mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
fix: check the patchedResources in kyverno-test (#11686)
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
This commit is contained in:
parent
e3a86bc286
commit
f36d5410ea
23 changed files with 101 additions and 97 deletions
|
@ -26,11 +26,6 @@ type TestResultBase struct {
|
|||
// Kind mentions the kind of the resource on which the policy is to be applied.
|
||||
Kind string `json:"kind"`
|
||||
|
||||
// Deprecated. Use `patchedResources` instead.
|
||||
// PatchedResource takes a resource configuration file in yaml format from
|
||||
// the user to compare it against the Kyverno mutated resource configuration.
|
||||
PatchedResource string `json:"patchedResource,omitempty"`
|
||||
|
||||
// PatchedResource takes a resource configuration file in yaml format from
|
||||
// the user to compare it against the Kyverno mutated resource configuration.
|
||||
// Multiple resources can be passed in the same file
|
||||
|
@ -59,6 +54,11 @@ type TestResultDeprecated struct {
|
|||
// Namespace mentions the namespace of the policy which has namespace scope.
|
||||
// This is DEPRECATED, use a name in the form `<namespace>/<name>` for policies and/or resources instead.
|
||||
Namespace string `json:"namespace,omitempty"`
|
||||
|
||||
// PatchedResource takes a resource configuration file in yaml format from
|
||||
// the user to compare it against the Kyverno mutated resource configuration.
|
||||
// This is DEPRECATED, Use `patchedResources` instead.
|
||||
PatchedResource string `json:"patchedResource,omitempty"`
|
||||
}
|
||||
|
||||
// TestResultBase declares a test result
|
||||
|
|
|
@ -158,8 +158,12 @@ func checkResult(test v1alpha1.TestResult, fs billy.Filesystem, resoucePath stri
|
|||
expected = test.Status
|
||||
}
|
||||
// fallback on deprecated field
|
||||
if test.PatchedResource != "" {
|
||||
equals, err := getAndCompareResource([]*unstructured.Unstructured{&response.PatchedResource}, fs, filepath.Join(resoucePath, test.PatchedResource))
|
||||
patchedResource := test.PatchedResource
|
||||
if test.PatchedResources != "" {
|
||||
patchedResource = test.PatchedResources
|
||||
}
|
||||
if patchedResource != "" {
|
||||
equals, err := getAndCompareResource([]*unstructured.Unstructured{&response.PatchedResource}, fs, filepath.Join(resoucePath, patchedResource))
|
||||
if err != nil {
|
||||
return false, err.Error(), "Resource error"
|
||||
}
|
||||
|
|
|
@ -35,14 +35,14 @@ func CheckTest(out io.Writer, path string, resource *v1alpha1.Test) bool {
|
|||
if resource != nil {
|
||||
if resource.APIVersion == "" || resource.Kind == "" || resource.Name != "" {
|
||||
if out != nil {
|
||||
fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.13\n", path)
|
||||
fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.14\n", path)
|
||||
}
|
||||
return true
|
||||
}
|
||||
for _, result := range resource.Results {
|
||||
if result.TestResultDeprecated.Status != "" || result.TestResultDeprecated.Namespace != "" || result.TestResultDeprecated.Resource != "" {
|
||||
if result.TestResultDeprecated.Status != "" || result.TestResultDeprecated.Namespace != "" || result.TestResultDeprecated.Resource != "" || result.TestResultDeprecated.PatchedResource != "" {
|
||||
if out != nil {
|
||||
fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.13\n", path)
|
||||
fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.14\n", path)
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
|
|
@ -795,19 +795,6 @@ string
|
|||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>patchedResource</code><br/>
|
||||
<em>
|
||||
string
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<p>Deprecated. Use <code>patchedResources</code> instead.
|
||||
PatchedResource takes a resource configuration file in yaml format from
|
||||
the user to compare it against the Kyverno mutated resource configuration.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>patchedResources</code><br/>
|
||||
<em>
|
||||
string
|
||||
|
@ -900,6 +887,19 @@ string
|
|||
This is DEPRECATED, use a name in the form <code><namespace>/<name></code> for policies and/or resources instead.</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>patchedResource</code><br/>
|
||||
<em>
|
||||
string
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<p>PatchedResource takes a resource configuration file in yaml format from
|
||||
the user to compare it against the Kyverno mutated resource configuration.
