1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00

fix: check the patchedResources in kyverno-test (#11686)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
This commit is contained in:
Mariam Fahmy 2024-12-02 14:59:12 +02:00 committed by GitHub
parent e3a86bc286
commit f36d5410ea
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
23 changed files with 101 additions and 97 deletions

View file

@ -26,11 +26,6 @@ type TestResultBase struct {
// Kind mentions the kind of the resource on which the policy is to be applied. // Kind mentions the kind of the resource on which the policy is to be applied.
Kind string `json:"kind"` Kind string `json:"kind"`
// Deprecated. Use `patchedResources` instead.
// PatchedResource takes a resource configuration file in yaml format from
// the user to compare it against the Kyverno mutated resource configuration.
PatchedResource string `json:"patchedResource,omitempty"`
// PatchedResource takes a resource configuration file in yaml format from // PatchedResource takes a resource configuration file in yaml format from
// the user to compare it against the Kyverno mutated resource configuration. // the user to compare it against the Kyverno mutated resource configuration.
// Multiple resources can be passed in the same file // Multiple resources can be passed in the same file
@ -59,6 +54,11 @@ type TestResultDeprecated struct {
// Namespace mentions the namespace of the policy which has namespace scope. // Namespace mentions the namespace of the policy which has namespace scope.
// This is DEPRECATED, use a name in the form `<namespace>/<name>` for policies and/or resources instead. // This is DEPRECATED, use a name in the form `<namespace>/<name>` for policies and/or resources instead.
Namespace string `json:"namespace,omitempty"` Namespace string `json:"namespace,omitempty"`
// PatchedResource takes a resource configuration file in yaml format from
// the user to compare it against the Kyverno mutated resource configuration.
// This is DEPRECATED, Use `patchedResources` instead.
PatchedResource string `json:"patchedResource,omitempty"`
} }
// TestResultBase declares a test result // TestResultBase declares a test result

View file

@ -158,8 +158,12 @@ func checkResult(test v1alpha1.TestResult, fs billy.Filesystem, resoucePath stri
expected = test.Status expected = test.Status
} }
// fallback on deprecated field // fallback on deprecated field
if test.PatchedResource != "" { patchedResource := test.PatchedResource
equals, err := getAndCompareResource([]*unstructured.Unstructured{&response.PatchedResource}, fs, filepath.Join(resoucePath, test.PatchedResource)) if test.PatchedResources != "" {
patchedResource = test.PatchedResources
}
if patchedResource != "" {
equals, err := getAndCompareResource([]*unstructured.Unstructured{&response.PatchedResource}, fs, filepath.Join(resoucePath, patchedResource))
if err != nil { if err != nil {
return false, err.Error(), "Resource error" return false, err.Error(), "Resource error"
} }

View file

@ -35,14 +35,14 @@ func CheckTest(out io.Writer, path string, resource *v1alpha1.Test) bool {
if resource != nil { if resource != nil {
if resource.APIVersion == "" || resource.Kind == "" || resource.Name != "" { if resource.APIVersion == "" || resource.Kind == "" || resource.Name != "" {
if out != nil { if out != nil {
fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.13\n", path) fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.14\n", path)
} }
return true return true
} }
for _, result := range resource.Results { for _, result := range resource.Results {
if result.TestResultDeprecated.Status != "" || result.TestResultDeprecated.Namespace != "" || result.TestResultDeprecated.Resource != "" { if result.TestResultDeprecated.Status != "" || result.TestResultDeprecated.Namespace != "" || result.TestResultDeprecated.Resource != "" || result.TestResultDeprecated.PatchedResource != "" {
if out != nil { if out != nil {
fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.13\n", path) fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.14\n", path)
} }
return true return true
} }

