From f36d5410ea7a86ff1d8068f58cd98d859bdb6869 Mon Sep 17 00:00:00 2001 From: Mariam Fahmy Date: Mon, 2 Dec 2024 14:59:12 +0200 Subject: [PATCH] fix: check the patchedResources in kyverno-test (#11686) Signed-off-by: Mariam Fahmy --- .../apis/v1alpha1/test_result.go | 10 +-- .../kubectl-kyverno/commands/test/command.go | 8 ++- cmd/cli/kubectl-kyverno/deprecations/check.go | 6 +- docs/user/cli/crd/index.html | 26 ++++---- .../cli/crd/kyverno_kubectl.v1alpha1.html | 62 +++++++++---------- .../kyverno-test.yaml | 2 +- .../kyverno-test.yaml | 2 +- .../add-default-resources/kyverno-test.yaml | 6 +- .../test-mutate/bug-demo/kyverno-test.yaml | 2 +- .../connection-draining/kyverno-test.yaml | 2 +- .../foreach/addIfNotPresent/kyverno-test.yaml | 2 +- .../foreach/cumulativePatch/kyverno-test.yaml | 2 +- .../cli/test-mutate/foreach/kyverno-test.yaml | 4 +- .../foreach/replaceRegistry/kyverno-test.yaml | 2 +- .../global-anchor/kyverno-test.yaml | 4 +- .../kyverno-test.yaml | 14 ++--- test/cli/test-mutate/kyverno-test.yaml | 26 ++++---- .../patched-resource/kyverno-test.yaml | 2 +- .../test/mixed-deprecated/kyverno-test.yaml | 2 +- test/cli/test/mixed/kyverno-test.yaml | 2 +- .../kyverno-test.yaml | 4 +- test/cli/test/secret/kyverno-test.yaml | 4 +- .../test/wildcard_mutate/kyverno-test.yaml | 4 +- 23 files changed, 101 insertions(+), 97 deletions(-) diff --git a/cmd/cli/kubectl-kyverno/apis/v1alpha1/test_result.go b/cmd/cli/kubectl-kyverno/apis/v1alpha1/test_result.go index 8dc2374dba..6a9f2939cf 100644 --- a/cmd/cli/kubectl-kyverno/apis/v1alpha1/test_result.go +++ b/cmd/cli/kubectl-kyverno/apis/v1alpha1/test_result.go @@ -26,11 +26,6 @@ type TestResultBase struct { // Kind mentions the kind of the resource on which the policy is to be applied. Kind string `json:"kind"` - // Deprecated. Use `patchedResources` instead. - // PatchedResource takes a resource configuration file in yaml format from - // the user to compare it against the Kyverno mutated resource configuration. - PatchedResource string `json:"patchedResource,omitempty"` - // PatchedResource takes a resource configuration file in yaml format from // the user to compare it against the Kyverno mutated resource configuration. // Multiple resources can be passed in the same file @@ -59,6 +54,11 @@ type TestResultDeprecated struct { // Namespace mentions the namespace of the policy which has namespace scope. // This is DEPRECATED, use a name in the form `/` for policies and/or resources instead. Namespace string `json:"namespace,omitempty"` + + // PatchedResource takes a resource configuration file in yaml format from + // the user to compare it against the Kyverno mutated resource configuration. + // This is DEPRECATED, Use `patchedResources` instead. + PatchedResource string `json:"patchedResource,omitempty"` } // TestResultBase declares a test result diff --git a/cmd/cli/kubectl-kyverno/commands/test/command.go b/cmd/cli/kubectl-kyverno/commands/test/command.go index e3d8fc8880..467ab75455 100644 --- a/cmd/cli/kubectl-kyverno/commands/test/command.go +++ b/cmd/cli/kubectl-kyverno/commands/test/command.go @@ -158,8 +158,12 @@ func checkResult(test v1alpha1.TestResult, fs billy.Filesystem, resoucePath stri expected = test.Status } // fallback on deprecated field - if test.PatchedResource != "" { - equals, err := getAndCompareResource([]*unstructured.Unstructured{&response.PatchedResource}, fs, filepath.Join(resoucePath, test.PatchedResource)) + patchedResource := test.PatchedResource + if test.PatchedResources != "" { + patchedResource = test.PatchedResources + } + if patchedResource != "" { + equals, err := getAndCompareResource([]*unstructured.Unstructured{&response.PatchedResource}, fs, filepath.Join(resoucePath, patchedResource)) if err != nil { return false, err.Error(), "Resource error" } diff --git a/cmd/cli/kubectl-kyverno/deprecations/check.go b/cmd/cli/kubectl-kyverno/deprecations/check.go index 3bdf4e692f..4988621c43 100644 --- a/cmd/cli/kubectl-kyverno/deprecations/check.go +++ b/cmd/cli/kubectl-kyverno/deprecations/check.go @@ -35,14 +35,14 @@ func CheckTest(out io.Writer, path string, resource *v1alpha1.Test) bool { if resource != nil { if resource.APIVersion == "" || resource.Kind == "" || resource.Name != "" { if out != nil { - fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.13\n", path) + fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.14\n", path) } return true } for _, result := range resource.Results { - if result.TestResultDeprecated.Status != "" || result.TestResultDeprecated.Namespace != "" || result.TestResultDeprecated.Resource != "" { + if result.TestResultDeprecated.Status != "" || result.TestResultDeprecated.Namespace != "" || result.TestResultDeprecated.Resource != "" || result.TestResultDeprecated.PatchedResource != "" { if out != nil { - fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.13\n", path) + fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.14\n", path) } return true } diff --git a/docs/user/cli/crd/index.html b/docs/user/cli/crd/index.html index a357f76c23..2271866e61 100644 --- a/docs/user/cli/crd/index.html +++ b/docs/user/cli/crd/index.html @@ -795,19 +795,6 @@ string -patchedResource
- -string - - - -

Deprecated. Use patchedResources instead. -PatchedResource takes a resource configuration file in yaml format from -the user to compare it against the Kyverno mutated resource configuration.

- - - - patchedResources
string @@ -900,6 +887,19 @@ string This is DEPRECATED, use a name in the form <namespace>/<name> for policies and/or resources instead.

+ + +patchedResource
+ +string + + + +

PatchedResource takes a resource configuration file in yaml format from +the user to compare it against the Kyverno mutated resource configuration. +This is DEPRECATED, Use patchedResources instead.

+ +
diff --git a/docs/user/cli/crd/kyverno_kubectl.v1alpha1.html b/docs/user/cli/crd/kyverno_kubectl.v1alpha1.html index 381793ed5f..00fad5c552 100644 --- a/docs/user/cli/crd/kyverno_kubectl.v1alpha1.html +++ b/docs/user/cli/crd/kyverno_kubectl.v1alpha1.html @@ -1674,37 +1674,6 @@ Possible values are pass, fail and skip.

- - patchedResource - - * - -
- - - - - string - - - - - - -

Deprecated. Use patchedResources instead. -PatchedResource takes a resource configuration file in yaml format from -the user to compare it against the Kyverno mutated resource configuration.

- - - - - - - - - - - patchedResources @@ -1917,6 +1886,37 @@ This is DEPRECATED, use a name in the form <namespace>/<name>< + + + + + + + + patchedResource + + * + +
+ + + + + string + + + + + + +

PatchedResource takes a resource configuration file in yaml format from +the user to compare it against the Kyverno mutated resource configuration. +This is DEPRECATED, Use patchedResources instead.

