mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-05 07:26:55 +00:00
refactor: introduce api package in cli (#8275)
* refactor: introduce userinfo package in the cli Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: introduce api package in cli Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
parent
e8bc38f25b
commit
d61e0515c2
38 changed files with 197 additions and 195 deletions
15
cmd/cli/kubectl-kyverno/apis/test/test.go
Normal file
15
cmd/cli/kubectl-kyverno/apis/test/test.go
Normal file
|
@ -0,0 +1,15 @@
|
|||
package test
|
||||
|
||||
import (
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
||||
)
|
||||
|
||||
type Test struct {
|
||||
Name string `json:"name"`
|
||||
Policies []string `json:"policies"`
|
||||
Resources []string `json:"resources"`
|
||||
Variables string `json:"variables,omitempty"`
|
||||
UserInfo string `json:"userinfo,omitempty"`
|
||||
Results []TestResults `json:"results"`
|
||||
Values *values.Values `json:"values,omitempty"`
|
||||
}
|
|
@ -1,20 +1,9 @@
|
|||
package api
|
||||
package test
|
||||
|
||||
import (
|
||||
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
type Test struct {
|
||||
Name string `json:"name"`
|
||||
Policies []string `json:"policies"`
|
||||
Resources []string `json:"resources"`
|
||||
Variables string `json:"variables,omitempty"`
|
||||
UserInfo string `json:"userinfo,omitempty"`
|
||||
Results []TestResults `json:"results"`
|
||||
Values *Values `json:"values,omitempty"`
|
||||
}
|
||||
|
||||
type TestResults struct {
|
||||
// Policy mentions the name of the policy.
|
||||
Policy string `json:"policy"`
|
||||
|
@ -50,37 +39,3 @@ type TestResults struct {
|
|||
// from the user which is meant to be cloned by the generate rule.
|
||||
CloneSourceResource string `json:"cloneSourceResource,omitempty"`
|
||||
}
|
||||
|
||||
type Policy struct {
|
||||
Name string `json:"name"`
|
||||
Resources []Resource `json:"resources"`
|
||||
Rules []Rule `json:"rules"`
|
||||
}
|
||||
|
||||
type Rule struct {
|
||||
Name string `json:"name"`
|
||||
Values map[string]interface{} `json:"values"`
|
||||
ForeachValues map[string][]interface{} `json:"foreachValues"`
|
||||
}
|
||||
|
||||
type Values struct {
|
||||
Policies []Policy `json:"policies"`
|
||||
GlobalValues map[string]string `json:"globalValues"`
|
||||
NamespaceSelectors []NamespaceSelector `json:"namespaceSelector"`
|
||||
Subresources []Subresource `json:"subresources"`
|
||||
}
|
||||
|
||||
type Resource struct {
|
||||
Name string `json:"name"`
|
||||
Values map[string]interface{} `json:"values"`
|
||||
}
|
||||
|
||||
type Subresource struct {
|
||||
APIResource metav1.APIResource `json:"subresource"`
|
||||
ParentResource metav1.APIResource `json:"parentResource"`
|
||||
}
|
||||
|
||||
type NamespaceSelector struct {
|
||||
Name string `json:"name"`
|
||||
Labels map[string]string `json:"labels"`
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
package values
|
||||
|
||||
type NamespaceSelector struct {
|
||||
Name string `json:"name"`
|
||||
Labels map[string]string `json:"labels"`
|
||||
}
|
7
cmd/cli/kubectl-kyverno/apis/values/policy.go
Normal file
7
cmd/cli/kubectl-kyverno/apis/values/policy.go
Normal file
|
@ -0,0 +1,7 @@
|
|||
package values
|
||||
|
||||
type Policy struct {
|
||||
Name string `json:"name"`
|
||||
Resources []Resource `json:"resources"`
|
||||
Rules []Rule `json:"rules"`
|
||||
}
|
6
cmd/cli/kubectl-kyverno/apis/values/resource.go
Normal file
6
cmd/cli/kubectl-kyverno/apis/values/resource.go
Normal file
|
@ -0,0 +1,6 @@
|
|||
package values
|
||||
|
||||
type Resource struct {
|
||||
Name string `json:"name"`
|
||||
Values map[string]interface{} `json:"values"`
|
||||
}
|
7
cmd/cli/kubectl-kyverno/apis/values/rule.go
Normal file
7
cmd/cli/kubectl-kyverno/apis/values/rule.go
Normal file
|
@ -0,0 +1,7 @@
|
|||
package values
|
||||
|
||||
type Rule struct {
|
||||
Name string `json:"name"`
|
||||
Values map[string]interface{} `json:"values"`
|
||||
ForeachValues map[string][]interface{} `json:"foreachValues"`
|
||||
}
|
10
cmd/cli/kubectl-kyverno/apis/values/subresource.go
Normal file
10
cmd/cli/kubectl-kyverno/apis/values/subresource.go
Normal file
|
@ -0,0 +1,10 @@
|
|||
package values
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
type Subresource struct {
|
||||
APIResource metav1.APIResource `json:"subresource"`
|
||||
ParentResource metav1.APIResource `json:"parentResource"`
|
||||
}
|
8
cmd/cli/kubectl-kyverno/apis/values/values.go
Normal file
8
cmd/cli/kubectl-kyverno/apis/values/values.go
Normal file
|
@ -0,0 +1,8 @@
|
|||
package values
|
||||
|
||||
type Values struct {
|
||||
Policies []Policy `json:"policies"`
|
||||
GlobalValues map[string]string `json:"globalValues"`
|
||||
NamespaceSelectors []NamespaceSelector `json:"namespaceSelector"`
|
||||
Subresources []Subresource `json:"subresources"`
|
||||
}
|
|
@ -12,8 +12,8 @@ import (
|
|||
"github.com/go-git/go-billy/v5/memfs"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
"github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/userinfo"
|
||||
cobrautils "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/cobra"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/common"
|
||||
|
@ -189,7 +189,7 @@ func (c *ApplyCommandConfig) getMutateLogPathIsDir(skipInvalidPolicies SkippedIn
|
|||
return nil, nil, skipInvalidPolicies, nil, err, mutateLogPathIsDir
|
||||
}
|
||||
|
||||