View file

@ -795,19 +795,6 @@ string
</tr> </tr>
<tr> <tr>
<td> <td>
<code>patchedResource</code><br/>
<em>
string
</em>
</td>
<td>
<p>Deprecated. Use <code>patchedResources</code> instead.
PatchedResource takes a resource configuration file in yaml format from
the user to compare it against the Kyverno mutated resource configuration.</p>
</td>
</tr>
<tr>
<td>
<code>patchedResources</code><br/> <code>patchedResources</code><br/>
<em> <em>
string string
@ -900,6 +887,19 @@ string
This is DEPRECATED, use a name in the form <code>&lt;namespace&gt;/&lt;name&gt;</code> for policies and/or resources instead.</p> This is DEPRECATED, use a name in the form <code>&lt;namespace&gt;/&lt;name&gt;</code> for policies and/or resources instead.</p>
</td> </td>
</tr> </tr>
<tr>
<td>
<code>patchedResource</code><br/>
<em>
string
</em>
</td>
<td>
<p>PatchedResource takes a resource configuration file in yaml format from
the user to compare it against the Kyverno mutated resource configuration.
This is DEPRECATED, Use <code>patchedResources</code> instead.</p>
</td>
</tr>
</tbody> </tbody>
</table> </table>
<hr /> <hr />

View file

@ -1674,37 +1674,6 @@ Possible values are pass, fail and skip.</p>
<tr>
<td><code>patchedResource</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
<p>Deprecated. Use <code>patchedResources</code> instead.
PatchedResource takes a resource configuration file in yaml format from
the user to compare it against the Kyverno mutated resource configuration.</p>
</td>
</tr>
<tr> <tr>
<td><code>patchedResources</code> <td><code>patchedResources</code>
@ -1923,6 +1892,37 @@ This is DEPRECATED, use a name in the form <code>&lt;namespace&gt;/&lt;name&gt;<
<tr>
<td><code>patchedResource</code>
<span style="color:blue;"> *</span>
</br>
<span style="font-family: monospace">string</span>
</td>
<td>
<p>PatchedResource takes a resource configuration file in yaml format from
the user to compare it against the Kyverno mutated resource configuration.
This is DEPRECATED, Use <code>patchedResources</code> instead.</p>
</td>
</tr>
</tbody> </tbody>
</table> </table>

View file

@ -8,7 +8,7 @@ resources:
- resource.yaml - resource.yaml
results: results:
- kind: Endpoints - kind: Endpoints
patchedResource: patchedresource.yaml patchedResources: patchedresource.yaml
policy: policy-endpoints policy: policy-endpoints
resources: resources:
- test-endpoint - test-endpoint

View file

@ -8,7 +8,7 @@ resources:
- resource.yaml - resource.yaml
results: results:
- kind: Deployment - kind: Deployment
patchedResource: patchedresource.yaml patchedResources: patchedresource.yaml
policy: mutate-pods-spec policy: mutate-pods-spec
resources: resources:
- nginx-deployment - nginx-deployment

View file

@ -8,21 +8,21 @@ resources:
- resource.yaml - resource.yaml
results: results:
- kind: Pod - kind: Pod
patchedResource: patchedResource1.yaml patchedResources: patchedResource1.yaml
policy: add-default-resources policy: add-default-resources
resources: resources:
- nginx-demo1 - nginx-demo1
result: pass result: pass
rule: add-default-requests rule: add-default-requests
- kind: Pod - kind: Pod
patchedResource: patchedResource3.yaml patchedResources: patchedResource3.yaml
policy: add-default-resources policy: add-default-resources
resources: resources:
- nginx-demo3 - nginx-demo3
result: pass result: pass
rule: add-default-requests rule: add-default-requests
- kind: Pod - kind: Pod
patchedResource: patchedResource2.yaml patchedResources: patchedResource2.yaml
policy: add-default-resources policy: add-default-resources
resources: resources:
- nginx-demo2 - nginx-demo2

View file

@ -8,7 +8,7 @@ resources:
- ./resource.yaml - ./resource.yaml
results: results:
- kind: Pod - kind: Pod
patchedResource: patched-resource-pattern.yaml patchedResources: patched-resource-pattern.yaml
policy: bug-demo policy: bug-demo
resources: resources:
- pod1 - pod1

View file

@ -14,7 +14,7 @@ results:
result: skip result: skip
rule: clb rule: clb
- kind: Service - kind: Service
patchedResource: patched.yaml patchedResources: patched.yaml
policy: disable-connection-draining policy: disable-connection-draining
resources: resources:
- nlb-aws-controller-no-attributes - nlb-aws-controller-no-attributes

