mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-15 20:20:22 +00:00
Code Activity

feat: add cli api schemas (#8422)

Browse source 
* feat: add cli values schema

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* docs

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* makefile

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* v1alpha1

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nits

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-09-17 22:50:17 +02:00 committed by GitHub
parent 9361100f17
commit a43a20adb9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
153 changed files with 2323 additions and 415 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
Makefile
View file

@ -494,6 +494,11 @@ codegen-crds-report: $(CONTROLLER_GEN) ## Generate policy reports CRDs
@echo Generate policy reports crds... >&2 @echo Generate policy reports crds... >&2
@$(CONTROLLER_GEN) crd paths=./api/policyreport/... crd:crdVersions=v1 output:dir=$(CRDS_PATH) @$(CONTROLLER_GEN) crd paths=./api/policyreport/... crd:crdVersions=v1 output:dir=$(CRDS_PATH)
.PHONY: codegen-crds-cli
codegen-crds-cli: $(CONTROLLER_GEN) ## Generate policy reports CRDs
@echo Generate cli crds... >&2
@$(CONTROLLER_GEN) crd paths=./cmd/cli/kubectl-kyverno/apis/... crd:crdVersions=v1 output:dir=${PWD}/cmd/cli/kubectl-kyverno/config/crds
.PHONY: codegen-crds-all .PHONY: codegen-crds-all
codegen-crds-all: codegen-crds-kyverno codegen-crds-report ## Generate all CRDs codegen-crds-all: codegen-crds-kyverno codegen-crds-report ## Generate all CRDs
@ -512,11 +517,21 @@ codegen-api-docs: $(PACKAGE_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) ## Generate API
-template-dir docs/user/template \ -template-dir docs/user/template \
-out-file docs/user/crd/index.html -out-file docs/user/crd/index.html
.PHONY: codegen-cli-api-docs
codegen-cli-api-docs: $(PACKAGE_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) ## Generate CLI API docs
@echo Generate CLI api docs... >&2
@rm -rf docs/user/cli/crd && mkdir -p docs/user/cli/crd
@GOPATH=$(GOPATH_SHIM) $(GEN_CRD_API_REFERENCE_DOCS) -v 4 \
-api-dir $(PACKAGE)/cmd/cli/kubectl-kyverno/apis \
-config docs/user/config.json \
-template-dir docs/user/template \
-out-file docs/user/cli/crd/index.html
.PHONY: codegen-cli-docs .PHONY: codegen-cli-docs
codegen-cli-docs: $(CLI_BIN) ## Generate CLI docs codegen-cli-docs: $(CLI_BIN) ## Generate CLI docs
@echo Generate cli docs... >&2 @echo Generate cli docs... >&2
@rm -rf docs/user/cli && mkdir -p docs/user/cli @rm -rf docs/user/cli/commands && mkdir -p docs/user/cli/commands
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) docs -o docs/user/cli --autogenTag=false @KYVERNO_EXPERIMENTAL=true $(CLI_BIN) docs -o docs/user/cli/commands --autogenTag=false
.PHONY: codegen-cli-crds .PHONY: codegen-cli-crds
codegen-cli-crds: codegen-crds-kyverno ## Copy generated CRDs to embed in the CLI codegen-cli-crds: codegen-crds-kyverno ## Copy generated CRDs to embed in the CLI
@ -531,13 +546,16 @@ codegen-docs-all: codegen-helm-docs codegen-cli-docs codegen-api-docs ## Genera
.PHONY: codegen-fix-tests .PHONY: codegen-fix-tests
codegen-fix-tests: $(CLI_BIN) ## Fix CLI test files codegen-fix-tests: $(CLI_BIN) ## Fix CLI test files
@echo Fix CLI test files... >&2 @echo Fix CLI test files... >&2
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix test ./test/cli --save --compress @KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix test ./test/cli --save --compress --force
.PHONY: codegen-fix-policies .PHONY: codegen-fix-policies
codegen-fix-policies: $(CLI_BIN) ## Fix CLI policy files codegen-fix-policies: $(CLI_BIN) ## Fix CLI policy files
@echo Fix CLI policy files... >&2 @echo Fix CLI policy files... >&2
@KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix policy ./test/cli/test --save @KYVERNO_EXPERIMENTAL=true $(CLI_BIN) fix policy ./test/cli/test --save
.PHONY: codegen-cli-all
codegen-cli-all: codegen-cli-crds codegen-cli-docs codegen-cli-api-docs codegen-fix-tests ## Generate all CLI related code and docs
.PHONY: codegen-helm-crds .PHONY: codegen-helm-crds
codegen-helm-crds: codegen-crds-all ## Generate helm CRDs codegen-helm-crds: codegen-crds-all ## Generate helm CRDs
@echo Generate helm crds... >&2 @echo Generate helm crds... >&2

1
cmd/cli/kubectl-kyverno/apis/doc.go Normal file
View file

@ -0,0 +1 @@
package apis

15
cmd/cli/kubectl-kyverno/apis/test/test.go
View file

@ -1,15 +0,0 @@
package test
import (
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
)
type Test struct {
Name string `json:"name"`
Policies []string `json:"policies"`
Resources []string `json:"resources"`
Variables string `json:"variables,omitempty"`
UserInfo string `json:"userinfo,omitempty"`
Results []TestResult `json:"results"`
Values *values.Values `json:"values,omitempty"`
}

3
cmd/cli/kubectl-kyverno/apis/v1alpha1/doc.go Executable file
View file

@ -0,0 +1,3 @@
// +groupName=cli.kyverno.io
package v1alpha1

10
cmd/cli/kubectl-kyverno/apis/v1alpha1/namespace_selector.go Normal file
View file

@ -0,0 +1,10 @@
package v1alpha1
// NamespaceSelector declares labels for a given namespace
type NamespaceSelector struct {
// Name is the namespace name
Name string `json:"name"`
// Labels are the labels for the given namespace
Labels map[string]string `json:"labels"`
}

13
cmd/cli/kubectl-kyverno/apis/v1alpha1/policy.go Normal file
View file

@ -0,0 +1,13 @@
package v1alpha1
// Policy declares values for a given policy
type Policy struct {
// Name is the policy name
Name string `json:"name"`
// Resources are values for specific resources
Resources []Resource `json:"resources,omitempty"`
// Rules are values for specific policy rules
Rules []Rule `json:"rules,omitempty"`
}

13
cmd/cli/kubectl-kyverno/apis/v1alpha1/resource.go Normal file
View file

@ -0,0 +1,13 @@
package v1alpha1
// Resource declares values for a given resource
type Resource struct {
// Name is the name of the resource
Name string `json:"name"`
// Values are the values for the given resource
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
Values map[string]interface{} `json:"values,omitempty"`
}

19
cmd/cli/kubectl-kyverno/apis/v1alpha1/rule.go Normal file
View file

@ -0,0 +1,19 @@
package v1alpha1
// Rule declares values for a given policy rule
type Rule struct {
// Name is the name of the ppolicy rule
Name string `json:"name"`
// Values are the values for the given policy rule
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
Values map[string]interface{} `json:"values,omitempty"`
// ForeachValues are the foreach values for the given policy rule
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
ForeachValues map[string][]interface{} `json:"foreachValues,omitempty"`
}

14
cmd/cli/kubectl-kyverno/apis/v1alpha1/subresource.go Normal file
View file

@ -0,0 +1,14 @@
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// Subresource declares subresource/parent resource mapping
type Subresource struct {
// Subresource declares the subresource api
Subresource metav1.APIResource `json:"subresource"`
// ParentResource declares the parent resource api
ParentResource metav1.APIResource `json:"parentResource"`
}

37
cmd/cli/kubectl-kyverno/apis/v1alpha1/test.go Normal file
View file

@ -0,0 +1,37 @@
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +kubebuilder:object:root=true
// +kubebuilder:resource:scope="Cluster"
// Test declares a test
type Test struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Name is the name of the test.
// This field is deprecated, use `metadata.name` instead
Name string `json:"name,omitempty"`
// Policies are the policies to be used in the test
Policies []string `json:"policies,omitempty"`
// Resources are the resource to be used in the test
Resources []string `json:"resources,omitempty"`
// Variables is the values to be used in the test
Variables string `json:"variables,omitempty"`
// UserInfo is the user info to be used in the test
UserInfo string `json:"userinfo,omitempty"`
// Results are the results to be checked in the test
Results []TestResult `json:"results,omitempty"`
// Values are the values to be used in the test
Values *ValuesSpec `json:"values,omitempty"`
}

15
cmd/cli/kubectl-kyverno/apis/test/test_result.go → cmd/cli/kubectl-kyverno/apis/v1alpha1/test_result.go
View file

@ -1,52 +1,65 @@
package test package v1alpha1
import ( import (
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
) )
// TestResultBase declares a test result base fields
type TestResultBase struct { type TestResultBase struct {
// Policy mentions the name of the policy. // Policy mentions the name of the policy.
Policy string `json:"policy"` Policy string `json:"policy"`
// Rule mentions the name of the rule in the policy. // Rule mentions the name of the rule in the policy.
// It's required in case policy is a kyverno policy. // It's required in case policy is a kyverno policy.
// +optional // +optional
Rule string `json:"rule,omitempty"` Rule string `json:"rule,omitempty"`
// IsValidatingAdmissionPolicy indicates if the policy is a validating admission policy. // IsValidatingAdmissionPolicy indicates if the policy is a validating admission policy.
// It's required in case policy is a validating admission policy. // It's required in case policy is a validating admission policy.
// +optional // +optional
IsValidatingAdmissionPolicy bool `json:"isValidatingAdmissionPolicy,omitempty"` IsValidatingAdmissionPolicy bool `json:"isValidatingAdmissionPolicy,omitempty"`
// Result mentions the result that the user is expecting. // Result mentions the result that the user is expecting.
// Possible values are pass, fail and skip. // Possible values are pass, fail and skip.
Result policyreportv1alpha2.PolicyResult `json:"result"` Result policyreportv1alpha2.PolicyResult `json:"result"`
// Kind mentions the kind of the resource on which the policy is to be applied. // Kind mentions the kind of the resource on which the policy is to be applied.
Kind string `json:"kind"` Kind string `json:"kind"`
// PatchedResource takes a resource configuration file in yaml format from // PatchedResource takes a resource configuration file in yaml format from
// the user to compare it against the Kyverno mutated resource configuration. // the user to compare it against the Kyverno mutated resource configuration.
PatchedResource string `json:"patchedResource,omitempty"` PatchedResource string `json:"patchedResource,omitempty"`
// GeneratedResource takes a resource configuration file in yaml format from // GeneratedResource takes a resource configuration file in yaml format from
// the user to compare it against the Kyverno generated resource configuration. // the user to compare it against the Kyverno generated resource configuration.
GeneratedResource string `json:"generatedResource,omitempty"` GeneratedResource string `json:"generatedResource,omitempty"`
// CloneSourceResource takes the resource configuration file in yaml format // CloneSourceResource takes the resource configuration file in yaml format
// from the user which is meant to be cloned by the generate rule. // from the user which is meant to be cloned by the generate rule.
CloneSourceResource string `json:"cloneSourceResource,omitempty"` CloneSourceResource string `json:"cloneSourceResource,omitempty"`
} }
// TestResultBase declares a test result deprecated fields
type TestResultDeprecated struct { type TestResultDeprecated struct {
// Status mentions the status that the user is expecting. // Status mentions the status that the user is expecting.
// Possible values are pass, fail and skip. // Possible values are pass, fail and skip.
// This is DEPRECATED, use `Result` instead. // This is DEPRECATED, use `Result` instead.
Status policyreportv1alpha2.PolicyResult `json:"status,omitempty"` Status policyreportv1alpha2.PolicyResult `json:"status,omitempty"`
// Resource mentions the name of the resource on which the policy is to be applied. // Resource mentions the name of the resource on which the policy is to be applied.
// This is DEPRECATED, use `Resources` instead. // This is DEPRECATED, use `Resources` instead.
Resource string `json:"resource,omitempty"` Resource string `json:"resource,omitempty"`
// Namespace mentions the namespace of the policy which has namespace scope. // Namespace mentions the namespace of the policy which has namespace scope.
// This is DEPRECATED, use a name in the form `<namespace>/<name>` for policies and/or resources instead. // This is DEPRECATED, use a name in the form `<namespace>/<name>` for policies and/or resources instead.
Namespace string `json:"namespace,omitempty"` Namespace string `json:"namespace,omitempty"`
} }
// TestResultBase declares a test result
type TestResult struct { type TestResult struct {
TestResultBase `json:",inline,omitempty"` TestResultBase `json:",inline,omitempty"`
TestResultDeprecated `json:",inline,omitempty"` TestResultDeprecated `json:",inline,omitempty"`
// Resources gives us the list of resources on which the policy is going to be applied. // Resources gives us the list of resources on which the policy is going to be applied.
Resources []string `json:"resources"` Resources []string `json:"resources"`
} }

19
cmd/cli/kubectl-kyverno/apis/v1alpha1/user_info.go Normal file
View file

@ -0,0 +1,19 @@
package v1alpha1
import (
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +kubebuilder:object:root=true
// +kubebuilder:resource:scope="Cluster"
// UserInfo declares user infos to be loaded by the Kyverno CLI
type UserInfo struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// RequestInfo declares user infos
kyvernov1beta1.RequestInfo `json:",inline"`
}

18
cmd/cli/kubectl-kyverno/apis/v1alpha1/values.go Normal file
View file

@ -0,0 +1,18 @@
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +kubebuilder:object:root=true
// +kubebuilder:resource:scope="Cluster"
// Values declares values to be loaded by the Kyverno CLI
type Values struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// ValuesSpec declares values
ValuesSpec `json:",inline"`
}

19
cmd/cli/kubectl-kyverno/apis/v1alpha1/values_spec.go Normal file
View file

@ -0,0 +1,19 @@
package v1alpha1
// ValuesSpec declares values to be loaded by the Kyverno CLI
type ValuesSpec struct {
// GlobalValues are the global values
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
GlobalValues map[string]interface{} `json:"globalValues,omitempty"`
// Policies are the policy values
Policies []Policy `json:"policies,omitempty"`
// NamespaceSelectors are the namespace labels
NamespaceSelectors []NamespaceSelector `json:"namespaceSelector,omitempty"`
// Subresources are the subresource/parent resource mappings
Subresources []Subresource `json:"subresources,omitempty"`
}