func (c *ApplyCommandConfig) applyValidatingAdmissionPolicytoResource(validatingAdmissionPolicies []v1alpha1.ValidatingAdmissionPolicy, resources []*unstructured.Unstructured, rc *common.ResultCounts, dClient dclient.Interface, subresources []api.Subresource, skipInvalidPolicies SkippedInvalidPolicies, responses []engineapi.EngineResponse) (*common.ResultCounts, []*unstructured.Unstructured, SkippedInvalidPolicies, []engineapi.EngineResponse, error) {
|
||||
func (c *ApplyCommandConfig) applyValidatingAdmissionPolicytoResource(validatingAdmissionPolicies []v1alpha1.ValidatingAdmissionPolicy, resources []*unstructured.Unstructured, rc *common.ResultCounts, dClient dclient.Interface, subresources []valuesapi.Subresource, skipInvalidPolicies SkippedInvalidPolicies, responses []engineapi.EngineResponse) (*common.ResultCounts, []*unstructured.Unstructured, SkippedInvalidPolicies, []engineapi.EngineResponse, error) {
|
||||
validatingAdmissionPolicy := common.ValidatingAdmissionPolicies{}
|
||||
for _, resource := range resources {
|
||||
for _, policy := range validatingAdmissionPolicies {
|
||||
|
@ -212,7 +212,7 @@ func (c *ApplyCommandConfig) applyValidatingAdmissionPolicytoResource(validating
|
|||
return rc, resources, skipInvalidPolicies, responses, nil
|
||||
}
|
||||
|
||||
func (c *ApplyCommandConfig) applyPolicytoResource(variables map[string]string, policies []kyvernov1.PolicyInterface, validatingAdmissionPolicies []v1alpha1.ValidatingAdmissionPolicy, resources []*unstructured.Unstructured, openApiManager openapi.Manager, skipInvalidPolicies SkippedInvalidPolicies, valuesMap map[string]map[string]api.Resource, dClient dclient.Interface, subresources []api.Subresource, globalValMap map[string]string, userInfo *v1beta1.RequestInfo, mutateLogPathIsDir bool, namespaceSelectorMap map[string]map[string]string) (*common.ResultCounts, []*unstructured.Unstructured, SkippedInvalidPolicies, []engineapi.EngineResponse, error) {
|
||||
func (c *ApplyCommandConfig) applyPolicytoResource(variables map[string]string, policies []kyvernov1.PolicyInterface, validatingAdmissionPolicies []v1alpha1.ValidatingAdmissionPolicy, resources []*unstructured.Unstructured, openApiManager openapi.Manager, skipInvalidPolicies SkippedInvalidPolicies, valuesMap map[string]map[string]valuesapi.Resource, dClient dclient.Interface, subresources []valuesapi.Subresource, globalValMap map[string]string, userInfo *v1beta1.RequestInfo, mutateLogPathIsDir bool, namespaceSelectorMap map[string]map[string]string) (*common.ResultCounts, []*unstructured.Unstructured, SkippedInvalidPolicies, []engineapi.EngineResponse, error) {
|
||||
if len(variables) != 0 {
|
||||
variables = common.SetInStoreContext(policies, variables)
|
||||
}
|
||||
|
|
|
@ -5,8 +5,8 @@ import (
|
|||
"strings"
|
||||
"text/template"
|
||||
|
||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/commands/create/templates"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
cobrautils "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/cobra"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
@ -33,7 +33,7 @@ func Command() *cobra.Command {
|
|||
defer file.Close()
|
||||
output = file
|
||||
}
|
||||
values := api.Values{
|
||||
values := valuesapi.Values{
|
||||
GlobalValues: map[string]string{},
|
||||
}
|
||||
for _, result := range namespaceSelector {
|
||||
|
@ -71,12 +71,12 @@ func Command() *cobra.Command {
|
|||
return cmd
|
||||
}
|
||||
|
||||
func parseNamespaceSelector(in string) *api.NamespaceSelector {
|
||||
func parseNamespaceSelector(in string) *valuesapi.NamespaceSelector {
|
||||
parts := strings.Split(in, ",")
|
||||
if len(parts) < 2 {
|
||||
return nil
|
||||
}
|
||||
nsSelector := api.NamespaceSelector{
|
||||
nsSelector := valuesapi.NamespaceSelector{
|
||||
Name: parts[0],
|
||||
Labels: map[string]string{},
|
||||
}
|
||||
|
@ -97,12 +97,12 @@ func parseKeyValue(in string) (string, string) {
|
|||
return "", ""
|
||||
}
|
||||
|
||||
func parseRule(in string) *api.Policy {
|
||||
func parseRule(in string) *valuesapi.Policy {
|
||||
parts := strings.Split(in, ",")
|
||||
if len(parts) < 2 {
|
||||
return nil
|
||||
}
|
||||
rule := api.Rule{
|
||||
rule := valuesapi.Rule{
|
||||
Name: parts[1],
|
||||
Values: map[string]interface{}{},
|
||||
}
|
||||
|
@ -112,18 +112,18 @@ func parseRule(in string) *api.Policy {
|
|||
rule.Values[k] = v
|
||||
}
|
||||
}
|
||||
return &api.Policy{
|
||||
return &valuesapi.Policy{
|
||||
Name: parts[0],
|
||||
Rules: []api.Rule{rule},
|
||||
Rules: []valuesapi.Rule{rule},
|
||||
}
|
||||
}
|
||||
|
||||
func parseResource(in string) *api.Policy {
|
||||
func parseResource(in string) *valuesapi.Policy {
|
||||
parts := strings.Split(in, ",")
|
||||
if len(parts) < 2 {
|
||||
return nil
|
||||
}
|
||||
resource := api.Resource{
|
||||
resource := valuesapi.Resource{
|
||||
Name: parts[1],
|
||||
Values: map[string]interface{}{},
|
||||
}
|
||||
|
@ -133,8 +133,8 @@ func parseResource(in string) *api.Policy {
|
|||
resource.Values[k] = v
|
||||
}
|
||||
}
|
||||
return &api.Policy{
|
||||
return &valuesapi.Policy{
|
||||
Name: parts[0],
|
||||
Resources: []api.Resource{resource},
|
||||
Resources: []valuesapi.Resource{resource},
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,9 +5,9 @@ import (
|
|||
"path/filepath"
|
||||
|
||||
"github.com/go-git/go-billy/v5"
|
||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/table"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/filter"
|
||||
cobrautils "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/cobra"
|
||||
reportutils "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/report"