View file

@ -8,7 +8,7 @@ resources:
- resources.yaml - resources.yaml
results: results:
- kind: Deployment - kind: Deployment
patchedResource: deploy-patched.yaml patchedResources: deploy-patched.yaml
policy: mutate-emptydir policy: mutate-emptydir
resources: resources:
- svc-sizelimit-test - svc-sizelimit-test

View file

@ -8,7 +8,7 @@ resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod - kind: Pod
patchedResource: patched.yaml patchedResources: patched.yaml
policy: add-default-resources policy: add-default-resources
resources: resources:
- badpod - badpod

View file

@ -8,14 +8,14 @@ resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod - kind: Pod
patchedResource: patched-resource.yaml patchedResources: patched-resource.yaml
policy: foreach-json-patch policy: foreach-json-patch
resources: resources:
- nginx - nginx
result: pass result: pass
rule: add-security-context rule: add-security-context
- kind: Pod - kind: Pod
patchedResource: pod-updated-image.yaml patchedResources: pod-updated-image.yaml
policy: mutate-images policy: mutate-images
resources: resources:
- mypod - mypod

View file

@ -8,7 +8,7 @@ resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod - kind: Pod
patchedResource: pod-patched.yaml patchedResources: pod-patched.yaml
policy: replace-image-registry-containers policy: replace-image-registry-containers
resources: resources:
- test-patched-image - test-patched-image

View file

@ -8,14 +8,14 @@ resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod - kind: Pod
patchedResource: patchedResource.yaml patchedResources: patchedResource.yaml
policy: add-safe-to-evict policy: add-safe-to-evict
resources: resources:
- pod-with-emptydir-hostpath - pod-with-emptydir-hostpath
result: pass result: pass
rule: annotate-empty-dir rule: annotate-empty-dir
- kind: Pod - kind: Pod
patchedResource: patchedResourceWithVolume.yaml patchedResources: patchedResourceWithVolume.yaml
policy: add-safe-to-evict policy: add-safe-to-evict
resources: resources:
- pod-with-emptydir-hostpath-1 - pod-with-emptydir-hostpath-1

View file

@ -8,15 +8,15 @@ resources:
- resource.yaml - resource.yaml
results: results:
- kind: Pod - kind: Pod
policy: karpenter-annotations-to-nodeselector patchedResources: patched.yaml
resources:
- soft-pod-antiaffinity-1-copy
result: pass
rule: hard-nodeselector-lifecycle-on-demand
- kind: Pod
patchedResource: patched.yaml
policy: karpenter-annotations-to-nodeselector policy: karpenter-annotations-to-nodeselector
resources: resources:
- soft-pod-antiaffinity-1 - soft-pod-antiaffinity-1
result: pass result: pass
rule: hard-nodeselector-lifecycle-on-demand rule: hard-nodeselector-lifecycle-on-demand
- kind: Pod
policy: karpenter-annotations-to-nodeselector
resources:
- soft-pod-antiaffinity-1-copy
result: pass
rule: hard-nodeselector-lifecycle-on-demand

View file

@ -8,49 +8,49 @@ resources:
- resource.yaml - resource.yaml
results: results:
- kind: Deployment - kind: Deployment
patchedResource: patchedResource4.yaml patchedResources: patchedResource4.yaml
policy: add-label policy: add-label
resources: resources:
- mydeploy - mydeploy
result: pass result: pass
rule: add-label rule: add-label
- kind: Pod - kind: Pod
patchedResource: patchedResource2.yaml patchedResources: patchedResource3.yaml
policy: add-label
resources:
- testing/same-name-but-diff-namespace
result: pass
rule: add-label
- kind: Pod
patchedResource: patchedResource3.yaml
policy: add-label policy: add-label
resources: resources:
- production/same-name-but-diff-namespace - production/same-name-but-diff-namespace
result: pass result: pass
rule: add-label rule: add-label
- kind: Pod - kind: Pod
patchedResource: patchedResource6.yaml patchedResources: patchedResource6.yaml
policy: add-label policy: add-label
resources: resources:
- same-name-but-diff-kind - same-name-but-diff-kind
result: pass result: pass
rule: add-label rule: add-label
- kind: Pod - kind: Pod
patchedResource: patchedResource1.yaml patchedResources: patchedResource2.yaml
policy: add-label
resources:
- testing/same-name-but-diff-namespace
result: pass
rule: add-label
- kind: Pod
patchedResources: patchedResource1.yaml
policy: add-label policy: add-label
resources: resources:
- practice/resource-equal-to-patch-res-for-cp - practice/resource-equal-to-patch-res-for-cp
result: skip result: skip
rule: add-label rule: add-label
- kind: Pod - kind: Pod
patchedResource: patched-resource.yaml patchedResources: patched-resource.yaml
policy: example policy: example
resources: resources:
- example - example
result: pass result: pass
rule: object_from_lists rule: object_from_lists
- kind: Pod - kind: Pod
patchedResource: patchedResource8.yaml patchedResources: patchedResource8.yaml
policy: testing/add-ndots policy: testing/add-ndots
resources: resources:
- same-name-but-diff-namespace - same-name-but-diff-namespace

