fix tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2024-12-14 11:57:48 +00:00 · 2021-10-06 21:50:26 -07:00 · 2021-10-06 21:50:26 -07:00 · fa1816d605
commit fa1816d605
parent b9d4ee6876
8 changed files with 44 additions and 14 deletions
--- a/pkg/engine/mutation.go
+++ b/pkg/engine/mutation.go
@ -98,16 +98,19 @@ func Mutate(policyContext *PolicyContext) (resp *response.EngineResponse) {
 		if rule.Mutation.ForEachMutation != nil {
 			ruleResp, patchedResource = mutateForEachResource(ruleCopy, policyContext, patchedResource, logger)
 		} else {
-			skip := false
 			err, mutateResp := mutateResource(ruleCopy, policyContext.JSONContext, patchedResource, logger)
 			if err != nil {
-				if skip {
+				if mutateResp.skip {
 					ruleResp = ruleResponse(&rule, utils.Mutation, err.Error(), response.RuleStatusSkip)
 				} else {
 					ruleResp = ruleResponse(&rule, utils.Mutation, err.Error(), response.RuleStatusError)
 				}
 			} else {
-				ruleResp = ruleResponse(&rule, utils.Mutation, "mutated resource", response.RuleStatusPass)
+				if mutateResp.message == "" {
+					mutateResp.message = "mutated resource"
+				}
+
+				ruleResp = ruleResponse(&rule, utils.Mutation, mutateResp.message, response.RuleStatusPass)
 				ruleResp.Patches = mutateResp.patches
 				patchedResource = mutateResp.patchedResource
 			}
@ -193,10 +196,11 @@ type mutateResponse struct {
 	skip bool
 	patchedResource unstructured.Unstructured
 	patches [][]byte
+	message string
 }

 func mutateResource(rule *kyverno.Rule, ctx *context.Context, resource unstructured.Unstructured, logger logr.Logger) (error, *mutateResponse) {
-	mutateResp := &mutateResponse{false, unstructured.Unstructured{}, nil}
+	mutateResp := &mutateResponse{false, unstructured.Unstructured{}, nil, ""}
 	anyAllConditions, err := variables.SubstituteAllInPreconditions(logger, ctx, rule.AnyAllConditions)
 	if err != nil {
 		return errors.Wrapf(err, "failed to substitute vars in preconditions"), mutateResp
@ -229,6 +233,7 @@ func mutateResource(rule *kyverno.Rule, ctx *context.Context, resource unstructu
 		mutateResp.skip = false
 		mutateResp.patchedResource = patchedResource
 		mutateResp.patches = resp.Patches
+		mutateResp.message = resp.Message
 		logger.V(4).Info("mutate rule applied successfully", "ruleName", rule.Name)
 	}

--- a/pkg/testrunner/scenario.go
+++ b/pkg/testrunner/scenario.go
@ -230,11 +230,11 @@ func validateResource(t *testing.T, responseResource unstructured.Unstructured,
 		return
 	}

-	resourcePrint(responseResource, "response resource")
-	resourcePrint(*expectedResource, "expected resource")
 	// compare the resources
 	if !reflect.DeepEqual(responseResource, *expectedResource) {
 		t.Error("failed: response resource returned does not match expected resource")
+		resourcePrint(responseResource, "response resource")
+		resourcePrint(*expectedResource, "expected resource")
 		return
 	}
 	t.Log("success: response resource returned matches expected resource")
@ -339,6 +339,12 @@ func loadPolicyResource(t *testing.T, file string) *unstructured.Unstructured {
 		t.Logf("more than one resource specified in the file %s", file)
 		t.Log("considering the first one for policy application")
 	}
+
+	for _, r := range resources {
+		metadata := r.UnstructuredContent()["metadata"].(map[string]interface{})
+		delete(metadata, "creationTimestamp")
+	}
+
 	return resources[0]
 }

--- a/test/output/pod-with-emptydir.yaml
+++ b/test/output/pod-with-emptydir.yaml
@ -3,7 +3,7 @@ kind: Pod
 metadata:
  name: pod-with-emptydir
  annotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: true
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
 spec:
  containers:
  - image: k8s.gcr.io/test-webserver
@ -13,4 +13,4 @@ spec:
      name: cache-volume
  volumes:
  - name: cache-volume
-    emptyDir: {}
+    emptyDir: {}
--- a/test/output/pod-with-hostpath.yaml
+++ b/test/output/pod-with-hostpath.yaml
@ -3,7 +3,7 @@ kind: Pod
 metadata:
  name: pod-with-hostpath
  annotations:
-    cluster-autoscaler.kubernetes.io/safe-to-evict: true
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
 spec:
  containers:
  - image: k8s.gcr.io/test-webserver
--- a/test/resources/pod-with-hostpath.yaml
+++ b/test/resources/pod-with-hostpath.yaml
@ -2,6 +2,7 @@ apiVersion: v1
 kind: Pod
 metadata:
  name: pod-with-hostpath
+  annotations:
 spec:
  containers:
  - image: k8s.gcr.io/test-webserver
--- a/test/scenarios/samples/best_practices/add_safe_to_evict.yaml
+++ b/test/scenarios/samples/best_practices/add_safe_to_evict.yaml
@ -15,7 +15,11 @@ expected:
        namespace: ''
        name: pod-with-emptydir
      rules:
-        - name: annotate-empty-dir
-          type: Mutation
-          status: pass
-          message: "successfully processed strategic merge patch"
+      - name: annotate-empty-dir
+        type: Mutation
+        status: pass
+        message: "successfully processed strategic merge patch"
+      - name: annotate-host-path
+        type: Mutation
+        status: skip
+        message: "resource does not match pattern"
--- a/test/scenarios/samples/best_practices/add_safe_to_evict2.yaml
+++ b/test/scenarios/samples/best_practices/add_safe_to_evict2.yaml
@ -15,6 +15,10 @@ expected:
        namespace: ''
        name: pod-with-hostpath
      rules:
+        - name: annotate-empty-dir
+          type: Mutation
+          status: skip
+          message: "resource does not match pattern"
        - name: annotate-host-path
          type: Mutation
          status: pass
--- a/test/scenarios/samples/best_practices/add_safe_to_evict3.yaml
+++ b/test/scenarios/samples/best_practices/add_safe_to_evict3.yaml
@ -14,4 +14,14 @@ expected:
        apiVersion: v1
        namespace: ''
        name: pod-with-default-volume
-      rules:
+      rules:
+        - name: annotate-empty-dir
+          type: Mutation
+          status: skip
+          message: "resource does not match pattern"      
+        - name: annotate-host-path
+          type: Mutation
+          status: skip
+          message: "resource does not match pattern"      
+
+