|
||||
|
@ -118,7 +118,7 @@ func testCommandExecute(
|
|||
for _, test := range tests {
|
||||
if test.Err == nil {
|
||||
// filter results
|
||||
var filteredResults []api.TestResults
|
||||
var filteredResults []testapi.TestResults
|
||||
for _, res := range test.Test.Results {
|
||||
if filter.Apply(res) {
|
||||
filteredResults = append(filteredResults, res)
|
||||
|
@ -154,7 +154,7 @@ func testCommandExecute(
|
|||
return nil
|
||||
}
|
||||
|
||||
func checkResult(test api.TestResults, fs billy.Filesystem, resoucePath string, response engineapi.EngineResponse, rule engineapi.RuleResponse) (bool, string, string) {
|
||||
func checkResult(test testapi.TestResults, fs billy.Filesystem, resoucePath string, response engineapi.EngineResponse, rule engineapi.RuleResponse) (bool, string, string) {
|
||||
expected := test.Result
|
||||
// fallback to the deprecated field
|
||||
if expected == "" {
|
||||
|
@ -186,7 +186,7 @@ func checkResult(test api.TestResults, fs billy.Filesystem, resoucePath string,
|
|||
return true, result.Message, "Ok"
|
||||
}
|
||||
|
||||
func lookupEngineResponses(test api.TestResults, resourceName string, responses ...engineapi.EngineResponse) []engineapi.EngineResponse {
|
||||
func lookupEngineResponses(test testapi.TestResults, resourceName string, responses ...engineapi.EngineResponse) []engineapi.EngineResponse {
|
||||
var matches []engineapi.EngineResponse
|
||||
for _, response := range responses {
|
||||
policy := response.Policy()
|
||||
|
@ -208,7 +208,7 @@ func lookupEngineResponses(test api.TestResults, resourceName string, responses
|
|||
return matches
|
||||
}
|
||||
|
||||
func lookupRuleResponses(test api.TestResults, responses ...engineapi.RuleResponse) []engineapi.RuleResponse {
|
||||
func lookupRuleResponses(test testapi.TestResults, responses ...engineapi.RuleResponse) []engineapi.RuleResponse {
|
||||
var matches []engineapi.RuleResponse
|
||||
// Since there are no rules in case of validating admission policies, responses are returned without checking rule names.
|
||||
if test.IsValidatingAdmissionPolicy {
|
||||
|
|
|
@ -5,14 +5,14 @@ import (
|
|||
|
||||
"github.com/go-git/go-billy/v5"
|
||||
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
|
||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/color"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/table"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
)
|
||||
|
||||
func printTestResult(
|
||||
tests []api.TestResults,
|
||||
tests []testapi.TestResults,
|
||||
responses []engineapi.EngineResponse,
|
||||
rc *resultCounts,
|
||||
failOnly bool,
|
||||
|
|
|
@ -13,7 +13,7 @@ func TestRemoveDuplicates(t *testing.T) {
|
|||
expectedResources int
|
||||
expectedDuplicates int
|
||||
}
|
||||
baseTestDir := "../testdata/resources"
|
||||
baseTestDir := "../_testdata/resources"
|
||||
tests := []*TestCase{
|
||||
{
|
||||
|
||||
|
|
|
@ -4,19 +4,19 @@ import (
|
|||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
||||
"github.com/kyverno/kyverno/pkg/utils/wildcard"
|
||||
)
|
||||
|
||||
type Filter interface {
|
||||
Apply(api.TestResults) bool
|
||||
Apply(testapi.TestResults) bool
|
||||
}
|
||||
|
||||
type policy struct {
|
||||
value string
|
||||
}
|
||||
|
||||
func (f policy) Apply(result api.TestResults) bool {
|
||||
func (f policy) Apply(result testapi.TestResults) bool {
|
||||
if result.Policy == "" {
|
||||
return true
|
||||
}
|
||||
|
@ -30,7 +30,7 @@ type rule struct {
|
|||
value string
|
||||
}
|
||||
|
||||
func (f rule) Apply(result api.TestResults) bool {
|
||||
func (f rule) Apply(result testapi.TestResults) bool {
|
||||
if result.Rule == "" {
|
||||
return true
|
||||
}
|
||||
|
@ -44,7 +44,7 @@ type resource struct {
|
|||
value string
|
||||
}
|
||||
|
||||
func (f resource) Apply(result api.TestResults) bool {
|
||||
func (f resource) Apply(result testapi.TestResults) bool {
|
||||
if result.Resource == "" {
|
||||
return true
|
||||
}
|
||||
|
@ -58,7 +58,7 @@ type composite struct {
|
|||
filters []Filter
|
||||
}
|
||||
|
||||
func (f composite) Apply(result api.TestResults) bool {
|
||||
func (f composite) Apply(result testapi.TestResults) bool {
|
||||
for _, f := range f.filters {
|
||||
if !f.Apply(result) {
|
||||
return false
|
||||
|
|
|
@ -5,57 +5,57 @@ import (
|
|||
"reflect"
|
||||
"testing"
|
||||
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
||||
)
|
||||
|
||||
func Test_policy_Apply(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
value string
|
||||
result api.TestResults
|
||||
result testapi.TestResults
|
||||
want bool
|
||||
}{{
|
||||
name: "empty result",
|
||||
value: "test",
|
||||
result: api.TestResults{},
|
||||
result: testapi.TestResults{},
|
||||
want: true,
|
||||
}, {
|
||||
name: "empty value",
|
||||
value: "",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Policy: "test",
|
||||
},
|
||||
want: false,
|
||||
}, {
|
||||
name: "empty value and result",
|
||||
value: "",
|
||||
result: api.TestResults{},
|
||||
result: testapi.TestResults{},
|
||||
want: true,
|
||||
}, {
|
||||
name: "match",
|
||||
value: "test",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Policy: "test",
|
||||
},
|
||||
want: true,
|
||||
}, {
|
||||
name: "no match",
|
||||
value: "test",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Policy: "not-test",
|
||||
},
|
||||
want: false,
|
||||
}, {
|
||||
name: "wildcard match",
|
||||
value: "disallow-*",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Policy: "disallow-latest-tag",
