1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00
kyverno/pkg/engine/api/engineresponse_test.go
Charles-Edouard Brétéché b463ee40d2
feat: use pointer in rule (validate field) (#11095)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-11 09:12:53 +00:00

1347 lines
31 KiB
Go

package api
import (
"reflect"
"testing"
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
func TestEngineResponse_IsEmpty(t *testing.T) {
type fields struct {
PatchedResource unstructured.Unstructured
GenericPolicy GenericPolicy
PolicyResponse PolicyResponse
namespaceLabels map[string]string
}
tests := []struct {
name string
fields fields
want bool
}{{
want: true,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{{}},
},
},
want: false,
}, {
fields: fields{
namespaceLabels: map[string]string{
"a": "b",
},
},
want: true,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
er := EngineResponse{
PatchedResource: tt.fields.PatchedResource,
PolicyResponse: tt.fields.PolicyResponse,
namespaceLabels: tt.fields.namespaceLabels,
}.WithPolicy(tt.fields.GenericPolicy)
if got := er.IsEmpty(); got != tt.want {
t.Errorf("EngineResponse.IsEmpty() = %v, want %v", got, tt.want)
}
})
}
}
func TestEngineResponse_IsNil(t *testing.T) {
type fields struct {
PatchedResource unstructured.Unstructured
GenericPolicy GenericPolicy
PolicyResponse PolicyResponse
namespaceLabels map[string]string
}
tests := []struct {
name string
fields fields
want bool
}{{
want: true,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{{}},
},
},
want: false,
}, {
fields: fields{
namespaceLabels: map[string]string{
"a": "b",
},
},
want: false,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
er := EngineResponse{
PatchedResource: tt.fields.PatchedResource,
PolicyResponse: tt.fields.PolicyResponse,
namespaceLabels: tt.fields.namespaceLabels,
}.WithPolicy(tt.fields.GenericPolicy)
if got := er.IsNil(); got != tt.want {
t.Errorf("EngineResponse.IsNil() = %v, want %v", got, tt.want)
}
})
}
}
func TestEngineResponse_IsOneOf(t *testing.T) {
type fields struct {
PatchedResource unstructured.Unstructured
GenericPolicy GenericPolicy
PolicyResponse PolicyResponse
namespaceLabels map[string]string
}
type args struct {
status []RuleStatus
}
tests := []struct {
name string
fields fields
args args
want bool
}{{
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("", Validation, "", nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("", Validation, "", nil),
},
},
},
args: args{
status: []RuleStatus{RuleStatusFail},
},
want: true,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("", Validation, "", nil),
},
},
},
args: args{
status: []RuleStatus{RuleStatusFail, RuleStatusPass},
},
want: true,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("", Validation, "", nil),
},
},
},
args: args{
status: []RuleStatus{RuleStatusPass},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("", Validation, "", nil),
},
},
},
args: args{
status: []RuleStatus{},
},
want: false,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
er := EngineResponse{
PatchedResource: tt.fields.PatchedResource,
PolicyResponse: tt.fields.PolicyResponse,
namespaceLabels: tt.fields.namespaceLabels,
}.WithPolicy(tt.fields.GenericPolicy)
if got := er.IsOneOf(tt.args.status...); got != tt.want {
t.Errorf("EngineResponse.IsOneOf() = %v, want %v", got, tt.want)
}
})
}
}
func TestEngineResponse_IsSuccessful(t *testing.T) {
type fields struct {
PatchedResource unstructured.Unstructured
GenericPolicy GenericPolicy
PolicyResponse PolicyResponse
namespaceLabels map[string]string
}
tests := []struct {
name string
fields fields
want bool
}{{
want: true,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RulePass("", Validation, "", nil),
},
},
},
want: true,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("", Validation, "", nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleWarn("", Validation, "", nil),
},
},
},
want: true,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleError("", Validation, "", nil, nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleSkip("", Validation, "", nil),
},
},
},
want: true,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
er := EngineResponse{
PatchedResource: tt.fields.PatchedResource,
PolicyResponse: tt.fields.PolicyResponse,
namespaceLabels: tt.fields.namespaceLabels,
}.WithPolicy(tt.fields.GenericPolicy)
if got := er.IsSuccessful(); got != tt.want {
t.Errorf("EngineResponse.IsSuccessful() = %v, want %v", got, tt.want)
}
})
}
}
func TestEngineResponse_IsSkipped(t *testing.T) {
type fields struct {
PatchedResource unstructured.Unstructured
GenericPolicy GenericPolicy
PolicyResponse PolicyResponse
namespaceLabels map[string]string
}
tests := []struct {
name string
fields fields
want bool
}{{
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RulePass("", Validation, "", nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("", Validation, "", nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleWarn("", Validation, "", nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleError("", Validation, "", nil, nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleSkip("", Validation, "", nil),
},
},
},
want: true,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
er := EngineResponse{
PatchedResource: tt.fields.PatchedResource,
PolicyResponse: tt.fields.PolicyResponse,
namespaceLabels: tt.fields.namespaceLabels,
}.WithPolicy(tt.fields.GenericPolicy)
if got := er.IsSkipped(); got != tt.want {
t.Errorf("EngineResponse.IsSkipped() = %v, want %v", got, tt.want)
}
})
}
}
func TestEngineResponse_IsFailed(t *testing.T) {
type fields struct {
PatchedResource unstructured.Unstructured
GenericPolicy GenericPolicy
PolicyResponse PolicyResponse
namespaceLabels map[string]string
}
tests := []struct {
name string
fields fields
want bool
}{{
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RulePass("", Validation, "", nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("", Validation, "", nil),
},
},
},
want: true,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleWarn("", Validation, "", nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleError("", Validation, "", nil, nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleSkip("", Validation, "", nil),
},
},
},
want: false,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
er := EngineResponse{
PatchedResource: tt.fields.PatchedResource,
PolicyResponse: tt.fields.PolicyResponse,
namespaceLabels: tt.fields.namespaceLabels,
}.WithPolicy(tt.fields.GenericPolicy)
if got := er.IsFailed(); got != tt.want {
t.Errorf("EngineResponse.IsFailed() = %v, want %v", got, tt.want)
}
})
}
}
func TestEngineResponse_IsError(t *testing.T) {
type fields struct {
PatchedResource unstructured.Unstructured
GenericPolicy GenericPolicy
PolicyResponse PolicyResponse
namespaceLabels map[string]string
}
tests := []struct {
name string
fields fields
want bool
}{{
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RulePass("", Validation, "", nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("", Validation, "", nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleWarn("", Validation, "", nil),
},
},
},
want: false,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleError("", Validation, "", nil, nil),
},
},
},
want: true,
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleSkip("", Validation, "", nil),
},
},
},
want: false,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
er := EngineResponse{
PatchedResource: tt.fields.PatchedResource,
PolicyResponse: tt.fields.PolicyResponse,
namespaceLabels: tt.fields.namespaceLabels,
}.WithPolicy(tt.fields.GenericPolicy)
if got := er.IsError(); got != tt.want {
t.Errorf("EngineResponse.IsError() = %v, want %v", got, tt.want)
}
})
}
}
func TestEngineResponse_GetFailedRules(t *testing.T) {
type fields struct {
PatchedResource unstructured.Unstructured
GenericPolicy GenericPolicy
PolicyResponse PolicyResponse
namespaceLabels map[string]string
}
tests := []struct {
name string
fields fields
want []string
}{{
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleSkip("skip", Validation, "", nil),
},
},
},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleWarn("warn", Validation, "", nil),
},
},
},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RulePass("pass", Validation, "", nil),
},
},
},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("fail", Validation, "", nil),
},
},
},
want: []string{"fail"},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("fail-1", Validation, "", nil),
*RuleFail("fail-2", Validation, "", nil),
},
},
},
want: []string{"fail-1", "fail-2"},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("fail-1", Validation, "", nil),
*RuleError("error-1", Validation, "", nil, nil),
},
},
},
want: []string{"fail-1", "error-1"},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleError("error-1", Validation, "", nil, nil),
*RuleError("error-2", Validation, "", nil, nil),
},
},
},
want: []string{"error-1", "error-2"},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
er := EngineResponse{
PatchedResource: tt.fields.PatchedResource,
PolicyResponse: tt.fields.PolicyResponse,
namespaceLabels: tt.fields.namespaceLabels,
}.WithPolicy(tt.fields.GenericPolicy)
