test-cases for wildcard match label selector (#3165)

2025-03-29 10:55:05 +00:00 · 2022-02-04 09:15:40 +05:30 · 2022-02-04 09:15:40 +05:30 · b3f702ba8d
commit b3f702ba8d
parent 11311a15df
3 changed files with 138 additions and 0 deletions
--- a/test/cli/test/wildcard_match_label_selector/kyverno-test.yaml
+++ b/test/cli/test/wildcard_match_label_selector/kyverno-test.yaml
@ -0,0 +1,31 @@
+name: wildcard-support-in-matchlabels
+policies:
+  -  policy.yaml
+resources:
+  -  resources.yaml
+results:
+  - policy: wildcard-support-in-matchlabels
+    rule: wildcard-label
+    resource: my-service-1
+    kind: Pod
+    result: pass
+  - policy: wildcard-support-in-matchlabels
+    rule: label-end-with-test
+    resource: my-service-2
+    kind: Pod
+    result: pass
+  - policy: wildcard-support-in-matchlabels
+    rule: label-end-with-test
+    resource: my-service-3
+    kind: Pod
+    result: skip
+  - policy: wildcard-support-in-matchlabels
+    rule: label-start-with-test
+    resource: my-service-4
+    kind: Pod
+    result: pass
+  - policy: wildcard-support-in-matchlabels
+    rule: label-start-with-test
+    resource: my-service-5
+    kind: Pod
+    result: skip
--- a/test/cli/test/wildcard_match_label_selector/policy.yaml
+++ b/test/cli/test/wildcard_match_label_selector/policy.yaml
@ -0,0 +1,50 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: wildcard-support-in-matchlabels
+spec:
+  validationFailureAction: enforce
+  background: false
+  rules:
+  - name: wildcard-label
+    match:
+      resources:
+        kinds:
+        - Pod
+        selector:
+          matchLabels:
+            protected: "*"
+    validate:
+      message: "Using a mutable image tag e.g. 'latest' is not allowed."
+      pattern:
+        spec:
+          containers:
+          - image: "!*:latest"
+  - name: label-end-with-test
+    match:
+      resources:
+        kinds:
+        - pod
+        selector:
+          matchLabels:
+            protected: "*-test"
+    validate:
+      message: "Using a mutable image tag e.g. 'latest' is not allowed."
+      pattern:
+        spec:
+          containers:
+          - image: "!*:latest"
+  - name: label-start-with-test
+    match:
+      resources:
+        kinds:
+        - pod
+        selector:
+          matchLabels:
+            protected: "test-*"
+    validate:
+      message: "Using a mutable image tag e.g. 'latest' is not allowed."
+      pattern:
+        spec:
+          containers:
+          - image: "!*:latest"
--- a/test/cli/test/wildcard_match_label_selector/resources.yaml
+++ b/test/cli/test/wildcard_match_label_selector/resources.yaml
@ -0,0 +1,57 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-service-1
+  labels:
+    protected: "true"
+spec: 
+  containers:
+  - name: nginx
+    image: nginx
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-service-2
+  labels:
+    protected: "label-test"
+spec: 
+  containers:
+  - name: nginx
+    image: nginx
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-service-3
+  labels:
+    protected: "label-fail"
+spec: 
+  containers:
+  - name: nginx
+    image: nginx
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-service-4
+  labels:
+    protected: "test-label"
+spec: 
+  containers:
+  - name: nginx
+    image: nginx
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-service-5
+  labels:
+    protected: "fail-label"
+spec: 
+  containers:
+  - name: nginx
+    image: nginx