mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00
Code Activity
kyverno/pkg/controllers/webhook/utils_test.go
Ved Ratan 367156f60b
[Chore] Bump to Go 1.20 (#6683) 
* changed go version 1.19->1.20

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* updated go version in actions

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* bumped golangci-lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix conflicts

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fixed some linter issues

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fixed some linter issues

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* possible fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* small fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

---------

Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
2023-04-03 11:40:47 +00:00

161 lines
5.3 KiB
Go
Raw Blame History

package webhook
import (
"encoding/json"
"testing"
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
"github.com/kyverno/kyverno/pkg/autogen"
"gotest.tools/assert"
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
)
func Test_webhook_isEmpty(t *testing.T) {
empty := newWebhook(DefaultWebhookTimeout, admissionregistrationv1.Ignore)
assert.Equal(t, empty.isEmpty(), true)
notEmpty := newWebhook(DefaultWebhookTimeout, admissionregistrationv1.Ignore)
notEmpty.set(schema.GroupVersionResource{
Group: "", Version: "v1", Resource: "pods",
})
assert.Equal(t, notEmpty.isEmpty(), false)
}
var policy = `
{
"apiVersion": "kyverno.io/v1",
"kind": "ClusterPolicy",
"metadata": {
"name": "disallow-unsigned-images"
},
"spec": {
"validationFailureAction": "enforce",
"background": false,
"rules": [
{
"name": "replace-image-registry",
"match": {
"any": [
{
"resources": {
"kinds": [
"Pod"
]
}
}
]
},
"mutate": {
"foreach": [
{
"list": "request.object.spec.containers",
"patchStrategicMerge": {
"spec": {
"containers": [
{
"name": "{{ element.name }}",
"image": "{{ regex_replace_all_literal('.*(.*)/', '{{element.image}}', 'pratikrshah/' )}}"
}
]
}
}
}
]
}
},
{
"name": "disallow-unsigned-images-rule",
"match": {
"any": [
{
"resources": {
"kinds": [
"Pod"
]
}
}
]
},
"verifyImages": [
{
"imageReferences": [
"*"
],
"verifyDigest": false,
"required": null,
"mutateDigest": false,
"attestors": [
{
"count": 1,
"entries": [
{
"keys": {
"publicKeys": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHsra9WSDxt9qv84KF4McNVCGjMFq\ne96mWCQxGimL9Ltj6F3iXmlo8sUalKfJ7SBXpy8hwyBfXBBAmCalsp5xEw==\n-----END PUBLIC KEY-----"
}
}
]
}
]
}
]
},
{
"name": "check-image",
"match": {
"any": [
{
"resources": {
"kinds": [
"Pod"
]
}
}
]
},
"context": [
{
"name": "keys",
"configMap": {
"name": "keys",
"namespace": "default"
}
}
],
"verifyImages": [
{
"imageReferences": [
"ghcr.io/myorg/myimage*"
],
"required": true,
"attestors": [
{
"count": 1,
"entries": [
{
"keys": {
"publicKeys": "{{ keys.data.production }}"
}
}
]
}
]
}
]
}
]
}
}
`
func Test_RuleCount(t *testing.T) {
var cpol kyverno.ClusterPolicy
err := json.Unmarshal([]byte(policy), &cpol)
assert.NilError(t, err)
status := cpol.GetStatus()
rules := autogen.ComputeRules(&cpol)
setRuleCount(rules, status)
assert.Equal(t, status.RuleCount.Validate, 0)
assert.Equal(t, status.RuleCount.Generate, 0)
assert.Equal(t, status.RuleCount.Mutate, 1)
assert.Equal(t, status.RuleCount.VerifyImages, 2)
}
View git blame Copy permalink