|
||||
This is DEPRECATED, Use <code>patchedResources</code> instead.</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<hr />
|
||||
|
|
|
@ -1674,37 +1674,6 @@ Possible values are pass, fail and skip.</p>
|
|||
|
||||
|
||||
|
||||
<tr>
|
||||
<td><code>patchedResource</code>
|
||||
|
||||
<span style="color:blue;"> *</span>
|
||||
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
|
||||
<span style="font-family: monospace">string</span>
|
||||
|
||||
|
||||
</td>
|
||||
<td>
|
||||
|
||||
|
||||
<p>Deprecated. Use <code>patchedResources</code> instead.
|
||||
PatchedResource takes a resource configuration file in yaml format from
|
||||
the user to compare it against the Kyverno mutated resource configuration.</p>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
||||
|
||||
<tr>
|
||||
<td><code>patchedResources</code>
|
||||
|
||||
|
@ -1917,6 +1886,37 @@ This is DEPRECATED, use a name in the form <code><namespace>/<name><
|
|||
|
||||
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
|
||||
|
||||
|
||||
<tr>
|
||||
<td><code>patchedResource</code>
|
||||
|
||||
<span style="color:blue;"> *</span>
|
||||
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
|
||||
<span style="font-family: monospace">string</span>
|
||||
|
||||
|
||||
</td>
|
||||
<td>
|
||||
|
||||
|
||||
<p>PatchedResource takes a resource configuration file in yaml format from
|
||||
the user to compare it against the Kyverno mutated resource configuration.
|
||||
This is DEPRECATED, Use <code>patchedResources</code> instead.</p>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ resources:
|
|||
- resource.yaml
|
||||
results:
|
||||
- kind: Endpoints
|
||||
patchedResource: patchedresource.yaml
|
||||
patchedResources: patchedresource.yaml
|
||||
policy: policy-endpoints
|
||||
resources:
|
||||
- test-endpoint
|
||||
|
|
|
@ -8,7 +8,7 @@ resources:
|
|||
- resource.yaml
|
||||
results:
|
||||
- kind: Deployment
|
||||
patchedResource: patchedresource.yaml
|
||||
patchedResources: patchedresource.yaml
|
||||
policy: mutate-pods-spec
|
||||
resources:
|
||||
- nginx-deployment
|
||||
|
|
|
@ -8,21 +8,21 @@ resources:
|
|||
- resource.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource1.yaml
|
||||
patchedResources: patchedResource1.yaml
|
||||
policy: add-default-resources
|
||||
resources:
|
||||
- nginx-demo1
|
||||
result: pass
|
||||
rule: add-default-requests
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource3.yaml
|
||||
patchedResources: patchedResource3.yaml
|
||||
policy: add-default-resources
|
||||
resources:
|
||||
- nginx-demo3
|
||||
result: pass
|
||||
rule: add-default-requests
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource2.yaml
|
||||
patchedResources: patchedResource2.yaml
|
||||
policy: add-default-resources
|
||||
resources:
|
||||
- nginx-demo2
|
||||
|
|
|
@ -8,7 +8,7 @@ resources:
|
|||
- ./resource.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
patchedResource: patched-resource-pattern.yaml
|
||||
patchedResources: patched-resource-pattern.yaml
|
||||
policy: bug-demo
|
||||
resources:
|
||||
- pod1
|
||||
|
|
|
@ -14,7 +14,7 @@ results:
|
|||
result: skip
|
||||
rule: clb
|
||||
- kind: Service
|
||||
patchedResource: patched.yaml
|
||||
patchedResources: patched.yaml
|
||||
policy: disable-connection-draining
|
||||
resources:
|
||||
- nlb-aws-controller-no-attributes
|
||||
|
|
|
@ -8,7 +8,7 @@ resources:
|
|||
- resources.yaml
|
||||
results:
|
||||
- kind: Deployment
|
||||
patchedResource: deploy-patched.yaml
|
||||
patchedResources: deploy-patched.yaml
|
||||
policy: mutate-emptydir
|
||||
resources:
|
||||
- svc-sizelimit-test
|
||||
|
|
|
@ -8,7 +8,7 @@ resources:
|
|||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
patchedResource: patched.yaml
|
||||
patchedResources: patched.yaml
|
||||
policy: add-default-resources
|
||||
resources:
|
||||
- badpod
|
||||
|
|
|
@ -8,14 +8,14 @@ resources:
|
|||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
patchedResource: patched-resource.yaml
|
||||
patchedResources: patched-resource.yaml
|
||||
policy: foreach-json-patch
|
||||
resources:
|
||||
- nginx
|
||||
result: pass
|
||||
rule: add-security-context
|
||||
- kind: Pod
|
||||
patchedResource: pod-updated-image.yaml
|
||||
patchedResources: pod-updated-image.yaml
|
||||
policy: mutate-images
|
||||
resources:
|
||||
- mypod
|
||||
|
|
|
@ -8,7 +8,7 @@ resources:
|
|||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
patchedResource: pod-patched.yaml
|
||||
patchedResources: pod-patched.yaml
|
||||
policy: replace-image-registry-containers
|
||||
resources:
|
||||
- test-patched-image
|
||||
|
|
|
@ -8,14 +8,14 @@ resources:
|
|||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource.yaml
|
||||
patchedResources: patchedResource.yaml
|
||||
policy: add-safe-to-evict
|
||||
resources:
|
||||
- pod-with-emptydir-hostpath
|
||||
result: pass
|
||||
rule: annotate-empty-dir
|
||||
- kind: Pod
|
||||
patchedResource: patchedResourceWithVolume.yaml
|
||||
patchedResources: patchedResourceWithVolume.yaml
|
||||
policy: add-safe-to-evict
|
||||
resources:
|
||||
- pod-with-emptydir-hostpath-1
|
||||
|
|
|
@ -8,15 +8,15 @@ resources:
|
|||
- resource.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
policy: karpenter-annotations-to-nodeselector
|
||||
resources:
|
||||
- soft-pod-antiaffinity-1-copy
|
||||
result: pass
|
||||
rule: hard-nodeselector-lifecycle-on-demand
|
||||
- kind: Pod
|
||||
patchedResource: patched.yaml
|
||||
patchedResources: patched.yaml
|
||||
policy: karpenter-annotations-to-nodeselector
|
||||
resources:
|
||||
- soft-pod-antiaffinity-1
|
||||
result: pass
|
||||
rule: hard-nodeselector-lifecycle-on-demand
|
||||
- kind: Pod
|
||||
policy: karpenter-annotations-to-nodeselector
|
||||
resources:
|
||||
- soft-pod-antiaffinity-1-copy
|
||||
result: pass
|
||||
rule: hard-nodeselector-lifecycle-on-demand
|
||||
|
|
|
@ -8,49 +8,49 @@ resources:
|
|||
- resource.yaml
|
||||
results:
|
||||
- kind: Deployment
|
||||
patchedResource: patchedResource4.yaml
|
||||
patchedResources: patchedResource4.yaml
|
||||
policy: add-label
|
||||
resources:
|
||||
- mydeploy
|
||||
result: pass
|
||||
rule: add-label
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource2.yaml
|
||||
policy: add-label
|
||||
resources:
|
||||
- testing/same-name-but-diff-namespace
|
||||
result: pass
|
||||
rule: add-label
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource3.yaml
|
||||
patchedResources: patchedResource3.yaml
|
||||
policy: add-label
|
||||
resources:
|
||||
- production/same-name-but-diff-namespace
|
||||
result: pass
|
||||
rule: add-label
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource6.yaml
|
||||
patchedResources: patchedResource6.yaml
|
||||
policy: add-label
|
||||
