mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
2613a6cce4
* pkg/webhooks/server.go * remove test for blocking deletes on generatated & synchronized resources * remove test for blocking deletes on generatated & synchronized resources
270 lines
9.6 KiB
Go
270 lines
9.6 KiB
Go
package generate
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
. "github.com/onsi/ginkgo"
|
|
. "github.com/onsi/gomega"
|
|
"os"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
var (
|
|
// Cluster Polict GVR
|
|
clPolGVR = GetGVR("kyverno.io", "v1", "clusterpolicies")
|
|
// Namespace GVR
|
|
nsGVR = GetGVR("", "v1", "namespaces")
|
|
// ClusterRole GVR
|
|
crGVR = GetGVR("rbac.authorization.k8s.io", "v1", "clusterroles")
|
|
// ClusterRoleBinding GVR
|
|
crbGVR = GetGVR("rbac.authorization.k8s.io", "v1", "clusterrolebindings")
|
|
// Role GVR
|
|
rGVR = GetGVR("rbac.authorization.k8s.io", "v1", "roles")
|
|
// RoleBinding GVR
|
|
rbGVR = GetGVR("rbac.authorization.k8s.io", "v1", "rolebindings")
|
|
|
|
// ClusterPolicy Namespace
|
|
clPolNS = ""
|
|
// Namespace Name
|
|
// Hardcoded in YAML Definition
|
|
nspace = "test"
|
|
)
|
|
|
|
func Test_ClusterRole_ClusterRoleBinding_Sets(t *testing.T) {
|
|
RegisterTestingT(t)
|
|
if os.Getenv("E2E") == "" {
|
|
t.Skip("Skipping E2E Test")
|
|
}
|
|
// Generate E2E Client ==================
|
|
e2eClient, err := NewE2EClient()
|
|
Expect(err).To(BeNil())
|
|
// ======================================
|
|
|
|
// ====== Range Over ClusterRoleTests ==================
|
|
for _, tests := range ClusterRoleTests {
|
|
By(fmt.Sprintf("Test to generate ClusterRole and ClusterRoleBinding : %s", tests.TestName))
|
|
By(fmt.Sprintf("synchronize = %v\t clone = %v", tests.Sync, tests.Clone))
|
|
|
|
// ======= CleanUp Resources =====
|
|
By(fmt.Sprintf("Cleaning Cluster Policies"))
|
|
e2eClient.CleanClusterPolicies(clPolGVR)
|
|
|
|
// If Clone is true Clear Source Resource and Recreate
|
|
if tests.Clone {
|
|
By("Clone = true, Deleting Source ClusterRole and ClusterRoleBinding")
|
|
// Delete ClusterRole to be cloned
|
|
e2eClient.DeleteClusteredResource(crGVR, tests.ClonerClusterRoleName)
|
|
// Delete ClusterRoleBinding to be cloned
|
|
e2eClient.DeleteClusteredResource(crbGVR, tests.ClonerClusterRoleBindingName)
|
|
}
|
|
// ====================================
|
|
|
|
// Clear Namespace
|
|
By(fmt.Sprintf("Deleting Namespace : %s\n", tests.ResourceNamespace))
|
|
e2eClient.DeleteClusteredResource(nsGVR, tests.ResourceNamespace)
|
|
|
|
// Wait Till Deletion of Namespace
|
|
GetWithRetry(time.Duration(1), 15, func() error {
|
|
_, err := e2eClient.GetClusteredResource(nsGVR, tests.ResourceNamespace)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
return errors.New("Deleting Namespace")
|
|
})
|
|
|
|
// =====================================================
|
|
|
|
// ======== Create ClusterRole Policy =============
|
|
By(fmt.Sprintf("Creating Generate Role Policy in %s", clPolNS))
|
|
_, err = e2eClient.CreateNamespacedResourceYaml(clPolGVR, clPolNS, tests.Data)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
// ============================================
|
|
|
|
// == If Clone is true Create Source Resources ======
|
|
if tests.Clone {
|
|
By(fmt.Sprintf("Clone = true, Creating Cloner Resources in Namespace : %s", tests.CloneNamespace))
|
|
// Create ClusterRole to be cloned
|
|
_, err := e2eClient.CreateClusteredResourceYaml(crGVR, tests.CloneSourceClusterRoleData)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
// Create ClusterRoleBinding to be cloned
|
|
