From c24e25fb56c547705da75ca09753694255566221 Mon Sep 17 00:00:00 2001 From: shuting Date: Thu, 5 Jan 2023 22:38:23 +0800 Subject: [PATCH] fix cleanup var 'target.*' (#5888) Signed-off-by: ShutingZhao Signed-off-by: ShutingZhao --- .../handlers/cleanup/handlers.go | 2 +- pkg/validation/cleanuppolicy/validate.go | 2 +- .../clusterpolicy/cleanup-pod/00-assert.yaml | 5 +++ .../cleanup-pod/00-manifests.yaml | 36 +++++++++++++++++++ .../clusterpolicy/cleanup-pod/01-assert.yaml | 20 +++++++++++ .../clusterpolicy/cleanup-pod/01-policy.yaml | 20 +++++++++++ .../clusterpolicy/cleanup-pod/02-sleep.yaml | 5 +++ .../clusterpolicy/cleanup-pod/03-errors.yaml | 9 +++++ .../clusterpolicy/cleanup-pod/99-cleanup.yaml | 5 +++ .../clusterpolicy/cleanup-pod/README.md | 10 ++++++ .../cleanup/policy/cleanup-pod/00-assert.yaml | 5 +++ .../policy/cleanup-pod/00-manifests.yaml | 36 +++++++++++++++++++ .../cleanup/policy/cleanup-pod/01-assert.yaml | 17 +++++++++ .../cleanup/policy/cleanup-pod/01-policy.yaml | 18 ++++++++++ .../cleanup/policy/cleanup-pod/02-sleep.yaml | 5 +++ .../cleanup/policy/cleanup-pod/03-errors.yaml | 9 +++++ .../policy/cleanup-pod/99-cleanup.yaml | 5 +++ .../cleanup/policy/cleanup-pod/README.md | 10 ++++++ .../validation/cron-format}/00-assert.yaml | 4 +-- .../cron-format}/00-cleanuppolicy.yaml | 4 +-- .../validation/cron-format}/01-assert.yaml | 4 +-- .../cron-format}/01-clustercleanuppolicy.yaml | 4 +-- .../cron-format}/02-create-task.yaml | 0 .../cron-format}/badcleanuppolicy.yaml | 2 +- 24 files changed, 226 insertions(+), 11 deletions(-) create mode 100644 test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/00-assert.yaml create mode 100644 test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/00-manifests.yaml create mode 100644 test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/01-assert.yaml create mode 100644 test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/01-policy.yaml create mode 100644 test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/02-sleep.yaml create mode 100644 test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/03-errors.yaml create mode 100644 test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/99-cleanup.yaml create mode 100644 test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/README.md create mode 100644 test/conformance/kuttl/cleanup/policy/cleanup-pod/00-assert.yaml create mode 100644 test/conformance/kuttl/cleanup/policy/cleanup-pod/00-manifests.yaml create mode 100644 test/conformance/kuttl/cleanup/policy/cleanup-pod/01-assert.yaml create mode 100644 test/conformance/kuttl/cleanup/policy/cleanup-pod/01-policy.yaml create mode 100644 test/conformance/kuttl/cleanup/policy/cleanup-pod/02-sleep.yaml create mode 100644 test/conformance/kuttl/cleanup/policy/cleanup-pod/03-errors.yaml create mode 100644 test/conformance/kuttl/cleanup/policy/cleanup-pod/99-cleanup.yaml create mode 100644 test/conformance/kuttl/cleanup/policy/cleanup-pod/README.md rename test/conformance/kuttl/{validate/cleanuppolicy => cleanup/validation/cron-format}/00-assert.yaml (78%) rename test/conformance/kuttl/{validate/cleanuppolicy => cleanup/validation/cron-format}/00-cleanuppolicy.yaml (78%) rename test/conformance/kuttl/{validate/cleanuppolicy => cleanup/validation/cron-format}/01-assert.yaml (77%) rename test/conformance/kuttl/{validate/cleanuppolicy => cleanup/validation/cron-format}/01-clustercleanuppolicy.yaml (77%) rename test/conformance/kuttl/{validate/cleanuppolicy => cleanup/validation/cron-format}/02-create-task.yaml (100%) rename test/conformance/kuttl/{validate/cleanuppolicy => cleanup/validation/cron-format}/badcleanuppolicy.yaml (87%) diff --git a/cmd/cleanup-controller/handlers/cleanup/handlers.go b/cmd/cleanup-controller/handlers/cleanup/handlers.go index 64bc0a4f5e..580bb5adf5 100644 --- a/cmd/cleanup-controller/handlers/cleanup/handlers.go +++ b/cmd/cleanup-controller/handlers/cleanup/handlers.go @@ -111,7 +111,7 @@ func (h *handlers) executePolicy(ctx context.Context, logger logr.Logger, policy // check conditions if spec.Conditions != nil { enginectx := enginecontext.NewContext() - if err := enginectx.AddResource(resource.Object); err != nil { + if err := enginectx.AddTargetResource(resource.Object); err != nil { debug.Error(err, "failed to add resource in context") errs = append(errs, err) continue diff --git a/pkg/validation/cleanuppolicy/validate.go b/pkg/validation/cleanuppolicy/validate.go index 1e4718db12..ec160bac4a 100644 --- a/pkg/validation/cleanuppolicy/validate.go +++ b/pkg/validation/cleanuppolicy/validate.go @@ -102,4 +102,4 @@ func validateVariables(logger logr.Logger, policy kyvernov2alpha1.CleanupPolicyI return nil } -var allowedVariables = regexp.MustCompile(`request\.