View file

@ -8,7 +8,7 @@ resources:
- resource.yaml - resource.yaml
results: results:
- kind: Pod - kind: Pod
patchedResource: patched-resource.yaml patchedResources: patched-resource.yaml
policy: add-default-resources policy: add-default-resources
resources: resources:
- nginx-demo - nginx-demo

View file

@ -20,7 +20,7 @@ results:
result: pass result: pass
rule: ondemand-managed_by rule: ondemand-managed_by
- kind: Pod - kind: Pod
patchedResource: patched-resource.yaml patchedResources: patched-resource.yaml
policy: ondemand policy: ondemand
resources: resources:
- user-space/nodeselector-with-labels-on-mutation - user-space/nodeselector-with-labels-on-mutation

View file

@ -20,7 +20,7 @@ results:
result: pass result: pass
rule: ondemand-managed_by rule: ondemand-managed_by
- kind: Pod - kind: Pod
patchedResource: patched-resource.yaml patchedResources: patched-resource.yaml
policy: ondemand policy: ondemand
resources: resources:
- user-space/nodeselector-with-labels-on-mutation - user-space/nodeselector-with-labels-on-mutation

View file

@ -8,14 +8,14 @@ resources:
- resources.yaml - resources.yaml
results: results:
- kind: ScaledObject - kind: ScaledObject
patchedResource: patchedResource1.yaml patchedResources: patchedResource1.yaml
policy: keda-prometheus-serveraddress policy: keda-prometheus-serveraddress
resources: resources:
- service-1 - service-1
result: pass result: pass
rule: keda-prometheus-serveraddress rule: keda-prometheus-serveraddress
- kind: ScaledObject - kind: ScaledObject
patchedResource: patchedResource2.yaml patchedResources: patchedResource2.yaml
policy: keda-prometheus-serveraddress policy: keda-prometheus-serveraddress
resources: resources:
- service-2 - service-2

View file

@ -8,14 +8,14 @@ resources:
- resources.yaml - resources.yaml
results: results:
- kind: Secret - kind: Secret
patchedResource: patched-resource1.yaml patchedResources: patched-resource1.yaml
policy: add-maintainer policy: add-maintainer
resources: resources:
- secrete-fail-example - secrete-fail-example
result: fail result: fail
rule: add-maintainer rule: add-maintainer
- kind: Secret - kind: Secret
patchedResource: patched-resource.yaml patchedResources: patched-resource.yaml
policy: add-maintainer policy: add-maintainer
resources: resources:
- example - example

View file

@ -8,14 +8,14 @@ resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod - kind: Pod
patchedResource: patchedResource1.yaml patchedResources: patchedResource1.yaml
policy: mutate-wildcard policy: mutate-wildcard
resources: resources:
- wildcard-mutate-fail - wildcard-mutate-fail
result: fail result: fail
rule: mutate-wildcard rule: mutate-wildcard
- kind: Pod - kind: Pod
patchedResource: patchedResource.yaml patchedResources: patchedResource.yaml
policy: mutate-wildcard policy: mutate-wildcard
resources: resources:
- wildcard-mutate - wildcard-mutate