1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00
kyverno/pkg/policy/utils_test.go
Mike Bryant 91021b65b6
fix: Delete downstream objects on precondition fail (#7496)
* fix: Delete downstream objects on precondition fail

When a rule fails the match in a generate rule, the downstream resource gets deleted. This will now also happen if the rule is skipped due to a precondition.

Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>

* add debug command

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* sync trigger updates to downstream

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix bgscan fetching trigger

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: Move rbac change into tests for better isolation

Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>

* fix unit test

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2023-06-15 11:32:19 -04:00

148 lines
3.1 KiB
Go

package policy
import (
"fmt"
"testing"
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"gotest.tools/assert"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
func Test_fetchUniqueKinds(t *testing.T) {
tests := []struct {
name string
rule kyverno.Rule
want []string
}{
{
name: "Unique MatchResource kinds",
rule: kyverno.Rule{
MatchResources: kyverno.MatchResources{
ResourceDescription: kyverno.ResourceDescription{
Kinds: []string{"kind1", "kind2"},
},
},
},
want: []string{"kind1", "kind2"},
},
{
name: "Any with same kind are valid",
rule: kyverno.Rule{
MatchResources: kyverno.MatchResources{
Any: []kyverno.ResourceFilter{
{
ResourceDescription: kyverno.ResourceDescription{
Kinds: []string{"kind1", "kind2"},
},
},
{
ResourceDescription: kyverno.ResourceDescription{
Kinds: []string{"kind1", "kind3"},
},
},
},
},
},
want: []string{"kind1", "kind2", "kind3"},
},
{
name: "Match with All and Any kind",
rule: kyverno.Rule{
MatchResources: kyverno.MatchResources{
All: []kyverno.ResourceFilter{
{
ResourceDescription: kyverno.ResourceDescription{
Kinds: []string{"kind1"},
},
},
},
Any: []kyverno.ResourceFilter{
{
ResourceDescription: kyverno.ResourceDescription{
Kinds: []string{"kind1", "kind2"},
},
},
},
},
},
want: []string{"kind1", "kind2"},
},
{
name: "Match with different All and Any kind",
rule: kyverno.Rule{
MatchResources: kyverno.MatchResources{
All: []kyverno.ResourceFilter{
{
ResourceDescription: kyverno.ResourceDescription{
Kinds: []string{"kind4", "kind5"},
},
},
},
Any: []kyverno.ResourceFilter{
{
ResourceDescription: kyverno.ResourceDescription{
Kinds: []string{"kind1", "kind2"},
},
},
},
},
},
want: []string{"kind1", "kind2", "kind4", "kind5"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
kinds := fetchUniqueKinds(tt.rule)
for _, want := range tt.want {
if !kubeutils.ContainsKind(kinds, want) {
assert.Error(t, fmt.Errorf("%s fails, expected %s", tt.name, want), "")
}
}
})
}
}
func Test_convertlist(t *testing.T) {
tests := []struct {
name string
ulists []unstructured.Unstructured
want []*unstructured.Unstructured
}{
{
name: "Convert list",
ulists: []unstructured.Unstructured{
{
Object: map[string]interface{}{
"kind": "kind1",
},
},
{
Object: map[string]interface{}{
"namespace": "ns-1",
},
},
},
want: []*unstructured.Unstructured{
{
Object: map[string]interface{}{
"kind": "kind1",
},
},
{
Object: map[string]interface{}{
"namespace": "ns-1",
},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assert.DeepEqual(t, convertlist(tt.ulists), tt.want)
})
}
}