From e749e6a8e524347373cbe8fb521e186c0c151b63 Mon Sep 17 00:00:00 2001 From: Chip Zoller <chipzoller@gmail.com> Date: Thu, 17 Nov 2022 15:56:20 -0500 Subject: [PATCH] Complete all basic kuttl tests for generate rules, clone and no-sync (#5400) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add pol-clone-nosync-create and pol-clone-nosync-invalid tests Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add pol-clone-nosync-delete-downstream Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add pol-clone-nosync-modify-downstream Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add pol-clone-nosync-delete-source Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add pol-clone-nosync-modify-source Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add pol-clone-nosync-delete-rule Signed-off-by: Chip Zoller <chipzoller@gmail.com> * add pol-clone-nosync-delete-policy Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> --- .../pol-clone-nosync-create/01-create.yaml | 6 ++ .../pol-clone-nosync-create/02-resource.yaml | 6 ++ .../pol-clone-nosync-create/99-cleanup.yaml | 5 ++ .../nosync/pol-clone-nosync-create/README.md | 11 ++++ .../cloned-secret.yaml | 8 +++ .../pol-clone-nosync-create/create-cm.yaml | 9 +++ .../pol-clone-nosync-create/manifests.yaml | 31 +++++++++ .../pol-clone-nosync-create/policy-ready.yaml | 10 +++ .../01-create.yaml | 6 ++ .../02-resource.yaml | 6 ++ .../03-delete-downstream.yaml | 7 +++ .../04-sleep.yaml | 5 ++ .../05-errors.yaml | 5 ++ .../99-cleanup.yaml | 5 ++ .../README.md | 11 ++++ .../cloned-secret.yaml | 8 +++ .../create-cm.yaml | 9 +++ .../manifests.yaml | 31 +++++++++ .../policy-ready.yaml | 10 +++ .../01-create.yaml | 6 ++ .../02-resource.yaml | 6 ++ .../03-delete-policy.yaml | 7 +++ .../04-sleep.yaml | 5 ++ .../05-assert.yaml | 5 ++ .../99-cleanup.yaml | 5 ++ .../pol-clone-nosync-delete-policy/README.md | 11 ++++ .../cloned-secret.yaml | 8 +++ .../create-cm.yaml | 9 +++ .../manifests.yaml | 31 +++++++++ .../policy-ready.yaml | 10 +++ .../01-create.yaml | 6 ++ .../02-resource.yaml | 7 +++ .../03-delete-rule.yaml | 22 +++++++ .../04-sleep.yaml | 5 ++ .../05-assert.yaml | 11 ++++ .../99-cleanup.yaml | 5 ++ .../pol-clone-nosync-delete-rule/README.md | 11 ++++ .../cloned-limitrange.yaml | 5 ++ .../cloned-secret.yaml | 8 +++ .../create-cm.yaml | 9 +++ .../manifests.yaml | 63 +++++++++++++++++++ .../policy-ready.yaml | 10 +++ .../01-create.yaml | 6 ++ .../02-resource.yaml | 6 ++ .../03-delete-source.yaml | 7 +++ .../04-sleep.yaml | 5 ++ .../05-assert.yaml | 5 ++ .../99-cleanup.yaml | 5 ++ .../pol-clone-nosync-delete-source/README.md | 11 ++++ .../cloned-secret.yaml | 8 +++ .../create-cm.yaml | 9 +++ .../manifests.yaml | 31 +++++++++ .../policy-ready.yaml | 10 +++ .../01-script-try-create1.yaml | 13 ++++ .../02-script-try-create2.yaml | 13 ++++ .../nosync/pol-clone-nosync-invalid/README.md | 11 ++++ .../pol-clone-nosync-invalid/policy1.yaml | 22 +++++++ .../pol-clone-nosync-invalid/policy2.yaml | 22 +++++++ .../01-create.yaml | 6 ++ .../02-resource.yaml | 6 ++ .../03-modify-downstream.yaml | 8 +++ .../04-sleep.yaml | 5 ++ .../05-assert.yaml | 8 +++ .../99-cleanup.yaml | 5 ++ .../README.md | 11 ++++ .../cloned-secret.yaml | 8 +++ .../create-cm.yaml | 9 +++ .../manifests.yaml | 31 +++++++++ .../policy-ready.yaml | 10 +++ .../01-create.yaml | 6 ++ .../02-resource.yaml | 6 ++ .../03-modify-source.yaml | 8 +++ .../04-sleep.yaml | 5 ++ .../05-assert.yaml | 8 +++ .../99-cleanup.yaml | 5 ++ .../pol-clone-nosync-modify-source/README.md | 11 ++++ .../cloned-secret.yaml | 8 +++ .../create-cm.yaml | 9 +++ .../manifests.yaml | 31 +++++++++ .../policy-ready.yaml | 10 +++ 80 files changed, 852 insertions(+) create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/01-create.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/02-resource.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/99-cleanup.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/README.md create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/cloned-secret.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/create-cm.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/manifests.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/policy-ready.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/01-create.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/02-resource.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/03-delete-downstream.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/04-sleep.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/05-errors.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/99-cleanup.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/README.md create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/cloned-secret.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/create-cm.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/manifests.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/policy-ready.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/01-create.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/02-resource.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/03-delete-policy.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/04-sleep.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/05-assert.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/99-cleanup.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/README.md create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/cloned-secret.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/create-cm.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/manifests.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/policy-ready.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/01-create.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/02-resource.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/03-delete-rule.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/04-sleep.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/05-assert.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/99-cleanup.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/README.md create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/cloned-limitrange.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/cloned-secret.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/create-cm.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/manifests.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/policy-ready.