mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-15 12:17:56 +00:00
fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
This commit is contained in:
parent
b9d4ee6876
commit
fa1816d605
8 changed files with 44 additions and 14 deletions
|
@ -98,16 +98,19 @@ func Mutate(policyContext *PolicyContext) (resp *response.EngineResponse) {
|
||||||
if rule.Mutation.ForEachMutation != nil {
|
if rule.Mutation.ForEachMutation != nil {
|
||||||
ruleResp, patchedResource = mutateForEachResource(ruleCopy, policyContext, patchedResource, logger)
|
ruleResp, patchedResource = mutateForEachResource(ruleCopy, policyContext, patchedResource, logger)
|
||||||
} else {
|
} else {
|
||||||
skip := false
|
|
||||||
err, mutateResp := mutateResource(ruleCopy, policyContext.JSONContext, patchedResource, logger)
|
err, mutateResp := mutateResource(ruleCopy, policyContext.JSONContext, patchedResource, logger)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if skip {
|
if mutateResp.skip {
|
||||||
ruleResp = ruleResponse(&rule, utils.Mutation, err.Error(), response.RuleStatusSkip)
|
ruleResp = ruleResponse(&rule, utils.Mutation, err.Error(), response.RuleStatusSkip)
|
||||||
} else {
|
} else {
|
||||||
ruleResp = ruleResponse(&rule, utils.Mutation, err.Error(), response.RuleStatusError)
|
ruleResp = ruleResponse(&rule, utils.Mutation, err.Error(), response.RuleStatusError)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
ruleResp = ruleResponse(&rule, utils.Mutation, "mutated resource", response.RuleStatusPass)
|
if mutateResp.message == "" {
|
||||||
|
mutateResp.message = "mutated resource"
|
||||||
|
}
|
||||||
|
|
||||||
|
ruleResp = ruleResponse(&rule, utils.Mutation, mutateResp.message, response.RuleStatusPass)
|
||||||
ruleResp.Patches = mutateResp.patches
|
ruleResp.Patches = mutateResp.patches
|
||||||
patchedResource = mutateResp.patchedResource
|
patchedResource = mutateResp.patchedResource
|
||||||
}
|
}
|
||||||
|
@ -193,10 +196,11 @@ type mutateResponse struct {
|
||||||
skip bool
|
skip bool
|
||||||
patchedResource unstructured.Unstructured
|
patchedResource unstructured.Unstructured
|
||||||
patches [][]byte
|
patches [][]byte
|
||||||
|
message string
|
||||||
}
|
}
|
||||||
|
|
||||||
func mutateResource(rule *kyverno.Rule, ctx *context.Context, resource unstructured.Unstructured, logger logr.Logger) (error, *mutateResponse) {
|
func mutateResource(rule *kyverno.Rule, ctx *context.Context, resource unstructured.Unstructured, logger logr.Logger) (error, *mutateResponse) {
|
||||||
mutateResp := &mutateResponse{false, unstructured.Unstructured{}, nil}
|
mutateResp := &mutateResponse{false, unstructured.Unstructured{}, nil, ""}
|
||||||
anyAllConditions, err := variables.SubstituteAllInPreconditions(logger, ctx, rule.AnyAllConditions)
|
anyAllConditions, err := variables.SubstituteAllInPreconditions(logger, ctx, rule.AnyAllConditions)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrapf(err, "failed to substitute vars in preconditions"), mutateResp
|
return errors.Wrapf(err, "failed to substitute vars in preconditions"), mutateResp
|
||||||
|
@ -229,6 +233,7 @@ func mutateResource(rule *kyverno.Rule, ctx *context.Context, resource unstructu
|
||||||
mutateResp.skip = false
|
mutateResp.skip = false
|
||||||
mutateResp.patchedResource = patchedResource
|
mutateResp.patchedResource = patchedResource
|
||||||
mutateResp.patches = resp.Patches
|
mutateResp.patches = resp.Patches
|
||||||
|
mutateResp.message = resp.Message
|
||||||
logger.V(4).Info("mutate rule applied successfully", "ruleName", rule.Name)
|
logger.V(4).Info("mutate rule applied successfully", "ruleName", rule.Name)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -230,11 +230,11 @@ func validateResource(t *testing.T, responseResource unstructured.Unstructured,
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
resourcePrint(responseResource, "response resource")
|
|
||||||
resourcePrint(*expectedResource, "expected resource")
|
|
||||||
// compare the resources
|
// compare the resources
|
||||||
if !reflect.DeepEqual(responseResource, *expectedResource) {
