mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
kyverno/cmd/cli/kubectl-kyverno/policy/load_test.go
Charles-Edouard Brétéché 2a136f5b8d
feat: use kubectl-validate to load policies (#8384) 
* feat: use kubectl-validate to load policies

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* schemas

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* bump

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* policies v2beta1

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* option

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* defaulting test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* makefile

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* makefile

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-09-14 15:17:02 +00:00

102 lines
2.9 KiB
Go
Raw Blame History

package policy
import (
"testing"
"github.com/go-git/go-billy/v5"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/experimental"
"github.com/stretchr/testify/assert"
"k8s.io/api/admissionregistration/v1alpha1"
)
func TestLoad(t *testing.T) {
tests := []struct {
name string
fs billy.Filesystem
resourcePath string
paths []string
wantErr bool
}{{
name: "cpol-limit-configmap-for-sa",
fs: nil,
resourcePath: "",
paths: []string{"../_testdata/policies/cpol-limit-configmap-for-sa.yaml"},
wantErr: false,
}, {
name: "invalid-schema",
fs: nil,
resourcePath: "",
paths: []string{"../_testdata/policies/invalid-schema.yaml"},
wantErr: true,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_, _, err := Load(tt.fs, tt.resourcePath, tt.paths...)
if (err != nil) != tt.wantErr {
t.Errorf("Load() error = %v, wantErr %v", err, tt.wantErr)
return
}
})
}
}
func TestLoadWithKubectlValidate(t *testing.T) {
tests := []struct {
name string
fs billy.Filesystem
resourcePath string
paths []string
wantErr bool
checks func(*testing.T, []kyvernov1.PolicyInterface, []v1alpha1.ValidatingAdmissionPolicy)
}{{
name: "cpol-limit-configmap-for-sa",
fs: nil,
resourcePath: "",
paths: []string{"../_testdata/policies/cpol-limit-configmap-for-sa.yaml"},
wantErr: false,
}, {
name: "invalid-schema",
fs: nil,
resourcePath: "",
paths: []string{"../_testdata/policies/invalid-schema.yaml"},
wantErr: true,
}, {
name: "proper defaulting",
fs: nil,
resourcePath: "",
paths: []string{"../_testdata/policies/check-image.yaml"},
wantErr: false,
checks: func(t *testing.T, policies []kyvernov1.PolicyInterface, vaps []v1alpha1.ValidatingAdmissionPolicy) {
assert.Len(t, policies, 1)
policy := policies[0]
assert.NotNil(t, policy)
spec := policy.GetSpec()
assert.NotNil(t, spec)
assert.True(t, spec.ValidationFailureAction.Audit())
assert.NotNil(t, spec.Background)
assert.True(t, *spec.Background)
assert.NotNil(t, spec.Admission)
assert.True(t, *spec.Admission)
rule := spec.Rules[0]
assert.Len(t, rule.VerifyImages, 1)
assert.True(t, rule.VerifyImages[0].Required)
assert.True(t, rule.VerifyImages[0].MutateDigest)
assert.True(t, rule.VerifyImages[0].VerifyDigest)
assert.True(t, rule.VerifyImages[0].UseCache)
},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
t.Setenv(experimental.KubectlValidateEnv, "true")
policies, vaps, err := Load(tt.fs, tt.resourcePath, tt.paths...)
if (err != nil) != tt.wantErr {
t.Errorf("Load() error = %v, wantErr %v", err, tt.wantErr)
return
}
if tt.checks != nil {
tt.checks(t, policies, vaps)
}
})
}
}
View git blame Copy permalink