusPass,
|
||||||
|
@ -238,7 +238,7 @@ func TestLoadTest(t *testing.T) {
|
||||||
},
|
},
|
||||||
Resources: []string{"test-pod-with-non-root-user-image"},
|
Resources: []string{"test-pod-with-non-root-user-image"},
|
||||||
}, {
|
}, {
|
||||||
TestResultBase: testapi.TestResultBase{
|
TestResultBase: v1alpha1.TestResultBase{
|
||||||
Kind: "Pod",
|
Kind: "Pod",
|
||||||
Policy: "images",
|
Policy: "images",
|
||||||
Result: policyreportv1alpha2.StatusPass,
|
Result: policyreportv1alpha2.StatusPass,
|
||||||
|
|
|
@ -4,13 +4,13 @@ import (
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
"github.com/go-git/go-billy/v5"
|
"github.com/go-git/go-billy/v5"
|
||||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
)
|
)
|
||||||
|
|
||||||
type TestCase struct {
|
type TestCase struct {
|
||||||
Path string
|
Path string
|
||||||
Fs billy.Filesystem
|
Fs billy.Filesystem
|
||||||
Test *testapi.Test
|
Test *v1alpha1.Test
|
||||||
Err error
|
Err error
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/go-git/go-billy/v5"
|
"github.com/go-git/go-billy/v5"
|
||||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestTestCase_Dir(t *testing.T) {
|
func TestTestCase_Dir(t *testing.T) {
|
||||||
|
@ -14,7 +14,7 @@ func TestTestCase_Dir(t *testing.T) {
|
||||||
name string
|
name string
|
||||||
Path string
|
Path string
|
||||||
Fs billy.Filesystem
|
Fs billy.Filesystem
|
||||||
Test *testapi.Test
|
Test *v1alpha1.Test
|
||||||
Err error
|
Err error
|
||||||
want string
|
want string
|
||||||
}{{
|
}{{
|
||||||
|
|
|
@ -10,13 +10,13 @@ import (
|
||||||
|
|
||||||
"github.com/go-git/go-billy/v5"
|
"github.com/go-git/go-billy/v5"
|
||||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/source"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/source"
|
||||||
"github.com/kyverno/kyverno/pkg/autogen"
|
"github.com/kyverno/kyverno/pkg/autogen"
|
||||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
"k8s.io/api/admissionregistration/v1alpha1"
|
admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||||
|
@ -30,7 +30,7 @@ func GetResourceAccordingToResourcePath(
|
||||||
resourcePaths []string,
|
resourcePaths []string,
|
||||||
cluster bool,
|
cluster bool,
|
||||||
policies []kyvernov1.PolicyInterface,
|
policies []kyvernov1.PolicyInterface,
|
||||||
validatingAdmissionPolicies []v1alpha1.ValidatingAdmissionPolicy,
|
validatingAdmissionPolicies []admissionregistrationv1alpha1.ValidatingAdmissionPolicy,
|
||||||
dClient dclient.Interface,
|
dClient dclient.Interface,
|
||||||
namespace string,
|
namespace string,
|
||||||
policyReport bool,
|
policyReport bool,
|
||||||
|
@ -87,7 +87,7 @@ func GetResourceAccordingToResourcePath(
|
||||||
return resources, err
|
return resources, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subresources []valuesapi.Subresource, dClient dclient.Interface) sets.Set[string] {
|
func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subresources []v1alpha1.Subresource, dClient dclient.Interface) sets.Set[string] {
|
||||||
knownkinds := sets.New[string]()
|
knownkinds := sets.New[string]()
|
||||||
for _, rule := range autogen.ComputeRules(policy) {
|
for _, rule := range autogen.ComputeRules(policy) {
|
||||||
for _, kind := range rule.MatchResources.ResourceDescription.Kinds {
|
for _, kind := range rule.MatchResources.ResourceDescription.Kinds {
|
||||||
|
@ -110,7 +110,7 @@ func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subreso
|
||||||
return knownkinds
|
return knownkinds
|
||||||
}
|
}
|
||||||
|
|
||||||
func getKind(kind string, subresources []valuesapi.Subresource, dClient dclient.Interface) (string, error) {
|
func getKind(kind string, subresources []v1alpha1.Subresource, dClient dclient.Interface) (string, error) {
|
||||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||||
if subresource == "" {
|
if subresource == "" {
|
||||||
return kind, nil
|
return kind, nil
|
||||||
|
@ -132,7 +132,7 @@ func getKind(kind string, subresources []valuesapi.Subresource, dClient dclient.
|
||||||
return kind, nil
|
return kind, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []valuesapi.Subresource) (string, error) {
|
func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []v1alpha1.Subresource) (string, error) {
|
||||||
for _, subresource := range subresources {
|
for _, subresource := range subresources {
|
||||||
parentResourceGroupVersion := metav1.GroupVersion{
|
parentResourceGroupVersion := metav1.GroupVersion{
|
||||||
Group: subresource.ParentResource.Group,
|
Group: subresource.ParentResource.Group,
|
||||||
|
@ -140,8 +140,8 @@ func getSubresourceKind(groupVersion, parentKind, subresourceName string, subres
|
||||||
}.String()
|
}.String()
|
||||||
if groupVersion == "" || kubeutils.GroupVersionMatches(groupVersion, parentResourceGroupVersion) {
|
if groupVersion == "" || kubeutils.GroupVersionMatches(groupVersion, parentResourceGroupVersion) {
|
||||||
if parentKind == subresource.ParentResource.Kind {
|
if parentKind == subresource.ParentResource.Kind {
|
||||||
if strings.ToLower(subresourceName) == strings.Split(subresource.APIResource.Name, "/")[1] {
|
if strings.ToLower(subresourceName) == strings.Split(subresource.Subresource.Name, "/")[1] {
|
||||||
return subresource.APIResource.Kind, nil
|
return subresource.Subresource.Kind, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,8 +3,7 @@ package common
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
|
|
||||||
"gotest.tools/assert"
|
"gotest.tools/assert"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
)
|
)
|
||||||
|
@ -97,9 +96,9 @@ func Test_getSubresourceKind(t *testing.T) {
|
||||||
podAPIResource := metav1.APIResource{Name: "pods", SingularName: "", Namespaced: true, Kind: "Pod"}
|
podAPIResource := metav1.APIResource{Name: "pods", SingularName: "", Namespaced: true, Kind: "Pod"}
|
||||||
podEvictionAPIResource := metav1.APIResource{Name: "pods/eviction", SingularName: "", Namespaced: true, Group: "policy", Version: "v1", Kind: "Eviction"}
|
podEvictionAPIResource := metav1.APIResource{Name: "pods/eviction", SingularName: "", Namespaced: true, Group: "policy", Version: "v1", Kind: "Eviction"}
|
||||||
|
|
||||||
subresources := []valuesapi.Subresource{
|
subresources := []v1alpha1.Subresource{
|
||||||
{
|
{
|
||||||
APIResource: podEvictionAPIResource,
|
Subresource: podEvictionAPIResource,
|
||||||
ParentResource: podAPIResource,
|
ParentResource: podAPIResource,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,14 +9,14 @@ import (
|
||||||
|
|
||||||
"github.com/go-git/go-billy/v5"
|
"github.com/go-git/go-billy/v5"
|
||||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
|
||||||
"github.com/kyverno/kyverno/pkg/autogen"
|
"github.com/kyverno/kyverno/pkg/autogen"
|
||||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
"github.com/kyverno/kyverno/pkg/validatingadmissionpolicy"
|
"github.com/kyverno/kyverno/pkg/validatingadmissionpolicy"
|
||||||
"k8s.io/api/admissionregistration/v1alpha1"
|
admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||||
|
@ -29,7 +29,7 @@ import (
|
||||||
func GetResources(
|
func GetResources(
|
||||||
out io.Writer,
|
out io.Writer,
|
||||||
policies []kyvernov1.PolicyInterface,
|
policies []kyvernov1.PolicyInterface,
|
||||||
validatingAdmissionPolicies []v1alpha1.ValidatingAdmissionPolicy,
|
validatingAdmissionPolicies []admissionregistrationv1alpha1.ValidatingAdmissionPolicy,
|
||||||
resourcePaths []string,
|
resourcePaths []string,
|
||||||
dClient dclient.Interface,
|
dClient dclient.Interface,
|
||||||
cluster bool,
|
cluster bool,
|
||||||
|
@ -70,7 +70,7 @@ func GetResources(
|
||||||
return resources, err
|
return resources, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func whenClusterIsTrue(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, dClient dclient.Interface, namespace string, resourcePaths []string, policyReport bool) ([]*unstructured.Unstructured, error) {
|
func whenClusterIsTrue(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource, dClient dclient.Interface, namespace string, resourcePaths []string, policyReport bool) ([]*unstructured.Unstructured, error) {
|
||||||
resources := make([]*unstructured.Unstructured, 0)
|
resources := make([]*unstructured.Unstructured, 0)
|
||||||
resourceMap, err := getResourcesOfTypeFromCluster(out, resourceTypes, subresourceMap, dClient, namespace)
|
resourceMap, err := getResourcesOfTypeFromCluster(out, resourceTypes, subresourceMap, dClient, namespace)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -166,7 +166,7 @@ func GetResourcesWithTest(out io.Writer, fs billy.Filesystem, policies []kyverno
|
||||||
return resources, nil
|
return resources, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func getResourcesOfTypeFromCluster(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) {
|
func getResourcesOfTypeFromCluster(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) {
|
||||||
r := make(map[string]*unstructured.Unstructured)
|
r := make(map[string]*unstructured.Unstructured)
|
||||||
for _, kind := range resourceTypes {
|
for _, kind := range resourceTypes {
|
||||||
resourceList, err := dClient.ListResource(context.TODO(), kind.GroupVersion().String(), kind.Kind, namespace, nil)
|
resourceList, err := dClient.ListResource(context.TODO(), kind.GroupVersion().String(), kind.Kind, namespace, nil)
|
||||||
|
@ -195,17 +195,17 @@ func getResourcesOfTypeFromCluster(out io.Writer, resourceTypes []schema.GroupVe
|
||||||
parentResourceNames = append(parentResourceNames, resource.GetName())
|
parentResourceNames = append(parentResourceNames, resource.GetName())
|
||||||
}
|
}
|
||||||
for _, parentResourceName := range parentResourceNames {
|
for _, parentResourceName := range parentResourceNames {
|
||||||
subresourceName := strings.Split(subresource.APIResource.Name, "/")[1]
|
subresourceName := strings.Split(subresource.Subresource.Name, "/")[1]
|
||||||
resource, err := dClient.GetResource(context.TODO(), parentGV.String(), subresource.ParentResource.Kind, namespace, parentResourceName, subresourceName)
|
resource, err := dClient.GetResource(context.TODO(), parentGV.String(), subresource.ParentResource.Kind, namespace, parentResourceName, subresourceName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Fprintf(out, "Error: %s", err.Error())
|
fmt.Fprintf(out, "Error: %s", err.Error())
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
key := subresource.APIResource.Kind + "-" + resource.GetNamespace() + "-" + resource.GetName()
|
key := subresource.Subresource.Kind + "-" + resource.GetNamespace() + "-" + resource.GetName()
|
||||||
resource.SetGroupVersionKind(schema.GroupVersionKind{
|
resource.SetGroupVersionKind(schema.GroupVersionKind{
|
||||||
Group: subresource.APIResource.Group,
|
Group: subresource.Subresource.Group,
|
||||||
Version: subresource.APIResource.Version,
|
Version: subresource.Subresource.Version,
|
||||||
Kind: subresource.APIResource.Kind,
|
Kind: subresource.Subresource.Kind,
|
||||||
})
|
})
|
||||||
r[key] = resource.DeepCopy()
|
r[key] = resource.DeepCopy()
|
||||||
}
|
}
|
||||||
|
@ -227,9 +227,9 @@ func GetPatchedAndGeneratedResource(resourceBytes []byte) (unstructured.Unstruct
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetKindsFromRule will return the kinds from policy match block
|
// GetKindsFromRule will return the kinds from policy match block
|
||||||
func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]valuesapi.Subresource) {
|
func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]v1alpha1.Subresource) {
|
||||||
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
|
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
|
||||||
subresourceMap := make(map[schema.GroupVersionKind]valuesapi.Subresource)
|
subresourceMap := make(map[schema.GroupVersionKind]v1alpha1.Subresource)
|
||||||
for _, kind := range rule.MatchResources.Kinds {
|
for _, kind := range rule.MatchResources.Kinds {
|
||||||
addGVKToResourceTypesMap(kind, resourceTypesMap, subresourceMap, client)
|
addGVKToResourceTypesMap(kind, resourceTypesMap, subresourceMap, client)
|
||||||
}
|
}
|
||||||
|
@ -250,9 +250,9 @@ func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema
|
||||||
return resourceTypesMap, subresourceMap
|
return resourceTypesMap, subresourceMap
|
||||||
}
|
}
|
||||||
|
|
||||||
func getKindsFromValidatingAdmissionPolicy(policy v1alpha1.ValidatingAdmissionPolicy, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]valuesapi.Subresource) {
|
func getKindsFromValidatingAdmissionPolicy(policy admissionregistrationv1alpha1.ValidatingAdmissionPolicy, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]v1alpha1.Subresource) {
|
||||||
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
|
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
|
||||||
subresourceMap := make(map[schema.GroupVersionKind]valuesapi.Subresource)
|
subresourceMap := make(map[schema.GroupVersionKind]v1alpha1.Subresource)
|
||||||
|
|
||||||
kinds := validatingadmissionpolicy.GetKinds(policy)
|
kinds := validatingadmissionpolicy.GetKinds(policy)
|
||||||
for _, kind := range kinds {
|
for _, kind := range kinds {
|
||||||
|
@ -262,7 +262,7 @@ func getKindsFromValidatingAdmissionPolicy(policy v1alpha1.ValidatingAdmissionPo
|
||||||
return resourceTypesMap, subresourceMap