6
cmd/cli/kubectl-kyverno/apis/values/namespace_selector.go
View file

@ -1,6 +0,0 @@
package values
type NamespaceSelector struct {
Name string `json:"name"`
Labels map[string]string `json:"labels"`
}

7
cmd/cli/kubectl-kyverno/apis/values/policy.go
View file

@ -1,7 +0,0 @@
package values
type Policy struct {
Name string `json:"name"`
Resources []Resource `json:"resources"`
Rules []Rule `json:"rules"`
}

6
cmd/cli/kubectl-kyverno/apis/values/resource.go
View file

@ -1,6 +0,0 @@
package values
type Resource struct {
Name string `json:"name"`
Values map[string]interface{} `json:"values"`
}

7
cmd/cli/kubectl-kyverno/apis/values/rule.go
View file

@ -1,7 +0,0 @@
package values
type Rule struct {
Name string `json:"name"`
Values map[string]interface{} `json:"values"`
ForeachValues map[string][]interface{} `json:"foreachValues"`
}

10
cmd/cli/kubectl-kyverno/apis/values/subresource.go
View file

@ -1,10 +0,0 @@
package values
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type Subresource struct {
APIResource metav1.APIResource `json:"subresource"`
ParentResource metav1.APIResource `json:"parentResource"`
}

8
cmd/cli/kubectl-kyverno/apis/values/values.go
View file

@ -1,8 +0,0 @@
package values
type Values struct {
Policies []Policy `json:"policies"`
GlobalValues map[string]interface{} `json:"globalValues"`
NamespaceSelectors []NamespaceSelector `json:"namespaceSelector"`
Subresources []Subresource `json:"subresources"`
}

27
cmd/cli/kubectl-kyverno/commands/create/values/command.go
View file

@ -5,7 +5,7 @@ import (
"strings" "strings"
"text/template" "text/template"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/commands/create/templates" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/commands/create/templates"
"github.com/spf13/cobra" "github.com/spf13/cobra"
@ -35,9 +35,8 @@ func Command() *cobra.Command {
defer file.Close() defer file.Close()
output = file output = file
} }
values := valuesapi.Values{ values := v1alpha1.ValuesSpec{}
GlobalValues: map[string]interface{}{}, values.GlobalValues = map[string]interface{}{}
}
for _, result := range namespaceSelector { for _, result := range namespaceSelector {
result := parseNamespaceSelector(result) result := parseNamespaceSelector(result)
if result != nil { if result != nil {
@ -73,12 +72,12 @@ func Command() *cobra.Command {
return cmd return cmd
} }
func parseNamespaceSelector(in string) *valuesapi.NamespaceSelector { func parseNamespaceSelector(in string) *v1alpha1.NamespaceSelector {
parts := strings.Split(in, ",") parts := strings.Split(in, ",")
if len(parts) < 2 { if len(parts) < 2 {
return nil return nil
} }
nsSelector := valuesapi.NamespaceSelector{ nsSelector := v1alpha1.NamespaceSelector{
Name: parts[0], Name: parts[0],
Labels: map[string]string{}, Labels: map[string]string{},
} }
@ -99,12 +98,12 @@ func parseKeyValue(in string) (string, string) {
return "", "" return "", ""
} }
func parseRule(in string) *valuesapi.Policy { func parseRule(in string) *v1alpha1.Policy {
parts := strings.Split(in, ",") parts := strings.Split(in, ",")
if len(parts) < 2 { if len(parts) < 2 {
return nil return nil
} }
rule := valuesapi.Rule{ rule := v1alpha1.Rule{
Name: parts[1], Name: parts[1],
Values: map[string]interface{}{}, Values: map[string]interface{}{},
} }
@ -114,18 +113,18 @@ func parseRule(in string) *valuesapi.Policy {
rule.Values[k] = v rule.Values[k] = v
} }
} }
return &valuesapi.Policy{ return &v1alpha1.Policy{
Name: parts[0], Name: parts[0],
Rules: []valuesapi.Rule{rule}, Rules: []v1alpha1.Rule{rule},
} }
} }
func parseResource(in string) *valuesapi.Policy { func parseResource(in string) *v1alpha1.Policy {
parts := strings.Split(in, ",") parts := strings.Split(in, ",")
if len(parts) < 2 { if len(parts) < 2 {
return nil return nil
} }
resource := valuesapi.Resource{ resource := v1alpha1.Resource{
Name: parts[1], Name: parts[1],
Values: map[string]interface{}{}, Values: map[string]interface{}{},
} }
@ -135,8 +134,8 @@ func parseResource(in string) *valuesapi.Policy {
resource.Values[k] = v resource.Values[k] = v
} }
} }
return &valuesapi.Policy{ return &v1alpha1.Policy{
Name: parts[0], Name: parts[0],
Resources: []valuesapi.Resource{resource}, Resources: []v1alpha1.Resource{resource},
} }
} }

4
cmd/cli/kubectl-kyverno/commands/fix/policy/options.go
View file

@ -90,7 +90,7 @@ func (o options) processFile(out io.Writer, path string) {
for _, policy := range fixed { for _, policy := range fixed {
untyped, err := kubeutils.ObjToUnstructured(policy) untyped, err := kubeutils.ObjToUnstructured(policy)
if err != nil { if err != nil {
fmt.Fprintf(out, " ERROR: converting to yaml: %s", err) fmt.Fprintf(out, " ERROR: converting to unstructured: %s", err)
fmt.Fprintln(out) fmt.Fprintln(out)
return return
} }
@ -134,7 +134,7 @@ func (o options) processFile(out io.Writer, path string) {
} }
jsonBytes, err := untyped.MarshalJSON() jsonBytes, err := untyped.MarshalJSON()
if err != nil { if err != nil {
fmt.Fprintf(out, " ERROR: converting to yaml: %s", err) fmt.Fprintf(out, " ERROR: converting to json: %s", err)
fmt.Fprintln(out) fmt.Fprintln(out)
return return
} }

1
cmd/cli/kubectl-kyverno/commands/fix/test/command.go
View file

@ -23,6 +23,7 @@ func Command() *cobra.Command {
} }
cmd.Flags().StringVarP(&options.fileName, "file-name", "f", "kyverno-test.yaml", "Test filename") cmd.Flags().StringVarP(&options.fileName, "file-name", "f", "kyverno-test.yaml", "Test filename")
cmd.Flags().BoolVar(&options.save, "save", false, "Save fixed file") cmd.Flags().BoolVar(&options.save, "save", false, "Save fixed file")
cmd.Flags().BoolVar(&options.force, "force", false, "Force save file")
cmd.Flags().BoolVar(&options.compress, "compress", false, "Compress test results") cmd.Flags().BoolVar(&options.compress, "compress", false, "Compress test results")
return cmd return cmd
} }

28
cmd/cli/kubectl-kyverno/commands/fix/test/options.go
View file

@ -10,12 +10,15 @@ import (
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/fix" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/fix"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"sigs.k8s.io/yaml" "sigs.k8s.io/yaml"
) )
type options struct { type options struct {
fileName string fileName string
save bool save bool
force bool
compress bool compress bool
} }
@ -47,9 +50,9 @@ func (o options) execute(out io.Writer, dirs ...string) error {
continue continue
} }
fixed := *testCase.Test fixed := *testCase.Test
if fixed.Name == "" { if fixed.ObjectMeta.Name == "" && fixed.Name == "" {
fmt.Fprintln(out, " WARNING: name is not set") fmt.Fprintln(out, " WARNING: name is not set")
fixed.Name = filepath.Base(testCase.Path) fixed.ObjectMeta.Name = filepath.Base(testCase.Path)
} }
fixed, messages, err := fix.FixTest(fixed, o.compress) fixed, messages, err := fix.FixTest(fixed, o.compress)
for _, warning := range messages { for _, warning := range messages {
@ -60,12 +63,27 @@ func (o options) execute(out io.Writer, dirs ...string) error {
continue continue
} }
needsSave := !reflect.DeepEqual(testCase.Test, &fixed) needsSave := !reflect.DeepEqual(testCase.Test, &fixed)
if o.save && needsSave { if o.save && (o.force || needsSave) {
fmt.Fprintf(out, " Saving test file (%s)...", testCase.Path) fmt.Fprintf(out, " Saving test file (%s)...", testCase.Path)
fmt.Fprintln(out) fmt.Fprintln(out)
yamlBytes, err := yaml.Marshal(fixed) untyped, err := kubeutils.ObjToUnstructured(fixed)
if err != nil { if err != nil {
fmt.Fprintf(out, " ERROR: converting test to yaml: %s", err) fmt.Fprintf(out, " ERROR: converting to unstructured: %s", err)
fmt.Fprintln(out)
continue
}
unstructured.RemoveNestedField(untyped.UnstructuredContent(), "metadata", "creationTimestamp")
unstructured.RemoveNestedField(untyped.UnstructuredContent(), "metadata", "generation")
unstructured.RemoveNestedField(untyped.UnstructuredContent(), "metadata", "uid")
jsonBytes, err := untyped.MarshalJSON()
if err != nil {
fmt.Fprintf(out, " ERROR: converting to json: %s", err)
fmt.Fprintln(out)
continue
}
yamlBytes, err := yaml.JSONToYAML(jsonBytes)
if err != nil {
fmt.Fprintf(out, " ERROR: converting to yaml: %s", err)
fmt.Fprintln(out) fmt.Fprintln(out)
continue continue
} }

10
cmd/cli/kubectl-kyverno/commands/test/command.go
View file

@ -6,7 +6,7 @@ import (
"path/filepath" "path/filepath"
"github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/command"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color"
@ -112,7 +112,7 @@ func testCommandExecute(
for _, test := range tests { for _, test := range tests {
if test.Err == nil { if test.Err == nil {
// filter results // filter results
var filteredResults []testapi.TestResult var filteredResults []v1alpha1.TestResult
for _, res := range test.Test.Results { for _, res := range test.Test.Results {
if filter.Apply(res) { if filter.Apply(res) {
filteredResults = append(filteredResults, res) filteredResults = append(filteredResults, res)
@ -149,7 +149,7 @@ func testCommandExecute(
return nil return nil
} }
func checkResult(test testapi.TestResult, fs billy.Filesystem, resoucePath string, response engineapi.EngineResponse, rule engineapi.RuleResponse) (bool, string, string) { func checkResult(test v1alpha1.TestResult, fs billy.Filesystem, resoucePath string, response engineapi.EngineResponse, rule engineapi.RuleResponse) (bool, string, string) {
expected := test.Result expected := test.Result
// fallback to the deprecated field // fallback to the deprecated field
if expected == "" { if expected == "" {
@ -181,7 +181,7 @@ func checkResult(test testapi.TestResult, fs billy.Filesystem, resoucePath strin
return true, result.Message, "Ok" return true, result.Message, "Ok"
} }
func lookupEngineResponses(test testapi.TestResult, resourceName string, responses ...engineapi.EngineResponse) []engineapi.EngineResponse { func lookupEngineResponses(test v1alpha1.TestResult, resourceName string, responses ...engineapi.EngineResponse) []engineapi.EngineResponse {
var matches []engineapi.EngineResponse var matches []engineapi.EngineResponse
for _, response := range responses { for _, response := range responses {
policy := response.Policy() policy := response.Policy()
@ -202,7 +202,7 @@ func lookupEngineResponses(test testapi.TestResult, resourceName string, respons
return matches return matches
} }
func lookupRuleResponses(test testapi.TestResult, responses ...engineapi.RuleResponse) []engineapi.RuleResponse { func lookupRuleResponses(test v1alpha1.TestResult, responses ...engineapi.RuleResponse) []engineapi.RuleResponse {
var matches []engineapi.RuleResponse var matches []engineapi.RuleResponse
// Since there are no rules in case of validating admission policies, responses are returned without checking rule names. // Since there are no rules in case of validating admission policies, responses are returned without checking rule names.
if test.IsValidatingAdmissionPolicy { if test.IsValidatingAdmissionPolicy {

4
cmd/cli/kubectl-kyverno/commands/test/output.go
View file

@ -6,7 +6,7 @@ import (
"github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/table" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/table"
engineapi "github.com/kyverno/kyverno/pkg/engine/api" engineapi "github.com/kyverno/kyverno/pkg/engine/api"
@ -14,7 +14,7 @@ import (
func printTestResult( func printTestResult(
out io.Writer, out io.Writer,
tests []testapi.TestResult, tests []v1alpha1.TestResult,
responses []engineapi.EngineResponse, responses []engineapi.EngineResponse,
rc *resultCounts, rc *resultCounts,
failOnly bool, failOnly bool,

362
cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_tests.yaml Normal file
View file

@ -0,0 +1,362 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
name: tests.cli.kyverno.io
spec:
group: cli.kyverno.io
names:
kind: Test
listKind: TestList
plural: tests
singular: test
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Test declares a test
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
name:
description: Name is the name of the test. This field is deprecated, use
`metadata.name` instead
type: string
policies:
description: Policies are the policies to be used in the test
items:
type: string
type: array
resources:
description: Resources are the resource to be used in the test
items:
type: string
type: array
results:
description: Results are the results to be checked in the test
items:
description: TestResultBase declares a test result
properties:
cloneSourceResource:
description: CloneSourceResource takes the resource configuration
file in yaml format from the user which is meant to be cloned
by the generate rule.
type: string
generatedResource:
description: GeneratedResource takes a resource configuration file
in yaml format from the user to compare it against the Kyverno
generated resource configuration.
type: string
isValidatingAdmissionPolicy:
description: IsValidatingAdmissionPolicy indicates if the policy
is a validating admission policy. It's required in case policy
is a validating admission policy.
type: boolean
kind:
description: Kind mentions the kind of the resource on which the
policy is to be applied.
type: string
namespace:
description: Namespace mentions the namespace of the policy which
has namespace scope. This is DEPRECATED, use a name in the form
`<namespace>/<name>` for policies and/or resources instead.
type: string
patchedResource:
description: PatchedResource takes a resource configuration file
in yaml format from the user to compare it against the Kyverno
mutated resource configuration.
type: string
policy:
description: Policy mentions the name of the policy.
type: string
resource:
description: Resource mentions the name of the resource on which
the policy is to be applied. This is DEPRECATED, use `Resources`
instead.
type: string
resources:
description: Resources gives us the list of resources on which the
policy is going to be applied.
items:
type: string
type: array
result:
description: Result mentions the result that the user is expecting.
Possible values are pass, fail and skip.
enum:
- pass
- fail
- warn
- error
- skip
type: string
rule:
description: Rule mentions the name of the rule in the policy. It's
required in case policy is a kyverno policy.
type: string
status:
description: Status mentions the status that the user is expecting.
Possible values are pass, fail and skip. This is DEPRECATED, use
`Result` instead.
enum:
- pass
- fail
- warn
- error
- skip
type: string
required:
- kind
- policy
- resources
- result
type: object
type: array
userinfo:
description: UserInfo is the user info to be used in the test
type: string
values:
description: Values are the values to be used in the test
properties:
globalValues:
description: GlobalValues are the global values
type: object
x-kubernetes-preserve-unknown-fields: true
namespaceSelector:
description: NamespaceSelectors are the namespace labels
items:
description: NamespaceSelector declares labels for a given namespace
properties:
labels:
additionalProperties:
type: string
description: Labels are the labels for the given namespace
type: object
name:
description: Name is the namespace name
type: string
required:
- labels
- name
type: object
type: array
policies:
description: Policies are the policy values
items:
description: Policy declares values for a given policy
properties:
name:
description: Name is the policy name
type: string
resources:
description: Resources are values for specific resources
items:
description: Resource declares values for a given resource
properties:
name:
description: Name is the name of the resource
type: string
values:
description: Values are the values for the given resource
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- name
type: object
type: array
rules:
description: Rules are values for specific policy rules
items:
description: Rule declares values for a given policy rule
properties:
foreachValues:
description: ForeachValues are the foreach values for
the given policy rule
type: object
x-kubernetes-preserve-unknown-fields: true
name:
description: Name is the name of the ppolicy rule
type: string
values:
description: Values are the values for the given policy
rule
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- name
type: object
type: array
required:
- name
type: object
type: array
subresources:
description: Subresources are the subresource/parent resource mappings
items:
description: Subresource declares subresource/parent resource mapping
properties:
parentResource:
description: ParentResource declares the parent resource api
properties:
categories:
description: categories is a list of the grouped resources
this resource belongs to (e.g. 'all')
items:
type: string
type: array
group:
description: 'group is the preferred group of the resource. Empty
implies the group of the containing resource list. For
subresources, this may have a different value, for example:
Scale".'
type: string
kind:
description: kind is the kind for the resource (e.g. 'Foo'
is the kind for a resource 'foo')
type: string
name:
description: name is the plural name of the resource.
type: string
namespaced:
description: namespaced indicates if a resource is namespaced
or not.
type: boolean
shortNames:
description: shortNames is a list of suggested short names
of the resource.
items:
type: string
type: array
singularName:
description: singularName is the singular name of the resource. This
allows clients to handle plural and singular opaquely.
The singularName is more correct for reporting status
on a single item and both singular and plural are allowed
from the kubectl CLI interface.
type: string
storageVersionHash:
description: The hash value of the storage version, the
version this resource is converted to when written to
the data store. Value must be treated as opaque by clients.
Only equality comparison on the value is valid. This is
an alpha feature and may change or be removed in the future.
The field is populated by the apiserver only if the StorageVersionHash
feature gate is enabled. This field will remain optional
even if it graduates.
type: string
verbs:
description: verbs is a list of supported kube verbs (this
includes get, list, watch, create, update, patch, delete,
deletecollection, and proxy)
items:
type: string
type: array
version:
description: 'version is the preferred version of the resource. Empty
implies the version of the containing resource list For
subresources, this may have a different value, for example:
v1 (while inside a v1beta1 version of the core resource''s
group)".'
type: string
required:
- kind
- name
- namespaced
- singularName
- verbs
type: object
subresource:
description: Subresource declares the subresource api
properties:
categories:
description: categories is a list of the grouped resources
this resource belongs to (e.g. 'all')
items:
type: string
type: array
group:
description: 'group is the preferred group of the resource. Empty
implies the group of the containing resource list. For
subresources, this may have a different value, for example:
Scale".'
type: string
kind:
description: kind is the kind for the resource (e.g. 'Foo'
is the kind for a resource 'foo')
type: string
name:
description: name is the plural name of the resource.
type: string
namespaced:
description: namespaced indicates if a resource is namespaced
or not.
type: boolean
shortNames:
description: shortNames is a list of suggested short names
of the resource.
items:
type: string
type: array
singularName:
description: singularName is the singular name of the resource. This
allows clients to handle plural and singular opaquely.
The singularName is more correct for reporting status
on a single item and both singular and plural are allowed
from the kubectl CLI interface.
type: string
storageVersionHash:
description: The hash value of the storage version, the
version this resource is converted to when written to
the data store. Value must be treated as opaque by clients.
Only equality comparison on the value is valid. This is
an alpha feature and may change or be removed in the future.
The field is populated by the apiserver only if the StorageVersionHash
feature gate is enabled. This field will remain optional
even if it graduates.
type: string
verbs:
description: verbs is a list of supported kube verbs (this
includes get, list, watch, create, update, patch, delete,
deletecollection, and proxy)
items:
type: string
type: array
version:
description: 'version is the preferred version of the resource. Empty
implies the version of the containing resource list For
subresources, this may have a different value, for example:
v1 (while inside a v1beta1 version of the core resource''s
group)".'
type: string
required:
- kind
- name
- namespaced
- singularName
- verbs
type: object
required:
- parentResource
- subresource
type: object
type: array
type: object
variables:
description: Variables is the values to be used in the test
type: string
type: object
served: true
storage: true

75
cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_userinfoes.yaml Normal file
View file

@ -0,0 +1,75 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
name: userinfoes.cli.kyverno.io
spec:
group: cli.kyverno.io
names:
kind: UserInfo
listKind: UserInfoList
plural: userinfoes
singular: userinfo
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: UserInfo declares user infos to be loaded by the Kyverno CLI
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
clusterRoles:
description: ClusterRoles is a list of possible clusterRoles send the
request.
items:
type: string
nullable: true
type: array
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
roles:
description: Roles is a list of possible role send the request.
items:
type: string
nullable: true
type: array
userInfo:
description: UserInfo is the userInfo carried in the admission request.
properties:
extra:
additionalProperties:
description: ExtraValue masks the value so protobuf can generate
items:
type: string
type: array
description: Any additional information provided by the authenticator.
type: object
groups:
description: The names of groups this user is a part of.
items:
type: string
type: array
uid:
description: A unique value that identifies this user across time.
If this user is deleted and another user by the same name is added,
they will have different UIDs.
type: string
username:
description: The name that uniquely identifies this user among all
active users.
type: string
type: object
type: object
served: true
storage: true

251
cmd/cli/kubectl-kyverno/config/crds/cli.kyverno.io_values.yaml Normal file
View file

@ -0,0 +1,251 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
name: values.cli.kyverno.io
spec:
group: cli.kyverno.io
names:
kind: Values
listKind: ValuesList
plural: values
singular: values
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Values declares values to be loaded by the Kyverno CLI
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
globalValues:
description: GlobalValues are the global values
type: object
x-kubernetes-preserve-unknown-fields: true
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
namespaceSelector:
description: NamespaceSelectors are the namespace labels
items:
description: NamespaceSelector declares labels for a given namespace
properties:
labels:
additionalProperties:
type: string
description: Labels are the labels for the given namespace
type: object
name:
description: Name is the namespace name
type: string
required:
- labels
- name
type: object
type: array
policies:
description: Policies are the policy values
items:
description: Policy declares values for a given policy
properties:
name:
description: Name is the policy name
type: string
resources:
description: Resources are values for specific resources
items:
description: Resource declares values for a given resource
properties:
name:
description: Name is the name of the resource
type: string
values:
description: Values are the values for the given resource
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- name
type: object
type: array
rules:
description: Rules are values for specific policy rules
items:
description: Rule declares values for a given policy rule
properties:
foreachValues:
description: ForeachValues are the foreach values for the
given policy rule
type: object
x-kubernetes-preserve-unknown-fields: true
name:
description: Name is the name of the ppolicy rule
type: string
values:
description: Values are the values for the given policy rule
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- name
type: object
type: array
required:
- name
type: object
type: array
subresources:
description: Subresources are the subresource/parent resource mappings
items:
description: Subresource declares subresource/parent resource mapping
properties:
parentResource:
description: ParentResource declares the parent resource api
properties:
categories:
description: categories is a list of the grouped resources this
resource belongs to (e.g. 'all')
items:
type: string
type: array
group:
description: 'group is the preferred group of the resource. Empty
implies the group of the containing resource list. For subresources,
this may have a different value, for example: Scale".'
type: string
kind:
description: kind is the kind for the resource (e.g. 'Foo' is
the kind for a resource 'foo')
type: string
name:
description: name is the plural name of the resource.
type: string
namespaced:
description: namespaced indicates if a resource is namespaced
or not.
type: boolean
shortNames:
description: shortNames is a list of suggested short names of
the resource.
items:
type: string
type: array
singularName:
description: singularName is the singular name of the resource. This
allows clients to handle plural and singular opaquely. The
singularName is more correct for reporting status on a single
item and both singular and plural are allowed from the kubectl
CLI interface.
type: string
storageVersionHash:
description: The hash value of the storage version, the version
this resource is converted to when written to the data store.
Value must be treated as opaque by clients. Only equality
comparison on the value is valid. This is an alpha feature
and may change or be removed in the future. The field is populated
by the apiserver only if the StorageVersionHash feature gate
is enabled. This field will remain optional even if it graduates.
type: string
verbs:
description: verbs is a list of supported kube verbs (this includes
get, list, watch, create, update, patch, delete, deletecollection,
and proxy)
items:
type: string
type: array
version:
description: 'version is the preferred version of the resource. Empty
implies the version of the containing resource list For subresources,
this may have a different value, for example: v1 (while inside
a v1beta1 version of the core resource''s group)".'
type: string
required:
- kind
- name
- namespaced
- singularName
- verbs
type: object
subresource:
description: Subresource declares the subresource api
properties:
categories:
description: categories is a list of the grouped resources this
resource belongs to (e.g. 'all')
items:
type: string
type: array
group:
description: 'group is the preferred group of the resource. Empty
implies the group of the containing resource list. For subresources,
this may have a different value, for example: Scale".'
type: string
kind:
description: kind is the kind for the resource (e.g. 'Foo' is
the kind for a resource 'foo')
type: string
name:
description: name is the plural name of the resource.
type: string
namespaced:
description: namespaced indicates if a resource is namespaced
or not.
type: boolean
shortNames:
description: shortNames is a list of suggested short names of
the resource.
items:
type: string
type: array
singularName:
description: singularName is the singular name of the resource. This
allows clients to handle plural and singular opaquely. The
singularName is more correct for reporting status on a single
item and both singular and plural are allowed from the kubectl
CLI interface.
type: string
storageVersionHash:
description: The hash value of the storage version, the version
this resource is converted to when written to the data store.
Value must be treated as opaque by clients. Only equality
comparison on the value is valid. This is an alpha feature
and may change or be removed in the future. The field is populated
by the apiserver only if the StorageVersionHash feature gate
is enabled. This field will remain optional even if it graduates.
type: string
verbs:
description: verbs is a list of supported kube verbs (this includes
get, list, watch, create, update, patch, delete, deletecollection,
and proxy)
items:
type: string
type: array
version:
description: 'version is the preferred version of the resource. Empty
implies the version of the containing resource list For subresources,
this may have a different value, for example: v1 (while inside
a v1beta1 version of the core resource''s group)".'
type: string
required:
- kind
- name
- namespaced
- singularName
- verbs
type: object
required:
- parentResource
- subresource
type: object
type: array
type: object
served: true
storage: true

26
cmd/cli/kubectl-kyverno/fix/test.go
View file

@ -4,16 +4,26 @@ import (
"errors" "errors"
"fmt" "fmt"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
datautils "github.com/kyverno/kyverno/pkg/utils/data" datautils "github.com/kyverno/kyverno/pkg/utils/data"
"golang.org/x/exp/slices" "golang.org/x/exp/slices"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
) )
func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) { func FixTest(test v1alpha1.Test, compress bool) (v1alpha1.Test, []string, error) {
var messages []string var messages []string
if test.Name == "" { if test.APIVersion == "" {
messages = append(messages, "name is not set") messages = append(messages, "api version is not set, setting `cli.kyverno.io/v1alpha1`")
test.APIVersion = "cli.kyverno.io/v1alpha1"
}
if test.Kind == "" {
messages = append(messages, "kind is not set, setting `Test`")
test.Kind = "Test"
}
if test.Name != "" {
messages = append(messages, "name is deprecated, moving it into `metadata.name`")
test.ObjectMeta.Name = test.Name
test.Name = ""
} }
if len(test.Policies) == 0 { if len(test.Policies) == 0 {
messages = append(messages, "test has no policies") messages = append(messages, "test has no policies")
@ -21,7 +31,7 @@ func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) {
if len(test.Resources) == 0 { if len(test.Resources) == 0 {
messages = append(messages, "test has no resources") messages = append(messages, "test has no resources")
} }
var results []testapi.TestResult var results []v1alpha1.TestResult
for _, result := range test.Results { for _, result := range test.Results {
if result.Resource != "" && len(result.Resources) != 0 { if result.Resource != "" && len(result.Resources) != 0 {
messages = append(messages, "test result should not use both `resource` and `resources` fields") messages = append(messages, "test result should not use both `resource` and `resources` fields")
@ -55,7 +65,7 @@ func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) {
results = append(results, result) results = append(results, result)
} }
if compress { if compress {
compressed := map[testapi.TestResultBase][]string{} compressed := map[v1alpha1.TestResultBase][]string{}
for _, result := range results { for _, result := range results {
compressed[result.TestResultBase] = append(compressed[result.TestResultBase], result.Resources...) compressed[result.TestResultBase] = append(compressed[result.TestResultBase], result.Resources...)
} }
@ -66,13 +76,13 @@ func FixTest(test testapi.Test, compress bool) (testapi.Test, []string, error) {
messages = append(messages, "test results contains duplicate resources") messages = append(messages, "test results contains duplicate resources")
v = unique.UnsortedList() v = unique.UnsortedList()
} }
results = append(results, testapi.TestResult{ results = append(results, v1alpha1.TestResult{
TestResultBase: k, TestResultBase: k,
Resources: v, Resources: v,
}) })
} }
} }
slices.SortFunc(results, func(a, b testapi.TestResult) int { slices.SortFunc(results, func(a, b v1alpha1.TestResult) int {
if x := datautils.Compare(a.Policy, b.Policy); x != 0 { if x := datautils.Compare(a.Policy, b.Policy); x != 0 {
return x return x
} }

12
cmd/cli/kubectl-kyverno/processor/policy_processor.go
View file

@ -11,7 +11,7 @@ import (
json_patch "github.com/evanphx/json-patch/v5" json_patch "github.com/evanphx/json-patch/v5"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1" kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common"
@ -49,7 +49,7 @@ type PolicyProcessor struct {
RuleToCloneSourceResource map[string]string RuleToCloneSourceResource map[string]string
Client dclient.Interface Client dclient.Interface
AuditWarn bool AuditWarn bool
Subresources []valuesapi.Subresource Subresources []v1alpha1.Subresource
Out io.Writer Out io.Writer
} }
@ -79,9 +79,9 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
if p.Client == nil { if p.Client == nil {
for _, s := range p.Subresources { for _, s := range p.Subresources {
subgvk := schema.GroupVersionKind{ subgvk := schema.GroupVersionKind{
Group: s.APIResource.Group, Group: s.Subresource.Group,
Version: s.APIResource.Version, Version: s.Subresource.Version,
Kind: s.APIResource.Kind, Kind: s.Subresource.Kind,
} }
if gvk == subgvk { if gvk == subgvk {
gvk = schema.GroupVersionKind{ gvk = schema.GroupVersionKind{
@ -89,7 +89,7 @@ func (p *PolicyProcessor) ApplyPoliciesOnResource() ([]engineapi.EngineResponse,
Version: s.ParentResource.Version, Version: s.ParentResource.Version,
Kind: s.ParentResource.Kind, Kind: s.ParentResource.Kind,
} }
parts := strings.Split(s.APIResource.Name, "/") parts := strings.Split(s.Subresource.Name, "/")
subresource = parts[1] subresource = parts[1]
} }
} }

12
cmd/cli/kubectl-kyverno/test/filter/filter.go
View file

@ -4,19 +4,19 @@ import (
"fmt" "fmt"
"strings" "strings"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/pkg/utils/wildcard" "github.com/kyverno/kyverno/pkg/utils/wildcard"
) )
type Filter interface { type Filter interface {
Apply(testapi.TestResult) bool Apply(v1alpha1.TestResult) bool
} }
type policy struct { type policy struct {
value string value string
} }
func (f policy) Apply(result testapi.TestResult) bool { func (f policy) Apply(result v1alpha1.TestResult) bool {
if result.Policy == "" { if result.Policy == "" {
return true return true
} }
@ -30,7 +30,7 @@ type rule struct {
value string value string
} }
func (f rule) Apply(result testapi.TestResult) bool { func (f rule) Apply(result v1alpha1.TestResult) bool {
if result.Rule == "" { if result.Rule == "" {
return true return true
} }
@ -44,7 +44,7 @@ type resource struct {
value string value string
} }
func (f resource) Apply(result testapi.TestResult) bool { func (f resource) Apply(result v1alpha1.TestResult) bool {
if result.Resource == "" { if result.Resource == "" {
return true return true
} }
@ -58,7 +58,7 @@ type composite struct {
filters []Filter filters []Filter
} }
func (f composite) Apply(result testapi.TestResult) bool { func (f composite) Apply(result v1alpha1.TestResult) bool {
for _, f := range f.filters { for _, f := range f.filters {
if !f.Apply(result) { if !f.Apply(result) {
return false return false

106
cmd/cli/kubectl-kyverno/test/filter/filter_test.go
View file

@ -5,58 +5,58 @@ import (
"reflect" "reflect"
"testing" "testing"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
) )
func Test_policy_Apply(t *testing.T) { func Test_policy_Apply(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
value string value string
result testapi.TestResult result v1alpha1.TestResult
want bool want bool
}{{ }{{
name: "empty result", name: "empty result",
value: "test", value: "test",
result: testapi.TestResult{}, result: v1alpha1.TestResult{},
want: true, want: true,
}, { }, {
name: "empty value", name: "empty value",
value: "", value: "",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "test"}, TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
}, },
want: false, want: false,
}, { }, {
name: "empty value and result", name: "empty value and result",
value: "", value: "",
result: testapi.TestResult{}, result: v1alpha1.TestResult{},
want: true, want: true,
}, { }, {
name: "match", name: "match",
value: "test", value: "test",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "test"}, TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
}, },
want: true, want: true,
}, { }, {
name: "no match", name: "no match",
value: "test", value: "test",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "not-test"}, TestResultBase: v1alpha1.TestResultBase{Policy: "not-test"},
}, },
want: false, want: false,
}, { }, {
name: "wildcard match", name: "wildcard match",
value: "disallow-*", value: "disallow-*",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "disallow-latest-tag"}, TestResultBase: v1alpha1.TestResultBase{Policy: "disallow-latest-tag"},
}, },
want: true, want: true,
}, { }, {
name: "wildcard does not match", name: "wildcard does not match",
value: "allow-*", value: "allow-*",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "disallow-latest-tag"}, TestResultBase: v1alpha1.TestResultBase{Policy: "disallow-latest-tag"},
}, },
want: false, want: false,
}} }}
@ -76,51 +76,51 @@ func Test_rule_Apply(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
value string value string
result testapi.TestResult result v1alpha1.TestResult
want bool want bool
}{{ }{{
name: "empty result", name: "empty result",
value: "test", value: "test",
result: testapi.TestResult{}, result: v1alpha1.TestResult{},
want: true, want: true,
}, { }, {
name: "empty value", name: "empty value",
value: "", value: "",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Rule: "test"}, TestResultBase: v1alpha1.TestResultBase{Rule: "test"},
}, },
want: false, want: false,
}, { }, {
name: "empty value and result", name: "empty value and result",
value: "", value: "",
result: testapi.TestResult{}, result: v1alpha1.TestResult{},
want: true, want: true,
}, { }, {
name: "match", name: "match",
value: "test", value: "test",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Rule: "test"}, TestResultBase: v1alpha1.TestResultBase{Rule: "test"},
}, },
want: true, want: true,
}, { }, {
name: "no match", name: "no match",
value: "test", value: "test",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Rule: "not-test"}, TestResultBase: v1alpha1.TestResultBase{Rule: "not-test"},
}, },
want: false, want: false,
}, { }, {
name: "wildcard match", name: "wildcard match",
value: "*-image-tag", value: "*-image-tag",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Rule: "validate-image-tag"}, TestResultBase: v1alpha1.TestResultBase{Rule: "validate-image-tag"},
}, },
want: true, want: true,
}, { }, {
name: "wildcard does not match", name: "wildcard does not match",
value: "require-*", value: "require-*",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Rule: "validate-image-tag"}, TestResultBase: v1alpha1.TestResultBase{Rule: "validate-image-tag"},
}, },
want: false, want: false,
}} }}
@ -140,51 +140,51 @@ func Test_resource_Apply(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
value string value string
result testapi.TestResult result v1alpha1.TestResult
want bool want bool
}{{ }{{
name: "empty result", name: "empty result",
value: "test", value: "test",
result: testapi.TestResult{}, result: v1alpha1.TestResult{},
want: true, want: true,
}, { }, {
name: "empty value", name: "empty value",
value: "", value: "",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "test"}, TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "test"},
}, },
want: false, want: false,
}, { }, {
name: "empty value and result", name: "empty value and result",
value: "", value: "",
result: testapi.TestResult{}, result: v1alpha1.TestResult{},
want: true, want: true,
}, { }, {
name: "match", name: "match",
value: "test", value: "test",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "test"}, TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "test"},
}, },
want: true, want: true,
}, { }, {
name: "no match", name: "no match",
value: "test", value: "test",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "not-test"}, TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "not-test"},
}, },
want: false, want: false,
}, { }, {
name: "wildcard match", name: "wildcard match",
value: "good*01", value: "good*01",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "good-deployment-01"}, TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "good-deployment-01"},
}, },
want: true, want: true,
}, { }, {
name: "wildcard does not match", name: "wildcard does not match",
value: "good*01", value: "good*01",
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "bad-deployment-01"}, TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "bad-deployment-01"},
}, },
want: false, want: false,
}} }}
@ -204,46 +204,46 @@ func Test_composite_Apply(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
filters []Filter filters []Filter
result testapi.TestResult result v1alpha1.TestResult
want bool want bool
}{{ }{{
name: "nil", name: "nil",
filters: nil, filters: nil,
result: testapi.TestResult{}, result: v1alpha1.TestResult{},
want: true, want: true,
}, { }, {
name: "empty", name: "empty",
filters: []Filter{}, filters: []Filter{},
result: testapi.TestResult{}, result: v1alpha1.TestResult{},
want: true, want: true,
}, { }, {
name: "policy match", name: "policy match",
filters: []Filter{policy{"test"}}, filters: []Filter{policy{"test"}},
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "test"}, TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
}, },
want: true, want: true,
}, { }, {
name: "policy no match", name: "policy no match",
filters: []Filter{policy{"test"}}, filters: []Filter{policy{"test"}},
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "not-test"}, TestResultBase: v1alpha1.TestResultBase{Policy: "not-test"},
}, },
want: false, want: false,
}, { }, {
name: "policy and resource match", name: "policy and resource match",
filters: []Filter{policy{"test"}, resource{"resource"}}, filters: []Filter{policy{"test"}, resource{"resource"}},
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "test"}, TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "resource"}, TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "resource"},
}, },
want: true, want: true,
}, { }, {
name: "policy match and resource no match", name: "policy match and resource no match",
filters: []Filter{policy{"test"}, resource{"resource"}}, filters: []Filter{policy{"test"}, resource{"resource"}},
result: testapi.TestResult{ result: v1alpha1.TestResult{
TestResultBase: testapi.TestResultBase{Policy: "test"}, TestResultBase: v1alpha1.TestResultBase{Policy: "test"},
TestResultDeprecated: testapi.TestResultDeprecated{Resource: "not-resource"}, TestResultDeprecated: v1alpha1.TestResultDeprecated{Resource: "not-resource"},
}, },
want: false, want: false,
}, },

4
cmd/cli/kubectl-kyverno/test/load.go
View file

@ -6,7 +6,7 @@ import (
"path/filepath" "path/filepath"
"github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"k8s.io/apimachinery/pkg/util/yaml" "k8s.io/apimachinery/pkg/util/yaml"
) )
@ -65,7 +65,7 @@ func LoadTest(fs billy.Filesystem, path string) TestCase {
} }
yamlBytes = data yamlBytes = data
} }
var test testapi.Test var test v1alpha1.Test
if err := yaml.UnmarshalStrict(yamlBytes, &test); err != nil { if err := yaml.UnmarshalStrict(yamlBytes, &test); err != nil {
return TestCase{ return TestCase{
Path: path, Path: path,

50
cmd/cli/kubectl-kyverno/test/load_test.go
View file

@ -9,7 +9,7 @@ import (
"github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
"github.com/go-git/go-billy/v5/memfs" "github.com/go-git/go-billy/v5/memfs"
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2" policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
) )
func TestLoadTests(t *testing.T) { func TestLoadTests(t *testing.T) {
@ -46,12 +46,12 @@ func TestLoadTests(t *testing.T) {
fileName: "kyverno-test.yaml", fileName: "kyverno-test.yaml",
want: []TestCase{{ want: []TestCase{{
Path: "../_testdata/tests/test-1/kyverno-test.yaml", Path: "../_testdata/tests/test-1/kyverno-test.yaml",
Test: &testapi.Test{ Test: &v1alpha1.Test{
Name: "test-registry", Name: "test-registry",
Policies: []string{"image-example.yaml"}, Policies: []string{"image-example.yaml"},
Resources: []string{"resources.yaml"}, Resources: []string{"resources.yaml"},
Results: []testapi.TestResult{{ Results: []v1alpha1.TestResult{{
TestResultBase: testapi.TestResultBase{ TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod", Kind: "Pod",
Policy: "images", Policy: "images",
Result: policyreportv1alpha2.StatusPass, Result: policyreportv1alpha2.StatusPass,
@ -59,7 +59,7 @@ func TestLoadTests(t *testing.T) {
}, },
Resources: []string{"test-pod-with-non-root-user-image"}, Resources: []string{"test-pod-with-non-root-user-image"},
}, { }, {
TestResultBase: testapi.TestResultBase{ TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod", Kind: "Pod",
Policy: "images", Policy: "images",
Result: policyreportv1alpha2.StatusPass, Result: policyreportv1alpha2.StatusPass,
@ -76,12 +76,12 @@ func TestLoadTests(t *testing.T) {
fileName: "kyverno-test.yaml", fileName: "kyverno-test.yaml",
want: []TestCase{{ want: []TestCase{{
Path: "../_testdata/tests/test-2/kyverno-test.yaml", Path: "../_testdata/tests/test-2/kyverno-test.yaml",
Test: &testapi.Test{ Test: &v1alpha1.Test{
Name: "add-quota", Name: "add-quota",
Policies: []string{"policy.yaml"}, Policies: []string{"policy.yaml"},
Resources: []string{"resource.yaml"}, Resources: []string{"resource.yaml"},
Results: []testapi.TestResult{{ Results: []v1alpha1.TestResult{{
TestResultBase: testapi.TestResultBase{ TestResultBase: v1alpha1.TestResultBase{
Kind: "Namespace", Kind: "Namespace",
Policy: "add-ns-quota", Policy: "add-ns-quota",
Result: policyreportv1alpha2.StatusPass, Result: policyreportv1alpha2.StatusPass,
@ -90,7 +90,7 @@ func TestLoadTests(t *testing.T) {
}, },
Resources: []string{"hello-world-namespace"}, Resources: []string{"hello-world-namespace"},
}, { }, {
TestResultBase: testapi.TestResultBase{ TestResultBase: v1alpha1.TestResultBase{
Kind: "Namespace", Kind: "Namespace",
Policy: "add-ns-quota", Policy: "add-ns-quota",
Result: policyreportv1alpha2.StatusPass, Result: policyreportv1alpha2.StatusPass,
@ -108,12 +108,12 @@ func TestLoadTests(t *testing.T) {
fileName: "kyverno-test.yaml", fileName: "kyverno-test.yaml",
want: []TestCase{{ want: []TestCase{{
Path: "../_testdata/tests/test-1/kyverno-test.yaml", Path: "../_testdata/tests/test-1/kyverno-test.yaml",
Test: &testapi.Test{ Test: &v1alpha1.Test{
Name: "test-registry", Name: "test-registry",
Policies: []string{"image-example.yaml"}, Policies: []string{"image-example.yaml"},
Resources: []string{"resources.yaml"}, Resources: []string{"resources.yaml"},
Results: []testapi.TestResult{{ Results: []v1alpha1.TestResult{{
TestResultBase: testapi.TestResultBase{ TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod", Kind: "Pod",
Policy: "images", Policy: "images",
Result: policyreportv1alpha2.StatusPass, Result: policyreportv1alpha2.StatusPass,
@ -121,7 +121,7 @@ func TestLoadTests(t *testing.T) {
}, },
Resources: []string{"test-pod-with-non-root-user-image"}, Resources: []string{"test-pod-with-non-root-user-image"},
}, { }, {
TestResultBase: testapi.TestResultBase{ TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod", Kind: "Pod",
Policy: "images", Policy: "images",
Result: policyreportv1alpha2.StatusPass, Result: policyreportv1alpha2.StatusPass,
@ -132,12 +132,12 @@ func TestLoadTests(t *testing.T) {
}, },
}, { }, {
Path: "../_testdata/tests/test-2/kyverno-test.yaml", Path: "../_testdata/tests/test-2/kyverno-test.yaml",
Test: &testapi.Test{ Test: &v1alpha1.Test{
Name: "add-quota", Name: "add-quota",
Policies: []string{"policy.yaml"}, Policies: []string{"policy.yaml"},
Resources: []string{"resource.yaml"}, Resources: []string{"resource.yaml"},
Results: []testapi.TestResult{{ Results: []v1alpha1.TestResult{{
TestResultBase: testapi.TestResultBase{ TestResultBase: v1alpha1.TestResultBase{
Kind: "Namespace", Kind: "Namespace",
Policy: "add-ns-quota", Policy: "add-ns-quota",
Result: policyreportv1alpha2.StatusPass, Result: policyreportv1alpha2.StatusPass,
@ -146,7 +146,7 @@ func TestLoadTests(t *testing.T) {
}, },
Resources: []string{"hello-world-namespace"}, Resources: []string{"hello-world-namespace"},
}, { }, {
TestResultBase: testapi.TestResultBase{ TestResultBase: v1alpha1.TestResultBase{
Kind: "Namespace", Kind: "Namespace",
Policy: "add-ns-quota", Policy: "add-ns-quota",
Result: policyreportv1alpha2.StatusPass, Result: policyreportv1alpha2.StatusPass,
@ -197,12 +197,12 @@ func TestLoadTest(t *testing.T) {
path: "../_testdata/tests/test-1/kyverno-test.yaml", path: "../_testdata/tests/test-1/kyverno-test.yaml",
want: TestCase{ want: TestCase{
Path: "../_testdata/tests/test-1/kyverno-test.yaml", Path: "../_testdata/tests/test-1/kyverno-test.yaml",
Test: &testapi.Test{ Test: &v1alpha1.Test{
Name: "test-registry", Name: "test-registry",
Policies: []string{"image-example.yaml"}, Policies: []string{"image-example.yaml"},
Resources: []string{"resources.yaml"}, Resources: []string{"resources.yaml"},
Results: []testapi.TestResult{{ Results: []v1alpha1.TestResult{{
TestResultBase: testapi.TestResultBase{ TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod", Kind: "Pod",
Policy: "images", Policy: "images",
Result: policyreportv1alpha2.StatusPass, Result: policyreportv1alpha2.StatusPass,
@ -210,7 +210,7 @@ func TestLoadTest(t *testing.T) {
}, },
Resources: []string{"test-pod-with-non-root-user-image"}, Resources: []string{"test-pod-with-non-root-user-image"},
}, { }, {
TestResultBase: testapi.TestResultBase{ TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod", Kind: "Pod",
Policy: "images", Policy: "images",
Result: policyreportv1alpha2.StatusPass, Result: policyreportv1alpha2.StatusPass,
@ -225,12 +225,12 @@ func TestLoadTest(t *testing.T) {
path: "kyverno-test.yaml", path: "kyverno-test.yaml",
want: TestCase{ want: TestCase{
Path: "kyverno-test.yaml", Path: "kyverno-test.yaml",
Test: &testapi.Test{ Test: &v1alpha1.Test{
Name: "test-registry", Name: "test-registry",
Policies: []string{"image-example.yaml"}, Policies: []string{"image-example.yaml"},
Resources: []string{"resources.yaml"}, Resources: []string{"resources.yaml"},
Results: []testapi.TestResult{{ Results: []v1alpha1.TestResult{{
TestResultBase: testapi.TestResultBase{ TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod", Kind: "Pod",
Policy: "images", Policy: "images",
Result: policyreportv1alpha2.StatusPass, Result: policyreportv1alpha2.StatusPass,
@ -238,7 +238,7 @@ func TestLoadTest(t *testing.T) {
}, },
Resources: []string{"test-pod-with-non-root-user-image"}, Resources: []string{"test-pod-with-non-root-user-image"},
}, { }, {
TestResultBase: testapi.TestResultBase{ TestResultBase: v1alpha1.TestResultBase{
Kind: "Pod", Kind: "Pod",
Policy: "images", Policy: "images",
Result: policyreportv1alpha2.StatusPass, Result: policyreportv1alpha2.StatusPass,

4
cmd/cli/kubectl-kyverno/test/test_case.go
View file

@ -4,13 +4,13 @@ import (
"path/filepath" "path/filepath"
"github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
) )
type TestCase struct { type TestCase struct {
Path string Path string
Fs billy.Filesystem Fs billy.Filesystem
Test *testapi.Test Test *v1alpha1.Test
Err error Err error
} }

4
cmd/cli/kubectl-kyverno/test/test_case_test.go
View file

@ -4,7 +4,7 @@ import (
"testing" "testing"
"github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
) )
func TestTestCase_Dir(t *testing.T) { func TestTestCase_Dir(t *testing.T) {
@ -14,7 +14,7 @@ func TestTestCase_Dir(t *testing.T) {
name string name string
Path string Path string
Fs billy.Filesystem Fs billy.Filesystem
Test *testapi.Test Test *v1alpha1.Test
Err error Err error
want string want string
}{{ }{{

16
cmd/cli/kubectl-kyverno/utils/common/common.go
View file

@ -10,13 +10,13 @@ import (
"github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/source" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/source"
"github.com/kyverno/kyverno/pkg/autogen" "github.com/kyverno/kyverno/pkg/autogen"
"github.com/kyverno/kyverno/pkg/clients/dclient" "github.com/kyverno/kyverno/pkg/clients/dclient"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"k8s.io/api/admissionregistration/v1alpha1" admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
@ -30,7 +30,7 @@ func GetResourceAccordingToResourcePath(
resourcePaths []string, resourcePaths []string,
cluster bool, cluster bool,
policies []kyvernov1.PolicyInterface, policies []kyvernov1.PolicyInterface,
validatingAdmissionPolicies []v1alpha1.ValidatingAdmissionPolicy, validatingAdmissionPolicies []admissionregistrationv1alpha1.ValidatingAdmissionPolicy,
dClient dclient.Interface, dClient dclient.Interface,
namespace string, namespace string,
policyReport bool, policyReport bool,
@ -87,7 +87,7 @@ func GetResourceAccordingToResourcePath(
return resources, err return resources, err
} }
func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subresources []valuesapi.Subresource, dClient dclient.Interface) sets.Set[string] { func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subresources []v1alpha1.Subresource, dClient dclient.Interface) sets.Set[string] {
knownkinds := sets.New[string]() knownkinds := sets.New[string]()
for _, rule := range autogen.ComputeRules(policy) { for _, rule := range autogen.ComputeRules(policy) {
for _, kind := range rule.MatchResources.ResourceDescription.Kinds { for _, kind := range rule.MatchResources.ResourceDescription.Kinds {
@ -110,7 +110,7 @@ func GetKindsFromPolicy(out io.Writer, policy kyvernov1.PolicyInterface, subreso
return knownkinds return knownkinds
} }
func getKind(kind string, subresources []valuesapi.Subresource, dClient dclient.Interface) (string, error) { func getKind(kind string, subresources []v1alpha1.Subresource, dClient dclient.Interface) (string, error) {
group, version, kind, subresource := kubeutils.ParseKindSelector(kind) group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
if subresource == "" { if subresource == "" {
return kind, nil return kind, nil
@ -132,7 +132,7 @@ func getKind(kind string, subresources []valuesapi.Subresource, dClient dclient.
return kind, nil return kind, nil
} }
func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []valuesapi.Subresource) (string, error) { func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []v1alpha1.Subresource) (string, error) {
for _, subresource := range subresources { for _, subresource := range subresources {
parentResourceGroupVersion := metav1.GroupVersion{ parentResourceGroupVersion := metav1.GroupVersion{
Group: subresource.ParentResource.Group, Group: subresource.ParentResource.Group,
@ -140,8 +140,8 @@ func getSubresourceKind(groupVersion, parentKind, subresourceName string, subres
}.String() }.String()
if groupVersion == "" || kubeutils.GroupVersionMatches(groupVersion, parentResourceGroupVersion) { if groupVersion == "" || kubeutils.GroupVersionMatches(groupVersion, parentResourceGroupVersion) {
if parentKind == subresource.ParentResource.Kind { if parentKind == subresource.ParentResource.Kind {
if strings.ToLower(subresourceName) == strings.Split(subresource.APIResource.Name, "/")[1] { if strings.ToLower(subresourceName) == strings.Split(subresource.Subresource.Name, "/")[1] {
return subresource.APIResource.Kind, nil return subresource.Subresource.Kind, nil
} }
} }
} }

7
cmd/cli/kubectl-kyverno/utils/common/common_test.go
View file

@ -3,8 +3,7 @@ package common
import ( import (
"testing" "testing"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"gotest.tools/assert" "gotest.tools/assert"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
) )
@ -97,9 +96,9 @@ func Test_getSubresourceKind(t *testing.T) {
podAPIResource := metav1.APIResource{Name: "pods", SingularName: "", Namespaced: true, Kind: "Pod"} podAPIResource := metav1.APIResource{Name: "pods", SingularName: "", Namespaced: true, Kind: "Pod"}
podEvictionAPIResource := metav1.APIResource{Name: "pods/eviction", SingularName: "", Namespaced: true, Group: "policy", Version: "v1", Kind: "Eviction"} podEvictionAPIResource := metav1.APIResource{Name: "pods/eviction", SingularName: "", Namespaced: true, Group: "policy", Version: "v1", Kind: "Eviction"}
subresources := []valuesapi.Subresource{ subresources := []v1alpha1.Subresource{
{ {
APIResource: podEvictionAPIResource, Subresource: podEvictionAPIResource,
ParentResource: podAPIResource, ParentResource: podAPIResource,
}, },
} }

34
cmd/cli/kubectl-kyverno/utils/common/fetch.go
View file

@ -9,14 +9,14 @@ import (
"github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/log"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
"github.com/kyverno/kyverno/pkg/autogen" "github.com/kyverno/kyverno/pkg/autogen"
"github.com/kyverno/kyverno/pkg/clients/dclient" "github.com/kyverno/kyverno/pkg/clients/dclient"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"github.com/kyverno/kyverno/pkg/validatingadmissionpolicy" "github.com/kyverno/kyverno/pkg/validatingadmissionpolicy"
"k8s.io/api/admissionregistration/v1alpha1" admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
@ -29,7 +29,7 @@ import (
func GetResources( func GetResources(
out io.Writer, out io.Writer,
policies []kyvernov1.PolicyInterface, policies []kyvernov1.PolicyInterface,
validatingAdmissionPolicies []v1alpha1.ValidatingAdmissionPolicy, validatingAdmissionPolicies []admissionregistrationv1alpha1.ValidatingAdmissionPolicy,
resourcePaths []string, resourcePaths []string,
dClient dclient.Interface, dClient dclient.Interface,
cluster bool, cluster bool,
@ -70,7 +70,7 @@ func GetResources(
return resources, err return resources, err
} }
func whenClusterIsTrue(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, dClient dclient.Interface, namespace string, resourcePaths []string, policyReport bool) ([]*unstructured.Unstructured, error) { func whenClusterIsTrue(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource, dClient dclient.Interface, namespace string, resourcePaths []string, policyReport bool) ([]*unstructured.Unstructured, error) {
resources := make([]*unstructured.Unstructured, 0) resources := make([]*unstructured.Unstructured, 0)
resourceMap, err := getResourcesOfTypeFromCluster(out, resourceTypes, subresourceMap, dClient, namespace) resourceMap, err := getResourcesOfTypeFromCluster(out, resourceTypes, subresourceMap, dClient, namespace)
if err != nil { if err != nil {
@ -166,7 +166,7 @@ func GetResourcesWithTest(out io.Writer, fs billy.Filesystem, policies []kyverno
return resources, nil return resources, nil
} }
func getResourcesOfTypeFromCluster(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) { func getResourcesOfTypeFromCluster(out io.Writer, resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) {
r := make(map[string]*unstructured.Unstructured) r := make(map[string]*unstructured.Unstructured)
for _, kind := range resourceTypes { for _, kind := range resourceTypes {
resourceList, err := dClient.ListResource(context.TODO(), kind.GroupVersion().String(), kind.Kind, namespace, nil) resourceList, err := dClient.ListResource(context.TODO(), kind.GroupVersion().String(), kind.Kind, namespace, nil)
@ -195,17 +195,17 @@ func getResourcesOfTypeFromCluster(out io.Writer, resourceTypes []schema.GroupVe
parentResourceNames = append(parentResourceNames, resource.GetName()) parentResourceNames = append(parentResourceNames, resource.GetName())
} }
for _, parentResourceName := range parentResourceNames { for _, parentResourceName := range parentResourceNames {
subresourceName := strings.Split(subresource.APIResource.Name, "/")[1] subresourceName := strings.Split(subresource.Subresource.Name, "/")[1]
resource, err := dClient.GetResource(context.TODO(), parentGV.String(), subresource.ParentResource.Kind, namespace, parentResourceName, subresourceName) resource, err := dClient.GetResource(context.TODO(), parentGV.String(), subresource.ParentResource.Kind, namespace, parentResourceName, subresourceName)
if err != nil { if err != nil {
fmt.Fprintf(out, "Error: %s", err.Error()) fmt.Fprintf(out, "Error: %s", err.Error())
continue continue
} }
key := subresource.APIResource.Kind + "-" + resource.GetNamespace() + "-" + resource.GetName() key := subresource.Subresource.Kind + "-" + resource.GetNamespace() + "-" + resource.GetName()
resource.SetGroupVersionKind(schema.GroupVersionKind{ resource.SetGroupVersionKind(schema.GroupVersionKind{
Group: subresource.APIResource.Group, Group: subresource.Subresource.Group,
Version: subresource.APIResource.Version, Version: subresource.Subresource.Version,
Kind: subresource.APIResource.Kind, Kind: subresource.Subresource.Kind,
}) })
r[key] = resource.DeepCopy() r[key] = resource.DeepCopy()
} }
@ -227,9 +227,9 @@ func GetPatchedAndGeneratedResource(resourceBytes []byte) (unstructured.Unstruct
} }
// GetKindsFromRule will return the kinds from policy match block // GetKindsFromRule will return the kinds from policy match block
func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]valuesapi.Subresource) { func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]v1alpha1.Subresource) {
resourceTypesMap := make(map[schema.GroupVersionKind]bool) resourceTypesMap := make(map[schema.GroupVersionKind]bool)
subresourceMap := make(map[schema.GroupVersionKind]valuesapi.Subresource) subresourceMap := make(map[schema.GroupVersionKind]v1alpha1.Subresource)
for _, kind := range rule.MatchResources.Kinds { for _, kind := range rule.MatchResources.Kinds {
addGVKToResourceTypesMap(kind, resourceTypesMap, subresourceMap, client) addGVKToResourceTypesMap(kind, resourceTypesMap, subresourceMap, client)
} }
@ -250,9 +250,9 @@ func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema
return resourceTypesMap, subresourceMap return resourceTypesMap, subresourceMap
} }
func getKindsFromValidatingAdmissionPolicy(policy v1alpha1.ValidatingAdmissionPolicy, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]valuesapi.Subresource) { func getKindsFromValidatingAdmissionPolicy(policy admissionregistrationv1alpha1.ValidatingAdmissionPolicy, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]v1alpha1.Subresource) {
resourceTypesMap := make(map[schema.GroupVersionKind]bool) resourceTypesMap := make(map[schema.GroupVersionKind]bool)
subresourceMap := make(map[schema.GroupVersionKind]valuesapi.Subresource) subresourceMap := make(map[schema.GroupVersionKind]v1alpha1.Subresource)
kinds := validatingadmissionpolicy.GetKinds(policy) kinds := validatingadmissionpolicy.GetKinds(policy)
for _, kind := range kinds { for _, kind := range kinds {
@ -262,7 +262,7 @@ func getKindsFromValidatingAdmissionPolicy(policy v1alpha1.ValidatingAdmissionPo
return resourceTypesMap, subresourceMap return resourceTypesMap, subresourceMap
} }
func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, client dclient.Interface) { func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource, client dclient.Interface) {
group, version, kind, subresource := kubeutils.ParseKindSelector(kind) group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
gvrss, err := client.Discovery().FindResources(group, version, kind, subresource) gvrss, err := client.Discovery().FindResources(group, version, kind, subresource)
if err != nil { if err != nil {
@ -277,8 +277,8 @@ func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVers
gvk := schema.GroupVersionKind{ gvk := schema.GroupVersionKind{
Group: child.Group, Version: child.Version, Kind: child.Kind, Group: child.Group, Version: child.Version, Kind: child.Kind,
} }
subresourceMap[gvk] = valuesapi.Subresource{ subresourceMap[gvk] = v1alpha1.Subresource{
APIResource: child, Subresource: child,
ParentResource: metav1.APIResource{ ParentResource: metav1.APIResource{
Group: parent.Group, Group: parent.Group,
Version: parent.Version, Version: parent.Version,

4
cmd/cli/kubectl-kyverno/utils/common/kyverno_resources_types.go
View file

@ -4,7 +4,7 @@ import (
"io" "io"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/pkg/autogen" "github.com/kyverno/kyverno/pkg/autogen"
"github.com/kyverno/kyverno/pkg/clients/dclient" "github.com/kyverno/kyverno/pkg/clients/dclient"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -21,7 +21,7 @@ func (r *KyvernoResources) FetchResourcesFromPolicy(out io.Writer, resourcePaths
resourceTypesMap := make(map[schema.GroupVersionKind]bool) resourceTypesMap := make(map[schema.GroupVersionKind]bool)
var resourceTypes []schema.GroupVersionKind var resourceTypes []schema.GroupVersionKind
var subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource var subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource
for _, policy := range r.policies { for _, policy := range r.policies {
for _, rule := range autogen.ComputeRules(policy) { for _, rule := range autogen.ComputeRules(policy) {

8
cmd/cli/kubectl-kyverno/utils/common/validating_admission_resources.go
View file

@ -3,15 +3,15 @@ package common
import ( import (
"io" "io"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/pkg/clients/dclient" "github.com/kyverno/kyverno/pkg/clients/dclient"
"k8s.io/api/admissionregistration/v1alpha1" admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
) )
type ValidatingAdmissionResources struct { type ValidatingAdmissionResources struct {
policies []v1alpha1.ValidatingAdmissionPolicy policies []admissionregistrationv1alpha1.ValidatingAdmissionPolicy
} }
func (r *ValidatingAdmissionResources) FetchResourcesFromPolicy(out io.Writer, resourcePaths []string, dClient dclient.Interface, namespace string, policyReport bool) ([]*unstructured.Unstructured, error) { func (r *ValidatingAdmissionResources) FetchResourcesFromPolicy(out io.Writer, resourcePaths []string, dClient dclient.Interface, namespace string, policyReport bool) ([]*unstructured.Unstructured, error) {
@ -20,7 +20,7 @@ func (r *ValidatingAdmissionResources) FetchResourcesFromPolicy(out io.Writer, r
resourceTypesMap := make(map[schema.GroupVersionKind]bool) resourceTypesMap := make(map[schema.GroupVersionKind]bool)
var resourceTypes []schema.GroupVersionKind var resourceTypes []schema.GroupVersionKind
var subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource var subresourceMap map[schema.GroupVersionKind]v1alpha1.Subresource
for _, policy := range r.policies { for _, policy := range r.policies {
var resourceTypesInRule map[schema.GroupVersionKind]bool var resourceTypesInRule map[schema.GroupVersionKind]bool

6
cmd/cli/kubectl-kyverno/values/load.go
View file

@ -5,16 +5,16 @@ import (
"os" "os"
"github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"k8s.io/apimachinery/pkg/util/yaml" "k8s.io/apimachinery/pkg/util/yaml"
) )
func Load(f billy.Filesystem, filepath string) (*valuesapi.Values, error) { func Load(f billy.Filesystem, filepath string) (*v1alpha1.Values, error) {
yamlBytes, err := readFile(f, filepath) yamlBytes, err := readFile(f, filepath)
if err != nil { if err != nil {
return nil, err return nil, err
} }
vals := &valuesapi.Values{} vals := &v1alpha1.Values{}
if err := yaml.UnmarshalStrict(yamlBytes, vals); err != nil { if err := yaml.UnmarshalStrict(yamlBytes, vals); err != nil {
return nil, err return nil, err
} }

44
cmd/cli/kubectl-kyverno/values/load_test.go
View file

@ -7,7 +7,7 @@ import (
"github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
"github.com/go-git/go-billy/v5/memfs" "github.com/go-git/go-billy/v5/memfs"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
) )
func Test_readFile(t *testing.T) { func Test_readFile(t *testing.T) {
@ -88,7 +88,7 @@ func TestLoad(t *testing.T) {
name string name string
f billy.Filesystem f billy.Filesystem
filepath string filepath string
want *valuesapi.Values want *v1alpha1.Values
wantErr bool wantErr bool
}{{ }{{
name: "empty", name: "empty",
@ -108,27 +108,29 @@ func TestLoad(t *testing.T) {
}, { }, {
name: "valid", name: "valid",
filepath: "../_testdata/values/limit-configmap-for-sa.yaml", filepath: "../_testdata/values/limit-configmap-for-sa.yaml",
want: &valuesapi.Values{ want: &v1alpha1.Values{
NamespaceSelectors: []valuesapi.NamespaceSelector{{ ValuesSpec: v1alpha1.ValuesSpec{
Name: "test1", NamespaceSelectors: []v1alpha1.NamespaceSelector{{
Labels: map[string]string{ Name: "test1",
"foo.com/managed-state": "managed", Labels: map[string]string{
}, "foo.com/managed-state": "managed",
}},
Policies: []valuesapi.Policy{{
Name: "limit-configmap-for-sa",
Resources: []valuesapi.Resource{{
Name: "any-configmap-name-good",
Values: map[string]interface{}{
"request.operation": "UPDATE",
},
}, {
Name: "any-configmap-name-bad",
Values: map[string]interface{}{
"request.operation": "UPDATE",
}, },
}}, }},
}}, Policies: []v1alpha1.Policy{{
Name: "limit-configmap-for-sa",
Resources: []v1alpha1.Resource{{
Name: "any-configmap-name-good",
Values: map[string]interface{}{
"request.operation": "UPDATE",
},
}, {
Name: "any-configmap-name-bad",
Values: map[string]interface{}{
"request.operation": "UPDATE",
},
}},
}},
},
}, },
wantErr: false, wantErr: false,
}} }}

6
cmd/cli/kubectl-kyverno/variables/new.go
View file

@ -5,18 +5,18 @@ import (
"path/filepath" "path/filepath"
"github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values"
) )
func New(fs billy.Filesystem, resourcePath string, path string, vals *valuesapi.Values, vars ...string) (*Variables, error) { func New(fs billy.Filesystem, resourcePath string, path string, vals *v1alpha1.ValuesSpec, vars ...string) (*Variables, error) {
// if we already have values, skip the file // if we already have values, skip the file
if vals == nil && path != "" { if vals == nil && path != "" {
v, err := values.Load(fs, filepath.Join(resourcePath, path)) v, err := values.Load(fs, filepath.Join(resourcePath, path))
if err != nil { if err != nil {
return nil, fmt.Errorf("Unable to load variable file: %s (%w)", path, err) return nil, fmt.Errorf("Unable to load variable file: %s (%w)", path, err)
} }
vals = v vals = &v.ValuesSpec
} }
variables := Variables{ variables := Variables{
values: vals, values: vals,