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/01-create.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/02-resource.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/03-delete-source.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/04-sleep.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/05-assert.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/99-cleanup.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/README.md create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/cloned-secret.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/create-cm.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/manifests.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/policy-ready.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/01-script-try-create1.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/02-script-try-create2.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/README.md create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/policy1.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/policy2.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/01-create.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/02-resource.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/03-modify-downstream.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/04-sleep.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/05-assert.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/99-cleanup.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/README.md create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/cloned-secret.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/create-cm.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/manifests.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/policy-ready.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/01-create.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/02-resource.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/03-modify-source.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/04-sleep.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/05-assert.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/99-cleanup.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/README.md create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/cloned-secret.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/create-cm.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/manifests.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/policy-ready.yaml diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/01-create.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/01-create.yaml new file mode 100644 index 0000000000..2c46671c6c --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/01-create.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- manifests.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/02-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/02-resource.yaml new file mode 100644 index 0000000000..2292332eec --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/02-resource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- create-cm.yaml +assert: +- cloned-secret.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/99-cleanup.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/99-cleanup.yaml new file mode 100644 index 0000000000..1a01e55a0b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/99-cleanup.yaml @@ -0,0 +1,5 @@ +# This clean-up stage is necessary because of https://github.com/kyverno/kyverno/issues/5101 +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: kubectl delete ur -A --all \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/README.md b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/README.md new file mode 100644 index 0000000000..73011b98bf --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks the basic creation behavior of a generate rule in a Policy (Namespaced) using a clone declaration with synchronize disabled. + +## Expected Behavior + +A resource should be generated via clone in the same Namespace as where the Policy is created. If the resource is created, the test passes. If the resource is not, the test fails. + +## Reference Issue(s) + +N/A diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/cloned-secret.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/cloned-secret.yaml new file mode 100644 index 0000000000..9cbe3d6457 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/cloned-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: newsecret + namespace: default +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/create-cm.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/create-cm.yaml new file mode 100644 index 0000000000..088e22e931 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/create-cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mycm + namespace: default +data: + food: cheese + day: monday + color: red \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/manifests.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/manifests.yaml new file mode 100644 index 0000000000..77603373c3 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/manifests.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque +--- +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-create-policy + namespace: default +spec: + rules: + - name: pol-clone-nosync-create-rule + match: + any: + - resources: + kinds: + - ConfigMap + generate: + apiVersion: v1 + kind: Secret + name: newsecret + namespace: default + synchronize: false + clone: + name: regcred + namespace: default diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/policy-ready.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/policy-ready.yaml new file mode 100644 index 0000000000..c409b525c3 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-create/policy-ready.yaml @@ -0,0 +1,10 @@ +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-create-policy + namespace: default +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/01-create.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/01-create.yaml new file mode 100644 index 0000000000..2c46671c6c --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/01-create.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- manifests.