mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-05 15:37:19 +00:00
5a496ca212
* feat: add simple conformance tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * separate workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix the bug Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix cli test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * improvements Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * improvements Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: variables regex Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
136 lines
2.5 KiB
Go
136 lines
2.5 KiB
Go
package policy
|
|
|
|
import (
|
|
"encoding/json"
|
|
"testing"
|
|
|
|
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
|
"gotest.tools/assert"
|
|
)
|
|
|
|
func Test_Validation_valid_backgroundPolicy(t *testing.T) {
|
|
rawPolicy := []byte(`
|
|
{
|
|
"apiVersion": "kyverno.io/v1",
|
|
"kind": "ClusterPolicy",
|
|
"metadata": {
|
|
"name": "test-gen",
|
|
"annotations": {
|
|
"policies.kyverno.io/category": "Best Practices"
|
|
}
|
|
},
|
|
"spec": {
|
|
"rules": [
|
|
{
|
|
"match": {
|
|
"resources": {
|
|
"kinds": [
|
|
"Namespace"
|
|
]
|
|
}
|
|
},
|
|
"name": "test-gen",
|
|
"preconditions": {
|
|
"all": [
|
|
{
|
|
"key": "{{request.object.metadata.name}}",
|
|
"operator": "NotEquals",
|
|
"value": ""
|
|
}
|
|
]
|
|
},
|
|
"context": [
|
|
{
|
|
"name": "mycm",
|
|
"configMap": {
|
|
"name": "config-name",
|
|
"namespace": "default"
|
|
}
|
|
}
|
|
],
|
|
"generate": {
|
|
"kind": "ConfigMap",
|
|
"name": "{{request.object.metadata.name}}-config-name",
|
|
"namespace": "{{request.object.metadata.name}}",
|
|
"data": {
|
|
"data": {
|
|
"new": "{{ mycm.data.foo }}"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
`)
|
|
|
|
var policy kyverno.ClusterPolicy
|
|
err := json.Unmarshal(rawPolicy, &policy)
|
|
assert.NilError(t, err)
|
|
|
|
err = ValidateVariables(&policy, true)
|
|
assert.NilError(t, err)
|
|
}
|
|
|
|
func Test_Validation_invalid_backgroundPolicy(t *testing.T) {
|
|
rawPolicy := []byte(`
|
|
{
|
|
"apiVersion": "kyverno.io/v1",
|
|
"kind": "ClusterPolicy",
|
|
"metadata": {
|
|
"name": "test-gen",
|
|
"annotations": {
|
|
"policies.kyverno.io/category": "Best Practices"
|
|
}
|
|
},
|
|
"spec": {
|
|
"rules": [
|
|
{
|
|
"match": {
|
|
"resources": {
|
|
"kinds": [
|
|
"Namespace"
|
|
]
|
|
}
|
|
},
|
|
"name": "test-gen",
|
|
"preconditions": {
|
|
"all": [
|
|
{
|
|
"key": "{{request.object.metadata.name}}",
|
|
"operator": "NotEquals",
|
|
"value": ""
|
|
}
|
|
]
|
|
},
|
|
"context": [
|
|
{
|
|
"name": "mycm",
|
|
"configMap": {
|
|
"name": "config-name",
|
|
"namespace": "default"
|
|
}
|
|
}
|
|
],
|
|
"generate": {
|
|
"kind": "ConfigMap",
|
|
"name": "{{serviceAccountName}}-config-name",
|
|
"namespace": "{{serviceAccountName}}",
|
|
"data": {
|
|
"data": {
|
|
"new": "{{ mycm.data.foo }}"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
`)
|
|
|
|
var policy kyverno.ClusterPolicy
|
|
err := json.Unmarshal(rawPolicy, &policy)
|
|
assert.NilError(t, err)
|
|
err = ValidateVariables(&policy, true)
|
|
assert.ErrorContains(t, err, "variable {{serviceAccountName}} is not allowed")
|
|
}
|