|
||||
},
|
||||
want: true,
|
||||
}, {
|
||||
name: "wildcard does not match",
|
||||
value: "allow-*",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Policy: "disallow-latest-tag",
|
||||
},
|
||||
want: false,
|
||||
|
@ -76,50 +76,50 @@ func Test_rule_Apply(t *testing.T) {
|
|||
tests := []struct {
|
||||
name string
|
||||
value string
|
||||
result api.TestResults
|
||||
result testapi.TestResults
|
||||
want bool
|
||||
}{{
|
||||
name: "empty result",
|
||||
value: "test",
|
||||
result: api.TestResults{},
|
||||
result: testapi.TestResults{},
|
||||
want: true,
|
||||
}, {
|
||||
name: "empty value",
|
||||
value: "",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Rule: "test",
|
||||
},
|
||||
want: false,
|
||||
}, {
|
||||
name: "empty value and result",
|
||||
value: "",
|
||||
result: api.TestResults{},
|
||||
result: testapi.TestResults{},
|
||||
want: true,
|
||||
}, {
|
||||
name: "match",
|
||||
value: "test",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Rule: "test",
|
||||
},
|
||||
want: true,
|
||||
}, {
|
||||
name: "no match",
|
||||
value: "test",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Rule: "not-test",
|
||||
},
|
||||
want: false,
|
||||
}, {
|
||||
name: "wildcard match",
|
||||
value: "*-image-tag",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Rule: "validate-image-tag",
|
||||
},
|
||||
want: true,
|
||||
}, {
|
||||
name: "wildcard does not match",
|
||||
value: "require-*",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Rule: "validate-image-tag",
|
||||
},
|
||||
want: false,
|
||||
|
@ -140,50 +140,50 @@ func Test_resource_Apply(t *testing.T) {
|
|||
tests := []struct {
|
||||
name string
|
||||
value string
|
||||
result api.TestResults
|
||||
result testapi.TestResults
|
||||
want bool
|
||||
}{{
|
||||
name: "empty result",
|
||||
value: "test",
|
||||
result: api.TestResults{},
|
||||
result: testapi.TestResults{},
|
||||
want: true,
|
||||
}, {
|
||||
name: "empty value",
|
||||
value: "",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Resource: "test",
|
||||
},
|
||||
want: false,
|
||||
}, {
|
||||
name: "empty value and result",
|
||||
value: "",
|
||||
result: api.TestResults{},
|
||||
result: testapi.TestResults{},
|
||||
want: true,
|
||||
}, {
|
||||
name: "match",
|
||||
value: "test",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Resource: "test",
|
||||
},
|
||||
want: true,
|
||||
}, {
|
||||
name: "no match",
|
||||
value: "test",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Resource: "not-test",
|
||||
},
|
||||
want: false,
|
||||
}, {
|
||||
name: "wildcard match",
|
||||
value: "good*01",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Resource: "good-deployment-01",
|
||||
},
|
||||
want: true,
|
||||
}, {
|
||||
name: "wildcard does not match",
|
||||
value: "good*01",
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Resource: "bad-deployment-01",
|
||||
},
|
||||
want: false,
|
||||
|
@ -204,36 +204,36 @@ func Test_composite_Apply(t *testing.T) {
|
|||
tests := []struct {
|
||||
name string
|
||||
filters []Filter
|
||||
result api.TestResults
|
||||
result testapi.TestResults
|
||||
want bool
|
||||
}{{
|
||||
name: "nil",
|
||||
filters: nil,
|
||||
result: api.TestResults{},
|
||||
result: testapi.TestResults{},
|
||||
want: true,
|
||||
}, {
|
||||
name: "empty",
|
||||
filters: []Filter{},
|
||||
result: api.TestResults{},
|
||||
result: testapi.TestResults{},
|
||||
want: true,
|
||||
}, {
|
||||
name: "policy match",
|
||||
filters: []Filter{policy{"test"}},
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Policy: "test",
|
||||
},
|
||||
want: true,
|
||||
}, {
|
||||
name: "policy no match",
|
||||
filters: []Filter{policy{"test"}},
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Policy: "not-test",
|
||||
},
|
||||
want: false,
|
||||
}, {
|
||||
name: "policy and resource match",
|
||||
filters: []Filter{policy{"test"}, resource{"resource"}},
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Policy: "test",
|
||||
Resource: "resource",
|
||||
},
|
||||
|
@ -241,7 +241,7 @@ func Test_composite_Apply(t *testing.T) {
|
|||
}, {
|
||||
name: "policy match and resource no match",
|
||||
filters: []Filter{policy{"test"}, resource{"resource"}},
|
||||
result: api.TestResults{
|
||||
result: testapi.TestResults{
|
||||
Policy: "test",
|
||||
Resource: "not-resource",
|
||||
},
|
||||
|
|
|
@ -6,7 +6,7 @@ import (
|
|||
"path/filepath"
|
||||
|
||||
"github.com/go-git/go-billy/v5"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
||||
"k8s.io/apimachinery/pkg/util/yaml"
|
||||
)
|
||||
|
||||
|
@ -65,7 +65,7 @@ func LoadTest(fs billy.Filesystem, path string) TestCase {
|
|||
}
|
||||
yamlBytes = data
|
||||
}
|
||||
var test api.Test
|
||||
var test testapi.Test
|
||||
if err := yaml.UnmarshalStrict(yamlBytes, &test); err != nil {
|
||||
return TestCase{
|
||||
Path: path,
|
||||
|
|
|
@ -6,7 +6,7 @@ import (
|
|||
"testing"
|
||||
|
||||
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
||||
)
|
||||
|
||||
func TestLoadTests(t *testing.T) {
|
||||
|
@ -24,30 +24,30 @@ func TestLoadTests(t *testing.T) {
|
|||
wantErr: false,
|
||||
}, {
|
||||
name: "invalid dir",
|
||||
dirPath: "../testdata/tests/invalid",
|
||||
dirPath: "../_testdata/tests/invalid",
|
||||
fileName: "kyverno-test.yaml",
|
||||
want: nil,
|
||||
wantErr: true,
|
||||
}, {
|
||||
name: "invalid dir",
|
||||
dirPath: "../testdata/tests",
|
||||
dirPath: "../_testdata/tests",
|
||||
