fix: check the patchedResources in kyverno-test (#11686)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

cmd/cli/kubectl-kyverno/apis/v1alpha1/test_result.go

@@ -26,11 +26,6 @@ type TestResultBase struct {
 	// Kind mentions the kind of the resource on which the policy is to be applied.
 	Kind string `json:"kind"`
 
-	// Deprecated. Use `patchedResources` instead.
-	// PatchedResource takes a resource configuration file in yaml format from
-	// the user to compare it against the Kyverno mutated resource configuration.
-	PatchedResource string `json:"patchedResource,omitempty"`
-
 	// PatchedResource takes a resource configuration file in yaml format from
 	// the user to compare it against the Kyverno mutated resource configuration.
 	// Multiple resources can be passed in the same file
@@ -59,6 +54,11 @@ type TestResultDeprecated struct {
 	// Namespace mentions the namespace of the policy which has namespace scope.
 	// This is DEPRECATED, use a name in the form `<namespace>/<name>` for policies and/or resources instead.
 	Namespace string `json:"namespace,omitempty"`
+
+	// PatchedResource takes a resource configuration file in yaml format from
+	// the user to compare it against the Kyverno mutated resource configuration.
+	// This is DEPRECATED, Use `patchedResources` instead.
+	PatchedResource string `json:"patchedResource,omitempty"`
 }
 
 // TestResultBase declares a test result

cmd/cli/kubectl-kyverno/commands/test/command.go

@@ -158,8 +158,12 @@ func checkResult(test v1alpha1.TestResult, fs billy.Filesystem, resoucePath stri
 		expected = test.Status
 	}
 	// fallback on deprecated field
-	if test.PatchedResource != "" {
-		equals, err := getAndCompareResource([]*unstructured.Unstructured{&response.PatchedResource}, fs, filepath.Join(resoucePath, test.PatchedResource))
+	patchedResource := test.PatchedResource
+	if test.PatchedResources != "" {
+		patchedResource = test.PatchedResources
+	}
+	if patchedResource != "" {
+		equals, err := getAndCompareResource([]*unstructured.Unstructured{&response.PatchedResource}, fs, filepath.Join(resoucePath, patchedResource))
 		if err != nil {
 			return false, err.Error(), "Resource error"
 		}

cmd/cli/kubectl-kyverno/deprecations/check.go

@@ -35,14 +35,14 @@ func CheckTest(out io.Writer, path string, resource *v1alpha1.Test) bool {
 	if resource != nil {
 		if resource.APIVersion == "" || resource.Kind == "" || resource.Name != "" {
 			if out != nil {
-				fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.13\n", path)
+				fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.14\n", path)
 			}
 			return true
 		}
 		for _, result := range resource.Results {
-			if result.TestResultDeprecated.Status != "" || result.TestResultDeprecated.Namespace != "" || result.TestResultDeprecated.Resource != "" {
+			if result.TestResultDeprecated.Status != "" || result.TestResultDeprecated.Namespace != "" || result.TestResultDeprecated.Resource != "" || result.TestResultDeprecated.PatchedResource != "" {
 				if out != nil {
-					fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.13\n", path)
+					fmt.Fprintf(out, "\nWARNING: test file (%s) uses a deprecated schema that will be removed in 1.14\n", path)
 				}
 				return true
 			}

docs/user/cli/crd/index.html

@@ -795,19 +795,6 @@ string
 </tr>
 <tr>
 <td>
-<code>patchedResource</code><br/>
-<em>
-string
-</em>
-</td>
-<td>
-<p>Deprecated. Use <code>patchedResources</code> instead.
-PatchedResource takes a resource configuration file in yaml format from
-the user to compare it against the Kyverno mutated resource configuration.</p>
-</td>
-</tr>
-<tr>
-<td>
 <code>patchedResources</code><br/>
 <em>
 string
@@ -900,6 +887,19 @@ string
 This is DEPRECATED, use a name in the form <code>&lt;namespace&gt;/&lt;name&gt;</code> for policies and/or resources instead.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>patchedResource</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>PatchedResource takes a resource configuration file in yaml format from
+the user to compare it against the Kyverno mutated resource configuration.
+This is DEPRECATED, Use <code>patchedResources</code> instead.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <hr />

docs/user/cli/crd/kyverno_kubectl.v1alpha1.html

@@ -1674,37 +1674,6 @@ Possible values are pass, fail and skip.</p>
   
     
     
