From b5b925bf7861f51c70ab726a9dfa44488205d9c1 Mon Sep 17 00:00:00 2001 From: Vishal Choudhary Date: Sun, 4 Feb 2024 22:45:55 +0530 Subject: [PATCH] feat: add chainsaw tests for global context crd validation (#9628) * feat: add chainsaw tests for global context crd validation Signed-off-by: Vishal Choudhary * feat: add globalcontext to standard conformance action Signed-off-by: Vishal Choudhary * fix: overlapping names Signed-off-by: Vishal Choudhary --------- Signed-off-by: Vishal Choudhary --- .github/workflows/conformance.yaml | 55 ++++++++++--------- .../globalcontext/validate-crd/README.md | 10 ++++ .../validate-crd/chainsaw-test.yaml | 28 ++++++++++ .../validate-crd/multiple-resources.yaml | 19 +++++++ .../validate-crd/no-resource.yaml | 6 ++ .../validate-crd/valid-context-assert.yaml | 5 ++ .../validate-crd/valid-context.yaml | 14 +++++ 7 files changed, 110 insertions(+), 27 deletions(-) create mode 100644 test/conformance/chainsaw/globalcontext/validate-crd/README.md create mode 100644 test/conformance/chainsaw/globalcontext/validate-crd/chainsaw-test.yaml create mode 100644 test/conformance/chainsaw/globalcontext/validate-crd/multiple-resources.yaml create mode 100644 test/conformance/chainsaw/globalcontext/validate-crd/no-resource.yaml create mode 100644 test/conformance/chainsaw/globalcontext/validate-crd/valid-context-assert.yaml create mode 100644 test/conformance/chainsaw/globalcontext/validate-crd/valid-context.yaml diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml index db02140e74..38adf6373a 100644 --- a/.github/workflows/conformance.yaml +++ b/.github/workflows/conformance.yaml @@ -7,8 +7,8 @@ permissions: {} on: pull_request: branches: - - 'main' - - 'release*' + - "main" + - "release*" concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -104,6 +104,7 @@ jobs: - ^generate$/^clusterpolicy$ - ^generate$/^policy$ - ^generate$/^validation$ + - ^globalcontext$ - ^mutate$ - ^policy-validation$ - ^rangeoperators$ @@ -645,7 +646,7 @@ jobs: with: version: main k8s-version: ${{ matrix.k8s-version.version }} - knative-version: '1.10.0' + knative-version: "1.10.0" - name: Create TUF values config map run: | set -e @@ -969,37 +970,37 @@ jobs: conformance-required-success: name: conformance-required needs: - - standard - - ttl - - force-failure-policy-ignore - - validatingadmissionpolicies-v1alpha1 - - k8s-version-specific-tests-above-1-28 - - validatingadmissionpolicies-reports-v1alpha1 - - validatingadmissionpolicies-reports-v1beta1 - - custom-sigstore - - default - - monitor-helm-secret-size - - check-tests + - standard + - ttl + - force-failure-policy-ignore + - validatingadmissionpolicies-v1alpha1 + - k8s-version-specific-tests-above-1-28 + - validatingadmissionpolicies-reports-v1alpha1 + - validatingadmissionpolicies-reports-v1beta1 + - custom-sigstore + - default + - monitor-helm-secret-size + - check-tests runs-on: ubuntu-latest if: ${{ success() }} steps: - - run: ${{ true }} + - run: ${{ true }} conformance-required-failure: name: conformance-required needs: - - standard - - ttl - - force-failure-policy-ignore - - validatingadmissionpolicies-v1alpha1 - - k8s-version-specific-tests-above-1-28 - - validatingadmissionpolicies-reports-v1alpha1 - - validatingadmissionpolicies-reports-v1beta1 - - custom-sigstore - - default - - monitor-helm-secret-size - - check-tests + - standard + - ttl + - force-failure-policy-ignore + - validatingadmissionpolicies-v1alpha1 + - k8s-version-specific-tests-above-1-28 + - validatingadmissionpolicies-reports-v1alpha1 + - validatingadmissionpolicies-reports-v1beta1 + - custom-sigstore + - default + - monitor-helm-secret-size + - check-tests runs-on: ubuntu-latest