add kuttl tests (#6336)

Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-03-28 02:18:15 +00:00 · 2023-02-24 22:59:55 +08:00 · 2023-02-24 22:59:55 +08:00 · d3c2cd23fa
commit d3c2cd23fa
parent c279d2f495
10 changed files with 118 additions and 0 deletions
--- a/scripts/config/standard/kyverno.yaml
+++ b/scripts/config/standard/kyverno.yaml
@ -27,6 +27,7 @@ backgroundController:
            - '*'
          resources:
            - configmaps
+            - resourcequotas
            - secrets
            - roles
            - rolebindings
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-assert.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-assert.yaml
@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cpol-data-sync-modify-policy
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-policy.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-policy.yaml
@ -0,0 +1,26 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cpol-data-sync-modify-policy
+spec:
+  rules:
+  - name: cpol-data-sync-modify-rule
+    match:
+      resources:
+        kinds:
+        - Namespace
+        names:
+        - gemini-*
+    generate:
+      apiVersion: v1
+      kind: ResourceQuota
+      name: default-resourcequota
+      synchronize: true
+      namespace: "{{request.object.metadata.name}}"
+      data:
+        spec:
+          hard:
+            requests.cpu: '4'
+            requests.memory: '16Gi'
+            limits.cpu: '8'
+            limits.memory: '16Gi'
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/02-ns.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/02-ns.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gemini-ape
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/03-assert.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/03-assert.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: default-resourcequota
+  namespace: gemini-ape
+spec:
+  hard:
+    requests.cpu: '4'
+    requests.memory: '16Gi'
+    limits.cpu: '8'
+    limits.memory: '16Gi'
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-assert.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-assert.yaml
@ -0,0 +1,17 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cpol-data-sync-modify-policy
+spec:
+  rules:
+  - name: cpol-data-sync-modify-rule
+    generate:
+      data:
+        spec:
+          hard:
+            limits.cpu: '9'
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-modify-policy.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-modify-policy.yaml
@ -0,0 +1,26 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cpol-data-sync-modify-policy
+spec:
+  rules:
+  - name: cpol-data-sync-modify-rule
+    match:
+      resources:
+        kinds:
+        - Namespace
+        names:
+        - gemini-*
+    generate:
+      apiVersion: v1
+      kind: ResourceQuota
+      name: default-resourcequota
+      synchronize: true
+      namespace: "{{request.object.metadata.name}}"
+      data:
+        spec:
+          hard:
+            requests.cpu: '4'
+            requests.memory: '16Gi'
+            limits.cpu: '9'
+            limits.memory: '16Gi'
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/05-sleep.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/05-sleep.yaml
@ -0,0 +1,5 @@
+# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run.
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: sleep 3
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/06-assert.yaml
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/06-assert.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: default-resourcequota
+  namespace: gemini-ape
+spec:
+  hard:
+    limits.cpu: "9"
--- a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/README.md
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/README.md
@ -0,0 +1,11 @@
+## Description
+
+This test verifies the synchronize behavior of generated data resource, if the data pattern is modified in the policy rule, the changes should be synchronized to the downstream generated resource.
+
+## Expected Behavior
+
+This test ensures that update of the generate data rule gets synchronized to the downstream generated resource, otherwise the test fails. 
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/issues/4222