fileName: "kyverno-test-invalid.yaml",
|
||||
want: []TestCase{{
|
||||
Path: "../testdata/tests/test-invalid/kyverno-test-invalid.yaml",
|
||||
Path: "../_testdata/tests/test-invalid/kyverno-test-invalid.yaml",
|
||||
Err: errors.New("error unmarshaling JSON: while decoding JSON: json: unknown field \"foo\""),
|
||||
}},
|
||||
wantErr: false,
|
||||
}, {
|
||||
name: "ok",
|
||||
dirPath: "../testdata/tests/test-1",
|
||||
dirPath: "../_testdata/tests/test-1",
|
||||
fileName: "kyverno-test.yaml",
|
||||
want: []TestCase{{
|
||||
Path: "../testdata/tests/test-1/kyverno-test.yaml",
|
||||
Test: &api.Test{
|
||||
Path: "../_testdata/tests/test-1/kyverno-test.yaml",
|
||||
Test: &testapi.Test{
|
||||
Name: "test-registry",
|
||||
Policies: []string{"image-example.yaml"},
|
||||
Resources: []string{"resources.yaml"},
|
||||
Results: []api.TestResults{{
|
||||
Results: []testapi.TestResults{{
|
||||
Kind: "Pod",
|
||||
Policy: "images",
|
||||
Resources: []string{"test-pod-with-non-root-user-image"},
|
||||
|
@ -65,15 +65,15 @@ func TestLoadTests(t *testing.T) {
|
|||
wantErr: false,
|
||||
}, {
|
||||
name: "ok",
|
||||
dirPath: "../testdata/tests/test-2",
|
||||
dirPath: "../_testdata/tests/test-2",
|
||||
fileName: "kyverno-test.yaml",
|
||||
want: []TestCase{{
|
||||
Path: "../testdata/tests/test-2/kyverno-test.yaml",
|
||||
Test: &api.Test{
|
||||
Path: "../_testdata/tests/test-2/kyverno-test.yaml",
|
||||
Test: &testapi.Test{
|
||||
Name: "add-quota",
|
||||
Policies: []string{"policy.yaml"},
|
||||
Resources: []string{"resource.yaml"},
|
||||
Results: []api.TestResults{{
|
||||
Results: []testapi.TestResults{{
|
||||
Kind: "Namespace",
|
||||
Policy: "add-ns-quota",
|
||||
Resources: []string{"hello-world-namespace"},
|
||||
|
@ -93,15 +93,15 @@ func TestLoadTests(t *testing.T) {
|
|||
wantErr: false,
|
||||
}, {
|
||||
name: "ok",
|
||||
dirPath: "../testdata/tests",
|
||||
dirPath: "../_testdata/tests",
|
||||
fileName: "kyverno-test.yaml",
|
||||
want: []TestCase{{
|
||||
Path: "../testdata/tests/test-1/kyverno-test.yaml",
|
||||
Test: &api.Test{
|
||||
Path: "../_testdata/tests/test-1/kyverno-test.yaml",
|
||||
Test: &testapi.Test{
|
||||
Name: "test-registry",
|
||||
Policies: []string{"image-example.yaml"},
|
||||
Resources: []string{"resources.yaml"},
|
||||
Results: []api.TestResults{{
|
||||
Results: []testapi.TestResults{{
|
||||
Kind: "Pod",
|
||||
Policy: "images",
|
||||
Resources: []string{"test-pod-with-non-root-user-image"},
|
||||
|
@ -116,12 +116,12 @@ func TestLoadTests(t *testing.T) {
|
|||
}},
|
||||
},
|
||||
}, {
|
||||
Path: "../testdata/tests/test-2/kyverno-test.yaml",
|
||||
Test: &api.Test{
|
||||
Path: "../_testdata/tests/test-2/kyverno-test.yaml",
|
||||
Test: &testapi.Test{
|
||||
Name: "add-quota",
|
||||
Policies: []string{"policy.yaml"},
|
||||
Resources: []string{"resource.yaml"},
|
||||
Results: []api.TestResults{{
|
||||
Results: []testapi.TestResults{{
|
||||
Kind: "Namespace",
|
||||
Policy: "add-ns-quota",
|
||||
Resources: []string{"hello-world-namespace"},
|
||||
|
|
|
@ -4,13 +4,13 @@ import (
|
|||
"path/filepath"
|
||||
|
||||
"github.com/go-git/go-billy/v5"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
||||
)
|
||||
|
||||
type TestCase struct {
|
||||
Path string
|
||||
Fs billy.Filesystem
|
||||
Test *api.Test
|
||||
Test *testapi.Test
|
||||
Err error
|
||||
}
|
||||
|
||||
|
|
|
@ -4,14 +4,14 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/go-git/go-billy/v5"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
testapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/test"
|
||||
)
|
||||
|
||||
func TestTestCase_Dir(t *testing.T) {
|
||||
type fields struct {
|
||||
Path string
|
||||
Fs billy.Filesystem
|
||||
Test *api.Test
|
||||
Test *testapi.Test
|
||||
Err error
|
||||
}
|
||||
tests := []struct {
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
package test
|
||||
|
||||
import (
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
)
|
||||
|
||||
type TestResult struct {
|
||||
EngineResponses []engineapi.EngineResponse
|
||||
Results []api.TestResults
|
||||
Err error
|
||||
}
|
|
@ -27,14 +27,14 @@ func TestLoad(t *testing.T) {
|
|||
}, {
|
||||
name: "invalid",
|
||||
fs: nil,
|
||||
path: "../testdata/user-infos/invalid.yaml",
|
||||
path: "../_testdata/user-infos/invalid.yaml",
|
||||
resourcePath: "",
|
||||
want: nil,
|
||||
wantErr: true,
|
||||
}, {
|
||||
name: "valid",
|
||||
fs: nil,
|
||||
path: "../testdata/user-infos/valid.yaml",
|
||||
path: "../_testdata/user-infos/valid.yaml",
|
||||
resourcePath: "",
|
||||
want: &kyvernov1beta1.RequestInfo{
|
||||
ClusterRoles: []string{"cluster-admin"},
|
||||
|
|
|
@ -13,9 +13,9 @@ import (
|
|||
"github.com/go-git/go-billy/v5"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/policy/annotations"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
sanitizederror "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/sanitizedError"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/source"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/store"
|
||||
|
@ -66,7 +66,7 @@ type ApplyPolicyConfig struct {
|
|||
RuleToCloneSourceResource map[string]string
|
||||
Client dclient.Interface
|
||||
AuditWarn bool
|
||||
Subresources []api.Subresource
|
||||
Subresources []valuesapi.Subresource
|
||||
}
|
||||
|
||||
// GetPolicies - Extracting the policies from multiple YAML
|
||||
|
@ -435,7 +435,7 @@ func processMutateEngineResponse(c ApplyPolicyConfig, mutateResponse *engineapi.
|
|||
return nil
|
||||
}
|
||||
|
||||
func GetKindsFromPolicy(policy kyvernov1.PolicyInterface, subresources []api.Subresource, dClient dclient.Interface) map[string]struct{} {
|
||||
func GetKindsFromPolicy(policy kyvernov1.PolicyInterface, subresources []valuesapi.Subresource, dClient dclient.Interface) map[string]struct{} {
|
||||
kindOnwhichPolicyIsApplied := make(map[string]struct{})
|
||||
for _, rule := range autogen.ComputeRules(policy) {
|
||||
for _, kind := range rule.MatchResources.ResourceDescription.Kinds {
|
||||
|
@ -458,7 +458,7 @@ func GetKindsFromPolicy(policy kyvernov1.PolicyInterface, subresources []api.Sub
|
|||
return kindOnwhichPolicyIsApplied
|
||||
}
|
||||
|
||||
func getKind(kind string, subresources []api.Subresource, dClient dclient.Interface) (string, error) {
|
||||
func getKind(kind string, subresources []valuesapi.Subresource, dClient dclient.Interface) (string, error) {
|
||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||
if subresource == "" {
|
||||
return kind, nil
|
||||
|
@ -480,7 +480,7 @@ func getKind(kind string, subresources []api.Subresource, dClient dclient.Interf
|
|||
return kind, nil
|
||||
}
|
||||
|
||||
func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []api.Subresource) (string, error) {
|
||||
func getSubresourceKind(groupVersion, parentKind, subresourceName string, subresources []valuesapi.Subresource) (string, error) {
|
||||
for _, subresource := range subresources {
|
||||
parentResourceGroupVersion := metav1.GroupVersion{
|
||||
Group: subresource.ParentResource.Group,
|
||||
|
|
|
@ -3,8 +3,8 @@ package common
|
|||
import (
|
||||
"testing"
|
||||
|
||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
yamlutils "github.com/kyverno/kyverno/pkg/utils/yaml"
|
||||
"gotest.tools/assert"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
@ -162,7 +162,7 @@ func Test_getSubresourceKind(t *testing.T) {
|
|||
podAPIResource := metav1.APIResource{Name: "pods", SingularName: "", Namespaced: true, Kind: "Pod"}
|
||||
podEvictionAPIResource := metav1.APIResource{Name: "pods/eviction", SingularName: "", Namespaced: true, Group: "policy", Version: "v1", Kind: "Eviction"}
|
||||
|
||||
subresources := []api.Subresource{
|
||||
subresources := []valuesapi.Subresource{
|
||||
{
|
||||
APIResource: podEvictionAPIResource,
|
||||
ParentResource: podAPIResource,
|
||||
|
|
|
@ -9,8 +9,8 @@ import (
|
|||
|
||||
"github.com/go-git/go-billy/v5"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/resource"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||
|
@ -63,7 +63,7 @@ func GetResources(
|
|||
return resources, err
|
||||
}
|
||||
|
||||
func whenClusterIsTrue(resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]api.Subresource, dClient dclient.Interface, namespace string, resourcePaths []string, policyReport bool) ([]*unstructured.Unstructured, error) {
|
||||
func whenClusterIsTrue(resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, dClient dclient.Interface, namespace string, resourcePaths []string, policyReport bool) ([]*unstructured.Unstructured, error) {
|
||||
resources := make([]*unstructured.Unstructured, 0)
|
||||
resourceMap, err := getResourcesOfTypeFromCluster(resourceTypes, subresourceMap, dClient, namespace)
|
||||
if err != nil {
|
||||
|
@ -159,7 +159,7 @@ func GetResourcesWithTest(fs billy.Filesystem, policies []kyvernov1.PolicyInterf
|
|||
return resources, nil
|
||||
}
|
||||
|
||||
func getResourcesOfTypeFromCluster(resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]api.Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) {
|
||||
func getResourcesOfTypeFromCluster(resourceTypes []schema.GroupVersionKind, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, dClient dclient.Interface, namespace string) (map[string]*unstructured.Unstructured, error) {
|
||||
r := make(map[string]*unstructured.Unstructured)
|
||||
for _, kind := range resourceTypes {
|
||||
resourceList, err := dClient.ListResource(context.TODO(), kind.GroupVersion().String(), kind.Kind, namespace, nil)
|
||||
|
@ -220,9 +220,9 @@ func GetPatchedAndGeneratedResource(resourceBytes []byte) (unstructured.Unstruct
|
|||
}
|
||||
|
||||
// GetKindsFromRule will return the kinds from policy match block
|
||||
func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]api.Subresource) {
|
||||
func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]valuesapi.Subresource) {
|
||||
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
|
||||
subresourceMap := make(map[schema.GroupVersionKind]api.Subresource)
|
||||
subresourceMap := make(map[schema.GroupVersionKind]valuesapi.Subresource)
|
||||
for _, kind := range rule.MatchResources.Kinds {
|
||||
addGVKToResourceTypesMap(kind, resourceTypesMap, subresourceMap, client)
|
||||
}
|
||||
|
@ -243,9 +243,9 @@ func GetKindsFromRule(rule kyvernov1.Rule, client dclient.Interface) (map[schema
|
|||
return resourceTypesMap, subresourceMap
|
||||
}
|
||||
|
||||
func getKindsFromValidatingAdmissionPolicy(policy v1alpha1.ValidatingAdmissionPolicy, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]api.Subresource) {
|
||||
