mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
feat: add chainsaw tests for global context crd validation (#9628)
* feat: add chainsaw tests for global context crd validation Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add globalcontext to standard conformance action Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: overlapping names Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
This commit is contained in:
parent
63b03a8442
commit
b5b925bf78
7 changed files with 110 additions and 27 deletions
55
.github/workflows/conformance.yaml
vendored
55
.github/workflows/conformance.yaml
vendored
|
@ -7,8 +7,8 @@ permissions: {}
|
|||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- 'main'
|
||||
- 'release*'
|
||||
- "main"
|
||||
- "release*"
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
|
@ -104,6 +104,7 @@ jobs:
|
|||
- ^generate$/^clusterpolicy$
|
||||
- ^generate$/^policy$
|
||||
- ^generate$/^validation$
|
||||
- ^globalcontext$
|
||||
- ^mutate$
|
||||
- ^policy-validation$
|
||||
- ^rangeoperators$
|
||||
|
@ -645,7 +646,7 @@ jobs:
|
|||
with:
|
||||
version: main
|
||||
k8s-version: ${{ matrix.k8s-version.version }}
|
||||
knative-version: '1.10.0'
|
||||
knative-version: "1.10.0"
|
||||
- name: Create TUF values config map
|
||||
run: |
|
||||
set -e
|
||||
|
@ -969,37 +970,37 @@ jobs:
|
|||
conformance-required-success:
|
||||
name: conformance-required
|
||||
needs:
|
||||
- standard
|
||||
- ttl
|
||||
- force-failure-policy-ignore
|
||||
- validatingadmissionpolicies-v1alpha1
|
||||
- k8s-version-specific-tests-above-1-28
|
||||
- validatingadmissionpolicies-reports-v1alpha1
|
||||
- validatingadmissionpolicies-reports-v1beta1
|
||||
- custom-sigstore
|
||||
- default
|
||||
- monitor-helm-secret-size
|
||||
- check-tests
|
||||
- standard
|
||||
- ttl
|
||||
- force-failure-policy-ignore
|
||||
- validatingadmissionpolicies-v1alpha1
|
||||
- k8s-version-specific-tests-above-1-28
|
||||
- validatingadmissionpolicies-reports-v1alpha1
|
||||
- validatingadmissionpolicies-reports-v1beta1
|
||||
- custom-sigstore
|
||||
- default
|
||||
- monitor-helm-secret-size
|
||||
- check-tests
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ success() }}
|
||||
steps:
|
||||
- run: ${{ true }}
|
||||
- run: ${{ true }}
|
||||
|
||||
conformance-required-failure:
|
||||
name: conformance-required
|
||||
needs:
|
||||
- standard
|
||||
- ttl
|
||||
- force-failure-policy-ignore
|
||||
- validatingadmissionpolicies-v1alpha1
|
||||
- k8s-version-specific-tests-above-1-28
|
||||
- validatingadmissionpolicies-reports-v1alpha1
|
||||
- validatingadmissionpolicies-reports-v1beta1
|
||||
- custom-sigstore
|
||||
- default
|
||||
- monitor-helm-secret-size
|
||||
- check-tests
|
||||
- standard
|
||||
- ttl
|
||||
- force-failure-policy-ignore
|
||||
- validatingadmissionpolicies-v1alpha1
|
||||
- k8s-version-specific-tests-above-1-28
|
||||
- validatingadmissionpolicies-reports-v1alpha1
|
||||
- validatingadmissionpolicies-reports-v1beta1
|
||||
- custom-sigstore
|
||||
- default
|
||||
- monitor-helm-secret-size
|
||||
- check-tests
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ failure() || cancelled() }}
|
||||
steps:
|
||||
- run: ${{ false }}
|
||||
- run: ${{ false }}
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
## Description
|
||||
|
||||
This test creates the following global context entries:
|
||||
1. A valid global context entry.
|
||||
2. A context entry with both `kubernetesResource` and `apiCall`.
|
||||
3. A context entry with neither `kubernetesResource` nor `apiCall`.
|
||||
|
||||
## Expected Behavior
|
||||
|
||||
1st global context entry should get created, 2nd and 3rd entries should return an error.
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validate-global-context-crd
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: valid-context.yaml
|
||||
- assert:
|
||||
file: valid-context-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- apply:
|
||||
file: multiple-resources.yaml
|
||||
expect:
|
||||
- check:
|
||||
($error != null): true
|
||||
- name: step-03
|
||||
try:
|
||||
- apply:
|
||||
file: no-resource.yaml
|
||||
expect:
|
||||
- check:
|
||||
($error != null): true
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
apiVersion: kyverno.io/v2alpha1
|
||||
kind: GlobalContextEntry
|
||||
metadata:
|
||||
name: ingress-2
|
||||
spec:
|
||||
apiCall:
|
||||
service:
|
||||
url: https://svc.kyverno/example
|
||||
caBundle: |-
|
||||
-----BEGIN CERTIFICATE-----
|
||||
-----REDACTED-----
|
||||
-----END CERTIFICATE-----
|
||||
refreshInterval: 10ns
|
||||
kubernetesResource:
|
||||
group: apis/networking.k8s.io
|
||||
version: v1
|
||||
resource: ingresses
|
||||
namespace: apps
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
apiVersion: kyverno.io/v2alpha1
|
||||
kind: GlobalContextEntry
|
||||
metadata:
|
||||
name: ingress-3
|
||||
spec: {}
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
apiVersion: kyverno.io/v2alpha1
|
||||
kind: GlobalContextEntry
|
||||
metadata:
|
||||
name: ingress-1
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
apiVersion: kyverno.io/v2alpha1
|
||||
kind: GlobalContextEntry
|
||||
metadata:
|
||||
name: ingress-1
|
||||
spec:
|
||||
apiCall:
|
||||
service:
|
||||
url: https://svc.kyverno/example
|
||||
caBundle: |-
|
||||
-----BEGIN CERTIFICATE-----
|
||||
-----REDACTED-----
|
||||
-----END CERTIFICATE-----
|
||||
refreshInterval: 10ns
|
Loading…
Reference in a new issue