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/02-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/02-resource.yaml new file mode 100644 index 0000000000..2292332eec --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/02-resource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- create-cm.yaml +assert: +- cloned-secret.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/03-delete-downstream.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/03-delete-downstream.yaml new file mode 100644 index 0000000000..a621b618be --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/03-delete-downstream.yaml @@ -0,0 +1,7 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +delete: +- apiVersion: v1 + kind: Secret + name: newsecret + namespace: default \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/04-sleep.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/04-sleep.yaml new file mode 100644 index 0000000000..62a3d6d08b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/04-sleep.yaml @@ -0,0 +1,5 @@ +# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 5 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/05-errors.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/05-errors.yaml new file mode 100644 index 0000000000..1a47c4a978 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/05-errors.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Secret +metadata: + name: newsecret + namespace: default \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/99-cleanup.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/99-cleanup.yaml new file mode 100644 index 0000000000..1a01e55a0b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/99-cleanup.yaml @@ -0,0 +1,5 @@ +# This clean-up stage is necessary because of https://github.com/kyverno/kyverno/issues/5101 +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: kubectl delete ur -A --all \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/README.md b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/README.md new file mode 100644 index 0000000000..626e15b24f --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that deletion of a downstream (generated) resource resulting from a Policy (Namespaced) generate rule, clone declaration, with sync disabled, does NOT result the downstream resource's recreation. + +## Expected Behavior + +The deleted downstream resource should remain deleted. If it is not recreated, the test passes. If it is cloned again from source, the test fails. + +## Reference Issue(s) + +N/A diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/cloned-secret.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/cloned-secret.yaml new file mode 100644 index 0000000000..9cbe3d6457 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/cloned-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: newsecret + namespace: default +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/create-cm.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/create-cm.yaml new file mode 100644 index 0000000000..088e22e931 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/create-cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mycm + namespace: default +data: + food: cheese + day: monday + color: red \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/manifests.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/manifests.yaml new file mode 100644 index 0000000000..77603373c3 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/manifests.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque +--- +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-create-policy + namespace: default +spec: + rules: + - name: pol-clone-nosync-create-rule + match: + any: + - resources: + kinds: + - ConfigMap + generate: + apiVersion: v1 + kind: Secret + name: newsecret + namespace: default + synchronize: false + clone: + name: regcred + namespace: default diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/policy-ready.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/policy-ready.yaml new file mode 100644 index 0000000000..c409b525c3 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/policy-ready.yaml @@ -0,0 +1,10 @@ +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-create-policy + namespace: default +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/01-create.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/01-create.yaml new file mode 100644 index 0000000000..2c46671c6c --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/01-create.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- manifests.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/02-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/02-resource.yaml new file mode 100644 index 0000000000..2292332eec --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/02-resource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- create-cm.yaml +assert: +- cloned-secret.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/03-delete-policy.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/03-delete-policy.yaml new file mode 100644 index 0000000000..1c0b10cca6 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/03-delete-policy.yaml @@ -0,0 +1,7 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +delete: +- apiVersion: kyverno.io/v2beta1 + kind: Policy + name: pol-clone-nosync-delete-policy + namespace: default \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/04-sleep.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/04-sleep.yaml new file mode 100644 index 0000000000..62a3d6d08b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/04-sleep.yaml @@ -0,0 +1,5 @@ +# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 5 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/05-assert.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/05-assert.yaml new file mode 100644 index 0000000000..1a47c4a978 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/05-assert.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Secret +metadata: + name: newsecret + namespace: default \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/99-cleanup.