add a kuttl test cpol-data-sync-to-nosync-delete-rule (#6529)

Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-03-28 02:18:15 +00:00 · 2023-03-10 20:55:33 +08:00 · 2023-03-10 20:55:33 +08:00 · a61dac613b
commit a61dac613b
parent dfd478f22c
13 changed files with 232 additions and 0 deletions
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/01-clusterpolicy.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/01-clusterpolicy.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- policy.yaml
+assert:
+- policy-ready.yaml
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/02-ns.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/02-ns.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cpol-data-sync-to-nosync-delete-rule-ns
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/03-check.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/03-check.yaml
@ -0,0 +1,5 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+assert:
+- secret.yaml
+- configmap.yaml
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/04-update-sync.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/04-update-sync.yaml
@ -0,0 +1,63 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cpol-data-sync-to-nosync-delete-rule
+spec:
+  generateExisting: false
+  rules:
+  - name: k-kafka-address
+    match:
+      any:
+      - resources:
+          kinds:
+          - Namespace
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - kube-system
+          - default
+          - kube-public
+          - kyverno
+    generate:
+      synchronize: false
+      apiVersion: v1
+      kind: ConfigMap
+      name: zk-kafka-address
+      namespace: "{{request.object.metadata.name}}"
+      data:
+        kind: ConfigMap
+        metadata:
+          labels:
+            somekey: somevalue
+        data:
+          ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181"
+          KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092"
+  - name: super-secret
+    match:
+      any:
+      - resources:
+          kinds:
+          - Namespace
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - kube-system
+          - default
+          - kube-public
+          - kyverno
+    generate:
+      synchronize: true
+      apiVersion: v1
+      kind: Secret
+      name: supersecret
+      namespace: "{{request.object.metadata.name}}"
+      data:
+        kind: Secret
+        type: Opaque
+        metadata:
+          labels:
+            somekey: somesecretvalue
+        data:
+          mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/05-delete-rule.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/05-delete-rule.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- delete-rule.yaml
+assert:
+- policy-ready.yaml
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/06-sleep.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/06-sleep.yaml
@ -0,0 +1,5 @@
+# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run.
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: sleep 3
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/07-checks.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/07-checks.yaml
@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+assert:
+- secret.yaml
+- configmap.yaml
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/README.md
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/README.md
@ -0,0 +1,10 @@
+## Description
+
+This test checks to ensure that deletion of a rule in a ClusterPolicy generate rule, data declaration, with sync disabled, does not result in the downstream resource's deletion.
+
+## Expected Behavior
+
+The downstream (generated) resource is expected to remain if the corresponding rule within a ClusterPolicy is deleted. If it is not deleted, the test passes. If it is deleted, the test fails.
+
+## Reference Issue(s)
+
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/configmap.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/configmap.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092
+  ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181
+kind: ConfigMap
+metadata:
+  labels:
+    somekey: somevalue
+  name: zk-kafka-address
+  namespace: cpol-data-sync-to-nosync-delete-rule-ns
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/delete-rule.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/delete-rule.yaml
@ -0,0 +1,35 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: multiple-gens
+spec:
+  generateExisting: false
+  rules:
+  - name: super-secret
+    match:
+      any:
+      - resources:
+          kinds:
+          - Namespace
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - kube-system
+          - default
+          - kube-public
+          - kyverno
+    generate:
+      synchronize: true
+      apiVersion: v1
+      kind: Secret
+      name: supersecret
+      namespace: "{{request.object.metadata.name}}"
+      data:
+        kind: Secret
+        type: Opaque
+        metadata:
+          labels:
+            somekey: somesecretvalue
+        data:
+          mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy-ready.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy-ready.yaml
@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cpol-data-sync-to-nosync-delete-rule
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy.yaml
@ -0,0 +1,63 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cpol-data-sync-to-nosync-delete-rule
+spec:
+  generateExisting: false
+  rules:
+  - name: k-kafka-address
+    match:
+      any:
+      - resources:
+          kinds:
+          - Namespace
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - kube-system
+          - default
+          - kube-public
+          - kyverno
+    generate:
+      synchronize: true
+      apiVersion: v1
+      kind: ConfigMap
+      name: zk-kafka-address
+      namespace: "{{request.object.metadata.name}}"
+      data:
+        kind: ConfigMap
+        metadata:
+          labels:
+            somekey: somevalue
+        data:
+          ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181"
+          KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092"
+  - name: super-secret
+    match:
+      any:
+      - resources:
+          kinds:
+          - Namespace
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - kube-system
+          - default
+          - kube-public
+          - kyverno
+    generate:
+      synchronize: true
+      apiVersion: v1
+      kind: Secret
+      name: supersecret
+      namespace: "{{request.object.metadata.name}}"
+      data:
+        kind: Secret
+        type: Opaque
+        metadata:
+          labels:
+            somekey: somesecretvalue
+        data:
+          mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl
--- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/secret.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/secret.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl
+kind: Secret
+metadata:
+  labels:
+    somekey: somesecretvalue
+  name: supersecret
+  namespace: cpol-data-sync-to-nosync-delete-rule-ns
+type: Opaque