if: ${{ failure() || cancelled() }} steps: - - run: ${{ false }} + - run: ${{ false }} diff --git a/test/conformance/chainsaw/globalcontext/validate-crd/README.md b/test/conformance/chainsaw/globalcontext/validate-crd/README.md new file mode 100644 index 0000000000..ca7e379efa --- /dev/null +++ b/test/conformance/chainsaw/globalcontext/validate-crd/README.md @@ -0,0 +1,10 @@ +## Description + +This test creates the following global context entries: +1. A valid global context entry. +2. A context entry with both `kubernetesResource` and `apiCall`. +3. A context entry with neither `kubernetesResource` nor `apiCall`. + +## Expected Behavior + +1st global context entry should get created, 2nd and 3rd entries should return an error. diff --git a/test/conformance/chainsaw/globalcontext/validate-crd/chainsaw-test.yaml b/test/conformance/chainsaw/globalcontext/validate-crd/chainsaw-test.yaml new file mode 100644 index 0000000000..5bf31e1fef --- /dev/null +++ b/test/conformance/chainsaw/globalcontext/validate-crd/chainsaw-test.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: validate-global-context-crd +spec: + steps: + - name: step-01 + try: + - apply: + file: valid-context.yaml + - assert: + file: valid-context-assert.yaml + - name: step-02 + try: + - apply: + file: multiple-resources.yaml + expect: + - check: + ($error != null): true + - name: step-03 + try: + - apply: + file: no-resource.yaml + expect: + - check: + ($error != null): true diff --git a/test/conformance/chainsaw/globalcontext/validate-crd/multiple-resources.yaml b/test/conformance/chainsaw/globalcontext/validate-crd/multiple-resources.yaml new file mode 100644 index 0000000000..578d6a9898 --- /dev/null +++ b/test/conformance/chainsaw/globalcontext/validate-crd/multiple-resources.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: kyverno.io/v2alpha1 +kind: GlobalContextEntry +metadata: + name: ingress-2 +spec: + apiCall: + service: + url: https://svc.kyverno/example + caBundle: |- + -----BEGIN CERTIFICATE----- + -----REDACTED----- + -----END CERTIFICATE----- + refreshInterval: 10ns + kubernetesResource: + group: apis/networking.k8s.io + version: v1 + resource: ingresses + namespace: apps diff --git a/test/conformance/chainsaw/globalcontext/validate-crd/no-resource.yaml b/test/conformance/chainsaw/globalcontext/validate-crd/no-resource.yaml new file mode 100644 index 0000000000..7038ce42cd --- /dev/null +++ b/test/conformance/chainsaw/globalcontext/validate-crd/no-resource.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kyverno.io/v2alpha1 +kind: GlobalContextEntry +metadata: + name: ingress-3 +spec: {} diff --git a/test/conformance/chainsaw/globalcontext/validate-crd/valid-context-assert.yaml b/test/conformance/chainsaw/globalcontext/validate-crd/valid-context-assert.yaml new file mode 100644 index 0000000000..2f3a8fdb6f --- /dev/null +++ b/test/conformance/chainsaw/globalcontext/validate-crd/valid-context-assert.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kyverno.io/v2alpha1 +kind: GlobalContextEntry +metadata: + name: ingress-1 diff --git a/test/conformance/chainsaw/globalcontext/validate-crd/valid-context.yaml b/test/conformance/chainsaw/globalcontext/validate-crd/valid-context.yaml new file mode 100644 index 0000000000..140c37f0bb --- /dev/null +++ b/test/conformance/chainsaw/globalcontext/validate-crd/valid-context.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kyverno.io/v2alpha1 +kind: GlobalContextEntry +metadata: + name: ingress-1 +spec: + apiCall: + service: + url: https://svc.kyverno/example + caBundle: |- + -----BEGIN CERTIFICATE----- + -----REDACTED----- + -----END CERTIFICATE----- + refreshInterval: 10ns