|
return resourceTypesMap, subresourceMap
|
||||||
}
|
}
|
||||||
|
|
||||||
func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, client dclient.Interface) {
|
func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource, client dclient.Interface) {
|
||||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||||
gvrss, err := client.Discovery().FindResources(group, version, kind, subresource)
|
gvrss, err := client.Discovery().FindResources(group, version, kind, subresource)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -277,8 +277,8 @@ func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVers
|
||||||
gvk := schema.GroupVersionKind{
|
gvk := schema.GroupVersionKind{
|
||||||
Group: child.Group, Version: child.Version, Kind: child.Kind,
|
Group: child.Group, Version: child.Version, Kind: child.Kind,
|
||||||
}
|
}
|
||||||
subresourceMap[gvk] = valuesapi.Subresource{
|
subresourceMap[gvk] = v1alpha1.Subresource{
|
||||||
APIResource: child,
|
Subresource: child,
|
||||||
ParentResource: metav1.APIResource{
|
ParentResource: metav1.APIResource{
|
||||||
Group: parent.Group,
|
Group: parent.Group,
|
||||||
Version: parent.Version,
|
Version: parent.Version,
|
||||||
|
|
|
@ -4,7 +4,7 @@ import (
|
||||||
"io"
|
"io"
|
||||||
|
|
||||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"github.com/kyverno/kyverno/pkg/autogen"
|
"github.com/kyverno/kyverno/pkg/autogen"
|
||||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
|
@ -21,7 +21,7 @@ func (r *KyvernoResources) FetchResourcesFromPolicy(out io.Writer, resourcePaths
|
||||||
|
|
||||||
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
|
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
|
||||||
var resourceTypes []schema.GroupVersionKind
|
var resourceTypes []schema.GroupVersionKind
|
||||||
var subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource
|
var subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource
|
||||||
|
|
||||||
for _, policy := range r.policies {
|
for _, policy := range r.policies {
|
||||||
for _, rule := range autogen.ComputeRules(policy) {
|
for _, rule := range autogen.ComputeRules(policy) {
|
||||||
|
|
|
@ -3,15 +3,15 @@ package common
|
||||||
import (
|
import (
|
||||||
"io"
|
"io"
|
||||||
|
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||||
"k8s.io/api/admissionregistration/v1alpha1"
|
admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||||
)
|
)
|
||||||
|
|
||||||
type ValidatingAdmissionResources struct {
|
type ValidatingAdmissionResources struct {
|
||||||
policies []v1alpha1.ValidatingAdmissionPolicy
|
policies []admissionregistrationv1alpha1.ValidatingAdmissionPolicy
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *ValidatingAdmissionResources) FetchResourcesFromPolicy(out io.Writer, resourcePaths []string, dClient dclient.Interface, namespace string, policyReport bool) ([]*unstructured.Unstructured, error) {
|
func (r *ValidatingAdmissionResources) FetchResourcesFromPolicy(out io.Writer, resourcePaths []string, dClient dclient.Interface, namespace string, policyReport bool) ([]*unstructured.Unstructured, error) {
|
||||||
|
@ -20,7 +20,7 @@ func (r *ValidatingAdmissionResources) FetchResourcesFromPolicy(out io.Writer, r
|
||||||
|
|
||||||
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
|
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
|
||||||
var resourceTypes []schema.GroupVersionKind
|
var resourceTypes []schema.GroupVersionKind
|
||||||
var subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource
|
var subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource
|
||||||
|
|
||||||
for _, policy := range r.policies {
|
for _, policy := range r.policies {
|
||||||
var resourceTypesInRule map[schema.GroupVersionKind]bool
|
var resourceTypesInRule map[schema.GroupVersionKind]bool
|
||||||
|
|
|
@ -5,16 +5,16 @@ import (
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/go-git/go-billy/v5"
|
"github.com/go-git/go-billy/v5"
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"k8s.io/apimachinery/pkg/util/yaml"
|
"k8s.io/apimachinery/pkg/util/yaml"
|
||||||
)
|
)
|
||||||
|
|
||||||
func Load(f billy.Filesystem, filepath string) (*valuesapi.Values, error) {
|
func Load(f billy.Filesystem, filepath string) (*v1alpha1.Values, error) {
|
||||||
yamlBytes, err := readFile(f, filepath)
|
yamlBytes, err := readFile(f, filepath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
vals := &valuesapi.Values{}
|
vals := &v1alpha1.Values{}
|
||||||
if err := yaml.UnmarshalStrict(yamlBytes, vals); err != nil {
|
if err := yaml.UnmarshalStrict(yamlBytes, vals); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,7 +7,7 @@ import (
|
||||||
|
|
||||||
"github.com/go-git/go-billy/v5"
|
"github.com/go-git/go-billy/v5"
|
||||||
"github.com/go-git/go-billy/v5/memfs"
|
"github.com/go-git/go-billy/v5/memfs"
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
)
|
)
|
||||||
|
|
||||||
func Test_readFile(t *testing.T) {
|
func Test_readFile(t *testing.T) {
|
||||||
|
@ -88,7 +88,7 @@ func TestLoad(t *testing.T) {
|
||||||
name string
|
name string
|
||||||
f billy.Filesystem
|
f billy.Filesystem
|
||||||
filepath string
|
filepath string
|
||||||
want *valuesapi.Values
|
want *v1alpha1.Values
|
||||||
wantErr bool
|
wantErr bool
|
||||||
}{{
|
}{{
|
||||||
name: "empty",
|
name: "empty",
|
||||||
|
@ -108,27 +108,29 @@ func TestLoad(t *testing.T) {
|
||||||
}, {
|
}, {
|
||||||
name: "valid",
|
name: "valid",
|
||||||
filepath: "../_testdata/values/limit-configmap-for-sa.yaml",
|
filepath: "../_testdata/values/limit-configmap-for-sa.yaml",
|
||||||
want: &valuesapi.Values{
|
want: &v1alpha1.Values{
|
||||||
NamespaceSelectors: []valuesapi.NamespaceSelector{{
|
ValuesSpec: v1alpha1.ValuesSpec{
|
||||||
Name: "test1",
|
NamespaceSelectors: []v1alpha1.NamespaceSelector{{
|
||||||
Labels: map[string]string{
|
Name: "test1",
|
||||||
"foo.com/managed-state": "managed",
|
Labels: map[string]string{
|
||||||
},
|
"foo.com/managed-state": "managed",
|
||||||
}},
|
|
||||||
Policies: []valuesapi.Policy{{
|
|
||||||
Name: "limit-configmap-for-sa",
|
|
||||||
Resources: []valuesapi.Resource{{
|
|
||||||
Name: "any-configmap-name-good",
|
|
||||||
Values: map[string]interface{}{
|
|
||||||
"request.operation": "UPDATE",
|
|
||||||
},
|
|
||||||
}, {
|
|
||||||
Name: "any-configmap-name-bad",
|
|
||||||
Values: map[string]interface{}{
|
|
||||||
"request.operation": "UPDATE",
|
|
||||||
},
|
},
|
||||||
}},
|
}},
|
||||||
}},
|
Policies: []v1alpha1.Policy{{
|
||||||
|
Name: "limit-configmap-for-sa",
|
||||||
|
Resources: []v1alpha1.Resource{{
|
||||||
|
Name: "any-configmap-name-good",