|images\.|([a-z_0-9]+\()[^{}]`) +var allowedVariables = regexp.MustCompile(`target\.|images\.|([a-z_0-9]+\()[^{}]`) diff --git a/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/00-assert.yaml b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/00-assert.yaml new file mode 100644 index 0000000000..3276cffe3c --- /dev/null +++ b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/00-assert.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Pod +metadata: + name: example + namespace: default \ No newline at end of file diff --git a/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/00-manifests.yaml b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/00-manifests.yaml new file mode 100644 index 0000000000..ebc9b53388 --- /dev/null +++ b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/00-manifests.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Pod +metadata: + name: example + namespace: default +spec: + containers: + - image: nginx:latest + name: example +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: test-cleanup-pod +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - delete + - list + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: test-cleanup-pod +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: test-cleanup-pod +subjects: +- kind: ServiceAccount + name: kyverno-cleanup-controller + namespace: kyverno diff --git a/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/01-assert.yaml b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/01-assert.yaml new file mode 100644 index 0000000000..17315fdea5 --- /dev/null +++ b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/01-assert.yaml @@ -0,0 +1,20 @@ +apiVersion: kyverno.io/v2alpha1 +kind: ClusterCleanupPolicy +metadata: + name: cleanup-pod +spec: + match: + any: + - resources: + kinds: + - Pod + conditions: + all: + - key: "{{ target.metadata.name }}" + operator: Equals + value: example + - key: "{{ target.metadata.namespace }}" + operator: Equals + value: default + ## execute every minute + schedule: "*/1 * * * *" \ No newline at end of file diff --git a/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/01-policy.yaml b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/01-policy.yaml new file mode 100644 index 0000000000..17315fdea5 --- /dev/null +++ b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/01-policy.yaml @@ -0,0 +1,20 @@ +apiVersion: kyverno.io/v2alpha1 +kind: ClusterCleanupPolicy +metadata: + name: cleanup-pod +spec: + match: + any: + - resources: + kinds: + - Pod + conditions: + all: + - key: "{{ target.metadata.name }}" + operator: Equals + value: example + - key: "{{ target.metadata.namespace }}" + operator: Equals + value: default + ## execute every minute + schedule: "*/1 * * * *" \ No newline at end of file diff --git a/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/02-sleep.yaml b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/02-sleep.yaml new file mode 100644 index 0000000000..2e6f7ecbec --- /dev/null +++ b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/02-sleep.yaml @@ -0,0 +1,5 @@ +# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 65 \ No newline at end of file diff --git a/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/03-errors.yaml b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/03-errors.yaml new file mode 100644 index 0000000000..765e64e70d --- /dev/null +++ b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/03-errors.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Pod +metadata: + name: example + namespace: default +spec: + containers: + - image: nginx:latest + name: example \ No newline at end of file diff --git a/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/99-cleanup.yaml b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/99-cleanup.yaml new file mode 100644 index 0000000000..9dabca6ad3 --- /dev/null +++ b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/99-cleanup.yaml @@ -0,0 +1,5 @@ +# A clean-up is presently required because kuttl does not do a reliable job of cleaning up both cluster-scoped objects. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: kubectl delete -f 00-manifests.yaml,01-policy.yaml --force --wait=true --ignore-not-found=true \ No newline at end of file diff --git a/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/README.md b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/README.md new file mode 100644 index 0000000000..80ddb26a6a --- /dev/null +++ b/test/conformance/kuttl/cleanup/clusterpolicy/cleanup-pod/README.md @@ -0,0 +1,10 @@ +# ## Description + +This test cleans up pods via a cluster cleanup policy. + +## Expected Behavior + +The pod `default/example` is cleaned up successfully. + + +## Reference Issue(s) diff --git a/test/conformance/kuttl/cleanup/policy/cleanup-pod/00-assert.yaml b/test/conformance/kuttl/cleanup/policy/cleanup-pod/00-assert.yaml new file mode 100644 index 0000000000..3276cffe3c --- /dev/null +++ b/test/conformance/kuttl/cleanup/policy/cleanup-pod/00-assert.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Pod +metadata: + name: example + namespace: default \ No newline at end of file diff --git a/test/conformance/kuttl/cleanup/policy/cleanup-pod/00-manifests.yaml b/test/conformance/kuttl/cleanup/policy/cleanup-pod/00-manifests.yaml new file mode 100644 index 0000000000..ebc9b53388 --- /dev/null +++ b/test/conformance/kuttl/cleanup/policy/cleanup-pod/00-manifests.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Pod +metadata: + name: example + namespace: default +spec: + containers: + - image: nginx:latest + name: example +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: test-cleanup-pod +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - delete + - list + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: test-cleanup-pod +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: test-cleanup-pod +subjects: +- kind: ServiceAccount + name: kyverno-cleanup-controller + namespace: kyverno diff --git a/test/conformance/kuttl/cleanup/policy/cleanup-pod/01-assert.yaml b/test/conformance/kuttl/cleanup/policy/cleanup-pod/01-assert.yaml new file mode 100644 index 0000000000..daaa4723bb --- /dev/null +++ b/test/conformance/kuttl/cleanup/policy/cleanup-pod/01-assert.yaml @@ -0,0 +1,17 @@ +apiVersion: kyverno.io/v2alpha1 +kind: CleanupPolicy +metadata: + name: cleanup-pod + namespace: default +spec: + match: + any: + - resources: + kinds: + - Pod + conditions: + any: + - key: "{{ target.metadata.name }}" + operator: Equals + value: example + schedule: "*/1 * * * *" \ No newline at end of file diff --git a/test/conformance/kuttl/cleanup/policy/cleanup-pod/01-policy.yaml b/test/conformance/kuttl/cleanup/policy/cleanup-pod/01-policy.yaml new file mode 100644 index 0000000000..3cb6b0c131 --- /dev/null +++ b/test/conformance/kuttl/cleanup/policy/cleanup-pod/01-policy.yaml @@ -0,0 +1,18 @@ +apiVersion: kyverno.io/v2alpha1 +kind: CleanupPolicy +metadata: + name: cleanup-pod + namespace: default +spec: + match: + any: + - resources: + kinds: + - Pod + conditions: + any: + - key: "{{ target.metadata.name }}" + operator: Equals + value: example + ## execute every minute + schedule: "*/1 * * * *" \ No newline at end of file diff --git a/test/conformance/kuttl/cleanup/policy/cleanup-pod/02-sleep.yaml b/test/conformance/kuttl/cleanup/policy/cleanup-pod/02-sleep.yaml new file mode 100644 index 0000000000..2e6f7ecbec --- /dev/null +++ b/test/conformance/kuttl/cleanup/policy/cleanup-pod/02-sleep.yaml @@ -0,0 +1,5 @@ +# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 65 \ No newline at end of file diff --git a/test/conformance/kuttl/cleanup/policy/cleanup-pod/03-errors.yaml b/test/conformance/kuttl/cleanup/policy/cleanup-pod/03-errors.yaml new file mode 100644 index 0000000000..765e64e70d --- /dev/null +++ b/test/conformance/kuttl/cleanup/policy/cleanup-pod/03-errors.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Pod +metadata: + name: example + namespace: default +spec: + containers: + - image: nginx:latest + name: example \ No newline at end of file diff --git a/test/conformance/kuttl/cleanup/policy/cleanup-pod/99-cleanup.yaml b/test/conformance/kuttl/cleanup/policy/cleanup-pod/99-cleanup.yaml new file mode 100644 index 0000000000..9dabca6ad3 --- /dev/null +++ b/test/conformance/kuttl/cleanup/policy/cleanup-pod/99-cleanup.yaml @@ -0,0 +1,5 @@ +# A clean-up is presently required because kuttl does not do a reliable job of cleaning up both cluster-scoped objects. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: kubectl delete -f 00-manifests.yaml,01-policy.yaml --force --wait=true --ignore-not-found=true \ No newline at end of file diff --git a/test/conformance/kuttl/cleanup/policy/cleanup-pod/README.md b/test/conformance/kuttl/cleanup/policy/cleanup-pod/README.md new file mode 100644 index 0000000000..571352f548 --- /dev/null +++ b/test/conformance/kuttl/cleanup/policy/cleanup-pod/README.md @@ -0,0 +1,10 @@ +# ## Description + +This test cleans up pods via a namespaced cleanup policy. + +## Expected Behavior + +The pod `default/example` is cleaned up successfully. + + +## Reference Issue(s) diff --git a/test/conformance/kuttl/validate/cleanuppolicy/00-assert.yaml b/test/conformance/kuttl/cleanup/validation/cron-format/00-assert.yaml similarity index 78% rename from test/conformance/kuttl/validate/cleanuppolicy/00-assert.yaml rename to test/conformance/kuttl/cleanup/validation/cron-format/00-assert.yaml index 5a6074340c..09873d582a 100644 --- a/test/conformance/kuttl/validate/cleanuppolicy/00-assert.yaml +++ b/test/conformance/kuttl/cleanup/validation/cron-format/00-assert.yaml @@ -11,7 +11,7 @@ spec: - Pod conditions: any: - - key: "{{ request.name }}" + - key: "{{ target.metadata.name }}" operator: Equals value: example - schedule: "* * * * *" \ No newline at end of file + schedule: "*/2 * * * *" \ No newline at end of file diff --git a/test/conformance/kuttl/validate/cleanuppolicy/00-cleanuppolicy.yaml b/test/conformance/kuttl/cleanup/validation/cron-format/00-cleanuppolicy.yaml similarity index 78% rename from test/conformance/kuttl/validate/cleanuppolicy/00-cleanuppolicy.yaml rename to test/conformance/kuttl/cleanup/validation/cron-format/00-cleanuppolicy.yaml index 5a6074340c..09873d582a 100644 --- a/test/conformance/kuttl/validate/cleanuppolicy/00-cleanuppolicy.yaml +++ b/test/conformance/kuttl/cleanup/validation/cron-format/00-cleanuppolicy.yaml @@ -11,7 +11,7 @@ spec: - Pod conditions: any: - - key: "{{ request.name }}" + - key: "{{ target.metadata.name }}" operator: Equals value: example - schedule: "* * * * *" \ No newline at end of file + schedule: "*/2 * * * *" \ No newline at end of file diff --git a/test/conformance/kuttl/validate/cleanuppolicy/01-assert.yaml b/test/conformance/kuttl/cleanup/validation/cron-format/01-assert.yaml similarity index 77% rename from test/conformance/kuttl/validate/cleanuppolicy/01-assert.yaml rename to test/conformance/kuttl/cleanup/validation/cron-format/01-assert.yaml index 0618d872cd..bdafe1104c 100644 --- a/test/conformance/kuttl/validate/cleanuppolicy/01-assert.yaml +++ b/test/conformance/kuttl/cleanup/validation/cron-format/01-assert.yaml @@ -10,7 +10,7 @@ spec: - Pod conditions: any: - - key: "{{ request.name }}" + - key: "{{ target.metadata.name }}" operator: Equals value: example - schedule: "* * * * *" \ No newline at end of file + schedule: "*/2 * * * *" \ No newline at end of file diff --git a/test/conformance/kuttl/validate/cleanuppolicy/01-clustercleanuppolicy.yaml b/test/conformance/kuttl/cleanup/validation/cron-format/01-clustercleanuppolicy.yaml similarity index 77% rename from test/conformance/kuttl/validate/cleanuppolicy/01-clustercleanuppolicy.yaml rename to test/conformance/kuttl/cleanup/validation/cron-format/01-clustercleanuppolicy.yaml index 0618d872cd..bdafe1104c 100644 --- a/test/conformance/kuttl/validate/cleanuppolicy/01-clustercleanuppolicy.yaml +++ b/test/conformance/kuttl/cleanup/validation/cron-format/01-clustercleanuppolicy.yaml @@ -10,7 +10,7 @@ spec: - Pod conditions: any: - - key: "{{ request.name }}" + - key: "{{ target.metadata.name }}" operator: Equals value: example - schedule: "* * * * *" \ No newline at end of file + schedule: "*/2 * * * *" \ No newline at end of file diff --git a/test/conformance/kuttl/validate/cleanuppolicy/02-create-task.yaml b/test/conformance/kuttl/cleanup/validation/cron-format/02-create-task.yaml similarity index 100% rename from test/conformance/kuttl/validate/cleanuppolicy/02-create-task.yaml rename to test/conformance/kuttl/cleanup/validation/cron-format/02-create-task.yaml diff --git a/test/conformance/kuttl/validate/cleanuppolicy/badcleanuppolicy.yaml b/test/conformance/kuttl/cleanup/validation/cron-format/badcleanuppolicy.yaml similarity index 87% rename from test/conformance/kuttl/validate/cleanuppolicy/badcleanuppolicy.yaml rename to test/conformance/kuttl/cleanup/validation/cron-format/badcleanuppolicy.yaml index 5e8eb4a41e..43a3f27b6e 100644 --- a/test/conformance/kuttl/validate/cleanuppolicy/badcleanuppolicy.yaml +++ b/test/conformance/kuttl/cleanup/validation/cron-format/badcleanuppolicy.yaml @@ -11,7 +11,7 @@ spec: - Pod conditions: any: - - key: "{{ request.name }}" + - key: "{{ target.metadata.name }}" operator: Equals value: example schedule: "invalid-schedule" \ No newline at end of file