_, err = e2eClient.CreateClusteredResourceYaml(crbGVR, tests.CloneSourceClusterRoleBindingData)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
}
|
|
|
|
// =================================================
|
|
|
|
// ======= Create Namespace ==================
|
|
By(fmt.Sprintf("Creating Namespace which triggers generate %s \n", clPolNS))
|
|
_, err = e2eClient.CreateClusteredResourceYaml(nsGVR, namespaceYaml)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
|
|
// Wait Till Creation of Namespace
|
|
GetWithRetry(time.Duration(1), 15, func() error {
|
|
_, err := e2eClient.GetClusteredResource(nsGVR, tests.ResourceNamespace)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
})
|
|
// ===========================================
|
|
|
|
// ======== Verify ClusterRole Creation =====
|
|
By("Verifying ClusterRole")
|
|
// Wait Till Creation of ClusterRole
|
|
GetWithRetry(time.Duration(1), 15, func() error {
|
|
_, err := e2eClient.GetClusteredResource(crGVR, tests.ClusterRoleName)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
})
|
|
rRes, err := e2eClient.GetClusteredResource(crGVR, tests.ClusterRoleName)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
Expect(rRes.GetName()).To(Equal(tests.ClusterRoleName))
|
|
// ============================================
|
|
|
|
// ======= Verify ClusterRoleBinding Creation ========
|
|
By("Verifying ClusterRoleBinding")
|
|
rbRes, err := e2eClient.GetClusteredResource(crbGVR, tests.ClusterRoleBindingName)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
Expect(rbRes.GetName()).To(Equal(tests.ClusterRoleBindingName))
|
|
// ============================================
|
|
|
|
// ======= CleanUp Resources =====
|
|
e2eClient.CleanClusterPolicies(clPolGVR)
|
|
// Clear Namespace
|
|
e2eClient.DeleteClusteredResource(nsGVR, tests.ResourceNamespace)
|
|
// Wait Till Deletion of Namespace
|
|
GetWithRetry(time.Duration(1), 15, func() error {
|
|
_, err := e2eClient.GetClusteredResource(nsGVR, tests.ResourceNamespace)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
return errors.New("Deleting Namespace")
|
|
})
|
|
By(fmt.Sprintf("Test %s Completed \n\n\n", tests.TestName))
|
|
}
|
|
|
|
}
|
|
|
|
func Test_Role_RoleBinding_Sets(t *testing.T) {
|
|
RegisterTestingT(t)
|
|
if os.Getenv("E2E") == "" {
|
|
t.Skip("Skipping E2E Test")
|
|
}
|
|
// Generate E2E Client ==================
|
|
e2eClient, err := NewE2EClient()
|
|
Expect(err).To(BeNil())
|
|
// ======================================
|
|
|
|
// ====== Range Over RuleTest ==================
|
|
for _, tests := range RoleTests {
|
|
By(fmt.Sprintf("Test to generate Role and RoleBinding : %s", tests.TestName))
|
|
By(fmt.Sprintf("synchronize = %v\t clone = %v", tests.Sync, tests.Clone))
|
|
|
|
// ======= CleanUp Resources =====
|
|
By(fmt.Sprintf("Cleaning Cluster Policies"))
|
|
e2eClient.CleanClusterPolicies(clPolGVR)
|
|
// Clear Namespace
|
|
By(fmt.Sprintf("Deleting Namespace : %s", tests.ResourceNamespace))
|
|
e2eClient.DeleteClusteredResource(nsGVR, tests.ResourceNamespace)
|
|
// If Clone is true Clear Source Resource and Recreate
|
|
if tests.Clone {
|
|
By(fmt.Sprintf("Clone = true, Deleting Source Role and RoleBinding from Clone Namespace : %s", tests.CloneNamespace))
|
|
// Delete Role to be cloned
|
|
e2eClient.DeleteNamespacedResource(rGVR, tests.CloneNamespace, tests.RoleName)
|
|
// Delete RoleBinding to be cloned
|
|
e2eClient.DeleteNamespacedResource(rbGVR, tests.CloneNamespace, tests.RoleBindingName)
|
|
}
|
|
|
|
// Wait Till Deletion of Namespace
|
|
GetWithRetry(time.Duration(1), 15, func() error {
|
|
_, err := e2eClient.GetClusteredResource(nsGVR, tests.ResourceNamespace)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
return errors.New("Deleting Namespace")
|
|
})
|
|
// ====================================
|
|
|
|
// ======== Create Role Policy =============
|
|
By(fmt.Sprintf("\nCreating Generate Role Policy in %s", clPolNS))
|
|
_, err = e2eClient.CreateNamespacedResourceYaml(clPolGVR, clPolNS, tests.Data)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
// ============================================
|
|
|
|
// === If Clone is true Create Source Resources ==
|
|
if tests.Clone {
|
|
By(fmt.Sprintf("Clone = true, Creating Cloner Resources in Namespace : %s", tests.CloneNamespace))
|
|
_, err := e2eClient.CreateNamespacedResourceYaml(rGVR, tests.CloneNamespace, tests.CloneSourceRoleData)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
_, err = e2eClient.CreateNamespacedResourceYaml(rbGVR, tests.CloneNamespace, tests.CloneSourceRoleBindingData)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
}
|
|
// ================================================
|
|
|
|
// ======= Create Namespace ==================
|
|
By(fmt.Sprintf("Creating Namespace which triggers generate %s", clPolNS))
|
|
_, err = e2eClient.CreateClusteredResourceYaml(nsGVR, namespaceYaml)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
|
|
// Wait Till Creation of Namespace
|
|
GetWithRetry(time.Duration(1), 15, func() error {
|
|
_, err := e2eClient.GetClusteredResource(nsGVR, tests.ResourceNamespace)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
})
|
|
// ===========================================
|
|
|
|
// ======== Verify Role Creation =====
|
|
By(fmt.Sprintf("Verifying Role in the Namespace : %s", tests.ResourceNamespace))
|
|
// Wait Till Creation of Role
|
|
GetWithRetry(time.Duration(1), 15, func() error {
|
|
_, err := e2eClient.GetNamespacedResource(rGVR, tests.ResourceNamespace, tests.RoleName)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
})
|
|
rRes, err := e2eClient.GetNamespacedResource(rGVR, tests.ResourceNamespace, tests.RoleName)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
Expect(rRes.GetName()).To(Equal(tests.RoleName))
|
|
// ============================================
|
|
|
|
// ======= Verify RoleBinding Creation ========
|
|
By(fmt.Sprintf("Verifying RoleBinding in the Namespace : %s", tests.ResourceNamespace))
|
|
rbRes, err := e2eClient.GetNamespacedResource(rbGVR, tests.ResourceNamespace, tests.RoleBindingName)
|
|
Expect(err).NotTo(HaveOccurred())
|
|
Expect(rbRes.GetName()).To(Equal(tests.RoleBindingName))
|
|
// ============================================
|
|
|
|
// ======= CleanUp Resources =====
|
|
e2eClient.CleanClusterPolicies(clPolGVR)
|
|
|
|
// === If Clone is true Delete Source Resources ==
|
|
if tests.Clone {
|
|
By(fmt.Sprintf("Clone = true, Deleting Cloner Resources in Namespace : %s", tests.CloneNamespace))
|
|
e2eClient.DeleteNamespacedResource(rGVR, tests.CloneNamespace, tests.RoleName)
|
|
e2eClient.DeleteNamespacedResource(rbGVR, tests.CloneNamespace, tests.RoleBindingName)
|
|
}
|
|
// ================================================
|
|
|
|
// Clear Namespace
|
|
e2eClient.DeleteClusteredResource(nsGVR, tests.ResourceNamespace)
|
|
// Wait Till Deletion of Namespace
|
|
GetWithRetry(time.Duration(1), 15, func() error {
|
|
_, err := e2eClient.GetClusteredResource(nsGVR, tests.ResourceNamespace)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
return errors.New("Deleting Namespace")
|
|
})
|
|
// ====================================
|
|
|
|
By(fmt.Sprintf("Test %s Completed \n\n\n", tests.TestName))
|
|
}
|
|
|
|
}
|