mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
fix: kyverno test generated resource inconsistency (#8189)
* fix: kyverno test renerated resource inconsistency Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unit test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
parent
4317519c81
commit
acf1192599
4 changed files with 106 additions and 20 deletions
1
Makefile
1
Makefile
|
@ -728,7 +728,6 @@ test-cli-registry: $(CLI_BIN)
|
||||||
test-cli-scenarios-to-cli: $(CLI_BIN)
|
test-cli-scenarios-to-cli: $(CLI_BIN)
|
||||||
@$(CLI_BIN) test ./test/cli/scenarios_to_cli --registry
|
@$(CLI_BIN) test ./test/cli/scenarios_to_cli --registry
|
||||||
|
|
||||||
|
|
||||||
#############
|
#############
|
||||||
# HELM TEST #
|
# HELM TEST #
|
||||||
#############
|
#############
|
||||||
|
|
|
@ -602,34 +602,28 @@ func isNamespacedPolicy(policyNames string) (bool, error) {
|
||||||
|
|
||||||
// getAndCompareResource --> Get the patchedResource or generatedResource from the path provided by user
|
// getAndCompareResource --> Get the patchedResource or generatedResource from the path provided by user
|
||||||
// And compare this resource with engine generated resource.
|
// And compare this resource with engine generated resource.
|
||||||
func getAndCompareResource(path string, engineResource unstructured.Unstructured, isGit bool, policyResourcePath string, fs billy.Filesystem, isGenerate bool) string {
|
func getAndCompareResource(path string, actualResource unstructured.Unstructured, isGit bool, policyResourcePath string, fs billy.Filesystem, isGenerate bool) string {
|
||||||
var status string
|
var status string
|
||||||
resourceType := "patchedResource"
|
resourceType := "patchedResource"
|
||||||
if isGenerate {
|
if isGenerate {
|
||||||
resourceType = "generatedResource"
|
resourceType = "generatedResource"
|
||||||
}
|
}
|
||||||
userResource, err := common.GetResourceFromPath(fs, path, isGit, policyResourcePath, resourceType)
|
expectedResource, err := common.GetResourceFromPath(fs, path, isGit, policyResourcePath, resourceType)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Printf("Error: failed to load resources (%s)", err)
|
fmt.Printf("Error: failed to load resources (%s)", err)
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
if isGenerate {
|
if isGenerate {
|
||||||
matched, err := generate.ValidateResourceWithPattern(log.Log, engineResource.UnstructuredContent(), userResource.UnstructuredContent())
|
unstructuredutils.FixupGenerateLabels(actualResource)
|
||||||
if err != nil {
|
unstructuredutils.FixupGenerateLabels(expectedResource)
|
||||||
log.Log.V(3).Info("generatedResource mismatch", "error", err.Error())
|
}
|
||||||
|
equals, err := unstructuredutils.Compare(actualResource, expectedResource, true)
|
||||||
|
if err == nil {
|
||||||
|
if !equals {
|
||||||
status = "fail"
|
status = "fail"
|
||||||
} else if matched == "" {
|
} else {
|
||||||
status = "pass"
|
status = "pass"
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
equals, err := unstructuredutils.Compare(engineResource, userResource, true)
|
|
||||||
if err == nil {
|
|
||||||
if !equals {
|
|
||||||
status = "fail"
|
|
||||||
} else {
|
|
||||||
status = "pass"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return status
|
return status
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
package unstructured
|
package unstructured
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"strings"
|
||||||
|
|
||||||
jsonpatch "github.com/evanphx/json-patch/v5"
|
jsonpatch "github.com/evanphx/json-patch/v5"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
)
|
)
|
||||||
|