32
cmd/cli/kubectl-kyverno/variables/new_test.go
View file

@ -5,7 +5,7 @@ import (
"testing" "testing"
"github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
) )
func TestNew(t *testing.T) { func TestNew(t *testing.T) {
@ -14,7 +14,7 @@ func TestNew(t *testing.T) {
fs billy.Filesystem fs billy.Filesystem
resourcePath string resourcePath string
path string path string
vals *valuesapi.Values vals *v1alpha1.ValuesSpec
vars []string vars []string
want *Variables want *Variables
wantErr bool wantErr bool
@ -47,14 +47,14 @@ func TestNew(t *testing.T) {
fs: nil, fs: nil,
resourcePath: "", resourcePath: "",
path: "", path: "",
vals: &valuesapi.Values{ vals: &v1alpha1.ValuesSpec{
GlobalValues: map[string]interface{}{ GlobalValues: map[string]interface{}{
"bar": "baz", "bar": "baz",
}, },
}, },
vars: nil, vars: nil,
want: &Variables{ want: &Variables{
values: &valuesapi.Values{ values: &v1alpha1.ValuesSpec{
GlobalValues: map[string]interface{}{ GlobalValues: map[string]interface{}{
"bar": "baz", "bar": "baz",
}, },
@ -66,7 +66,7 @@ func TestNew(t *testing.T) {
fs: nil, fs: nil,
resourcePath: "", resourcePath: "",
path: "", path: "",
vals: &valuesapi.Values{ vals: &v1alpha1.ValuesSpec{
GlobalValues: map[string]interface{}{ GlobalValues: map[string]interface{}{
"bar": "baz", "bar": "baz",
}, },
@ -75,7 +75,7 @@ func TestNew(t *testing.T) {
"foo=bar", "foo=bar",
}, },
want: &Variables{ want: &Variables{
values: &valuesapi.Values{ values: &v1alpha1.ValuesSpec{
GlobalValues: map[string]interface{}{ GlobalValues: map[string]interface{}{
"bar": "baz", "bar": "baz",
}, },
@ -93,16 +93,16 @@ func TestNew(t *testing.T) {
vals: nil, vals: nil,
vars: nil, vars: nil,
want: &Variables{ want: &Variables{
values: &valuesapi.Values{ values: &v1alpha1.ValuesSpec{
NamespaceSelectors: []valuesapi.NamespaceSelector{{ NamespaceSelectors: []v1alpha1.NamespaceSelector{{
Name: "test1", Name: "test1",
Labels: map[string]string{ Labels: map[string]string{
"foo.com/managed-state": "managed", "foo.com/managed-state": "managed",
}, },
}}, }},
Policies: []valuesapi.Policy{{ Policies: []v1alpha1.Policy{{
Name: "limit-configmap-for-sa", Name: "limit-configmap-for-sa",
Resources: []valuesapi.Resource{{ Resources: []v1alpha1.Resource{{
Name: "any-configmap-name-good", Name: "any-configmap-name-good",
Values: map[string]interface{}{ Values: map[string]interface{}{
"request.operation": "UPDATE", "request.operation": "UPDATE",
@ -127,16 +127,16 @@ func TestNew(t *testing.T) {
"foo=bar", "foo=bar",
}, },
want: &Variables{ want: &Variables{
values: &valuesapi.Values{ values: &v1alpha1.ValuesSpec{
NamespaceSelectors: []valuesapi.NamespaceSelector{{ NamespaceSelectors: []v1alpha1.NamespaceSelector{{
Name: "test1", Name: "test1",
Labels: map[string]string{ Labels: map[string]string{
"foo.com/managed-state": "managed", "foo.com/managed-state": "managed",
}, },
}}, }},
Policies: []valuesapi.Policy{{ Policies: []v1alpha1.Policy{{
Name: "limit-configmap-for-sa", Name: "limit-configmap-for-sa",
Resources: []valuesapi.Resource{{ Resources: []v1alpha1.Resource{{
Name: "any-configmap-name-good", Name: "any-configmap-name-good",
Values: map[string]interface{}{ Values: map[string]interface{}{
"request.operation": "UPDATE", "request.operation": "UPDATE",
@ -168,14 +168,14 @@ func TestNew(t *testing.T) {
fs: nil, fs: nil,
resourcePath: "", resourcePath: "",
path: "../_testdata/values/limit-configmap-for-sa.yaml", path: "../_testdata/values/limit-configmap-for-sa.yaml",
vals: &valuesapi.Values{ vals: &v1alpha1.ValuesSpec{
GlobalValues: map[string]interface{}{ GlobalValues: map[string]interface{}{
"bar": "baz", "bar": "baz",
}, },
}, },
vars: nil, vars: nil,
want: &Variables{ want: &Variables{
values: &valuesapi.Values{ values: &v1alpha1.ValuesSpec{
GlobalValues: map[string]interface{}{ GlobalValues: map[string]interface{}{
"bar": "baz", "bar": "baz",
}, },

6
cmd/cli/kubectl-kyverno/variables/variables.go
View file

@ -3,13 +3,13 @@ package variables
import ( import (
"fmt" "fmt"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/store"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
) )
type Variables struct { type Variables struct {
values *valuesapi.Values values *v1alpha1.ValuesSpec
variables map[string]string variables map[string]string
} }
@ -29,7 +29,7 @@ func (v Variables) HasPolicyVariables(policy string) bool {
return false return false
} }
func (v Variables) Subresources() []valuesapi.Subresource { func (v Variables) Subresources() []v1alpha1.Subresource {
if v.values == nil { if v.values == nil {
return nil return nil
} }

54
cmd/cli/kubectl-kyverno/variables/variables_test.go
View file

@ -4,7 +4,7 @@ import (
"reflect" "reflect"
"testing" "testing"
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/v1alpha1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values" "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
@ -13,7 +13,7 @@ import (
func TestVariables_HasVariables(t *testing.T) { func TestVariables_HasVariables(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
values *valuesapi.Values values *v1alpha1.ValuesSpec
variables map[string]string variables map[string]string
want bool want bool
}{{ }{{
@ -50,9 +50,9 @@ func TestVariables_HasVariables(t *testing.T) {
func TestVariables_Subresources(t *testing.T) { func TestVariables_Subresources(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
values *valuesapi.Values values *v1alpha1.ValuesSpec
variables map[string]string variables map[string]string
want []valuesapi.Subresource want []v1alpha1.Subresource
}{{ }{{
name: "nil values", name: "nil values",
values: nil, values: nil,
@ -60,25 +60,25 @@ func TestVariables_Subresources(t *testing.T) {
want: nil, want: nil,
}, { }, {
name: "nil subresources", name: "nil subresources",
values: &valuesapi.Values{ values: &v1alpha1.ValuesSpec{
Subresources: nil, Subresources: nil,
}, },
variables: nil, variables: nil,
want: nil, want: nil,
}, { }, {
name: "empty subresources", name: "empty subresources",
values: &valuesapi.Values{ values: &v1alpha1.ValuesSpec{
Subresources: []valuesapi.Subresource{}, Subresources: []v1alpha1.Subresource{},
}, },
variables: nil, variables: nil,
want: nil, want: nil,
}, { }, {
name: "subresources", name: "subresources",
values: &valuesapi.Values{ values: &v1alpha1.ValuesSpec{
Subresources: []valuesapi.Subresource{{}}, Subresources: []v1alpha1.Subresource{{}},
}, },
variables: nil, variables: nil,
want: []valuesapi.Subresource{{}}, want: []v1alpha1.Subresource{{}},
}} }}
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
@ -98,7 +98,7 @@ func TestVariables_NamespaceSelectors(t *testing.T) {
assert.NoError(t, err) assert.NoError(t, err)
tests := []struct { tests := []struct {
name string name string
values *valuesapi.Values values *v1alpha1.ValuesSpec
variables map[string]string variables map[string]string
want map[string]Labels want map[string]Labels
}{{ }{{
@ -108,12 +108,12 @@ func TestVariables_NamespaceSelectors(t *testing.T) {
want: nil, want: nil,
}, { }, {
name: "empty", name: "empty",
values: &valuesapi.Values{}, values: &v1alpha1.ValuesSpec{},
variables: nil, variables: nil,
want: nil, want: nil,
}, { }, {
name: "values", name: "values",
values: vals, values: &vals.ValuesSpec,
variables: nil, variables: nil,
want: map[string]map[string]string{ want: map[string]map[string]string{
"test1": { "test1": {
@ -137,9 +137,9 @@ func TestVariables_NamespaceSelectors(t *testing.T) {
func TestVariables_SetInStore(t *testing.T) { func TestVariables_SetInStore(t *testing.T) {
vals, err := values.Load(nil, "../_testdata/values/limit-configmap-for-sa.yaml") vals, err := values.Load(nil, "../_testdata/values/limit-configmap-for-sa.yaml")
assert.NoError(t, err) assert.NoError(t, err)
vals.Policies = append(vals.Policies, valuesapi.Policy{ vals.ValuesSpec.Policies = append(vals.ValuesSpec.Policies, v1alpha1.Policy{
Name: "limit-configmap-for-sa", Name: "limit-configmap-for-sa",
Rules: []valuesapi.Rule{{ Rules: []v1alpha1.Rule{{
Name: "rule", Name: "rule",
Values: map[string]interface{}{ Values: map[string]interface{}{
"foo": "bar", "foo": "bar",
@ -151,7 +151,7 @@ func TestVariables_SetInStore(t *testing.T) {
}) })
tests := []struct { tests := []struct {
name string name string
values *valuesapi.Values values *v1alpha1.ValuesSpec
variables map[string]string variables map[string]string
}{{ }{{
name: "nil", name: "nil",
@ -159,11 +159,11 @@ func TestVariables_SetInStore(t *testing.T) {
variables: nil, variables: nil,
}, { }, {
name: "empty", name: "empty",
values: &valuesapi.Values{}, values: &v1alpha1.ValuesSpec{},
variables: nil, variables: nil,
}, { }, {
name: "values", name: "values",
values: vals, values: &vals.ValuesSpec,
variables: nil, variables: nil,
}} }}
for _, tt := range tests { for _, tt := range tests {
@ -180,9 +180,9 @@ func TestVariables_SetInStore(t *testing.T) {
func TestVariables_HasPolicyVariables(t *testing.T) { func TestVariables_HasPolicyVariables(t *testing.T) {
vals, err := values.Load(nil, "../_testdata/values/limit-configmap-for-sa.yaml") vals, err := values.Load(nil, "../_testdata/values/limit-configmap-for-sa.yaml")
assert.NoError(t, err) assert.NoError(t, err)
vals.Policies = append(vals.Policies, valuesapi.Policy{ vals.ValuesSpec.Policies = append(vals.ValuesSpec.Policies, v1alpha1.Policy{
Name: "limit-configmap-for-sa", Name: "limit-configmap-for-sa",
Rules: []valuesapi.Rule{{ Rules: []v1alpha1.Rule{{
Name: "rule", Name: "rule",
Values: map[string]interface{}{ Values: map[string]interface{}{
"foo": "bar", "foo": "bar",
@ -194,7 +194,7 @@ func TestVariables_HasPolicyVariables(t *testing.T) {
}) })
tests := []struct { tests := []struct {
name string name string
values *valuesapi.Values values *v1alpha1.ValuesSpec
variables map[string]string variables map[string]string
policy string policy string
want bool want bool
@ -206,19 +206,19 @@ func TestVariables_HasPolicyVariables(t *testing.T) {
want: false, want: false,
}, { }, {
name: "empty", name: "empty",
values: &valuesapi.Values{}, values: &v1alpha1.ValuesSpec{},
variables: nil, variables: nil,
policy: "test", policy: "test",
want: false, want: false,
}, { }, {
name: "values - test", name: "values - test",
values: vals, values: &vals.ValuesSpec,
variables: nil, variables: nil,
policy: "test", policy: "test",
want: false, want: false,
}, { }, {
name: "values - limit-configmap-for-sa", name: "values - limit-configmap-for-sa",
values: vals, values: &vals.ValuesSpec,
variables: nil, variables: nil,
policy: "limit-configmap-for-sa", policy: "limit-configmap-for-sa",
want: true, want: true,
@ -237,14 +237,14 @@ func TestVariables_HasPolicyVariables(t *testing.T) {
} }
func TestVariables_ComputeVariables(t *testing.T) { func TestVariables_ComputeVariables(t *testing.T) {
loadValues := func(path string) *valuesapi.Values { loadValues := func(path string) *v1alpha1.ValuesSpec {
t.Helper() t.Helper()
vals, err := values.Load(nil, path) vals, err := values.Load(nil, path)
assert.NoError(t, err) assert.NoError(t, err)
return vals return &vals.ValuesSpec
} }
type fields struct { type fields struct {
values *valuesapi.Values values *v1alpha1.ValuesSpec
variables map[string]string variables map[string]string
} }
type args struct { type args struct {

0
docs/user/cli/kyverno.md → docs/user/cli/commands/kyverno.md
View file

0
docs/user/cli/kyverno_apply.md → docs/user/cli/commands/kyverno_apply.md
View file

0
docs/user/cli/kyverno_completion.md → docs/user/cli/commands/kyverno_completion.md
View file

0
docs/user/cli/kyverno_completion_bash.md → docs/user/cli/commands/kyverno_completion_bash.md
View file

0
docs/user/cli/kyverno_completion_fish.md → docs/user/cli/commands/kyverno_completion_fish.md
View file

0
docs/user/cli/kyverno_completion_powershell.md → docs/user/cli/commands/kyverno_completion_powershell.md
View file

0
docs/user/cli/kyverno_completion_zsh.md → docs/user/cli/commands/kyverno_completion_zsh.md
View file

0
docs/user/cli/kyverno_create.md → docs/user/cli/commands/kyverno_create.md
View file

0
docs/user/cli/kyverno_create_exception.md → docs/user/cli/commands/kyverno_create_exception.md
View file

0
docs/user/cli/kyverno_create_metrics-config.md → docs/user/cli/commands/kyverno_create_metrics-config.md
View file

0
docs/user/cli/kyverno_create_test.md → docs/user/cli/commands/kyverno_create_test.md
View file

0
docs/user/cli/kyverno_create_user-info.md → docs/user/cli/commands/kyverno_create_user-info.md
View file

0
docs/user/cli/kyverno_create_values.md → docs/user/cli/commands/kyverno_create_values.md
View file

0
docs/user/cli/kyverno_docs.md → docs/user/cli/commands/kyverno_docs.md
View file

0
docs/user/cli/kyverno_fix.md → docs/user/cli/commands/kyverno_fix.md
View file

0
docs/user/cli/kyverno_fix_policy.md → docs/user/cli/commands/kyverno_fix_policy.md
View file

1
docs/user/cli/kyverno_fix_test.md → docs/user/cli/commands/kyverno_fix_test.md
View file

@ -30,6 +30,7 @@ kyverno fix test [dir]... [flags]
``` ```
--compress Compress test results --compress Compress test results
-f, --file-name string Test filename (default "kyverno-test.yaml") -f, --file-name string Test filename (default "kyverno-test.yaml")
--force Force save file
-h, --help help for test -h, --help help for test
--save Save fixed file --save Save fixed file
``` ```

0
docs/user/cli/kyverno_jp.md → docs/user/cli/commands/kyverno_jp.md
View file

0
docs/user/cli/kyverno_jp_function.md → docs/user/cli/commands/kyverno_jp_function.md
View file

0
docs/user/cli/kyverno_jp_parse.md → docs/user/cli/commands/kyverno_jp_parse.md
View file

0
docs/user/cli/kyverno_jp_query.md → docs/user/cli/commands/kyverno_jp_query.md
View file

0
docs/user/cli/kyverno_oci.md → docs/user/cli/commands/kyverno_oci.md
View file

0
docs/user/cli/kyverno_oci_pull.md → docs/user/cli/commands/kyverno_oci_pull.md
View file

0
docs/user/cli/kyverno_oci_push.md → docs/user/cli/commands/kyverno_oci_push.md
View file

0
docs/user/cli/kyverno_test.md → docs/user/cli/commands/kyverno_test.md
View file

0
docs/user/cli/kyverno_version.md → docs/user/cli/commands/kyverno_version.md
View file