-      <tr>
-        <td><code>patchedResource</code>
-          
-          <span style="color:blue;"> *</span>
-          
-          </br>
-
-          
-          
-            
-              <span style="font-family: monospace">string</span>
-            
-          
-        </td>
-        <td>
-          
-
-          <p>Deprecated. Use <code>patchedResources</code> instead.
-PatchedResource takes a resource configuration file in yaml format from
-the user to compare it against the Kyverno mutated resource configuration.</p>
-
-
-          
-
-          
-        </td>
-      </tr>
-    
-  
-    
-    
       <tr>
         <td><code>patchedResources</code>
           
@@ -1923,6 +1892,37 @@ This is DEPRECATED, use a name in the form <code>&lt;namespace&gt;/&lt;name&gt;<
   
     
     
+      <tr>
+        <td><code>patchedResource</code>
+          
+          <span style="color:blue;"> *</span>
+          
+          </br>
+
+          
+          
+            
+              <span style="font-family: monospace">string</span>
+            
+          
+        </td>
+        <td>
+          
+
+          <p>PatchedResource takes a resource configuration file in yaml format from
+the user to compare it against the Kyverno mutated resource configuration.
+This is DEPRECATED, Use <code>patchedResources</code> instead.</p>
+
+
+          
+
+          
+        </td>
+      </tr>
+    
+  
+
+
       </tbody>
     </table>
   

test/cli/scenarios_to_cli/other/scenario_mutate_endpoint/kyverno-test.yaml

@@ -8,7 +8,7 @@ resources:
 - resource.yaml
 results:
 - kind: Endpoints
-  patchedResource: patchedresource.yaml
+  patchedResources: patchedresource.yaml
   policy: policy-endpoints
   resources:
   - test-endpoint

test/cli/scenarios_to_cli/other/scenario_mutate_pod_spec/kyverno-test.yaml

@@ -8,7 +8,7 @@ resources:
 - resource.yaml
 results:
 - kind: Deployment
-  patchedResource: patchedresource.yaml
+  patchedResources: patchedresource.yaml
   policy: mutate-pods-spec
   resources:
   - nginx-deployment

test/cli/test-mutate/add-default-resources/kyverno-test.yaml

@@ -8,21 +8,21 @@ resources:
 - resource.yaml
 results:
 - kind: Pod
-  patchedResource: patchedResource1.yaml
+  patchedResources: patchedResource1.yaml
   policy: add-default-resources
   resources:
   - nginx-demo1
   result: pass
   rule: add-default-requests
 - kind: Pod
-  patchedResource: patchedResource3.yaml
+  patchedResources: patchedResource3.yaml
   policy: add-default-resources
   resources:
   - nginx-demo3
   result: pass
   rule: add-default-requests
 - kind: Pod
-  patchedResource: patchedResource2.yaml
+  patchedResources: patchedResource2.yaml
   policy: add-default-resources
   resources:
   - nginx-demo2

test/cli/test-mutate/bug-demo/kyverno-test.yaml

@@ -8,7 +8,7 @@ resources:
 - ./resource.yaml
 results:
 - kind: Pod
-  patchedResource: patched-resource-pattern.yaml
+  patchedResources: patched-resource-pattern.yaml
   policy: bug-demo
   resources:
   - pod1

test/cli/test-mutate/connection-draining/kyverno-test.yaml

@@ -14,7 +14,7 @@ results:
   result: skip
   rule: clb
 - kind: Service
-  patchedResource: patched.yaml
+  patchedResources: patched.yaml
   policy: disable-connection-draining
   resources:
   - nlb-aws-controller-no-attributes