resources:
|
||||
- same-name-but-diff-kind
|
||||
result: pass
|
||||
rule: add-label
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource1.yaml
|
||||
patchedResources: patchedResource2.yaml
|
||||
policy: add-label
|
||||
resources:
|
||||
- testing/same-name-but-diff-namespace
|
||||
result: pass
|
||||
rule: add-label
|
||||
- kind: Pod
|
||||
patchedResources: patchedResource1.yaml
|
||||
policy: add-label
|
||||
resources:
|
||||
- practice/resource-equal-to-patch-res-for-cp
|
||||
result: skip
|
||||
rule: add-label
|
||||
- kind: Pod
|
||||
patchedResource: patched-resource.yaml
|
||||
patchedResources: patched-resource.yaml
|
||||
policy: example
|
||||
resources:
|
||||
- example
|
||||
result: pass
|
||||
rule: object_from_lists
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource8.yaml
|
||||
patchedResources: patchedResource8.yaml
|
||||
policy: testing/add-ndots
|
||||
resources:
|
||||
- same-name-but-diff-namespace
|
||||
|
|
|
@ -8,7 +8,7 @@ resources:
|
|||
- resource.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
patchedResource: patched-resource.yaml
|
||||
patchedResources: patched-resource.yaml
|
||||
policy: add-default-resources
|
||||
resources:
|
||||
- nginx-demo
|
||||
|
|
|
@ -20,7 +20,7 @@ results:
|
|||
result: pass
|
||||
rule: ondemand-managed_by
|
||||
- kind: Pod
|
||||
patchedResource: patched-resource.yaml
|
||||
patchedResources: patched-resource.yaml
|
||||
policy: ondemand
|
||||
resources:
|
||||
- user-space/nodeselector-with-labels-on-mutation
|
||||
|
|
|
@ -20,7 +20,7 @@ results:
|
|||
result: pass
|
||||
rule: ondemand-managed_by
|
||||
- kind: Pod
|
||||
patchedResource: patched-resource.yaml
|
||||
patchedResources: patched-resource.yaml
|
||||
policy: ondemand
|
||||
resources:
|
||||
- user-space/nodeselector-with-labels-on-mutation
|
||||
|
|
|
@ -8,14 +8,14 @@ resources:
|
|||
- resources.yaml
|
||||
results:
|
||||
- kind: ScaledObject
|
||||
patchedResource: patchedResource1.yaml
|
||||
patchedResources: patchedResource1.yaml
|
||||
policy: keda-prometheus-serveraddress
|
||||
resources:
|
||||
- service-1
|
||||
result: pass
|
||||
rule: keda-prometheus-serveraddress
|
||||
- kind: ScaledObject
|
||||
patchedResource: patchedResource2.yaml
|
||||
patchedResources: patchedResource2.yaml
|
||||
policy: keda-prometheus-serveraddress
|
||||
resources:
|
||||
- service-2
|
||||
|
|
|
@ -8,14 +8,14 @@ resources:
|
|||
- resources.yaml
|
||||
results:
|
||||
- kind: Secret
|
||||
patchedResource: patched-resource1.yaml
|
||||
patchedResources: patched-resource1.yaml
|
||||
policy: add-maintainer
|
||||
resources:
|
||||
- secrete-fail-example
|
||||
result: fail
|
||||
rule: add-maintainer
|
||||
- kind: Secret
|
||||
patchedResource: patched-resource.yaml
|
||||
patchedResources: patched-resource.yaml
|
||||
policy: add-maintainer
|
||||
resources:
|
||||
- example
|
||||
|
|
|
@ -8,14 +8,14 @@ resources:
|
|||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource1.yaml
|
||||
patchedResources: patchedResource1.yaml
|
||||
policy: mutate-wildcard
|
||||
resources:
|
||||
- wildcard-mutate-fail
|
||||
result: fail
|
||||
rule: mutate-wildcard
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource.yaml
|
||||
patchedResources: patchedResource.yaml
|
||||
policy: mutate-wildcard
|
||||
resources:
|
||||
- wildcard-mutate
|
||||
|
|
Loading…
Reference in a new issue