1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-15 20:20:22 +00:00

fix tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
This commit is contained in:
Jim Bugwadia 2021-10-06 21:50:26 -07:00
parent b9d4ee6876
commit fa1816d605
8 changed files with 44 additions and 14 deletions

View file

@ -98,16 +98,19 @@ func Mutate(policyContext *PolicyContext) (resp *response.EngineResponse) {
if rule.Mutation.ForEachMutation != nil { if rule.Mutation.ForEachMutation != nil {
ruleResp, patchedResource = mutateForEachResource(ruleCopy, policyContext, patchedResource, logger) ruleResp, patchedResource = mutateForEachResource(ruleCopy, policyContext, patchedResource, logger)
} else { } else {
skip := false
err, mutateResp := mutateResource(ruleCopy, policyContext.JSONContext, patchedResource, logger) err, mutateResp := mutateResource(ruleCopy, policyContext.JSONContext, patchedResource, logger)
if err != nil { if err != nil {
if skip { if mutateResp.skip {
ruleResp = ruleResponse(&rule, utils.Mutation, err.Error(), response.RuleStatusSkip) ruleResp = ruleResponse(&rule, utils.Mutation, err.Error(), response.RuleStatusSkip)
} else { } else {
ruleResp = ruleResponse(&rule, utils.Mutation, err.Error(), response.RuleStatusError) ruleResp = ruleResponse(&rule, utils.Mutation, err.Error(), response.RuleStatusError)
} }
} else { } else {
ruleResp = ruleResponse(&rule, utils.Mutation, "mutated resource", response.RuleStatusPass) if mutateResp.message == "" {
mutateResp.message = "mutated resource"
}
ruleResp = ruleResponse(&rule, utils.Mutation, mutateResp.message, response.RuleStatusPass)
ruleResp.Patches = mutateResp.patches ruleResp.Patches = mutateResp.patches
patchedResource = mutateResp.patchedResource patchedResource = mutateResp.patchedResource
} }
@ -193,10 +196,11 @@ type mutateResponse struct {
skip bool skip bool
patchedResource unstructured.Unstructured patchedResource unstructured.Unstructured
patches [][]byte patches [][]byte
message string
} }
func mutateResource(rule *kyverno.Rule, ctx *context.Context, resource unstructured.Unstructured, logger logr.Logger) (error, *mutateResponse) { func mutateResource(rule *kyverno.Rule, ctx *context.Context, resource unstructured.Unstructured, logger logr.Logger) (error, *mutateResponse) {
mutateResp := &mutateResponse{false, unstructured.Unstructured{}, nil} mutateResp := &mutateResponse{false, unstructured.Unstructured{}, nil, ""}
anyAllConditions, err := variables.SubstituteAllInPreconditions(logger, ctx, rule.AnyAllConditions) anyAllConditions, err := variables.SubstituteAllInPreconditions(logger, ctx, rule.AnyAllConditions)
if err != nil { if err != nil {
return errors.Wrapf(err, "failed to substitute vars in preconditions"), mutateResp return errors.Wrapf(err, "failed to substitute vars in preconditions"), mutateResp
@ -229,6 +233,7 @@ func mutateResource(rule *kyverno.Rule, ctx *context.Context, resource unstructu
mutateResp.skip = false mutateResp.skip = false
mutateResp.patchedResource = patchedResource mutateResp.patchedResource = patchedResource
mutateResp.patches = resp.Patches mutateResp.patches = resp.Patches
mutateResp.message = resp.Message
logger.V(4).Info("mutate rule applied successfully", "ruleName", rule.Name) logger.V(4).Info("mutate rule applied successfully", "ruleName", rule.Name)
} }

View file

@ -230,11 +230,11 @@ func validateResource(t *testing.T, responseResource unstructured.Unstructured,
return return
} }
resourcePrint(responseResource, "response resource")
resourcePrint(*expectedResource, "expected resource")
// compare the resources // compare the resources
if !reflect.DeepEqual(responseResource, *expectedResource) { if !reflect.DeepEqual(responseResource, *expectedResource) {
t.Error("failed: response resource returned does not match expected resource") t.Error("failed: response resource returned does not match expected resource")
resourcePrint(responseResource, "response resource")
resourcePrint(*expectedResource, "expected resource")
return return
} }
t.Log("success: response resource returned matches expected resource") t.Log("success: response resource returned matches expected resource")
@ -339,6 +339,12 @@ func loadPolicyResource(t *testing.T, file string) *unstructured.Unstructured {
t.Logf("more than one resource specified in the file %s", file) t.Logf("more than one resource specified in the file %s", file)
t.Log("considering the first one for policy application") t.Log("considering the first one for policy application")
} }
for _, r := range resources {
metadata := r.UnstructuredContent()["metadata"].(map[string]interface{})
delete(metadata, "creationTimestamp")
}
return resources[0] return resources[0]
} }

View file

@ -3,7 +3,7 @@ kind: Pod
metadata: metadata:
name: pod-with-emptydir name: pod-with-emptydir
annotations: annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: true cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec: spec:
containers: containers:
- image: k8s.gcr.io/test-webserver - image: k8s.gcr.io/test-webserver
@ -13,4 +13,4 @@ spec:
name: cache-volume name: cache-volume
volumes: volumes:
- name: cache-volume - name: cache-volume
emptyDir: {} emptyDir: {}

View file

@ -3,7 +3,7 @@ kind: Pod
metadata: metadata:
name: pod-with-hostpath name: pod-with-hostpath
annotations: annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: true cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec: spec:
containers: containers:
- image: k8s.gcr.io/test-webserver - image: k8s.gcr.io/test-webserver

View file

@ -2,6 +2,7 @@ apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: pod-with-hostpath name: pod-with-hostpath
annotations:
spec: spec:
containers: containers:
- image: k8s.gcr.io/test-webserver - image: k8s.gcr.io/test-webserver

View file

@ -15,7 +15,11 @@ expected:
namespace: '' namespace: ''
name: pod-with-emptydir name: pod-with-emptydir
rules: rules:
- name: annotate-empty-dir - name: annotate-empty-dir
type: Mutation type: Mutation
status: pass status: pass
message: "successfully processed strategic merge patch" message: "successfully processed strategic merge patch"
- name: annotate-host-path
type: Mutation
status: skip
message: "resource does not match pattern"

View file

@ -15,6 +15,10 @@ expected:
namespace: '' namespace: ''
name: pod-with-hostpath name: pod-with-hostpath
rules: rules:
- name: annotate-empty-dir
type: Mutation
status: skip
message: "resource does not match pattern"
- name: annotate-host-path - name: annotate-host-path
type: Mutation type: Mutation
status: pass status: pass

View file

@ -14,4 +14,14 @@ expected:
apiVersion: v1 apiVersion: v1
namespace: '' namespace: ''
name: pod-with-default-volume name: pod-with-default-volume
rules: rules:
- name: annotate-empty-dir
type: Mutation
status: skip
message: "resource does not match pattern"
- name: annotate-host-path
type: Mutation
status: skip
message: "resource does not match pattern"