test/cli/test-mutate/foreach/addIfNotPresent/kyverno-test.yaml

@@ -8,7 +8,7 @@ resources:
 - resources.yaml
 results:
 - kind: Deployment
-  patchedResource: deploy-patched.yaml
+  patchedResources: deploy-patched.yaml
   policy: mutate-emptydir
   resources:
   - svc-sizelimit-test

test/cli/test-mutate/foreach/cumulativePatch/kyverno-test.yaml

@@ -8,7 +8,7 @@ resources:
 - resources.yaml
 results:
 - kind: Pod
-  patchedResource: patched.yaml
+  patchedResources: patched.yaml
   policy: add-default-resources
   resources:
   - badpod

test/cli/test-mutate/foreach/kyverno-test.yaml

@@ -8,14 +8,14 @@ resources:
 - resources.yaml
 results:
 - kind: Pod
-  patchedResource: patched-resource.yaml
+  patchedResources: patched-resource.yaml
   policy: foreach-json-patch
   resources:
   - nginx
   result: pass
   rule: add-security-context
 - kind: Pod
-  patchedResource: pod-updated-image.yaml
+  patchedResources: pod-updated-image.yaml
   policy: mutate-images
   resources:
   - mypod

test/cli/test-mutate/foreach/replaceRegistry/kyverno-test.yaml

@@ -8,7 +8,7 @@ resources:
 - resources.yaml
 results:
 - kind: Pod
-  patchedResource: pod-patched.yaml
+  patchedResources: pod-patched.yaml
   policy: replace-image-registry-containers
   resources:
   - test-patched-image

test/cli/test-mutate/global-anchor/kyverno-test.yaml

@@ -8,14 +8,14 @@ resources:
 - resources.yaml
 results:
 - kind: Pod
-  patchedResource: patchedResource.yaml
+  patchedResources: patchedResource.yaml
   policy: add-safe-to-evict
   resources:
   - pod-with-emptydir-hostpath
   result: pass
   rule: annotate-empty-dir
 - kind: Pod
-  patchedResource: patchedResourceWithVolume.yaml
+  patchedResources: patchedResourceWithVolume.yaml
   policy: add-safe-to-evict
   resources:
   - pod-with-emptydir-hostpath-1

test/cli/test-mutate/karpenter-annotations-to-nodeselector/kyverno-test.yaml

@@ -8,15 +8,15 @@ resources:
 - resource.yaml
 results:
 - kind: Pod
-  policy: karpenter-annotations-to-nodeselector
-  resources:
-  - soft-pod-antiaffinity-1-copy
-  result: pass
-  rule: hard-nodeselector-lifecycle-on-demand
-- kind: Pod
-  patchedResource: patched.yaml
+  patchedResources: patched.yaml
   policy: karpenter-annotations-to-nodeselector
   resources:
   - soft-pod-antiaffinity-1
   result: pass
   rule: hard-nodeselector-lifecycle-on-demand
+- kind: Pod
+  policy: karpenter-annotations-to-nodeselector
+  resources:
+  - soft-pod-antiaffinity-1-copy
+  result: pass
+  rule: hard-nodeselector-lifecycle-on-demand