838
docs/user/cli/crd/index.html Normal file
View file

@ -0,0 +1,838 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<title>Kyverno API</title>
<style>
.bg-blue {
color: #ffffff;
background-color: #1589dd;
}
</style>
</head>
<body>
<div class="container">
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<a class="navbar-brand" href="#"><p><b>Packages : </b></p></a>
<ul style="list-style:none">
<li>
<a href="#cli.kyverno.io%2fv1alpha1"><b style="color: white">cli.kyverno.io/v1alpha1</b></a>
</li>
</ul>
</nav>
<h2 id="cli.kyverno.io/v1alpha1">cli.kyverno.io/v1alpha1</h2>
Resource Types:
<ul><li>
<a href="#cli.kyverno.io/v1alpha1.Test">Test</a>
</li><li>
<a href="#cli.kyverno.io/v1alpha1.UserInfo">UserInfo</a>
</li><li>
<a href="#cli.kyverno.io/v1alpha1.Values">Values</a>
</li></ul>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.Test">Test
</h3>
<p>
<p>Test declares a test</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>apiVersion</code><br/>
string</td>
<td>
<code>
cli.kyverno.io/v1alpha1
</code>
</td>
</tr>
<tr>
<td>
<code>kind</code><br/>
string
</td>
<td><code>Test</code></td>
</tr>
<tr>
<td>
<code>metadata</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
Kubernetes meta/v1.ObjectMeta
</a>
</em>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td>
<code>name</code><br/>
<em>
string
</em>
</td>
<td>
<p>Name is the name of the test.
This field is deprecated, use <code>metadata.name</code> instead</p>
</td>
</tr>
<tr>
<td>
<code>policies</code><br/>
<em>
[]string
</em>
</td>
<td>
<p>Policies are the policies to be used in the test</p>
</td>
</tr>
<tr>
<td>
<code>resources</code><br/>
<em>
[]string
</em>
</td>
<td>
<p>Resources are the resource to be used in the test</p>
</td>
</tr>
<tr>
<td>
<code>variables</code><br/>
<em>
string
</em>
</td>
<td>
<p>Variables is the values to be used in the test</p>
</td>
</tr>
<tr>
<td>
<code>userinfo</code><br/>
<em>
string
</em>
</td>
<td>
<p>UserInfo is the user info to be used in the test</p>
</td>
</tr>
<tr>
<td>
<code>results</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.TestResult">
[]TestResult
</a>
</em>
</td>
<td>
<p>Results are the results to be checked in the test</p>
</td>
</tr>
<tr>
<td>
<code>values</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">
ValuesSpec
</a>
</em>
</td>
<td>
<p>Values are the values to be used in the test</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.UserInfo">UserInfo
</h3>
<p>
<p>UserInfo declares user infos to be loaded by the Kyverno CLI</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>apiVersion</code><br/>
string</td>
<td>
<code>
cli.kyverno.io/v1alpha1
</code>
</td>
</tr>
<tr>
<td>
<code>kind</code><br/>
string
</td>
<td><code>UserInfo</code></td>
</tr>
<tr>
<td>
<code>metadata</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
Kubernetes meta/v1.ObjectMeta
</a>
</em>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td>
<code>RequestInfo</code><br/>
<em>
github.com/kyverno/kyverno/api/kyverno/v1beta1.RequestInfo
</em>
</td>
<td>
<p>
(Members of <code>RequestInfo</code> are embedded into this type.)
</p>
<p>RequestInfo declares user infos</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.Values">Values
</h3>
<p>
<p>Values declares values to be loaded by the Kyverno CLI</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>apiVersion</code><br/>
string</td>
<td>
<code>
cli.kyverno.io/v1alpha1
</code>
</td>
</tr>
<tr>
<td>
<code>kind</code><br/>
string
</td>
<td><code>Values</code></td>
</tr>
<tr>
<td>
<code>metadata</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
Kubernetes meta/v1.ObjectMeta
</a>
</em>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td>
<code>ValuesSpec</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">
ValuesSpec
</a>
</em>
</td>
<td>
<p>
(Members of <code>ValuesSpec</code> are embedded into this type.)
</p>
<p>ValuesSpec declares values</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.NamespaceSelector">NamespaceSelector
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">ValuesSpec</a>)
</p>
<p>
<p>NamespaceSelector declares labels for a given namespace</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>name</code><br/>
<em>
string
</em>
</td>
<td>
<p>Name is the namespace name</p>
</td>
</tr>
<tr>
<td>
<code>labels</code><br/>
<em>
map[string]string
</em>
</td>
<td>
<p>Labels are the labels for the given namespace</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.Policy">Policy
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">ValuesSpec</a>)
</p>
<p>
<p>Policy declares values for a given policy</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>name</code><br/>
<em>
string
</em>
</td>
<td>
<p>Name is the policy name</p>
</td>
</tr>
<tr>
<td>
<code>resources</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.Resource">
[]Resource
</a>
</em>
</td>
<td>
<p>Resources are values for specific resources</p>
</td>
</tr>
<tr>
<td>
<code>rules</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.Rule">
[]Rule
</a>
</em>
</td>
<td>
<p>Rules are values for specific policy rules</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.Resource">Resource
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.Policy">Policy</a>)
</p>
<p>
<p>Resource declares values for a given resource</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>name</code><br/>
<em>
string
</em>
</td>
<td>
<p>Name is the name of the resource</p>
</td>
</tr>
<tr>
<td>
<code>values</code><br/>
<em>
map[string]interface{}
</em>
</td>
<td>
<p>Values are the values for the given resource</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.Rule">Rule
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.Policy">Policy</a>)
</p>
<p>
<p>Rule declares values for a given policy rule</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>name</code><br/>
<em>
string
</em>
</td>
<td>
<p>Name is the name of the ppolicy rule</p>
</td>
</tr>
<tr>
<td>
<code>values</code><br/>
<em>
map[string]interface{}
</em>
</td>
<td>
<p>Values are the values for the given policy rule</p>
</td>
</tr>
<tr>
<td>
<code>foreachValues</code><br/>
<em>
map[string][]interface{}
</em>
</td>
<td>
<p>ForeachValues are the foreach values for the given policy rule</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.Subresource">Subresource
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.ValuesSpec">ValuesSpec</a>)
</p>
<p>
<p>Subresource declares subresource/parent resource mapping</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>subresource</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#apiresource-v1-meta">
Kubernetes meta/v1.APIResource
</a>
</em>
</td>
<td>
<p>Subresource declares the subresource api</p>
</td>
</tr>
<tr>
<td>
<code>parentResource</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#apiresource-v1-meta">
Kubernetes meta/v1.APIResource
</a>
</em>
</td>
<td>
<p>ParentResource declares the parent resource api</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.TestResult">TestResult
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.Test">Test</a>)
</p>
<p>
<p>TestResultBase declares a test result</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>TestResultBase</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.TestResultBase">
TestResultBase
</a>
</em>
</td>
<td>
<p>
(Members of <code>TestResultBase</code> are embedded into this type.)
</p>
</td>
</tr>
<tr>
<td>
<code>TestResultDeprecated</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.TestResultDeprecated">
TestResultDeprecated
</a>
</em>
</td>
<td>
<p>
(Members of <code>TestResultDeprecated</code> are embedded into this type.)
</p>
</td>
</tr>
<tr>
<td>
<code>resources</code><br/>
<em>
[]string
</em>
</td>
<td>
<p>Resources gives us the list of resources on which the policy is going to be applied.</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.TestResultBase">TestResultBase
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.TestResult">TestResult</a>)
</p>
<p>
<p>TestResultBase declares a test result base fields</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>policy</code><br/>
<em>
string
</em>
</td>
<td>
<p>Policy mentions the name of the policy.</p>
</td>
</tr>
<tr>
<td>
<code>rule</code><br/>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Rule mentions the name of the rule in the policy.
It&rsquo;s required in case policy is a kyverno policy.</p>
</td>
</tr>
<tr>
<td>
<code>isValidatingAdmissionPolicy</code><br/>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>IsValidatingAdmissionPolicy indicates if the policy is a validating admission policy.
It&rsquo;s required in case policy is a validating admission policy.</p>
</td>
</tr>
<tr>
<td>
<code>result</code><br/>
<em>
github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyResult
</em>
</td>
<td>
<p>Result mentions the result that the user is expecting.
Possible values are pass, fail and skip.</p>
</td>
</tr>
<tr>
<td>
<code>kind</code><br/>
<em>
string
</em>
</td>
<td>
<p>Kind mentions the kind of the resource on which the policy is to be applied.</p>
</td>
</tr>
<tr>
<td>
<code>patchedResource</code><br/>
<em>
string
</em>
</td>
<td>
<p>PatchedResource takes a resource configuration file in yaml format from
the user to compare it against the Kyverno mutated resource configuration.</p>
</td>
</tr>
<tr>
<td>
<code>generatedResource</code><br/>
<em>
string
</em>
</td>
<td>
<p>GeneratedResource takes a resource configuration file in yaml format from
the user to compare it against the Kyverno generated resource configuration.</p>
</td>
</tr>
<tr>
<td>
<code>cloneSourceResource</code><br/>
<em>
string
</em>
</td>
<td>
<p>CloneSourceResource takes the resource configuration file in yaml format
from the user which is meant to be cloned by the generate rule.</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.TestResultDeprecated">TestResultDeprecated
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.TestResult">TestResult</a>)
</p>
<p>
<p>TestResultBase declares a test result deprecated fields</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>status</code><br/>
<em>
github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyResult
</em>
</td>
<td>
<p>Status mentions the status that the user is expecting.
Possible values are pass, fail and skip.
This is DEPRECATED, use <code>Result</code> instead.</p>
</td>
</tr>
<tr>
<td>
<code>resource</code><br/>
<em>
string
</em>
</td>
<td>
<p>Resource mentions the name of the resource on which the policy is to be applied.
This is DEPRECATED, use <code>Resources</code> instead.</p>
</td>
</tr>
<tr>
<td>
<code>namespace</code><br/>
<em>
string
</em>
</td>
<td>
<p>Namespace mentions the namespace of the policy which has namespace scope.
This is DEPRECATED, use a name in the form <code>&lt;namespace&gt;/&lt;name&gt;</code> for policies and/or resources instead.</p>
</td>
</tr>
</tbody>
</table>
<hr />
<h3 id="cli.kyverno.io/v1alpha1.ValuesSpec">ValuesSpec
</h3>
<p>
(<em>Appears on:</em>
<a href="#cli.kyverno.io/v1alpha1.Test">Test</a>,
<a href="#cli.kyverno.io/v1alpha1.Values">Values</a>)
</p>
<p>
<p>ValuesSpec declares values to be loaded by the Kyverno CLI</p>
</p>
<table class="table table-striped">
<thead class="thead-dark">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>globalValues</code><br/>
<em>
map[string]interface{}
</em>
</td>
<td>
<p>GlobalValues are the global values</p>
</td>
</tr>
<tr>
<td>
<code>policies</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.Policy">
[]Policy
</a>
</em>
</td>
<td>
<p>Policies are the policy values</p>
</td>
</tr>
<tr>
<td>
<code>namespaceSelector</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.NamespaceSelector">
[]NamespaceSelector
</a>
</em>
</td>
<td>
<p>NamespaceSelectors are the namespace labels</p>
</td>
</tr>
<tr>
<td>
<code>subresources</code><br/>
<em>
<a href="#cli.kyverno.io/v1alpha1.Subresource">
[]Subresource
</a>
</em>
</td>
<td>
<p>Subresources are the subresource/parent resource mappings</p>
</td>
</tr>
</tbody>
</table>
<hr />
</div>
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
</body>
</html>

5
test/cli/registry/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: test-registry apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- image-example.yaml - image-example.yaml
resources: resources:

5
test/cli/scenarios_to_cli/other/scenario_mutate_endpoint/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: policy-endpoints apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/scenarios_to_cli/other/scenario_mutate_pod_spec/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: mutate-pods-spec apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/scenarios_to_cli/other/scenario_validate_default_proc_mount/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: validate-default-proc-mount apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/scenarios_to_cli/other/scenario_validate_disallow_default_serviceaccount/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: validate-disallow-default-serviceaccount apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/scenarios_to_cli/other/scenario_validate_healthChecks/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: check-probe-exists apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/scenarios_to_cli/other/scenario_validate_selinux_context/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: validate-selinux-options apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/scenarios_to_cli/other/scenario_validate_volume_whitelist/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: validate-volumes-whitelist apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/scenarios_to_cli/samples/more/restrict_ingress_classes/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: restrict-ingress-classes apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-fail/invalid-ns/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: test-exclude apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-fail/missing-policy/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: test-simple apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-fail/missing-resource/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: test-simple apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-fail/missing-rule/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: test-simple apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-generate/add-network-policy/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: deny-all-traffic apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-generate/add-quota/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: add-quota apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-generate/create-default-pdb/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: pdb-test apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-generate/custom-resource/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: generate-tests apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-generate/multiple-resources/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: multiple-resources apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-generate/sync-multiple-resources/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: sync-controller-data apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-generate/sync-secrets/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: sync-secrets apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-mutate/add-default-resources/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: add-default-resources apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- add-default-resources.yaml - add-default-resources.yaml
resources: resources:

13
test/cli/test-mutate/bug-demo/kyverno-test.yaml
View file

@ -1,13 +1,16 @@
name: bug-demo apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- ./policy.yaml - ./policy.yaml
resources: resources:
- ./resource.yaml - ./resource.yaml
results: results:
- policy: bug-demo - kind: Pod
rule: mutate1 patchedResource: patched-resource-pattern.yaml
policy: bug-demo
resources: resources:
- pod1 - pod1
kind: Pod
patchedResource: patched-resource-pattern.yaml
result: pass result: pass
rule: mutate1

5
test/cli/test-mutate/connection-draining/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: connection-draining apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policy.yaml - policy.yaml
resources: resources:

5
test/cli/test-mutate/foreach/addIfNotPresent/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: foreach-mutate apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policies.yaml - policies.yaml
resources: resources:

5
test/cli/test-mutate/foreach/cumulativePatch/kyverno-test.yaml
View file

@ -1,4 +1,7 @@
name: foreach-mutate apiVersion: cli.kyverno.io/v1alpha1
kind: Test
metadata:
name: kyverno-test.yaml
policies: policies:
- policies.yaml - policies.yaml
resources: resources:

Some files were not shown because too many files have changed in this diff Show more