+ + + + + diff --git a/test/cli/scenarios_to_cli/other/scenario_mutate_endpoint/kyverno-test.yaml b/test/cli/scenarios_to_cli/other/scenario_mutate_endpoint/kyverno-test.yaml index 0f41d9f219..3106944059 100644 --- a/test/cli/scenarios_to_cli/other/scenario_mutate_endpoint/kyverno-test.yaml +++ b/test/cli/scenarios_to_cli/other/scenario_mutate_endpoint/kyverno-test.yaml @@ -8,7 +8,7 @@ resources: - resource.yaml results: - kind: Endpoints - patchedResource: patchedresource.yaml + patchedResources: patchedresource.yaml policy: policy-endpoints resources: - test-endpoint diff --git a/test/cli/scenarios_to_cli/other/scenario_mutate_pod_spec/kyverno-test.yaml b/test/cli/scenarios_to_cli/other/scenario_mutate_pod_spec/kyverno-test.yaml index 9df250a9db..cc6408a9c4 100644 --- a/test/cli/scenarios_to_cli/other/scenario_mutate_pod_spec/kyverno-test.yaml +++ b/test/cli/scenarios_to_cli/other/scenario_mutate_pod_spec/kyverno-test.yaml @@ -8,7 +8,7 @@ resources: - resource.yaml results: - kind: Deployment - patchedResource: patchedresource.yaml + patchedResources: patchedresource.yaml policy: mutate-pods-spec resources: - nginx-deployment diff --git a/test/cli/test-mutate/add-default-resources/kyverno-test.yaml b/test/cli/test-mutate/add-default-resources/kyverno-test.yaml index c09af3ad3a..a31438600c 100644 --- a/test/cli/test-mutate/add-default-resources/kyverno-test.yaml +++ b/test/cli/test-mutate/add-default-resources/kyverno-test.yaml @@ -8,21 +8,21 @@ resources: - resource.yaml results: - kind: Pod - patchedResource: patchedResource1.yaml + patchedResources: patchedResource1.yaml policy: add-default-resources resources: - nginx-demo1 result: pass rule: add-default-requests - kind: Pod - patchedResource: patchedResource3.yaml + patchedResources: patchedResource3.yaml policy: add-default-resources resources: - nginx-demo3 result: pass rule: add-default-requests - kind: Pod - patchedResource: patchedResource2.yaml + patchedResources: patchedResource2.yaml policy: add-default-resources resources: - nginx-demo2 diff --git a/test/cli/test-mutate/bug-demo/kyverno-test.yaml b/test/cli/test-mutate/bug-demo/kyverno-test.yaml index 2a3404338f..d9c8732f0c 100644 --- a/test/cli/test-mutate/bug-demo/kyverno-test.yaml +++ b/test/cli/test-mutate/bug-demo/kyverno-test.yaml @@ -8,7 +8,7 @@ resources: - ./resource.yaml results: - kind: Pod - patchedResource: patched-resource-pattern.yaml + patchedResources: patched-resource-pattern.yaml policy: bug-demo resources: - pod1 diff --git a/test/cli/test-mutate/connection-draining/kyverno-test.yaml b/test/cli/test-mutate/connection-draining/kyverno-test.yaml index 7f766edee9..1420285bc6 100644 --- a/test/cli/test-mutate/connection-draining/kyverno-test.yaml +++ b/test/cli/test-mutate/connection-draining/kyverno-test.yaml @@ -14,7 +14,7 @@ results: result: skip rule: clb - kind: Service - patchedResource: patched.yaml + patchedResources: patched.yaml policy: disable-connection-draining resources: - nlb-aws-controller-no-attributes diff --git a/test/cli/test-mutate/foreach/addIfNotPresent/kyverno-test.yaml b/test/cli/test-mutate/foreach/addIfNotPresent/kyverno-test.yaml index 6e736987e7..8077431fd7 100644 --- a/test/cli/test-mutate/foreach/addIfNotPresent/kyverno-test.yaml +++ b/test/cli/test-mutate/foreach/addIfNotPresent/kyverno-test.yaml @@ -8,7 +8,7 @@ resources: - resources.yaml results: - kind: Deployment - patchedResource: deploy-patched.yaml + patchedResources: deploy-patched.yaml policy: mutate-emptydir resources: - svc-sizelimit-test diff --git a/test/cli/test-mutate/foreach/cumulativePatch/kyverno-test.yaml b/test/cli/test-mutate/foreach/cumulativePatch/kyverno-test.yaml index 22c6b40f8a..5e570e6db4 100644 --- a/test/cli/test-mutate/foreach/cumulativePatch/kyverno-test.yaml +++ b/test/cli/test-mutate/foreach/cumulativePatch/kyverno-test.yaml @@ -8,7 +8,7 @@ resources: - resources.yaml results: - kind: Pod - patchedResource: patched.yaml + patchedResources: patched.yaml policy: add-default-resources resources: - badpod diff --git a/test/cli/test-mutate/foreach/kyverno-test.yaml b/test/cli/test-mutate/foreach/kyverno-test.yaml index 9b2ca4d8b5..8cbd35e2e5 100644 --- a/test/cli/test-mutate/foreach/kyverno-test.yaml +++ b/test/cli/test-mutate/foreach/kyverno-test.yaml @@ -8,14 +8,14 @@ resources: - resources.yaml results: - kind: Pod - patchedResource: patched-resource.yaml + patchedResources: patched-resource.yaml policy: foreach-json-patch resources: - nginx result: pass rule: add-security-context - kind: Pod - patchedResource: pod-updated-image.yaml + patchedResources: pod-updated-image.yaml policy: mutate-images resources: - mypod diff --git a/test/cli/test-mutate/foreach/replaceRegistry/kyverno-test.yaml b/test/cli/test-mutate/foreach/replaceRegistry/kyverno-test.yaml index bb92f4380d..0ac8e1521c 100644 --- a/test/cli/test-mutate/foreach/replaceRegistry/kyverno-test.yaml +++ b/test/cli/test-mutate/foreach/replaceRegistry/kyverno-test.yaml @@ -8,7 +8,7 @@ resources: - resources.yaml results: - kind: Pod - patchedResource: pod-patched.yaml + patchedResources: pod-patched.yaml policy: replace-image-registry-containers resources: - test-patched-image diff --git a/test/cli/test-mutate/global-anchor/kyverno-test.yaml b/test/cli/test-mutate/global-anchor/kyverno-test.yaml index 504487c639..e413c72631 100644 --- a/test/cli/test-mutate/global-anchor/kyverno-test.yaml +++ b/test/cli/test-mutate/global-anchor/kyverno-test.yaml @@ -8,14 +8,14 @@ resources: - resources.yaml results: - kind: Pod - patchedResource: patchedResource.yaml + patchedResources: patchedResource.yaml policy: add-safe-to-evict resources: - pod-with-emptydir-hostpath result: pass rule: annotate-empty-dir - kind: Pod - patchedResource: patchedResourceWithVolume.yaml + patchedResources: patchedResourceWithVolume.yaml policy: add-safe-to-evict resources: - pod-with-emptydir-hostpath-1 diff --git a/test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml b/test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml index ea1caa8ac0..6d88fcb8a4 100644 --- a/test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml +++ b/test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml @@ -8,15 +8,15 @@ resources: - resource.yaml results: - kind: Pod - policy: karpenter-annotations-to-nodeselector - resources: - - soft-pod-antiaffinity-1-copy - result: pass - rule: hard-nodeselector-lifecycle-on-demand -- kind: Pod - patchedResource: patched.yaml + patchedResources: patched.yaml policy: karpenter-annotations-to-nodeselector resources: - soft-pod-antiaffinity-1 result: pass rule: hard-nodeselector-lifecycle-on-demand +- kind: Pod + policy: karpenter-annotations-to-nodeselector + resources: + - soft-pod-antiaffinity-1-copy + result: pass + rule: hard-nodeselector-lifecycle-on-demand diff --git a/test/cli/test-mutate/kyverno-test.yaml b/test/cli/test-mutate/kyverno-test.yaml index d410c87a75..df8be89492 100644 --- a/test/cli/test-mutate/kyverno-test.yaml +++ b/test/cli/test-mutate/kyverno-test.yaml @@ -8,49 +8,49 @@ resources: - resource.yaml results: - kind: Deployment - patchedResource: patchedResource4.yaml + patchedResources: patchedResource4.yaml policy: add-label resources: - mydeploy result: pass rule: add-label - kind: Pod - patchedResource: patchedResource2.yaml - policy: add-label - resources: - - testing/same-name-but-diff-namespace - result: pass - rule: add-label -- kind: Pod - patchedResource: patchedResource3.yaml + patchedResources: patchedResource3.yaml policy: add-label resources: - production/same-name-but-diff-namespace result: pass rule: add-label - kind: Pod - patchedResource: patchedResource6.yaml + patchedResources: patchedResource6.yaml policy: add-label resources: - same-name-but-diff-kind result: pass rule: add-label - kind: Pod - patchedResource: patchedResource1.yaml + patchedResources: patchedResource2.yaml + policy: add-label + resources: + - testing/same-name-but-diff-namespace + result: pass + rule: add-label +- kind: Pod + patchedResources: patchedResource1.yaml policy: add-label resources: - practice/resource-equal-to-patch-res-for-cp result: skip rule: add-label - kind: Pod - patchedResource: patched-resource.yaml + patchedResources: patched-resource.yaml policy: example resources: - example result: pass rule: object_from_lists - kind: Pod - patchedResource: patchedResource8.yaml + patchedResources: patchedResource8.yaml policy: testing/add-ndots resources: - same-name-but-diff-namespace diff --git a/test/cli/test-mutate/patched-resource/kyverno-test.yaml b/test/cli/test-mutate/patched-resource/kyverno-test.yaml index 84a7013f9a..727795c6f4 100644 --- a/test/cli/test-mutate/patched-resource/kyverno-test.yaml +++ b/test/cli/test-mutate/patched-resource/kyverno-test.yaml @@ -8,7 +8,7 @@ resources: - resource.yaml results: - kind: Pod - patchedResource: patched-resource.yaml + patchedResources: patched-resource.yaml policy: add-default-resources resources: - nginx-demo diff --git a/test/cli/test/mixed-deprecated/kyverno-test.yaml b/test/cli/test/mixed-deprecated/kyverno-test.yaml index 7adbd64a61..0dd94e9e68 100644 --- a/test/cli/test/mixed-deprecated/kyverno-test.yaml +++ b/test/cli/test/mixed-deprecated/kyverno-test.yaml @@ -20,7 +20,7 @@ results: result: pass rule: ondemand-managed_by - kind: Pod - patchedResource: patched-resource.yaml + patchedResources: patched-resource.yaml policy: ondemand resources: - user-space/nodeselector-with-labels-on-mutation diff --git a/test/cli/test/mixed/kyverno-test.yaml b/test/cli/test/mixed/kyverno-test.yaml index 7adbd64a61..0dd94e9e68 100644 --- a/test/cli/test/mixed/kyverno-test.yaml +++ b/test/cli/test/mixed/kyverno-test.yaml @@ -20,7 +20,7 @@ results: result: pass rule: ondemand-managed_by - kind: Pod - patchedResource: patched-resource.yaml + patchedResources: patched-resource.yaml policy: ondemand resources: - user-space/nodeselector-with-labels-on-mutation diff --git a/test/cli/test/mutate-keda-scaled-object/kyverno-test.yaml b/test/cli/test/mutate-keda-scaled-object/kyverno-test.yaml index 4b86e48e9b..4e44f2a671 100644 --- a/test/cli/test/mutate-keda-scaled-object/kyverno-test.yaml +++ b/test/cli/test/mutate-keda-scaled-object/kyverno-test.yaml @@ -8,14 +8,14 @@ resources: - resources.yaml results: - kind: ScaledObject - patchedResource: patchedResource1.yaml + patchedResources: patchedResource1.yaml policy: keda-prometheus-serveraddress resources: - service-1 result: pass rule: keda-prometheus-serveraddress - kind: ScaledObject - patchedResource: patchedResource2.yaml + patchedResources: patchedResource2.yaml policy: keda-prometheus-serveraddress resources: - service-2 diff --git a/test/cli/test/secret/kyverno-test.yaml b/test/cli/test/secret/kyverno-test.yaml index b0c7fb9c60..54a6665193 100644 --- a/test/cli/test/secret/kyverno-test.yaml +++ b/test/cli/test/secret/kyverno-test.yaml @@ -8,14 +8,14 @@ resources: - resources.yaml results: - kind: Secret - patchedResource: patched-resource1.yaml + patchedResources: patched-resource1.yaml policy: add-maintainer resources: - secrete-fail-example result: fail rule: add-maintainer - kind: Secret - patchedResource: patched-resource.yaml + patchedResources: patched-resource.yaml policy: add-maintainer resources: - example diff --git a/test/cli/test/wildcard_mutate/kyverno-test.yaml b/test/cli/test/wildcard_mutate/kyverno-test.yaml index 7cfad9710d..8a24949adf 100644 --- a/test/cli/test/wildcard_mutate/kyverno-test.yaml +++ b/test/cli/test/wildcard_mutate/kyverno-test.yaml @@ -8,14 +8,14 @@ resources: - resources.yaml results: - kind: Pod - patchedResource: patchedResource1.yaml + patchedResources: patchedResource1.yaml policy: mutate-wildcard resources: - wildcard-mutate-fail result: fail rule: mutate-wildcard - kind: Pod - patchedResource: patchedResource.yaml + patchedResources: patchedResource.yaml policy: mutate-wildcard resources: - wildcard-mutate