|
||||||
|
Values: map[string]interface{}{
|
||||||
|
"request.operation": "UPDATE",
|
||||||
|
},
|
||||||
|
}, {
|
||||||
|
Name: "any-configmap-name-bad",
|
||||||
|
Values: map[string]interface{}{
|
||||||
|
"request.operation": "UPDATE",
|
||||||
|
},
|
||||||
|
}},
|
||||||
|
}},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
wantErr: false,
|
wantErr: false,
|
||||||
}}
|
}}
|
||||||
|
|
|
@ -5,18 +5,18 @@ import (
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
"github.com/go-git/go-billy/v5"
|
"github.com/go-git/go-billy/v5"
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values"
|
||||||
)
|
)
|
||||||
|
|
||||||
func New(fs billy.Filesystem, resourcePath string, path string, vals *valuesapi.Values, vars ...string) (*Variables, error) {
|
func New(fs billy.Filesystem, resourcePath string, path string, vals *v1alpha1.ValuesSpec, vars ...string) (*Variables, error) {
|
||||||
// if we already have values, skip the file
|
// if we already have values, skip the file
|
||||||
if vals == nil && path != "" {
|
if vals == nil && path != "" {
|
||||||
v, err := values.Load(fs, filepath.Join(resourcePath, path))
|
v, err := values.Load(fs, filepath.Join(resourcePath, path))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("Unable to load variable file: %s (%w)", path, err)
|
return nil, fmt.Errorf("Unable to load variable file: %s (%w)", path, err)
|
||||||
}
|
}
|
||||||
vals = v
|
vals = &v.ValuesSpec
|
||||||
}
|
}
|
||||||
variables := Variables{
|
variables := Variables{
|
||||||
values: vals,
|
values: vals,
|
||||||
|
|
|
@ -5,7 +5,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/go-git/go-billy/v5"
|
"github.com/go-git/go-billy/v5"
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestNew(t *testing.T) {
|
func TestNew(t *testing.T) {
|
||||||
|
@ -14,7 +14,7 @@ func TestNew(t *testing.T) {
|
||||||
fs billy.Filesystem
|
fs billy.Filesystem
|
||||||
resourcePath string
|
resourcePath string
|
||||||
path string
|
path string
|
||||||
vals *valuesapi.Values
|
vals *v1alpha1.ValuesSpec
|
||||||
vars []string
|
vars []string
|
||||||
want *Variables
|
want *Variables
|
||||||
wantErr bool
|
wantErr bool
|
||||||
|
@ -47,14 +47,14 @@ func TestNew(t *testing.T) {
|
||||||
fs: nil,
|
fs: nil,
|
||||||
resourcePath: "",
|
resourcePath: "",
|
||||||
path: "",
|
path: "",
|
||||||
vals: &valuesapi.Values{
|
vals: &v1alpha1.ValuesSpec{
|
||||||
GlobalValues: map[string]interface{}{
|
GlobalValues: map[string]interface{}{
|
||||||
"bar": "baz",
|
"bar": "baz",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
vars: nil,
|
vars: nil,
|
||||||
want: &Variables{
|
want: &Variables{
|
||||||
values: &valuesapi.Values{
|
values: &v1alpha1.ValuesSpec{
|
||||||
GlobalValues: map[string]interface{}{
|
GlobalValues: map[string]interface{}{
|
||||||
"bar": "baz",
|
"bar": "baz",
|
||||||
},
|
},
|
||||||
|
@ -66,7 +66,7 @@ func TestNew(t *testing.T) {
|
||||||
fs: nil,
|
fs: nil,
|
||||||
resourcePath: "",
|
resourcePath: "",
|
||||||
path: "",
|
path: "",
|
||||||
vals: &valuesapi.Values{
|
vals: &v1alpha1.ValuesSpec{
|
||||||
GlobalValues: map[string]interface{}{
|
GlobalValues: map[string]interface{}{
|
||||||
"bar": "baz",
|
"bar": "baz",
|
||||||
},
|
},
|
||||||
|
@ -75,7 +75,7 @@ func TestNew(t *testing.T) {
|
||||||
"foo=bar",
|
"foo=bar",
|
||||||
},
|
},
|
||||||
want: &Variables{
|
want: &Variables{
|
||||||
values: &valuesapi.Values{
|
values: &v1alpha1.ValuesSpec{
|
||||||
GlobalValues: map[string]interface{}{
|
GlobalValues: map[string]interface{}{
|
||||||
"bar": "baz",
|
"bar": "baz",
|
||||||
},
|
},
|
||||||
|
@ -93,16 +93,16 @@ func TestNew(t *testing.T) {
|
||||||
vals: nil,
|
vals: nil,
|
||||||
vars: nil,
|
vars: nil,
|
||||||
want: &Variables{
|
want: &Variables{
|
||||||
values: &valuesapi.Values{
|
values: &v1alpha1.ValuesSpec{
|
||||||
NamespaceSelectors: []valuesapi.NamespaceSelector{{
|
NamespaceSelectors: []v1alpha1.NamespaceSelector{{
|
||||||
Name: "test1",
|
Name: "test1",
|
||||||
Labels: map[string]string{
|
Labels: map[string]string{
|
||||||
"foo.com/managed-state": "managed",
|
"foo.com/managed-state": "managed",
|
||||||
},
|
},
|
||||||
}},
|
}},
|
||||||
Policies: []valuesapi.Policy{{
|
Policies: []v1alpha1.Policy{{
|
||||||
Name: "limit-configmap-for-sa",
|
Name: "limit-configmap-for-sa",
|
||||||
Resources: []valuesapi.Resource{{
|
Resources: []v1alpha1.Resource{{
|
||||||
Name: "any-configmap-name-good",
|
Name: "any-configmap-name-good",
|
||||||
Values: map[string]interface{}{
|
Values: map[string]interface{}{
|
||||||
"request.operation": "UPDATE",
|
"request.operation": "UPDATE",
|
||||||
|
@ -127,16 +127,16 @@ func TestNew(t *testing.T) {
|
||||||
"foo=bar",
|
"foo=bar",
|
||||||
},
|
},
|
||||||
want: &Variables{
|
want: &Variables{
|
||||||
values: &valuesapi.Values{
|
values: &v1alpha1.ValuesSpec{
|
||||||
NamespaceSelectors: []valuesapi.NamespaceSelector{{
|
NamespaceSelectors: []v1alpha1.NamespaceSelector{{
|
||||||
Name: "test1",
|
Name: "test1",
|
||||||
Labels: map[string]string{
|
Labels: map[string]string{
|
||||||
"foo.com/managed-state": "managed",
|
"foo.com/managed-state": "managed",
|
||||||
},
|
},
|
||||||
}},
|
}},
|
||||||
Policies: []valuesapi.Policy{{
|
Policies: []v1alpha1.Policy{{
|
||||||
Name: "limit-configmap-for-sa",
|
Name: "limit-configmap-for-sa",
|
||||||
Resources: []valuesapi.Resource{{
|
Resources: []v1alpha1.Resource{{
|
||||||
Name: "any-configmap-name-good",
|
Name: "any-configmap-name-good",
|
||||||
Values: map[string]interface{}{
|
Values: map[string]interface{}{
|
||||||
"request.operation": "UPDATE",
|
"request.operation": "UPDATE",
|
||||||
|
@ -168,14 +168,14 @@ func TestNew(t *testing.T) {
|
||||||
fs: nil,
|
fs: nil,
|
||||||
resourcePath: "",
|
resourcePath: "",
|
||||||
path: "../_testdata/values/limit-configmap-for-sa.yaml",
|
path: "../_testdata/values/limit-configmap-for-sa.yaml",
|
||||||
vals: &valuesapi.Values{
|
vals: &v1alpha1.ValuesSpec{
|
||||||
GlobalValues: map[string]interface{}{
|
GlobalValues: map[string]interface{}{
|
||||||
"bar": "baz",
|
"bar": "baz",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
vars: nil,
|
vars: nil,
|
||||||
want: &Variables{
|
want: &Variables{
|
||||||
values: &valuesapi.Values{
|
values: &v1alpha1.ValuesSpec{
|
||||||
GlobalValues: map[string]interface{}{
|
GlobalValues: map[string]interface{}{
|
||||||
"bar": "baz",
|
"bar": "baz",
|
||||||
},
|
},
|
||||||
|
|
|
@ -3,13 +3,13 @@ package variables
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store"
|
||||||
"k8s.io/apimachinery/pkg/util/sets"
|
"k8s.io/apimachinery/pkg/util/sets"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Variables struct {
|
type Variables struct {
|
||||||
values *valuesapi.Values
|
values *v1alpha1.ValuesSpec
|
||||||
variables map[string]string
|
variables map[string]string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -29,7 +29,7 @@ func (v Variables) HasPolicyVariables(policy string) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func (v Variables) Subresources() []valuesapi.Subresource {
|
func (v Variables) Subresources() []v1alpha1.Subresource {
|
||||||
if v.values == nil {
|
if v.values == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,7 @@ import (
|
||||||
"reflect"
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
|
||||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values"
|
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"k8s.io/apimachinery/pkg/util/sets"
|
"k8s.io/apimachinery/pkg/util/sets"
|
||||||
|
@ -13,7 +13,7 @@ import (
|
||||||
func TestVariables_HasVariables(t *testing.T) {
|
func TestVariables_HasVariables(t *testing.T) {
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
values *valuesapi.Values
|
values *v1alpha1.ValuesSpec
|
||||||
variables map[string]string
|
variables map[string]string
|
||||||
want bool
|
want bool
|
||||||
}{{
|
}{{
|
||||||
|
@ -50,9 +50,9 @@ func TestVariables_HasVariables(t *testing.T) {
|
||||||
func TestVariables_Subresources(t *testing.T) {
|
func TestVariables_Subresources(t *testing.T) {
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
values *valuesapi.Values
|
values *v1alpha1.ValuesSpec
|
||||||
variables map[string]string
|
variables map[string]string
|
||||||
want []valuesapi.Subresource
|
want []v1alpha1.Subresource
|
||||||
}{{
|
}{{
|
||||||
name: "nil values",
|
name: "nil values",
|
||||||
values: nil,
|
values: nil,
|
||||||
|
@ -60,25 +60,25 @@ func TestVariables_Subresources(t *testing.T) {
|
||||||
want: nil,
|
want: nil,
|
||||||
}, {
|
}, {
|
||||||
name: "nil subresources",
|
name: "nil subresources",
|
||||||
values: &valuesapi.Values{
|
values: &v1alpha1.ValuesSpec{
|
||||||
Subresources: nil,
|
Subresources: nil,
|
||||||
},
|
},
|
||||||
variables: nil,
|
variables: nil,
|
||||||
want: nil,
|
want: nil,
|
||||||
}, {
|
}, {
|
||||||
name: "empty subresources",
|
name: "empty subresources",
|
||||||
values: &valuesapi.Values{
|
values: &v1alpha1.ValuesSpec{
|
||||||
Subresources: []valuesapi.Subresource{},
|
Subresources: []v1alpha1.Subresource{},
|
||||||
},
|
},
|
||||||
variables: nil,
|
variables: nil,
|
||||||
want: nil,
|
want: nil,
|
||||||
}, {
|
}, {
|
||||||
name: "subresources",
|
name: "subresources",
|
||||||
values: &valuesapi.Values{
|
values: &v1alpha1.ValuesSpec{
|
||||||
Subresources: []valuesapi.Subresource{{}},
|
Subresources: []v1alpha1.Subresource{{}},
|
||||||
},
|
},
|
||||||
variables: nil,
|
variables: nil,
|
||||||
want: []valuesapi.Subresource{{}},
|
want: []v1alpha1.Subresource{{}},
|
||||||
}}
|
}}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
@ -98,7 +98,7 @@ func TestVariables_NamespaceSelectors(t *testing.T) {
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
values *valuesapi.Values
|
values *v1alpha1.ValuesSpec
|
||||||
variables map[string]string
|
variables map[string]string
|
||||||
want map[string]Labels
|
want map[string]Labels
|
||||||
}{{
|
}{{
|
||||||
|
@ -108,12 +108,12 @@ func TestVariables_NamespaceSelectors(t *testing.T) {
|
||||||
want: nil,
|
want: nil,
|
||||||
}, {
|
}, {
|
||||||
name: "empty",
|
name: "empty",
|
||||||
values: &valuesapi.Values{},
|
values: &v1alpha1.ValuesSpec{},
|
||||||
variables: nil,
|
variables: nil,
|
||||||
want: nil,
|
want: nil,
|
||||||
}, {
|
}, {
|
||||||
name: "values",
|
name: "values",
|
||||||
values: vals,
|
values: &vals.ValuesSpec,
|
||||||
variables: nil,
|
variables: nil,
|
||||||
want: map[string]map[string]string{
|
want: map[string]map[string]string{
|
||||||
"test1": {
|
"test1": {
|
||||||
|
@ -137,9 +137,9 @@ func TestVariables_NamespaceSelectors(t *testing.T) {
|
||||||
func TestVariables_SetInStore(t *testing.T) {
|
func TestVariables_SetInStore(t *testing.T) {
|
||||||
vals, err := values.Load(nil, "../_testdata/values/limit-configmap-for-sa.yaml")
|
vals, err := values.Load(nil, "../_testdata/values/limit-configmap-for-sa.yaml")
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
vals.Policies = append(vals.Policies, valuesapi.Policy{
|
vals.ValuesSpec.Policies = append(vals.ValuesSpec.Policies, v1alpha1.Policy{
|
||||||
Name: "limit-configmap-for-sa",
|
Name: "limit-configmap-for-sa",
|
||||||
Rules: []valuesapi.Rule{{
|
Rules: []v1alpha1.Rule{{
|
||||||
Name: "rule",
|
Name: "rule",
|
||||||
Values: map[string]interface{}{
|
Values: map[string]interface{}{
|
||||||
"foo": "bar",
|
"foo": "bar",
|
||||||
|
@ -151,7 +151,7 @@ func TestVariables_SetInStore(t *testing.T) {
|
||||||
})
|
})
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
values *valuesapi.Values
|
values *v1alpha1.ValuesSpec
|
||||||
variables map[string]string
|
variables map[string]string
|
||||||
}{{
|
}{{
|
||||||
name: "nil",
|
name: "nil",
|
||||||
|
@ -159,11 +159,11 @@ func TestVariables_SetInStore(t *testing.T) {
|
||||||
variables: nil,
|
variables: nil,
|
||||||
}, {
|
}, {
|
||||||
name: "empty",
|
name: "empty",
|
||||||
values: &valuesapi.Values{},
|
values: &v1alpha1.ValuesSpec{},
|
||||||
variables: nil,
|
variables: nil,
|
||||||
}, {
|
}, {
|
||||||
name: "values",
|
name: "values",
|
||||||
values: vals,
|
values: &vals.ValuesSpec,
|
||||||
variables: nil,
|
variables: nil,
|
||||||
}}
|
}}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
|
@ -180,9 +180,9 @@ func TestVariables_SetInStore(t *testing.T) {
|
||||||
func TestVariables_HasPolicyVariables(t *testing.T) {
|
func TestVariables_HasPolicyVariables(t *testing.T) {
|
||||||
vals, err := values.Load(nil, "../_testdata/values/limit-configmap-for-sa.yaml")
|
vals, err := values.Load(nil, "../_testdata/values/limit-configmap-for-sa.yaml")
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
vals.Policies = append(vals.Policies, valuesapi.Policy{
|
vals.ValuesSpec.Policies = append(vals.ValuesSpec.Policies, v1alpha1.Policy{
|
||||||
Name: "limit-configmap-for-sa",
|
Name: "limit-configmap-for-sa",
|
||||||
Rules: []valuesapi.Rule{{
|
Rules: []v1alpha1.Rule{{
|
||||||
Name: "rule",
|
Name: "rule",
|
||||||
Values: map[string]interface{}{
|
Values: map[string]interface{}{
|
||||||
"foo": "bar",
|
"foo": "bar",
|
||||||
|
@ -194,7 +194,7 @@ func TestVariables_HasPolicyVariables(t *testing.T) {
|
||||||
})
|
})
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
values *valuesapi.Values
|
values *v1alpha1.ValuesSpec
|
||||||