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/99-cleanup.yaml new file mode 100644 index 0000000000..1a01e55a0b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/99-cleanup.yaml @@ -0,0 +1,5 @@ +# This clean-up stage is necessary because of https://github.com/kyverno/kyverno/issues/5101 +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: kubectl delete ur -A --all \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/README.md b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/README.md new file mode 100644 index 0000000000..60d37df22f --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that deletion of a Policy (Namespaced) generate rule, clone declaration, with sync disabled, does NOT result in the downstream resource's deletion. + +## Expected Behavior + +The downstream (generated) resource is expected to remain if the Policy is deleted. If it is not deleted, the test passes. If it is deleted, the test fails. + +## Reference Issue(s) + +N/A diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/cloned-secret.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/cloned-secret.yaml new file mode 100644 index 0000000000..9cbe3d6457 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/cloned-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: newsecret + namespace: default +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/create-cm.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/create-cm.yaml new file mode 100644 index 0000000000..088e22e931 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/create-cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mycm + namespace: default +data: + food: cheese + day: monday + color: red \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/manifests.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/manifests.yaml new file mode 100644 index 0000000000..6f42adcc0b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/manifests.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque +--- +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-delete-policy + namespace: default +spec: + rules: + - name: pol-clone-nosync-delete-policy-cm + match: + any: + - resources: + kinds: + - ConfigMap + generate: + apiVersion: v1 + kind: Secret + name: newsecret + namespace: default + synchronize: false + clone: + name: regcred + namespace: default \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/policy-ready.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/policy-ready.yaml new file mode 100644 index 0000000000..e4fa585828 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/policy-ready.yaml @@ -0,0 +1,10 @@ +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-delete-policy + namespace: default +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/01-create.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/01-create.yaml new file mode 100644 index 0000000000..2c46671c6c --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/01-create.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- manifests.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/02-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/02-resource.yaml new file mode 100644 index 0000000000..c6f1699c00 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/02-resource.yaml @@ -0,0 +1,7 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- create-cm.yaml +assert: +- cloned-secret.yaml +- cloned-limitrange.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/03-delete-rule.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/03-delete-rule.yaml new file mode 100644 index 0000000000..316634fe88 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/03-delete-rule.yaml @@ -0,0 +1,22 @@ +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-delete-rule + namespace: default +spec: + rules: + - name: pol-clone-nosync-delete-rule-lr + match: + any: + - resources: + kinds: + - ConfigMap + generate: + apiVersion: v1 + kind: LimitRange + name: genlr + namespace: default + synchronize: false + clone: + name: sourcelr + namespace: default diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/04-sleep.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/04-sleep.yaml new file mode 100644 index 0000000000..62a3d6d08b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/04-sleep.yaml @@ -0,0 +1,5 @@ +# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 5 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/05-assert.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/05-assert.yaml new file mode 100644 index 0000000000..ca3309e3e1 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/05-assert.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: newsecret + namespace: default +--- +apiVersion: v1 +kind: LimitRange +metadata: + name: genlr + namespace: default \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/99-cleanup.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/99-cleanup.yaml new file mode 100644 index 0000000000..1a01e55a0b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/99-cleanup.yaml @@ -0,0 +1,5 @@ +# This clean-up stage is necessary because of https://github.com/kyverno/kyverno/issues/5101 +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: kubectl delete ur -A --all \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/README.md b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/README.md new file mode 100644 index 0000000000..fc3b9954e4 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that deletion of a rule in a Policy (Namespaced) generate rule, clone declaration, with sync disabled, does NOT result in the downstream resource's deletion. + +## Expected Behavior + +The downstream (generated) resource is expected to remain if the corresponding rule within a Policy is deleted. If it is not deleted, the test passes. If it is deleted, the test fails. + +## Reference Issue(s) + +N/A diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/cloned-limitrange.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/cloned-limitrange.yaml new file mode 100644 index 0000000000..be140a8db5 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/cloned-limitrange.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: LimitRange +metadata: + name: genlr + namespace: default \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/cloned-secret.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/cloned-secret.yaml new file mode 100644 index 0000000000..9cbe3d6457 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/cloned-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: newsecret + namespace: default +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/create-cm.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/create-cm.yaml new file mode 100644 index 0000000000..088e22e931 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/create-cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mycm + namespace: default +data: + food: cheese + day: monday + color: red \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/manifests.