func getKindsFromValidatingAdmissionPolicy(policy v1alpha1.ValidatingAdmissionPolicy, client dclient.Interface) (map[schema.GroupVersionKind]bool, map[schema.GroupVersionKind]valuesapi.Subresource) {
|
||||
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
|
||||
subresourceMap := make(map[schema.GroupVersionKind]api.Subresource)
|
||||
subresourceMap := make(map[schema.GroupVersionKind]valuesapi.Subresource)
|
||||
|
||||
kinds := validatingadmissionpolicy.GetKinds(policy)
|
||||
for _, kind := range kinds {
|
||||
|
@ -255,7 +255,7 @@ func getKindsFromValidatingAdmissionPolicy(policy v1alpha1.ValidatingAdmissionPo
|
|||
return resourceTypesMap, subresourceMap
|
||||
}
|
||||
|
||||
func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]api.Subresource, client dclient.Interface) {
|
||||
func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVersionKind]bool, subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource, client dclient.Interface) {
|
||||
group, version, kind, subresource := kubeutils.ParseKindSelector(kind)
|
||||
gvrss, err := client.Discovery().FindResources(group, version, kind, subresource)
|
||||
if err != nil {
|
||||
|
@ -270,7 +270,7 @@ func addGVKToResourceTypesMap(kind string, resourceTypesMap map[schema.GroupVers
|
|||
gvk := schema.GroupVersionKind{
|
||||
Group: child.Group, Version: child.Version, Kind: child.Kind,
|
||||
}
|
||||
subresourceMap[gvk] = api.Subresource{
|
||||
subresourceMap[gvk] = valuesapi.Subresource{
|
||||
APIResource: child,
|
||||
ParentResource: metav1.APIResource{
|
||||
Group: parent.Group,
|
||||
|
|
|
@ -2,7 +2,7 @@ package common
|
|||
|
||||
import (
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
||||
"github.com/kyverno/kyverno/pkg/autogen"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
|
@ -19,7 +19,7 @@ func (r *KyvernoResources) FetchResourcesFromPolicy(resourcePaths []string, dCli
|
|||
|
||||
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
|
||||
var resourceTypes []schema.GroupVersionKind
|
||||
var subresourceMap map[schema.GroupVersionKind]api.Subresource
|
||||
var subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource
|
||||
|
||||
for _, policy := range r.policies {
|
||||
for _, rule := range autogen.ComputeRules(policy) {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
package common
|
||||
|
||||
import (
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
"k8s.io/api/admissionregistration/v1alpha1"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
|
@ -18,7 +18,7 @@ func (r *ValidatingAdmissionResources) FetchResourcesFromPolicy(resourcePaths []
|
|||
|
||||
resourceTypesMap := make(map[schema.GroupVersionKind]bool)
|
||||
var resourceTypes []schema.GroupVersionKind
|
||||
var subresourceMap map[schema.GroupVersionKind]api.Subresource
|
||||
var subresourceMap map[schema.GroupVersionKind]valuesapi.Subresource
|
||||
|
||||
for _, policy := range r.policies {
|
||||
var resourceTypesInRule map[schema.GroupVersionKind]bool
|
||||
|
|
|
@ -8,7 +8,7 @@ import (
|
|||
|
||||
"github.com/go-git/go-billy/v5"
|
||||
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
||||
sanitizederror "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/sanitizedError"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/utils/store"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/values"
|
||||
|
@ -26,11 +26,11 @@ func HasVariables(policy kyvernov1.PolicyInterface) [][]string {
|
|||
|
||||
func GetVariable(
|
||||
variablesString []string,
|
||||
vals *api.Values,
|
||||
vals *valuesapi.Values,
|
||||
valuesFile string,
|
||||
fs billy.Filesystem,
|
||||
policyResourcePath string,
|
||||
) (map[string]string, map[string]string, map[string]map[string]api.Resource, map[string]map[string]string, []api.Subresource, error) {
|
||||
) (map[string]string, map[string]string, map[string]map[string]valuesapi.Resource, map[string]map[string]string, []valuesapi.Subresource, error) {
|
||||
if vals == nil && valuesFile != "" {
|
||||
v, err := values.Load(fs, filepath.Join(policyResourcePath, valuesFile))
|
||||
if err != nil {
|
||||
|
@ -72,13 +72,13 @@ func GetVariable(
|
|||
|
||||
func getVariable(
|
||||
variablesString []string,
|
||||
vals *api.Values,
|
||||
) (map[string]string, map[string]string, map[string]map[string]api.Resource, map[string]map[string]api.Rule, map[string]map[string]string, []api.Subresource) {
|
||||
valuesMapResource := make(map[string]map[string]api.Resource)
|
||||
valuesMapRule := make(map[string]map[string]api.Rule)
|
||||
vals *valuesapi.Values,
|
||||
) (map[string]string, map[string]string, map[string]map[string]valuesapi.Resource, map[string]map[string]valuesapi.Rule, map[string]map[string]string, []valuesapi.Subresource) {
|
||||
valuesMapResource := make(map[string]map[string]valuesapi.Resource)
|
||||
valuesMapRule := make(map[string]map[string]valuesapi.Rule)
|
||||
namespaceSelectorMap := make(map[string]map[string]string)
|
||||
variables := make(map[string]string)
|
||||
subresources := make([]api.Subresource, 0)
|
||||
subresources := make([]valuesapi.Subresource, 0)
|
||||
globalValMap := make(map[string]string)
|
||||
reqObjVars := ""
|
||||
for _, kvpair := range variablesString {
|
||||
|
@ -109,7 +109,7 @@ func getVariable(
|
|||
globalValMap = vals.GlobalValues