if got := er.GetFailedRules(); !reflect.DeepEqual(got, tt.want) {
t.Errorf("EngineResponse.GetFailedRules() = %v, want %v", got, tt.want)
}
})
}
}
func TestEngineResponse_GetSuccessRules(t *testing.T) {
type fields struct {
PatchedResource unstructured.Unstructured
GenericPolicy GenericPolicy
PolicyResponse PolicyResponse
namespaceLabels map[string]string
}
tests := []struct {
name string
fields fields
want []string
}{{
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleSkip("skip", Validation, "", nil),
},
},
},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleWarn("warn", Validation, "", nil),
},
},
},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RulePass("pass-1", Validation, "", nil),
*RulePass("pass-2", Validation, "", nil),
},
},
},
want: []string{"pass-1", "pass-2"},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RulePass("pass", Validation, "", nil),
},
},
},
want: []string{"pass"},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RulePass("pass", Validation, "", nil),
*RuleFail("fail", Validation, "", nil),
},
},
},
want: []string{"pass"},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RulePass("pass", Validation, "", nil),
*RuleSkip("skip", Validation, "", nil),
},
},
},
want: []string{"pass"},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("fail", Validation, "", nil),
},
},
},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("fail-1", Validation, "", nil),
*RuleFail("fail-2", Validation, "", nil),
},
},
},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleFail("fail-1", Validation, "", nil),
*RuleError("error-1", Validation, "", nil, nil),
},
},
},
}, {
fields: fields{
PolicyResponse: PolicyResponse{
Rules: []RuleResponse{
*RuleError("error-1", Validation, "", nil, nil),
*RuleError("error-2", Validation, "", nil, nil),
},
},
},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
er := EngineResponse{
PatchedResource: tt.fields.PatchedResource,
PolicyResponse: tt.fields.PolicyResponse,
namespaceLabels: tt.fields.namespaceLabels,
}.WithPolicy(tt.fields.GenericPolicy)
if got := er.GetSuccessRules(); !reflect.DeepEqual(got, tt.want) {
t.Errorf("EngineResponse.GetSuccessRules() = %v, want %v", got, tt.want)
}
})
}
}
func TestEngineResponse_GetValidationFailureAction(t *testing.T) {
resource := unstructured.Unstructured{}
resource.SetNamespace("foo")
audit := kyvernov1.Audit
enforce := kyvernov1.Enforce
type fields struct {
PatchedResource unstructured.Unstructured
GenericPolicy GenericPolicy
PolicyResponse PolicyResponse
namespaceLabels map[string]string
}
tests := []struct {
name string
fields fields
want kyvernov1.ValidationFailureAction
}{{
fields: fields{
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
ValidationFailureAction: kyvernov1.Audit,
},
}),
},
want: kyvernov1.Audit,
}, {
fields: fields{
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
ValidationFailureAction: kyvernov1.Enforce,
},
}),
},
want: kyvernov1.Enforce,
}, {
fields: fields{
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
Rules: []kyvernov1.Rule{
{
Validation: &kyvernov1.Validation{
FailureAction: &audit,
},
},
},
},
}),
},
want: kyvernov1.Audit,
}, {
fields: fields{
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
Rules: []kyvernov1.Rule{
{
Validation: &kyvernov1.Validation{
FailureAction: &enforce,
},
},
},
},
}),
},
want: kyvernov1.Enforce,
}, {
fields: fields{
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
ValidationFailureAction: kyvernov1.Enforce,
ValidationFailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"*"},
}},
},
}),
},
want: kyvernov1.Audit,
}, {
fields: fields{
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
ValidationFailureAction: kyvernov1.Enforce,
ValidationFailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: "invalid",
Namespaces: []string{"*"},
}},
},
}),
},
want: kyvernov1.Enforce,
}, {
fields: fields{
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
Rules: []kyvernov1.Rule{
{
Validation: &kyvernov1.Validation{
FailureAction: &enforce,
FailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"*"},
}},
},
},
},
},
}),
},
want: kyvernov1.Audit,
}, {
fields: fields{
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
Rules: []kyvernov1.Rule{
{
Validation: &kyvernov1.Validation{
FailureAction: &enforce,
FailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: "invalid",
Namespaces: []string{"*"},
}},
},
},
},
},
}),
},
want: kyvernov1.Enforce,
}, {
fields: fields{
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
ValidationFailureAction: kyvernov1.Enforce,
ValidationFailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"foo"},
}},
},
}),
},
want: kyvernov1.Audit,
}, {
fields: fields{
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
ValidationFailureAction: kyvernov1.Enforce,
ValidationFailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"bar"},
}},
},
}),
},
want: kyvernov1.Enforce,
}, {
fields: fields{
namespaceLabels: map[string]string{
"foo": "bar",
},
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
ValidationFailureAction: kyvernov1.Enforce,
ValidationFailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"bar": "foo",
},
},
}},
},
}),
},
want: kyvernov1.Enforce,
}, {
fields: fields{
namespaceLabels: map[string]string{
"foo": "bar",
},
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
ValidationFailureAction: kyvernov1.Enforce,
ValidationFailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"foo": "bar",
},
},
}},
},
}),
},
want: kyvernov1.Audit,
}, {
fields: fields{
namespaceLabels: map[string]string{
"foo": "bar",
},
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
ValidationFailureAction: kyvernov1.Enforce,
ValidationFailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"foo"},
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"bar": "foo",
},
},
}},
},
}),
},
want: kyvernov1.Enforce,
}, {
fields: fields{
namespaceLabels: map[string]string{
"foo": "bar",
},
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
ValidationFailureAction: kyvernov1.Enforce,
ValidationFailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"bar"},
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"foo": "bar",
},
},
}},
},
}),
},
want: kyvernov1.Enforce,
}, {
fields: fields{
namespaceLabels: map[string]string{
"foo": "bar",
},
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
ValidationFailureAction: kyvernov1.Enforce,
ValidationFailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"foo"},
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"foo": "bar",
},
},
}},
},
}),
},
want: kyvernov1.Audit,
}, {
fields: fields{
namespaceLabels: map[string]string{
"foo": "bar",
},
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
ValidationFailureAction: kyvernov1.Enforce,
ValidationFailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"*"},
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"foo": "bar",
},
},
}},
},
}),
},
want: kyvernov1.Audit,
}, {
fields: fields{
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
Rules: []kyvernov1.Rule{
{
Validation: &kyvernov1.Validation{
FailureAction: &enforce,
FailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"foo"},
}},
},
},
},
},
}),
},
want: kyvernov1.Audit,
}, {
fields: fields{
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
Rules: []kyvernov1.Rule{
{
Validation: &kyvernov1.Validation{
FailureAction: &enforce,
FailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"bar"},
}},
},
},
},
},
}),
},
want: kyvernov1.Enforce,
}, {
fields: fields{
namespaceLabels: map[string]string{
"foo": "bar",
},
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
Rules: []kyvernov1.Rule{
{
Validation: &kyvernov1.Validation{
FailureAction: &enforce,
FailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"bar": "foo",
},
},
}},
},
},
},
},
}),
},
want: kyvernov1.Enforce,
}, {
fields: fields{
namespaceLabels: map[string]string{
"foo": "bar",
},
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
Rules: []kyvernov1.Rule{
{
Validation: &kyvernov1.Validation{
FailureAction: &enforce,
FailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"foo": "bar",
},
},
}},
},
},
},
},
}),
},
want: kyvernov1.Audit,
}, {
fields: fields{
namespaceLabels: map[string]string{
"foo": "bar",
},
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
Rules: []kyvernov1.Rule{
{
Validation: &kyvernov1.Validation{
FailureAction: &enforce,
FailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"foo"},
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"bar": "foo",
},
},
}},
},
},
},
},
}),
},
want: kyvernov1.Enforce,
}, {
fields: fields{
namespaceLabels: map[string]string{
"foo": "bar",
},
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
Rules: []kyvernov1.Rule{
{
Validation: &kyvernov1.Validation{
FailureAction: &enforce,
FailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"bar"},
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"foo": "bar",
},
},
}},
},
},
},
},
}),
},
want: kyvernov1.Enforce,
}, {
fields: fields{
namespaceLabels: map[string]string{
"foo": "bar",
},
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
Rules: []kyvernov1.Rule{
{
Validation: &kyvernov1.Validation{
FailureAction: &enforce,
FailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"foo"},
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"foo": "bar",
},
},
}},
},
},
},
},
}),
},
want: kyvernov1.Audit,
}, {
fields: fields{
namespaceLabels: map[string]string{
"foo": "bar",
},
PatchedResource: resource,
GenericPolicy: NewKyvernoPolicy(&kyvernov1.ClusterPolicy{
Spec: kyvernov1.Spec{
Rules: []kyvernov1.Rule{
{
Validation: &kyvernov1.Validation{
FailureAction: &enforce,
FailureActionOverrides: []kyvernov1.ValidationFailureActionOverride{{
Action: kyvernov1.Audit,
Namespaces: []string{"*"},
NamespaceSelector: &metav1.LabelSelector{
MatchLabels: map[string]string{
"foo": "bar",
},
},
}},
},
},
},
},
}),
},
want: kyvernov1.Audit,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
er := EngineResponse{
PatchedResource: tt.fields.PatchedResource,
PolicyResponse: tt.fields.PolicyResponse,
namespaceLabels: tt.fields.namespaceLabels,
}.WithPolicy(tt.fields.GenericPolicy)
if got := er.GetValidationFailureAction(); !reflect.DeepEqual(got, tt.want) {
t.Errorf("EngineResponse.GetValidationFailureAction() = %v, want %v", got, tt.want)
}
})
}
}
// func TestEngineResponse_GetPatches(t *testing.T) {
// type fields struct {
// PatchedResource unstructured.Unstructured
// GenericPolicy kyvernov1.PolicyInterface
// PolicyResponse PolicyResponse
// namespaceLabels map[string]string
// }
// tests := []struct {
// name string
// fields fields
// want []jsonpatch.JsonPatchOperation
// }{{}, {
// fields: fields{
// PolicyResponse: PolicyResponse{
// Rules: nil,
// },
// },
// }, {
// fields: fields{
// PolicyResponse: PolicyResponse{
// Rules: []RuleResponse{},
// },
// },
// }, {
// fields: fields{
// PolicyResponse: PolicyResponse{
// Rules: []RuleResponse{{}},
// },
// },
// }, {
// fields: fields{
// PolicyResponse: PolicyResponse{
// Rules: []RuleResponse{
// {},
// *RuleResponse{}.WithPatches([]jsonpatch.JsonPatchOperation{{
// Operation: "add",
// Path: "/1",
// Value: 0,
// }, {
// Operation: "add",
// Path: "/2",
// Value: 1,
// }}...),
// },
// },
// },
// want: []jsonpatch.JsonPatchOperation{{
// Operation: "add",
// Path: "/1",
// Value: 0,
// }, {
// Operation: "add",
// Path: "/2",
// Value: 1,
// }},
// }, {
// fields: fields{
// PolicyResponse: PolicyResponse{
// Rules: []RuleResponse{
// {},
// *RuleResponse{}.WithPatches([]jsonpatch.JsonPatchOperation{{
// Operation: "add",
// Path: "/1",
// Value: 0,
// }, {
// Operation: "add",
// Path: "/2",
// Value: 1,
// }}...),
// *RuleResponse{}.WithPatches([]jsonpatch.JsonPatchOperation{{
// Operation: "add",
// Path: "/3",
// Value: 2,
// }}...),
// },
// },
// },
// want: []jsonpatch.JsonPatchOperation{{
// Operation: "add",
// Path: "/1",
// Value: 0,
// }, {
// Operation: "add",
// Path: "/2",
// Value: 1,
// }, {
// Operation: "add",
// Path: "/3",
// Value: 2,
// }},
// }}
// for _, tt := range tests {
// t.Run(tt.name, func(t *testing.T) {
// er := EngineResponse{
// PatchedResource: tt.fields.PatchedResource,
// PolicyResponse: tt.fields.PolicyResponse,
// namespaceLabels: tt.fields.namespaceLabels,
// }.WithPolicy(tt.fields.GenericPolicy)
// if got := er.GetPatches(); !reflect.DeepEqual(got, tt.want) {
// t.Errorf("EngineResponse.GetPatches() = %v, want %v", got, tt.want)
// }
// })
// }
// }
func TestEngineResponse_GetResourceSpec(t *testing.T) {
namespacedResource := unstructured.Unstructured{}
namespacedResource.SetKind("Something")
namespacedResource.SetAPIVersion("test/v1")
namespacedResource.SetNamespace("foo")
namespacedResource.SetName("bar")
namespacedResource.SetUID("12345")
clusteredResource := unstructured.Unstructured{}
clusteredResource.SetKind("Something")
clusteredResource.SetAPIVersion("test/v1")
clusteredResource.SetName("bar")
clusteredResource.SetUID("12345")
type fields struct {
PatchedResource unstructured.Unstructured
GenericPolicy GenericPolicy
PolicyResponse PolicyResponse
namespaceLabels map[string]string
}
tests := []struct {
name string
fields fields
want ResourceSpec
}{{
fields: fields{
PatchedResource: namespacedResource,
},
want: ResourceSpec{
Kind: "Something",
APIVersion: "test/v1",
Namespace: "foo",
Name: "bar",
UID: "12345",
},
}, {
fields: fields{
PatchedResource: clusteredResource,
},
want: ResourceSpec{
Kind: "Something",
APIVersion: "test/v1",
Name: "bar",
UID: "12345",
},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
er := EngineResponse{
PatchedResource: tt.fields.PatchedResource,
PolicyResponse: tt.fields.PolicyResponse,
namespaceLabels: tt.fields.namespaceLabels,
}.WithPolicy(tt.fields.GenericPolicy)
if got := er.GetResourceSpec(); !reflect.DeepEqual(got, tt.want) {
t.Errorf("EngineResponse.GetResourceSpec() = %v, want %v", got, tt.want)
}
})
}
}