From a61dac613b04e946f156fa0836f812c28bc1c73f Mon Sep 17 00:00:00 2001 From: shuting Date: Fri, 10 Mar 2023 20:55:33 +0800 Subject: [PATCH] add a kuttl test cpol-data-sync-to-nosync-delete-rule (#6529) Signed-off-by: ShutingZhao --- .../01-clusterpolicy.yaml | 6 ++ .../02-ns.yaml | 4 ++ .../03-check.yaml | 5 ++ .../04-update-sync.yaml | 63 +++++++++++++++++++ .../05-delete-rule.yaml | 6 ++ .../06-sleep.yaml | 5 ++ .../07-checks.yaml | 6 ++ .../README.md | 10 +++ .../configmap.yaml | 10 +++ .../delete-rule.yaml | 35 +++++++++++ .../policy-ready.yaml | 9 +++ .../policy.yaml | 63 +++++++++++++++++++ .../secret.yaml | 10 +++ 13 files changed, 232 insertions(+) create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/01-clusterpolicy.yaml create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/02-ns.yaml create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/03-check.yaml create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/04-update-sync.yaml create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/05-delete-rule.yaml create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/06-sleep.yaml create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/07-checks.yaml create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/README.md create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/configmap.yaml create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/delete-rule.yaml create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy-ready.yaml create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy.yaml create mode 100644 test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/secret.yaml diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/01-clusterpolicy.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/01-clusterpolicy.yaml new file mode 100644 index 0000000000..f3857739b0 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/01-clusterpolicy.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- policy.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/02-ns.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/02-ns.yaml new file mode 100644 index 0000000000..001a9cb097 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/02-ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-to-nosync-delete-rule-ns \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/03-check.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/03-check.yaml new file mode 100644 index 0000000000..fe3c44bda5 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/03-check.yaml @@ -0,0 +1,5 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +assert: +- secret.yaml +- configmap.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/04-update-sync.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/04-update-sync.yaml new file mode 100644 index 0000000000..efe056725c --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/04-update-sync.yaml @@ -0,0 +1,63 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-to-nosync-delete-rule +spec: + generateExisting: false + rules: + - name: k-kafka-address + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: false + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: "{{request.object.metadata.name}}" + data: + kind: ConfigMap + metadata: + labels: + somekey: somevalue + data: + ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" + KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + - name: super-secret + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: true + apiVersion: v1 + kind: Secret + name: supersecret + namespace: "{{request.object.metadata.name}}" + data: + kind: Secret + type: Opaque + metadata: + labels: + somekey: somesecretvalue + data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/05-delete-rule.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/05-delete-rule.yaml new file mode 100644 index 0000000000..df1d76e6be --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/05-delete-rule.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- delete-rule.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/06-sleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/06-sleep.yaml new file mode 100644 index 0000000000..3bba5572a2 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/06-sleep.yaml @@ -0,0 +1,5 @@ +# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 3 diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/07-checks.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/07-checks.yaml new file mode 100644 index 0000000000..103e2e669d --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/07-checks.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +assert: +- secret.yaml +- configmap.yaml diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/README.md b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/README.md new file mode 100644 index 0000000000..80d73af201 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/README.md @@ -0,0 +1,10 @@ +## Description + +This test checks to ensure that deletion of a rule in a ClusterPolicy generate rule, data declaration, with sync disabled, does not result in the downstream resource's deletion. + +## Expected Behavior + +The downstream (generated) resource is expected to remain if the corresponding rule within a ClusterPolicy is deleted. If it is not deleted, the test passes. If it is deleted, the test fails. + +## Reference Issue(s) + diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/configmap.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/configmap.yaml new file mode 100644 index 0000000000..aae2b42313 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-to-nosync-delete-rule-ns \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/delete-rule.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/delete-rule.yaml new file mode 100644 index 0000000000..d24c7e4397 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/delete-rule.yaml @@ -0,0 +1,35 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: multiple-gens +spec: + generateExisting: false + rules: + - name: super-secret + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: true + apiVersion: v1 + kind: Secret + name: supersecret + namespace: "{{request.object.metadata.name}}" + data: + kind: Secret + type: Opaque + metadata: + labels: + somekey: somesecretvalue + data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy-ready.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy-ready.yaml new file mode 100644 index 0000000000..d6a7219a7b --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy-ready.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-to-nosync-delete-rule +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy.yaml new file mode 100644 index 0000000000..b2cb12d617 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/policy.yaml @@ -0,0 +1,63 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-to-nosync-delete-rule +spec: + generateExisting: false + rules: + - name: k-kafka-address + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: true + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: "{{request.object.metadata.name}}" + data: + kind: ConfigMap + metadata: + labels: + somekey: somevalue + data: + ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" + KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + - name: super-secret + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - default + - kube-public + - kyverno + generate: + synchronize: true + apiVersion: v1 + kind: Secret + name: supersecret + namespace: "{{request.object.metadata.name}}" + data: + kind: Secret + type: Opaque + metadata: + labels: + somekey: somesecretvalue + data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl \ No newline at end of file diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/secret.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/secret.yaml new file mode 100644 index 0000000000..611a54d4d5 --- /dev/null +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl +kind: Secret +metadata: + labels: + somekey: somesecretvalue + name: supersecret + namespace: cpol-data-sync-to-nosync-delete-rule-ns +type: Opaque \ No newline at end of file