|
||||
|
||||
for _, p := range vals.Policies {
|
||||
resourceMap := make(map[string]api.Resource)
|
||||
resourceMap := make(map[string]valuesapi.Resource)
|
||||
for _, r := range p.Resources {
|
||||
if val, ok := r.Values["request.operation"]; ok {
|
||||
if val == "" {
|
||||
|
@ -131,7 +131,7 @@ func getVariable(
|
|||
valuesMapResource[p.Name] = resourceMap
|
||||
|
||||
if p.Rules != nil {
|
||||
ruleMap := make(map[string]api.Rule)
|
||||
ruleMap := make(map[string]valuesapi.Rule)
|
||||
for _, r := range p.Rules {
|
||||
ruleMap[r.Name] = r
|
||||
}
|
||||
|
@ -183,10 +183,10 @@ func SetInStoreContext(mutatedPolicies []kyvernov1.PolicyInterface, variables ma
|
|||
return variables
|
||||
}
|
||||
|
||||
func CheckVariableForPolicy(valuesMap map[string]map[string]api.Resource, globalValMap map[string]string, policyName string, resourceName string, resourceKind string, variables map[string]string, kindOnwhichPolicyIsApplied map[string]struct{}, variable string) (map[string]interface{}, error) {
|
||||
func CheckVariableForPolicy(valuesMap map[string]map[string]valuesapi.Resource, globalValMap map[string]string, policyName string, resourceName string, resourceKind string, variables map[string]string, kindOnwhichPolicyIsApplied map[string]struct{}, variable string) (map[string]interface{}, error) {
|
||||
// get values from file for this policy resource combination
|
||||
thisPolicyResourceValues := make(map[string]interface{})
|
||||
if len(valuesMap[policyName]) != 0 && !datautils.DeepEqual(valuesMap[policyName][resourceName], api.Resource{}) {
|
||||
if len(valuesMap[policyName]) != 0 && !datautils.DeepEqual(valuesMap[policyName][resourceName], valuesapi.Resource{}) {
|
||||
thisPolicyResourceValues = valuesMap[policyName][resourceName].Values
|
||||
}
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ import (
|
|||
"os"
|
||||
|
||||
"github.com/go-git/go-billy/v5"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
||||
"k8s.io/apimachinery/pkg/util/yaml"
|
||||
)
|
||||
|
||||
|
@ -20,12 +20,12 @@ func readFile(f billy.Filesystem, filepath string) ([]byte, error) {
|
|||
return os.ReadFile(filepath)
|
||||
}
|
||||
|
||||
func Load(f billy.Filesystem, filepath string) (*api.Values, error) {
|
||||
func Load(f billy.Filesystem, filepath string) (*valuesapi.Values, error) {
|
||||
yamlBytes, err := readFile(f, filepath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
vals := &api.Values{}
|
||||
vals := &valuesapi.Values{}
|
||||
if err := yaml.UnmarshalStrict(yamlBytes, vals); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/go-git/go-billy/v5"
|
||||
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/test/api"
|
||||
valuesapi "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/apis/values"
|
||||
)
|
||||
|
||||
func Test_readFile(t *testing.T) {
|
||||
|
@ -31,18 +31,18 @@ func Test_readFile(t *testing.T) {
|
|||
wantErr: true,
|
||||
}, {
|
||||
name: "does not exist",
|
||||
filepath: "../testdata/values/doesnotexist",
|
||||
filepath: "../_testdata/values/doesnotexist",
|
||||
want: nil,
|
||||
wantErr: true,
|
||||
}, {
|
||||
name: "bad format",
|
||||
filepath: "../testdata/values/bad-format.yaml",
|
||||
want: mustReadFile("../testdata/values/bad-format.yaml"),
|
||||
filepath: "../_testdata/values/bad-format.yaml",
|
||||
want: mustReadFile("../_testdata/values/bad-format.yaml"),
|
||||
wantErr: false,
|
||||
}, {
|
||||
name: "valid",
|
||||
filepath: "../testdata/values/valid.yaml",
|
||||
want: mustReadFile("../testdata/values/valid.yaml"),
|
||||
filepath: "../_testdata/values/valid.yaml",
|
||||
want: mustReadFile("../_testdata/values/valid.yaml"),
|
||||
wantErr: false,
|
||||
}}
|
||||
for _, tt := range tests {
|
||||
|
@ -64,7 +64,7 @@ func TestLoad(t *testing.T) {
|
|||
name string
|
||||
f billy.Filesystem
|
||||
filepath string
|
||||
want *api.Values
|
||||
want *valuesapi.Values
|
||||
wantErr bool
|
||||
}{{
|
||||
name: "empty",
|
||||
|
@ -73,27 +73,27 @@ func TestLoad(t *testing.T) {
|
|||
wantErr: true,
|
||||
}, {
|
||||
name: "does not exist",
|
||||
filepath: "../testdata/values/doesnotexist",
|
||||
filepath: "../_testdata/values/doesnotexist",
|
||||
want: nil,
|
||||
wantErr: true,
|
||||
}, {
|
||||
name: "bad format",
|
||||
filepath: "../testdata/values/bad-format.yaml",
|
||||
filepath: "../_testdata/values/bad-format.yaml",
|
||||
want: nil,
|
||||
wantErr: true,
|
||||
}, {
|
||||
name: "valid",
|
||||
filepath: "../testdata/values/valid.yaml",
|
||||
want: &api.Values{
|
||||
NamespaceSelectors: []api.NamespaceSelector{{
|
||||
filepath: "../_testdata/values/valid.yaml",
|
||||
want: &valuesapi.Values{
|
||||
NamespaceSelectors: []valuesapi.NamespaceSelector{{
|
||||
Name: "test1",
|
||||
Labels: map[string]string{
|
||||
"foo.com/managed-state": "managed",
|
||||
},
|
||||
}},
|
||||
Policies: []api.Policy{{
|
||||
Policies: []valuesapi.Policy{{
|
||||
Name: "limit-configmap-for-sa",
|
||||
Resources: []api.Resource{{
|
||||
Resources: []valuesapi.Resource{{
|
||||
Name: "any-configmap-name-good",
|
||||
Values: map[string]interface{}{
|
||||
"request.operation": "UPDATE",
|
||||
|
|
Loading…
Add table
Reference in a new issue