variables map[string]string
|
variables map[string]string
|
||||||
policy string
|
policy string
|
||||||
want bool
|
want bool
|
||||||
|
@ -206,19 +206,19 @@ func TestVariables_HasPolicyVariables(t *testing.T) {
|
||||||
want: false,
|
want: false,
|
||||||
}, {
|
}, {
|
||||||
name: "empty",
|
name: "empty",
|
||||||
values: &valuesapi.Values{},
|
values: &v1alpha1.ValuesSpec{},
|
||||||
variables: nil,
|
variables: nil,
|
||||||
policy: "test",
|
policy: "test",
|
||||||
want: false,
|
want: false,
|
||||||
}, {
|
}, {
|
||||||
name: "values - test",
|
name: "values - test",
|
||||||
values: vals,
|
values: &vals.ValuesSpec,
|
||||||
variables: nil,
|
variables: nil,
|
||||||
policy: "test",
|
policy: "test",
|
||||||
want: false,
|
want: false,
|
||||||
}, {
|
}, {
|
||||||
name: "values - limit-configmap-for-sa",
|
name: "values - limit-configmap-for-sa",
|
||||||
values: vals,
|
values: &vals.ValuesSpec,
|
||||||
variables: nil,
|
variables: nil,
|
||||||
policy: "limit-configmap-for-sa",
|
policy: "limit-configmap-for-sa",
|
||||||
want: true,
|
want: true,
|
||||||
|
@ -237,14 +237,14 @@ func TestVariables_HasPolicyVariables(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestVariables_ComputeVariables(t *testing.T) {
|
func TestVariables_ComputeVariables(t *testing.T) {
|
||||||
loadValues := func(path string) *valuesapi.Values {
|
loadValues := func(path string) *v1alpha1.ValuesSpec {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
vals, err := values.Load(nil, path)
|
vals, err := values.Load(nil, path)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
return vals
|
return &vals.ValuesSpec
|
||||||
}
|
}
|
||||||
type fields struct {
|
type fields struct {
|
||||||
values *valuesapi.Values
|
values *v1alpha1.ValuesSpec
|
||||||
variables map[string]string
|
variables map[string]string
|
||||||
}
|
}
|
||||||
type args struct {
|
type args struct {
|
||||||
|
|
|
@ -30,6 +30,7 @@ kyverno fix test [dir]... [flags]
|
||||||
```
|
```
|
||||||
--compress Compress test results
|
--compress Compress test results
|
||||||
-f, --file-name string Test filename (default "kyverno-test.yaml")
|
-f, --file-name string Test filename (default "kyverno-test.yaml")
|
||||||
|
--force Force save file
|
||||||
-h, --help help for test
|
-h, --help help for test
|
||||||
--save Save fixed file
|
--save Save fixed file
|
||||||
```
|
```
|
838
docs/user/cli/crd/index.html
Normal file
838
docs/user/cli/crd/index.html
Normal file
|
@ -0,0 +1,838 @@
|
||||||
|
<!doctype html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
|
||||||
|
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
|
||||||
|
<title>Kyverno API</title>
|
||||||
|
<style>
|
||||||
|
.bg-blue {
|
||||||
|
color: #ffffff;
|
||||||
|
background-color: #1589dd;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div class="container">
|
||||||
|
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
|
||||||
|
<a class="navbar-brand" href="#"><p><b>Packages : </b></p></a>
|
||||||
|
<ul style="list-style:none">
|
||||||
|
<li>
|
||||||
|
<a href="#cli.kyverno.io%2fv1alpha1"><b style="color: white">cli.kyverno.io/v1alpha1</b></a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</nav>
|
||||||
|
<h2 id="cli.kyverno.io/v1alpha1">cli.kyverno.io/v1alpha1</h2>
|
||||||
|
Resource Types:
|
||||||
|
<ul><li>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.Test">Test</a>
|
||||||
|
</li><li>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.UserInfo">UserInfo</a>
|
||||||
|
</li><li>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.Values">Values</a>
|
||||||
|
</li></ul>
|
||||||
|
<hr />
|
||||||
|
<h3 id="cli.kyverno.io/v1alpha1.Test">Test
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
<p>Test declares a test</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>apiVersion</code><br/>
|
||||||
|
string</td>
|
||||||
|
<td>
|
||||||
|
<code>
|
||||||
|
cli.kyverno.io/v1alpha1
|
||||||
|
</code>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>kind</code><br/>
|
||||||
|
string
|
||||||
|
</td>
|
||||||
|
<td><code>Test</code></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>metadata</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
|
||||||
|
Kubernetes meta/v1.ObjectMeta
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
Refer to the Kubernetes API documentation for the fields of the
|
||||||
|
<code>metadata</code> field.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>name</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Name is the name of the test.
|
||||||
|
This field is deprecated, use <code>metadata.name</code> instead</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>policies</code><br/>
|
||||||
|
<em>
|
||||||
|
[]string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Policies are the policies to be used in the test</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>resources</code><br/>
|
||||||
|
<em>
|
||||||
|
[]string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Resources are the resource to be used in the test</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>variables</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Variables is the values to be used in the test</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>userinfo</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>UserInfo is the user info to be used in the test</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>results</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.TestResult">
|
||||||
|
[]TestResult
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Results are the results to be checked in the test</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>values</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">
|
||||||
|
ValuesSpec
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Values are the values to be used in the test</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
|
<h3 id="cli.kyverno.io/v1alpha1.UserInfo">UserInfo
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
<p>UserInfo declares user infos to be loaded by the Kyverno CLI</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>apiVersion</code><br/>
|
||||||
|
string</td>
|
||||||
|
<td>
|
||||||
|
<code>
|
||||||
|
cli.kyverno.io/v1alpha1
|
||||||
|
</code>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>kind</code><br/>
|
||||||
|
string
|
||||||
|
</td>
|
||||||
|
<td><code>UserInfo</code></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>metadata</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
|
||||||
|
Kubernetes meta/v1.ObjectMeta
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
