From d3c2cd23fa6d419f5e42bc4e69bf929470aca356 Mon Sep 17 00:00:00 2001
From: shuting <shuting@nirmata.com>
Date: Fri, 24 Feb 2023 22:59:55 +0800
Subject: [PATCH] add kuttl tests (#6336)

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 scripts/config/standard/kyverno.yaml          |  1 +
 .../01-assert.yaml                            |  9 +++++++
 .../01-policy.yaml                            | 26 +++++++++++++++++++
 .../cpol-data-sync-modify-policy/02-ns.yaml   |  4 +++
 .../03-assert.yaml                            | 11 ++++++++
 .../04-assert.yaml                            | 17 ++++++++++++
 .../04-modify-policy.yaml                     | 26 +++++++++++++++++++
 .../05-sleep.yaml                             |  5 ++++
 .../06-assert.yaml                            |  8 ++++++
 .../cpol-data-sync-modify-policy/README.md    | 11 ++++++++
 10 files changed, 118 insertions(+)
 create mode 100644 test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-assert.yaml
 create mode 100644 test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-policy.yaml
 create mode 100644 test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/02-ns.yaml
 create mode 100644 test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/03-assert.yaml
 create mode 100644 test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-assert.yaml
 create mode 100644 test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-modify-policy.yaml
 create mode 100644 test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/05-sleep.yaml
 create mode 100644 test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/06-assert.yaml
 create mode 100644 test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/README.md

diff --git a/scripts/config/standard/kyverno.yaml b/scripts/config/standard/kyverno.yaml
index f14b1926ad..819f7dc834 100644
--- a/scripts/config/standard/kyverno.yaml
+++ b/scripts/config/standard/kyverno.yaml
@@ -27,6 +27,7 @@ backgroundController:
             - '*'
           resources:
             - configmaps
+            - resourcequotas
             - secrets
             - roles
             - rolebindings
diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-assert.yaml
new file mode 100644
index 0000000000..95ad2710fb
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-assert.yaml
@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cpol-data-sync-modify-policy
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-policy.yaml
new file mode 100644
index 0000000000..700ac477d9
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-policy.yaml
@@ -0,0 +1,26 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cpol-data-sync-modify-policy
+spec:
+  rules:
+  - name: cpol-data-sync-modify-rule
+    match:
+      resources:
+        kinds:
+        - Namespace
+        names:
+        - gemini-*
+    generate:
+      apiVersion: v1
+      kind: ResourceQuota
+      name: default-resourcequota
+      synchronize: true
+      namespace: "{{request.object.metadata.name}}"
+      data:
+        spec:
+          hard:
+            requests.cpu: '4'
+            requests.memory: '16Gi'
+            limits.cpu: '8'
+            limits.memory: '16Gi'
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/02-ns.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/02-ns.yaml
new file mode 100644
index 0000000000..c9de1a467e
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/02-ns.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gemini-ape
diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/03-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/03-assert.yaml
new file mode 100644
index 0000000000..da6cadb6d1
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/03-assert.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: default-resourcequota
+  namespace: gemini-ape
+spec:
+  hard:
+    requests.cpu: '4'
+    requests.memory: '16Gi'
+    limits.cpu: '8'
+    limits.memory: '16Gi'
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-assert.yaml
new file mode 100644
index 0000000000..564bdc4436
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-assert.yaml
@@ -0,0 +1,17 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cpol-data-sync-modify-policy
+spec:
+  rules:
+  - name: cpol-data-sync-modify-rule
+    generate:
+      data:
+        spec:
+          hard:
+            limits.cpu: '9'
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-modify-policy.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-modify-policy.yaml
new file mode 100644
index 0000000000..92fe4d3306
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-modify-policy.yaml
@@ -0,0 +1,26 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cpol-data-sync-modify-policy
+spec:
+  rules:
+  - name: cpol-data-sync-modify-rule
+    match:
+      resources:
+        kinds:
+        - Namespace
+        names:
+        - gemini-*
+    generate:
+      apiVersion: v1
+      kind: ResourceQuota
+      name: default-resourcequota
+      synchronize: true
+      namespace: "{{request.object.metadata.name}}"
+      data:
+        spec:
+          hard:
+            requests.cpu: '4'
+            requests.memory: '16Gi'
+            limits.cpu: '9'
+            limits.memory: '16Gi'
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/05-sleep.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/05-sleep.yaml
new file mode 100644
index 0000000000..3bba5572a2
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/05-sleep.yaml
@@ -0,0 +1,5 @@
+# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run.
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: sleep 3
diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/06-assert.yaml b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/06-assert.yaml
new file mode 100644
index 0000000000..48c62ecc95
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/06-assert.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: default-resourcequota
+  namespace: gemini-ape
+spec:
+  hard:
+    limits.cpu: "9"
\ No newline at end of file
diff --git a/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/README.md b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/README.md
new file mode 100644
index 0000000000..73b4b64373
--- /dev/null
+++ b/test/conformance/kuttl/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/README.md
@@ -0,0 +1,11 @@
+## Description
+
+This test verifies the synchronize behavior of generated data resource, if the data pattern is modified in the policy rule, the changes should be synchronized to the downstream generated resource.
+
+## Expected Behavior
+
+This test ensures that update of the generate data rule gets synchronized to the downstream generated resource, otherwise the test fails. 
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/issues/4222
\ No newline at end of file