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/manifests.yaml new file mode 100644 index 0000000000..cd8218d904 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/manifests.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque +--- +apiVersion: v1 +kind: LimitRange +metadata: + name: sourcelr + namespace: default +spec: + limits: + - type: Container + default: + cpu: 500m + defaultRequest: + cpu: 500m + max: + cpu: "1" + min: + cpu: 100m +--- +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-delete-rule + namespace: default +spec: + rules: + - name: pol-clone-nosync-delete-rule-cm + match: + any: + - resources: + kinds: + - ConfigMap + generate: + apiVersion: v1 + kind: Secret + name: newsecret + namespace: default + synchronize: false + clone: + name: regcred + namespace: default + - name: pol-clone-nosync-delete-rule-lr + match: + any: + - resources: + kinds: + - ConfigMap + generate: + apiVersion: v1 + kind: LimitRange + name: genlr + namespace: default + synchronize: false + clone: + name: sourcelr + namespace: default diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/policy-ready.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/policy-ready.yaml new file mode 100644 index 0000000000..5534aa22a9 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/policy-ready.yaml @@ -0,0 +1,10 @@ +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-delete-rule + namespace: default +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/01-create.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/01-create.yaml new file mode 100644 index 0000000000..2c46671c6c --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/01-create.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- manifests.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/02-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/02-resource.yaml new file mode 100644 index 0000000000..2292332eec --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/02-resource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- create-cm.yaml +assert: +- cloned-secret.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/03-delete-source.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/03-delete-source.yaml new file mode 100644 index 0000000000..b1ca5b731b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/03-delete-source.yaml @@ -0,0 +1,7 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +delete: +- apiVersion: v1 + kind: Secret + name: regcred + namespace: default \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/04-sleep.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/04-sleep.yaml new file mode 100644 index 0000000000..62a3d6d08b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/04-sleep.yaml @@ -0,0 +1,5 @@ +# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 5 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/05-assert.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/05-assert.yaml new file mode 100644 index 0000000000..1a47c4a978 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/05-assert.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Secret +metadata: + name: newsecret + namespace: default \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/99-cleanup.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/99-cleanup.yaml new file mode 100644 index 0000000000..1a01e55a0b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/99-cleanup.yaml @@ -0,0 +1,5 @@ +# This clean-up stage is necessary because of https://github.com/kyverno/kyverno/issues/5101 +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: kubectl delete ur -A --all \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/README.md b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/README.md new file mode 100644 index 0000000000..3d7fed49bb --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that deletion of the source (upstream) resource used by a Policy (Namespaced) generate rule, clone declaration, with sync disabled, does NOT result in the downstream resource's deletion. + +## Expected Behavior + +The deleted downstream resource should remain in place. If it is still present after the source deletion, the test passes. If it is deleted, the test fails. + +## Reference Issue(s) + +N/A diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/cloned-secret.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/cloned-secret.yaml new file mode 100644 index 0000000000..9cbe3d6457 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/cloned-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: newsecret + namespace: default +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/create-cm.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/create-cm.yaml new file mode 100644 index 0000000000..088e22e931 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/create-cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mycm + namespace: default +data: + food: cheese + day: monday + color: red \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/manifests.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/manifests.yaml new file mode 100644 index 0000000000..9fb19e969a --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/manifests.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque +--- +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-delete-source + namespace: default +spec: + rules: + - name: pol-clone-nosync-create-rule + match: + any: + - resources: + kinds: + - ConfigMap + generate: + apiVersion: v1 + kind: Secret + name: newsecret + namespace: default + synchronize: false + clone: + name: regcred + namespace: default diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/policy-ready.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/policy-ready.yaml new file mode 100644 index 0000000000..7d37827fa4 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/policy-ready.yaml @@ -0,0 +1,10 @@ +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-delete-source + namespace: default +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/01-script-try-create1.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/01-script-try-create1.yaml new file mode 100644 index 0000000000..faa1649764 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/01-script-try-create1.yaml @@ -0,0 +1,13 @@ +## Checks that the manifests.yaml file CANNOT be successfully created. If it can, fail the test as this is incorrect. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: +- script: | + if kubectl apply -f policy1.yaml + then + echo "Tested failed. Policy was created when it shouldn't have been." + exit 1 + else + echo "Test succeeded. Policy was not created as intended." + exit 0 + fi \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/02-script-try-create2.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/02-script-try-create2.yaml new file mode 100644 index 0000000000..0c5e5da137 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/02-script-try-create2.yaml @@ -0,0 +1,13 @@ +## Checks that the manifests.yaml file CANNOT be successfully created. If it can, fail the test as this is incorrect. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: +- script: | + if kubectl apply -f policy2.yaml + then + echo "Tested failed. Policy was created when it shouldn't have been." + exit 1 + else + echo "Test succeeded. Policy was not created as intended." + exit 0 + fi \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/README.md b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/README.md new file mode 100644 index 0000000000..1e19e73a7c --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/README.md @@ -0,0 +1,11 @@ +## Description + +This test performs two checks to ensure that a "bad" Policy, one in which a user may attempt to cross-Namespace clone a resource, is blocked from creation. The first variant attempts to clone a Secret from an outside Namespace into the Namespace where the Policy is defined. The second variant inverts this to try and clone a Secret co-located in the same Namespace as the Policy to an outside Namespace. Both of these are invalid and must be blocked. + +## Expected Behavior + +Both "bad" (invalid) Policy should fail to be created. If all the creations are blocked, the test succeeds. If any creation is allowed, the test fails. + +## Reference Issue(s) + +5099 diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/policy1.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/policy1.yaml new file mode 100644 index 0000000000..dd42c4ad01 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/policy1.yaml @@ -0,0 +1,22 @@ +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-invalid + namespace: default +spec: + rules: + - name: pol-clone-nosync-invalid-rule + match: + any: + - resources: + kinds: + - ConfigMap + generate: + apiVersion: v1 + kind: Secret + name: newsecret + namespace: default + synchronize: false + clone: + name: regcred + namespace: foo diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/policy2.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/policy2.yaml new file mode 100644 index 0000000000..f9b3a7d5a3 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/policy2.yaml @@ -0,0 +1,22 @@ +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-invalid + namespace: default +spec: + rules: + - name: pol-clone-nosync-invalid-rule + match: + any: + - resources: + kinds: + - ConfigMap + generate: + apiVersion: v1 + kind: Secret + name: newsecret + namespace: foo + synchronize: false + clone: + name: regcred + namespace: default diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/01-create.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/01-create.yaml new file mode 100644 index 0000000000..2c46671c6c --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/01-create.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- manifests.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/02-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/02-resource.yaml new file mode 100644 index 0000000000..2292332eec --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/02-resource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- create-cm.yaml +assert: +- cloned-secret.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/03-modify-downstream.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/03-modify-downstream.yaml new file mode 100644 index 0000000000..68c144ab0b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/03-modify-downstream.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: dGhpc2hhc2JlZW5tb2RpZmllZA== +kind: Secret +metadata: + name: newsecret + namespace: default +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/04-sleep.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/04-sleep.yaml new file mode 100644 index 0000000000..62a3d6d08b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/04-sleep.yaml @@ -0,0 +1,5 @@ +# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 5 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/05-assert.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/05-assert.yaml new file mode 100644 index 0000000000..68c144ab0b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/05-assert.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: dGhpc2hhc2JlZW5tb2RpZmllZA== +kind: Secret +metadata: + name: newsecret + namespace: default +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/99-cleanup.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/99-cleanup.yaml new file mode 100644 index 0000000000..1a01e55a0b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/99-cleanup.yaml @@ -0,0 +1,5 @@ +# This clean-up stage is necessary because of https://github.com/kyverno/kyverno/issues/5101 +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: kubectl delete ur -A --all \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/README.md b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/README.md new file mode 100644 index 0000000000..c3438579dc --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that modification of a downstream (generated) resource resulting from a Policy (Namespaced) generate rule, clone declaration, with sync disabled, does NOT result in those modifications being reverted with the contents of the source resource. + +## Expected Behavior + +The downstream resource, once modified, should remain as-is. If it remains as-is based on the last modification, the test passes. If it is anything else than how it was last modified, the test fails. + +## Reference Issue(s) + +N/A diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/cloned-secret.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/cloned-secret.yaml new file mode 100644 index 0000000000..9cbe3d6457 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/cloned-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: newsecret + namespace: default +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/create-cm.