|
if !reflect.DeepEqual(responseResource, *expectedResource) {
|
||||||
t.Error("failed: response resource returned does not match expected resource")
|
t.Error("failed: response resource returned does not match expected resource")
|
||||||
|
resourcePrint(responseResource, "response resource")
|
||||||
|
resourcePrint(*expectedResource, "expected resource")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
t.Log("success: response resource returned matches expected resource")
|
t.Log("success: response resource returned matches expected resource")
|
||||||
|
@ -339,6 +339,12 @@ func loadPolicyResource(t *testing.T, file string) *unstructured.Unstructured {
|
||||||
t.Logf("more than one resource specified in the file %s", file)
|
t.Logf("more than one resource specified in the file %s", file)
|
||||||
t.Log("considering the first one for policy application")
|
t.Log("considering the first one for policy application")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for _, r := range resources {
|
||||||
|
metadata := r.UnstructuredContent()["metadata"].(map[string]interface{})
|
||||||
|
delete(metadata, "creationTimestamp")
|
||||||
|
}
|
||||||
|
|
||||||
return resources[0]
|
return resources[0]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@ kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
name: pod-with-emptydir
|
name: pod-with-emptydir
|
||||||
annotations:
|
annotations:
|
||||||
cluster-autoscaler.kubernetes.io/safe-to-evict: true
|
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- image: k8s.gcr.io/test-webserver
|
- image: k8s.gcr.io/test-webserver
|
||||||
|
@ -13,4 +13,4 @@ spec:
|
||||||
name: cache-volume
|
name: cache-volume
|
||||||
volumes:
|
volumes:
|
||||||
- name: cache-volume
|
- name: cache-volume
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
|
|
|
@ -3,7 +3,7 @@ kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
name: pod-with-hostpath
|
name: pod-with-hostpath
|
||||||
annotations:
|
annotations:
|
||||||
cluster-autoscaler.kubernetes.io/safe-to-evict: true
|
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- image: k8s.gcr.io/test-webserver
|
- image: k8s.gcr.io/test-webserver
|
||||||
|
|
|
@ -2,6 +2,7 @@ apiVersion: v1
|
||||||
kind: Pod
|
kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
name: pod-with-hostpath
|
name: pod-with-hostpath
|
||||||
|
annotations:
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- image: k8s.gcr.io/test-webserver
|
- image: k8s.gcr.io/test-webserver
|
||||||
|
|
|
@ -15,7 +15,11 @@ expected:
|
||||||
namespace: ''
|
namespace: ''
|
||||||
name: pod-with-emptydir
|
name: pod-with-emptydir
|
||||||
rules:
|
rules:
|
||||||
- name: annotate-empty-dir
|
- name: annotate-empty-dir
|
||||||
type: Mutation
|
type: Mutation
|
||||||
status: pass
|
status: pass
|
||||||
message: "successfully processed strategic merge patch"
|
message: "successfully processed strategic merge patch"
|
||||||
|
- name: annotate-host-path
|
||||||
|
type: Mutation
|
||||||
|
status: skip
|
||||||
|
message: "resource does not match pattern"
|
|
@ -15,6 +15,10 @@ expected:
|
||||||
namespace: ''
|
namespace: ''
|
||||||
name: pod-with-hostpath
|
name: pod-with-hostpath
|
||||||
rules:
|
rules:
|
||||||
|
- name: annotate-empty-dir
|
||||||
|
type: Mutation
|
||||||
|
status: skip
|
||||||
|
message: "resource does not match pattern"
|
||||||
- name: annotate-host-path
|
- name: annotate-host-path
|
||||||
type: Mutation
|
type: Mutation
|
||||||
status: pass
|
status: pass
|
||||||
|
|
|
@ -14,4 +14,14 @@ expected:
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
namespace: ''
|
namespace: ''
|
||||||
name: pod-with-default-volume
|
name: pod-with-default-volume
|
||||||
rules:
|
rules:
|
||||||
|
- name: annotate-empty-dir
|
||||||
|
type: Mutation
|
||||||
|
status: skip
|
||||||
|
message: "resource does not match pattern"
|
||||||
|
- name: annotate-host-path
|
||||||
|
type: Mutation
|
||||||
|
status: skip
|
||||||
|
message: "resource does not match pattern"
|
||||||
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue