From a7900ff40cd129efed0f1a2f7d900936e9dbd41a Mon Sep 17 00:00:00 2001 From: shuting Date: Wed, 3 May 2023 18:33:29 +0800 Subject: [PATCH] require generate.apiVersion (#7080) Signed-off-by: ShutingZhao --- pkg/policy/generate/validate.go | 5 ++++- pkg/policy/generate/validate_test.go | 6 +++--- .../clone-role-and-rolebinding/01-manifests.yaml | 2 ++ .../cornercases/data-role-and-rolebinding/01-manifests.yaml | 2 ++ 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/pkg/policy/generate/validate.go b/pkg/policy/generate/validate.go index f54076a74c..010c8d63b4 100644 --- a/pkg/policy/generate/validate.go +++ b/pkg/policy/generate/validate.go @@ -46,7 +46,7 @@ func (g *Generate) Validate(ctx context.Context) (string, error) { return "", fmt.Errorf("only one of clone or cloneList can be specified") } - kind, name, namespace := rule.Kind, rule.Name, rule.Namespace + apiVersion, kind, name, namespace := rule.ResourceSpec.GetAPIVersion(), rule.ResourceSpec.GetKind(), rule.ResourceSpec.GetName(), rule.ResourceSpec.GetNamespace() if len(rule.CloneList.Kinds) == 0 { if name == "" { @@ -55,6 +55,9 @@ func (g *Generate) Validate(ctx context.Context) (string, error) { if kind == "" { return "kind", fmt.Errorf("kind cannot be empty") } + if apiVersion == "" { + return "apiVersion", fmt.Errorf("apiVersion cannot be empty") + } } else { if name != "" { return "name", fmt.Errorf("with cloneList, generate.name. should not be specified") diff --git a/pkg/policy/generate/validate_test.go b/pkg/policy/generate/validate_test.go index c1a7484e74..3b2a13a2d5 100644 --- a/pkg/policy/generate/validate_test.go +++ b/pkg/policy/generate/validate_test.go @@ -35,9 +35,9 @@ func Test_Validate_Generate(t *testing.T) { err := json.Unmarshal(rawGenerate, &genRule) assert.NilError(t, err) checker := NewFakeGenerate(genRule) - if _, err := checker.Validate(context.TODO()); err != nil { - assert.Assert(t, err != nil) - } + _, err = checker.Validate(context.TODO()) + t.Log(err) + assert.Assert(t, err != nil) } func Test_Validate_Generate_HasAnchors(t *testing.T) { diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/01-manifests.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/01-manifests.yaml index f13d131c34..fd7e27fc14 100644 --- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/01-manifests.yaml +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/01-manifests.yaml @@ -38,6 +38,7 @@ spec: generate: kind: Role name: ns-role + apiVersion: rbac.authorization.k8s.io/v1 namespace: "{{request.object.metadata.name}}" synchronize: true clone: @@ -52,6 +53,7 @@ spec: generate: kind: RoleBinding name: ns-role-binding + apiVersion: rbac.authorization.k8s.io/v1 namespace: "{{request.object.metadata.name}}" synchronize: true clone: diff --git a/test/conformance/kuttl/generate/clusterpolicy/cornercases/data-role-and-rolebinding/01-manifests.yaml b/test/conformance/kuttl/generate/clusterpolicy/cornercases/data-role-and-rolebinding/01-manifests.yaml index c09729c4a1..63801108fa 100644 --- a/test/conformance/kuttl/generate/clusterpolicy/cornercases/data-role-and-rolebinding/01-manifests.yaml +++ b/test/conformance/kuttl/generate/clusterpolicy/cornercases/data-role-and-rolebinding/01-manifests.yaml @@ -14,6 +14,7 @@ spec: generate: kind: Role name: ns-role + apiVersion: rbac.authorization.k8s.io/v1 namespace: "{{request.object.metadata.name}}" synchronize: true data: @@ -30,6 +31,7 @@ spec: generate: kind: RoleBinding name: ns-role-binding + apiVersion: rbac.authorization.k8s.io/v1 namespace: "{{request.object.metadata.name}}" synchronize: true data: