fix: Allow generate cli tests to work with server-side apply policies (#9385)

* test: Add test case for useServerSideApply

Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>

* fix: Allow generate cli tests to work with server-side apply policies

Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>

---------

Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

cmd/cli/kubectl-kyverno/policy/load.go

@@ -98,6 +98,13 @@ func LoadWithLoader(loader loader, fs billy.Filesystem, resourcePath string, pat
 			vapBindings = append(vapBindings, b...)
 		}
 	}
+
+	// It's hard to use apply with the fake client, so disable all server side
+	// https://github.com/kubernetes/kubernetes/issues/99953
+	for _, policy := range pols {
+		policy.GetSpec().UseServerSideApply = false
+	}
+
 	return pols, vaps, vapBindings, nil
 }
 

test/cli/test-generate/use-server-side-apply/generatedResource.yaml

@@ -0,0 +1,10 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: nginx-deployment-default-pdb
+  namespace: hello-world
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      app: nginx

test/cli/test-generate/use-server-side-apply/kyverno-test.yaml

@@ -0,0 +1,16 @@
+apiVersion: cli.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: kyverno-test.yaml
+policies:
+- policy.yaml
+resources:
+- resource.yaml
+results:
+- generatedResource: generatedResource.yaml
+  kind: Deployment
+  policy: create-default-pdb
+  resources:
+  - hello-world/nginx-deployment
+  result: pass
+  rule: create-default-pdb

test/cli/test-generate/use-server-side-apply/policy.yaml

@@ -0,0 +1,36 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: create-default-pdb
+  annotations:
+    policies.kyverno.io/title: Add Pod Disruption Budget
+    policies.kyverno.io/category: Sample
+    kyverno.io/kyverno-version: 1.6.2
+    policies.kyverno.io/minversion: 1.6.0
+    policies.kyverno.io/subject: Deployment
+    policies.kyverno.io/description: >-
+      A PodDisruptionBudget limits the number of Pods of a replicated application that
+      are down simultaneously from voluntary disruptions. For example, a quorum-based
+      application would like to ensure that the number of replicas running is never brought
+      below the number needed for a quorum. As an application owner, you can create a PodDisruptionBudget (PDB)
+      for each application. This policy will create a PDB resource whenever a new Deployment is created.
+spec:
+  rules:
+  - name: create-default-pdb
+    match:
+      any:
+      - resources:
+          kinds:
+          - Deployment
+    generate:
+      apiVersion: policy/v1
+      kind: PodDisruptionBudget
+      name: "{{request.object.metadata.name}}-default-pdb"
+      namespace: "{{request.object.metadata.namespace}}"
+      data:
+        spec:
+          minAvailable: 1
+          selector:
+            matchLabels:
+              "{{request.object.metadata.labels}}"
+  useServerSideApply: true

test/cli/test-generate/use-server-side-apply/resource.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  namespace: hello-world
+  labels:
+    app: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80