test/cli/test-mutate/kyverno-test.yaml

@@ -8,49 +8,49 @@ resources:
 - resource.yaml
 results:
 - kind: Deployment
-  patchedResource: patchedResource4.yaml
+  patchedResources: patchedResource4.yaml
   policy: add-label
   resources:
   - mydeploy
   result: pass
   rule: add-label
 - kind: Pod
-  patchedResource: patchedResource2.yaml
-  policy: add-label
-  resources:
-  - testing/same-name-but-diff-namespace
-  result: pass
-  rule: add-label
-- kind: Pod
-  patchedResource: patchedResource3.yaml
+  patchedResources: patchedResource3.yaml
   policy: add-label
   resources:
   - production/same-name-but-diff-namespace
   result: pass
   rule: add-label
 - kind: Pod
-  patchedResource: patchedResource6.yaml
+  patchedResources: patchedResource6.yaml
   policy: add-label
   resources:
   - same-name-but-diff-kind
   result: pass
   rule: add-label
 - kind: Pod
-  patchedResource: patchedResource1.yaml
+  patchedResources: patchedResource2.yaml
+  policy: add-label
+  resources:
+  - testing/same-name-but-diff-namespace
+  result: pass
+  rule: add-label
+- kind: Pod
+  patchedResources: patchedResource1.yaml
   policy: add-label
   resources:
   - practice/resource-equal-to-patch-res-for-cp
   result: skip
   rule: add-label
 - kind: Pod
-  patchedResource: patched-resource.yaml
+  patchedResources: patched-resource.yaml
   policy: example
   resources:
   - example
   result: pass
   rule: object_from_lists
 - kind: Pod
-  patchedResource: patchedResource8.yaml
+  patchedResources: patchedResource8.yaml
   policy: testing/add-ndots
   resources:
   - same-name-but-diff-namespace

test/cli/test-mutate/patched-resource/kyverno-test.yaml

@@ -8,7 +8,7 @@ resources:
 - resource.yaml
 results:
 - kind: Pod
-  patchedResource: patched-resource.yaml
+  patchedResources: patched-resource.yaml
   policy: add-default-resources
   resources:
   - nginx-demo

test/cli/test/mixed-deprecated/kyverno-test.yaml

@@ -20,7 +20,7 @@ results:
   result: pass
   rule: ondemand-managed_by
 - kind: Pod
-  patchedResource: patched-resource.yaml
+  patchedResources: patched-resource.yaml
   policy: ondemand
   resources:
   - user-space/nodeselector-with-labels-on-mutation

test/cli/test/mixed/kyverno-test.yaml

@@ -20,7 +20,7 @@ results:
   result: pass
   rule: ondemand-managed_by
 - kind: Pod
-  patchedResource: patched-resource.yaml
+  patchedResources: patched-resource.yaml
   policy: ondemand
   resources:
   - user-space/nodeselector-with-labels-on-mutation

test/cli/test/mutate-keda-scaled-object/kyverno-test.yaml

@@ -8,14 +8,14 @@ resources:
 - resources.yaml
 results:
 - kind: ScaledObject
-  patchedResource: patchedResource1.yaml
+  patchedResources: patchedResource1.yaml
   policy: keda-prometheus-serveraddress
   resources:
   - service-1
   result: pass
   rule: keda-prometheus-serveraddress
 - kind: ScaledObject
-  patchedResource: patchedResource2.yaml
+  patchedResources: patchedResource2.yaml
   policy: keda-prometheus-serveraddress
   resources:
   - service-2

test/cli/test/secret/kyverno-test.yaml

@@ -8,14 +8,14 @@ resources:
 - resources.yaml
 results:
 - kind: Secret
-  patchedResource: patched-resource1.yaml
+  patchedResources: patched-resource1.yaml
   policy: add-maintainer
   resources:
   - secrete-fail-example
   result: fail
   rule: add-maintainer
 - kind: Secret
-  patchedResource: patched-resource.yaml
+  patchedResources: patched-resource.yaml
   policy: add-maintainer
   resources:
   - example

test/cli/test/wildcard_mutate/kyverno-test.yaml

@@ -8,14 +8,14 @@ resources:
 - resources.yaml
 results:
 - kind: Pod
-  patchedResource: patchedResource1.yaml
+  patchedResources: patchedResource1.yaml
   policy: mutate-wildcard
   resources:
   - wildcard-mutate-fail
   result: fail
   rule: mutate-wildcard
 - kind: Pod
-  patchedResource: patchedResource.yaml
+  patchedResources: patchedResource.yaml
   policy: mutate-wildcard
   resources:
   - wildcard-mutate