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/create-cm.yaml new file mode 100644 index 0000000000..088e22e931 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/create-cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mycm + namespace: default +data: + food: cheese + day: monday + color: red \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/manifests.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/manifests.yaml new file mode 100644 index 0000000000..89b18a2de0 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/manifests.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque +--- +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-modify-downstream + namespace: default +spec: + rules: + - name: pol-clone-nosync-modify-downstream-rule + match: + any: + - resources: + kinds: + - ConfigMap + generate: + apiVersion: v1 + kind: Secret + name: newsecret + namespace: default + synchronize: false + clone: + name: regcred + namespace: default diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/policy-ready.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/policy-ready.yaml new file mode 100644 index 0000000000..8855583721 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/policy-ready.yaml @@ -0,0 +1,10 @@ +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-modify-downstream + namespace: default +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/01-create.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/01-create.yaml new file mode 100644 index 0000000000..2c46671c6c --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/01-create.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- manifests.yaml +assert: +- policy-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/02-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/02-resource.yaml new file mode 100644 index 0000000000..2292332eec --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/02-resource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- create-cm.yaml +assert: +- cloned-secret.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/03-modify-source.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/03-modify-source.yaml new file mode 100644 index 0000000000..05b1bd94dc --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/03-modify-source.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: dGhpc2hhc2JlZW5tb2RpZmllZA== +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/04-sleep.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/04-sleep.yaml new file mode 100644 index 0000000000..62a3d6d08b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/04-sleep.yaml @@ -0,0 +1,5 @@ +# A command can only run a single command, not a pipeline and not a script. The program called must exist on the system where the test is run. +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: sleep 5 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/05-assert.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/05-assert.yaml new file mode 100644 index 0000000000..9cbe3d6457 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/05-assert.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: newsecret + namespace: default +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/99-cleanup.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/99-cleanup.yaml new file mode 100644 index 0000000000..1a01e55a0b --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/99-cleanup.yaml @@ -0,0 +1,5 @@ +# This clean-up stage is necessary because of https://github.com/kyverno/kyverno/issues/5101 +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: kubectl delete ur -A --all \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/README.md b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/README.md new file mode 100644 index 0000000000..9d6ba53a3d --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/README.md @@ -0,0 +1,11 @@ +## Description + +This test checks to ensure that modification of a source (upstream) resource used by a Policy (Namespaced) generate rule, clone declaration, with sync disabled, does NOT result in those modifications being synced to the downstream resource. + +## Expected Behavior + +The source resource, once modified, should not cause any cloned (downstream) resources to be changed. If the downstream resource remains as-is, the test passes. If it is anything else other than how it looked when originally created, the test fails. + +## Reference Issue(s) + +N/A diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/cloned-secret.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/cloned-secret.yaml new file mode 100644 index 0000000000..9cbe3d6457 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/cloned-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: newsecret + namespace: default +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/create-cm.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/create-cm.yaml new file mode 100644 index 0000000000..088e22e931 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/create-cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mycm + namespace: default +data: + food: cheese + day: monday + color: red \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/manifests.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/manifests.yaml new file mode 100644 index 0000000000..63e4eff6f8 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/manifests.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque +--- +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-modify-source + namespace: default +spec: + rules: + - name: pol-clone-nosync-modify-source-rule + match: + any: + - resources: + kinds: + - ConfigMap + generate: + apiVersion: v1 + kind: Secret + name: newsecret + namespace: default + synchronize: false + clone: + name: regcred + namespace: default diff --git a/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/policy-ready.yaml b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/policy-ready.yaml new file mode 100644 index 0000000000..3d901fecac --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/policy-ready.yaml @@ -0,0 +1,10 @@ +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-clone-nosync-modify-source + namespace: default +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file