1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

feat: add chainsaw tests for global context crd validation (#9628)

* feat: add chainsaw tests for global context crd validation

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add globalcontext to standard conformance action

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: overlapping names

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
This commit is contained in:
Vishal Choudhary 2024-02-04 22:45:55 +05:30 committed by GitHub
parent 63b03a8442
commit b5b925bf78
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 110 additions and 27 deletions

View file

@ -7,8 +7,8 @@ permissions: {}
on:
pull_request:
branches:
- 'main'
- 'release*'
- "main"
- "release*"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
@ -104,6 +104,7 @@ jobs:
- ^generate$/^clusterpolicy$
- ^generate$/^policy$
- ^generate$/^validation$
- ^globalcontext$
- ^mutate$
- ^policy-validation$
- ^rangeoperators$
@ -645,7 +646,7 @@ jobs:
with:
version: main
k8s-version: ${{ matrix.k8s-version.version }}
knative-version: '1.10.0'
knative-version: "1.10.0"
- name: Create TUF values config map
run: |
set -e
@ -969,37 +970,37 @@ jobs:
conformance-required-success:
name: conformance-required
needs:
- standard
- ttl
- force-failure-policy-ignore
- validatingadmissionpolicies-v1alpha1
- k8s-version-specific-tests-above-1-28
- validatingadmissionpolicies-reports-v1alpha1
- validatingadmissionpolicies-reports-v1beta1
- custom-sigstore
- default
- monitor-helm-secret-size
- check-tests
- standard
- ttl
- force-failure-policy-ignore
- validatingadmissionpolicies-v1alpha1
- k8s-version-specific-tests-above-1-28
- validatingadmissionpolicies-reports-v1alpha1
- validatingadmissionpolicies-reports-v1beta1
- custom-sigstore
- default
- monitor-helm-secret-size
- check-tests
runs-on: ubuntu-latest
if: ${{ success() }}
steps:
- run: ${{ true }}
- run: ${{ true }}
conformance-required-failure:
name: conformance-required
needs:
- standard
- ttl
- force-failure-policy-ignore
- validatingadmissionpolicies-v1alpha1
- k8s-version-specific-tests-above-1-28
- validatingadmissionpolicies-reports-v1alpha1
- validatingadmissionpolicies-reports-v1beta1
- custom-sigstore
- default
- monitor-helm-secret-size
- check-tests
- standard
- ttl
- force-failure-policy-ignore
- validatingadmissionpolicies-v1alpha1
- k8s-version-specific-tests-above-1-28
- validatingadmissionpolicies-reports-v1alpha1
- validatingadmissionpolicies-reports-v1beta1
- custom-sigstore
- default
- monitor-helm-secret-size
- check-tests
runs-on: ubuntu-latest
if: ${{ failure() || cancelled() }}
steps:
- run: ${{ false }}
- run: ${{ false }}

View file

@ -0,0 +1,10 @@
## Description
This test creates the following global context entries:
1. A valid global context entry.
2. A context entry with both `kubernetesResource` and `apiCall`.
3. A context entry with neither `kubernetesResource` nor `apiCall`.
## Expected Behavior
1st global context entry should get created, 2nd and 3rd entries should return an error.

View file

@ -0,0 +1,28 @@
---
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
creationTimestamp: null
name: validate-global-context-crd
spec:
steps:
- name: step-01
try:
- apply:
file: valid-context.yaml
- assert:
file: valid-context-assert.yaml
- name: step-02
try:
- apply:
file: multiple-resources.yaml
expect:
- check:
($error != null): true
- name: step-03
try:
- apply:
file: no-resource.yaml
expect:
- check:
($error != null): true

View file

@ -0,0 +1,19 @@
---
apiVersion: kyverno.io/v2alpha1
kind: GlobalContextEntry
metadata:
name: ingress-2
spec:
apiCall:
service:
url: https://svc.kyverno/example
caBundle: |-
-----BEGIN CERTIFICATE-----
-----REDACTED-----
-----END CERTIFICATE-----
refreshInterval: 10ns
kubernetesResource:
group: apis/networking.k8s.io
version: v1
resource: ingresses
namespace: apps

View file

@ -0,0 +1,6 @@
---
apiVersion: kyverno.io/v2alpha1
kind: GlobalContextEntry
metadata:
name: ingress-3
spec: {}

View file

@ -0,0 +1,5 @@
---
apiVersion: kyverno.io/v2alpha1
kind: GlobalContextEntry
metadata:
name: ingress-1

View file

@ -0,0 +1,14 @@
---
apiVersion: kyverno.io/v2alpha1
kind: GlobalContextEntry
metadata:
name: ingress-1
spec:
apiCall:
service:
url: https://svc.kyverno/example
caBundle: |-
-----BEGIN CERTIFICATE-----
-----REDACTED-----
-----END CERTIFICATE-----
refreshInterval: 10ns