From bec56323448e052681aa8e7fa8816ee07d2d7681 Mon Sep 17 00:00:00 2001
From: Sachin Maurya <57769917+slayer321@users.noreply.github.com>
Date: Sat, 8 Oct 2022 20:27:41 +0530
Subject: [PATCH] e2e test for mutate policy (#3383)

Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>

Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>
---
 test/e2e/mutate/config.go      | 10 +++++++
 test/e2e/mutate/mutate_test.go |  2 +-
 test/e2e/mutate/resources.go   | 50 ++++++++++++++++++++++++++++++++++
 3 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/test/e2e/mutate/config.go b/test/e2e/mutate/config.go
index 1824523f8e..47eb93fecf 100644
--- a/test/e2e/mutate/config.go
+++ b/test/e2e/mutate/config.go
@@ -108,6 +108,16 @@ var tests = []struct {
 		ResourceRaw:        kyverno_2971_resource,
 		ExpectedPatternRaw: kyverno_2971_pattern,
 	},
+	{
+		TestDescription:    "checks if the imagePullSecrets is set or not",
+		PolicyName:         "set-image-pull-secret",
+		PolicyRaw:          setImagePullSecret,
+		ResourceName:       "nginx",
+		ResourceNamespace:  "test-run",
+		ResourceGVR:        podGVR,
+		ResourceRaw:        podWithNoSecrets,
+		ExpectedPatternRaw: podWithNoSecretPattern,
+	},
 	{
 		TestDescription:    "checks the global anchor variables for emptyDir",
 		PolicyName:         "add-safe-to-evict",
diff --git a/test/e2e/mutate/mutate_test.go b/test/e2e/mutate/mutate_test.go
index 6bcb841467..6396b0a991 100644
--- a/test/e2e/mutate/mutate_test.go
+++ b/test/e2e/mutate/mutate_test.go
@@ -112,7 +112,7 @@ func Test_Mutate_Sets(t *testing.T) {
 		Expect(err).NotTo(HaveOccurred())
 		Expect(cmRes.GetLabels()["kyverno.key/copy-me"]).To(Equal("sample-value"))
 
-		//CleanUp Resources
+		// CleanUp Resources
 		e2eClient.CleanClusterPolicies(policyGVR)
 
 		// Clear Namespace
diff --git a/test/e2e/mutate/resources.go b/test/e2e/mutate/resources.go
index c8816d5db3..51a091f066 100644
--- a/test/e2e/mutate/resources.go
+++ b/test/e2e/mutate/resources.go
@@ -625,6 +625,56 @@ spec:
               <(path): "*"
 `)
 
+var setImagePullSecret = []byte(`
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: set-image-pull-secret
+spec:
+  background: false
+  rules:
+  - name: set-image-pull-secret
+    match:
+      resources:
+        kinds:
+          - Pod
+    mutate:
+      patchStrategicMerge:
+        spec:
+          containers:
+            # match images that are from our registry
+            - <(image): "registry.corp.com/*"
+              # set the imagePullSecrets
+          imagePullSecrets:
+            - name: regcred
+`)
+
+var podWithNoSecrets = []byte(`
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+  namespace: test-run
+spec:
+  containers:
+  - name: nginx
+    image: registry.corp.com/nginx:1.14.2
+`)
+
+var podWithNoSecretPattern = []byte(`
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+  namespace: test-run
+spec:
+  containers:
+  - name: nginx
+    image: registry.corp.com/nginx:1.14.2
+  imagePullSecrets:
+    - name: regcred
+`)
+
 var podWithEmptyDirAsVolume = []byte(`
 apiVersion: v1
 kind: Pod