Refer to the Kubernetes API documentation for the fields of the
|
||||||
|
<code>metadata</code> field.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>RequestInfo</code><br/>
|
||||||
|
<em>
|
||||||
|
github.com/kyverno/kyverno/api/kyverno/v1beta1.RequestInfo
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>
|
||||||
|
(Members of <code>RequestInfo</code> are embedded into this type.)
|
||||||
|
</p>
|
||||||
|
<p>RequestInfo declares user infos</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
|
<h3 id="cli.kyverno.io/v1alpha1.Values">Values
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
<p>Values declares values to be loaded by the Kyverno CLI</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>apiVersion</code><br/>
|
||||||
|
string</td>
|
||||||
|
<td>
|
||||||
|
<code>
|
||||||
|
cli.kyverno.io/v1alpha1
|
||||||
|
</code>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>kind</code><br/>
|
||||||
|
string
|
||||||
|
</td>
|
||||||
|
<td><code>Values</code></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>metadata</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
|
||||||
|
Kubernetes meta/v1.ObjectMeta
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
Refer to the Kubernetes API documentation for the fields of the
|
||||||
|
<code>metadata</code> field.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>ValuesSpec</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">
|
||||||
|
ValuesSpec
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>
|
||||||
|
(Members of <code>ValuesSpec</code> are embedded into this type.)
|
||||||
|
</p>
|
||||||
|
<p>ValuesSpec declares values</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
|
<h3 id="cli.kyverno.io/v1alpha1.NamespaceSelector">NamespaceSelector
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
(<em>Appears on:</em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">ValuesSpec</a>)
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<p>NamespaceSelector declares labels for a given namespace</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>name</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Name is the namespace name</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>labels</code><br/>
|
||||||
|
<em>
|
||||||
|
map[string]string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Labels are the labels for the given namespace</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
|
<h3 id="cli.kyverno.io/v1alpha1.Policy">Policy
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
(<em>Appears on:</em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">ValuesSpec</a>)
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<p>Policy declares values for a given policy</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>name</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Name is the policy name</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>resources</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.Resource">
|
||||||
|
[]Resource
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Resources are values for specific resources</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>rules</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.Rule">
|
||||||
|
[]Rule
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Rules are values for specific policy rules</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
|
<h3 id="cli.kyverno.io/v1alpha1.Resource">Resource
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
(<em>Appears on:</em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.Policy">Policy</a>)
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<p>Resource declares values for a given resource</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>name</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Name is the name of the resource</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>values</code><br/>
|
||||||
|
<em>
|
||||||
|
map[string]interface{}
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Values are the values for the given resource</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
|
<h3 id="cli.kyverno.io/v1alpha1.Rule">Rule
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
(<em>Appears on:</em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.Policy">Policy</a>)
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<p>Rule declares values for a given policy rule</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>name</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Name is the name of the ppolicy rule</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>values</code><br/>
|
||||||
|
<em>
|
||||||
|
map[string]interface{}
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Values are the values for the given policy rule</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>foreachValues</code><br/>
|
||||||
|
<em>
|
||||||
|
map[string][]interface{}
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>ForeachValues are the foreach values for the given policy rule</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
|
<h3 id="cli.kyverno.io/v1alpha1.Subresource">Subresource
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
(<em>Appears on:</em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">ValuesSpec</a>)
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<p>Subresource declares subresource/parent resource mapping</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>subresource</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#apiresource-v1-meta">
|
||||||
|
Kubernetes meta/v1.APIResource
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Subresource declares the subresource api</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>parentResource</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#apiresource-v1-meta">
|
||||||
|
Kubernetes meta/v1.APIResource
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>ParentResource declares the parent resource api</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
|
<h3 id="cli.kyverno.io/v1alpha1.TestResult">TestResult
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
(<em>Appears on:</em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.Test">Test</a>)
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<p>TestResultBase declares a test result</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>TestResultBase</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.TestResultBase">
|
||||||
|
TestResultBase
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>
|
||||||
|
(Members of <code>TestResultBase</code> are embedded into this type.)
|
||||||
|
</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>TestResultDeprecated</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.TestResultDeprecated">
|
||||||
|
TestResultDeprecated
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>
|
||||||
|
(Members of <code>TestResultDeprecated</code> are embedded into this type.)
|
||||||
|
</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>resources</code><br/>
|
||||||
|
<em>
|
||||||
|
[]string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Resources gives us the list of resources on which the policy is going to be applied.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
|
<h3 id="cli.kyverno.io/v1alpha1.TestResultBase">TestResultBase
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
(<em>Appears on:</em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.TestResult">TestResult</a>)
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<p>TestResultBase declares a test result base fields</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>policy</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Policy mentions the name of the policy.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>rule</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<em>(Optional)</em>
|
||||||
|
<p>Rule mentions the name of the rule in the policy.
|
||||||
|
It’s required in case policy is a kyverno policy.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>isValidatingAdmissionPolicy</code><br/>
|
||||||
|
<em>
|
||||||
|
bool
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<em>(Optional)</em>
|
||||||
|
<p>IsValidatingAdmissionPolicy indicates if the policy is a validating admission policy.
|
||||||
|
It’s required in case policy is a validating admission policy.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>result</code><br/>
|
||||||
|
<em>
|
||||||
|
github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyResult
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Result mentions the result that the user is expecting.
|
||||||
|
Possible values are pass, fail and skip.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>kind</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Kind mentions the kind of the resource on which the policy is to be applied.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>patchedResource</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>PatchedResource takes a resource configuration file in yaml format from
|
||||||
|
the user to compare it against the Kyverno mutated resource configuration.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>generatedResource</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>GeneratedResource takes a resource configuration file in yaml format from
|
||||||
|
the user to compare it against the Kyverno generated resource configuration.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>cloneSourceResource</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>CloneSourceResource takes the resource configuration file in yaml format
|
||||||
|
from the user which is meant to be cloned by the generate rule.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
|
<h3 id="cli.kyverno.io/v1alpha1.TestResultDeprecated">TestResultDeprecated
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
(<em>Appears on:</em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.TestResult">TestResult</a>)
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<p>TestResultBase declares a test result deprecated fields</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>status</code><br/>
|
||||||
|
<em>
|
||||||
|
github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyResult
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Status mentions the status that the user is expecting.
|
||||||
|
Possible values are pass, fail and skip.
|
||||||
|
This is DEPRECATED, use <code>Result</code> instead.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>resource</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Resource mentions the name of the resource on which the policy is to be applied.
|
||||||
|
This is DEPRECATED, use <code>Resources</code> instead.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>namespace</code><br/>
|
||||||
|
<em>
|
||||||
|
string
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Namespace mentions the namespace of the policy which has namespace scope.
|
||||||
|
This is DEPRECATED, use a name in the form <code><namespace>/<name></code> for policies and/or resources instead.</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
|
<h3 id="cli.kyverno.io/v1alpha1.ValuesSpec">ValuesSpec
|
||||||
|
</h3>
|
||||||
|
<p>
|
||||||
|
(<em>Appears on:</em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.Test">Test</a>,
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.Values">Values</a>)
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<p>ValuesSpec declares values to be loaded by the Kyverno CLI</p>
|
||||||
|
</p>
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead class="thead-dark">
|
||||||
|
<tr>
|
||||||
|
<th>Field</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>globalValues</code><br/>
|
||||||
|
<em>
|
||||||
|
map[string]interface{}
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>GlobalValues are the global values</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>policies</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.Policy">
|
||||||
|
[]Policy
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Policies are the policy values</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>namespaceSelector</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.NamespaceSelector">
|
||||||
|
[]NamespaceSelector
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>NamespaceSelectors are the namespace labels</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>subresources</code><br/>
|
||||||
|
<em>
|
||||||
|
<a href="#cli.kyverno.io/v1alpha1.Subresource">
|
||||||
|
[]Subresource
|
||||||
|
</a>
|
||||||
|
</em>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<p>Subresources are the subresource/parent resource mappings</p>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<hr />
|
||||||
|
</div>
|
||||||
|
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
|
||||||
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
|
||||||
|
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -1,4 +1,7 @@
|
||||||
name: test-registry
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- image-example.yaml
|
- image-example.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: policy-endpoints
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: mutate-pods-spec
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: validate-default-proc-mount
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: validate-disallow-default-serviceaccount
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: check-probe-exists
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: validate-selinux-options
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: validate-volumes-whitelist
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: restrict-ingress-classes
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: test-exclude
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: test-simple
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: test-simple
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: test-simple
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: deny-all-traffic
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: add-quota
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: pdb-test
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: generate-tests
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: multiple-resources
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: sync-controller-data
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: sync-secrets
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: add-default-resources
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- add-default-resources.yaml
|
- add-default-resources.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,13 +1,16 @@
|
||||||
name: bug-demo
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- ./policy.yaml
|
- ./policy.yaml
|
||||||
resources:
|
resources:
|
||||||
- ./resource.yaml
|
- ./resource.yaml
|
||||||
results:
|
results:
|
||||||
- policy: bug-demo
|
- kind: Pod
|
||||||
rule: mutate1
|
patchedResource: patched-resource-pattern.yaml
|
||||||
|
policy: bug-demo
|
||||||
resources:
|
resources:
|
||||||
- pod1
|
- pod1
|
||||||
kind: Pod
|
|
||||||
patchedResource: patched-resource-pattern.yaml
|
|
||||||
result: pass
|
result: pass
|
||||||
|
rule: mutate1
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: connection-draining
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policy.yaml
|
- policy.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: foreach-mutate
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policies.yaml
|
- policies.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
name: foreach-mutate
|
apiVersion: cli.kyverno.io/v1alpha1
|
||||||
|
kind: Test
|
||||||
|
metadata:
|
||||||
|
name: kyverno-test.yaml
|
||||||
policies:
|
policies:
|
||||||
- policies.yaml
|
- policies.yaml
|
||||||
resources:
|
resources:
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Reference in a new issue