@ -45,16 +47,30 @@ func Tidy(obj unstructured.Unstructured) unstructured.Unstructured {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func Compare(a, b unstructured.Unstructured, tidy bool) (bool, error) {
|
func FixupGenerateLabels(obj unstructured.Unstructured) {
|
||||||
|
tidy := map[string]string{
|
||||||
|
"app.kubernetes.io/managed-by": "kyverno",
|
||||||
|
}
|
||||||
|
if labels := obj.GetLabels(); labels != nil {
|
||||||
|
for k, v := range labels {
|
||||||
|
if !strings.HasPrefix(k, "generate.kyverno.io/") {
|
||||||
|
tidy[k] = v
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
obj.SetLabels(tidy)
|
||||||
|
}
|
||||||
|
|
||||||
|
func Compare(a, e unstructured.Unstructured, tidy bool) (bool, error) {
|
||||||
if tidy {
|
if tidy {
|
||||||
a = Tidy(a)
|
a = Tidy(a)
|
||||||
b = Tidy(b)
|
e = Tidy(e)
|
||||||
}
|
}
|
||||||
expected, err := a.MarshalJSON()
|
actual, err := a.MarshalJSON()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
actual, err := b.MarshalJSON()
|
expected, err := e.MarshalJSON()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -184,3 +184,80 @@ func TestCompare(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestFixupGenerateLabels(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
obj unstructured.Unstructured
|
||||||
|
want unstructured.Unstructured
|
||||||
|
}{{
|
||||||
|
name: "not set",
|
||||||
|
}, {
|
||||||
|
name: "empty",
|
||||||
|
obj: unstructured.Unstructured{Object: map[string]interface{}{}},
|
||||||
|
want: unstructured.Unstructured{Object: map[string]interface{}{
|
||||||
|
"metadata": map[string]interface{}{
|
||||||
|
"labels": map[string]interface{}{
|
||||||
|
"app.kubernetes.io/managed-by": "kyverno",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}},
|
||||||
|
}, {
|
||||||
|
name: "with label",
|
||||||
|
obj: unstructured.Unstructured{
|
||||||
|
Object: map[string]interface{}{
|
||||||
|
"metadata": map[string]interface{}{
|
||||||
|
"labels": map[string]interface{}{
|
||||||
|
"app.kubernetes.io/managed-by": "kyverno",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
want: unstructured.Unstructured{
|
||||||
|
Object: map[string]interface{}{
|
||||||
|
"metadata": map[string]interface{}{
|
||||||
|
"labels": map[string]interface{}{
|
||||||
|
"app.kubernetes.io/managed-by": "kyverno",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}, {
|
||||||
|
name: "with generate labels",
|
||||||
|
obj: unstructured.Unstructured{
|
||||||
|
Object: map[string]interface{}{
|
||||||
|
"metadata": map[string]interface{}{
|
||||||
|
"labels": map[string]interface{}{
|
||||||
|
"foo": "bar",
|
||||||
|
"generate.kyverno.io/policy-name": "add-networkpolicy",
|
||||||
|
"generate.kyverno.io/policy-namespace": "",
|
||||||
|
"generate.kyverno.io/rule-name": "default-deny",
|
||||||
|
"generate.kyverno.io/trigger-group": "",
|
||||||
|
"generate.kyverno.io/trigger-kind": "Namespace",
|
||||||
|
"generate.kyverno.io/trigger-name": "hello-world-namespace",
|
||||||
|
"generate.kyverno.io/trigger-namespace": "default",
|
||||||
|
"generate.kyverno.io/trigger-version": "v1",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
want: unstructured.Unstructured{
|
||||||
|
Object: map[string]interface{}{
|
||||||
|
"metadata": map[string]interface{}{
|
||||||
|
"labels": map[string]interface{}{
|
||||||
|
"app.kubernetes.io/managed-by": "kyverno",
|
||||||
|
"foo": "bar",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
FixupGenerateLabels(tt.obj)
|
||||||
|
if !reflect.DeepEqual(tt.obj, tt.want) {
|
||||||
|
t.Errorf("FixupGenerateLabels() = %v, want %v", tt.obj, tt.want)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue