mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
kyverno/cmd/cli/kubectl-kyverno/report/report_test.go
Suruchi Kumari 26df05d8c1
[Bug] [CLI] PSS report does not show properties with control details (#9785) 
* add properties in pss report

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove  tests

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix lint

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore: move chainsaw config at the root of the repo (#9768)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump svenstaro/upload-release-action from 2.7.0 to 2.9.0 (#9767)

Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.7.0 to 2.9.0.
- [Release notes](https://github.com/svenstaro/upload-release-action/releases)
- [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md)
- [Commits](1beeb572c1...04733e069f)

---
updated-dependencies:
- dependency-name: svenstaro/upload-release-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add test

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fill properties field in test

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove unwanted folders

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remote gitpod file

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix: remove unnecessary podSecurity chainsaw test (#9791)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix: remove unnecessary validation check for podSecurity rule (#9790)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update versions (#9783)

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore: add tests for exceptions in the CLI (#9781)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump go.opentelemetry.io/otel/sdk/metric (#9799)

Bumps [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.1...v1.24.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc (#9797)

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.1...v1.24.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump codecov/codecov-action from 4.0.1 to 4.0.2 (#9794)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](e0b68c6749...0cfda1dd0a)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump go.opentelemetry.io/otel/exporters/prometheus (#9796)

Bumps [go.opentelemetry.io/otel/exporters/prometheus](https://github.com/open-telemetry/opentelemetry-go) from 0.45.2 to 0.46.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/example/prometheus/v0.45.2...example/prometheus/v0.46.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/prometheus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace (#9795)

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.1...v1.24.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* changes

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc (#9798)

Bumps [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.1...v1.24.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump codecov/codecov-action from 4.0.2 to 4.1.0 (#9811)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.0.2 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](0cfda1dd0a...54bcd8715e)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (#9809)

Bumps [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.48.0 to 0.49.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.48.0...zpages/v0.49.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 (#9810)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/crypto/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix lint

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix(globalcontext): old WaitGroup not stopping (#9813)

* fix(globalcontext): old waitgroup not stopping

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* chore(globalcontext): add AGE

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* feat(globalcontext): add lastRefreshTime

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* fix(globalcontext): unhandled intormer run exception

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* chore(globalcontext): comment wording

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* chore(globalcontext): codegen

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

* fix(globalcontext): linter

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>

---------

Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add empty declaration of properties

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add changes

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix: add podSecurity validation checks for exceptions (#9817)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump github.com/sigstore/sigstore from 1.8.1 to 1.8.2 (#9825)

Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#9821)

Bumps [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#9823)

Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump kyverno/action-install-chainsaw from 0.1.6 to 0.1.7 (#9832)

Bumps [kyverno/action-install-chainsaw](https://github.com/kyverno/action-install-chainsaw) from 0.1.6 to 0.1.7.
- [Release notes](https://github.com/kyverno/action-install-chainsaw/releases)
- [Commits](204730d723...3bf0752f44)

---
updated-dependencies:
- dependency-name: kyverno/action-install-chainsaw
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#9831)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.17.0 to 0.18.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](84384bd6e7...062f259268)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#9830)

Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* [Bug] [CLI] Restore warn-exit-code functionality for apply command (#9828)

* Restore warn-exite-code functionality for apply command

Signed-off-by: Matt Veitas <mveitas@gmail.com>

* Nove error handling

Signed-off-by: Matt Veitas <mveitas@gmail.com>

* Uncomment println statement

Signed-off-by: Matt Veitas <mveitas@gmail.com>

* Fixing linting

Signed-off-by: Matt Veitas <mveitas@gmail.com>

* Adding conformance tets for cli apply command with warn-exit-code

Signed-off-by: Matt Veitas <mveitas@gmail.com>

* Update path to kubectl-kyverno binary

Signed-off-by: Matt Veitas <mveitas@gmail.com>

* Add prepare-cli as needed dependency

Signed-off-by: Matt Veitas <mveitas@gmail.com>

* feat: install kubectl-kyverno in standard conformance tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: update chainsaw config

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: move CLI chainsaw tests to a separate action

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: CLI path

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: name

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: add chainsaw flag '--no-cluster'

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: CLI name

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: Matt Veitas <mveitas@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#9822)

Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove comment and shift line 91

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* modify test

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* added rseperate function for adding properties in result

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix test

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add test for pss report

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove comments

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix: remove duplicate chainsaw tests for PSA (#9835)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* modify policy

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* modify policy in test_dta

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* docs: Add new adopter to ADOPTERS.md (#9841)

Signed-off-by: Younsung Lee <cysl@kakao.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix: use gcr crane opts while fetching image descriptors (#9838)

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix: add missing unit tests for podSecurity.hostpathVolume check (#9845)

* fix: add missing unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: update pinned lib

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: uncomment code

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix: release CRDs manifests (#9849)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#9842)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix name access for policy types

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* modify pkg report

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* modify name

Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add bindings

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Revert "add bindings"

This reverts commit c616c11d9bb4dd0554104025fcfb9cf9e25dc02d.

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* revert add bindings

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update chainsaw

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update name

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Revert "update name"

This reverts commit 84de45b4ce1c5f94d8cbd0a66e893c7907f4a600.

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* simplify results

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

---------

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com>
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Signed-off-by: Matt Veitas <mveitas@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Signed-off-by: Younsung Lee <cysl@kakao.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Matt Veitas <mveitas@gmail.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Younsung Lee <cysl@kakao.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
2024-03-07 13:54:00 -08:00

344 lines
12 KiB
Go
Raw Blame History

package report
import (
"reflect"
"testing"
policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
"github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/policy"
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
"gotest.tools/assert"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
func TestComputeClusterPolicyReports(t *testing.T) {
policies, _, _, err := policy.Load(nil, "", "../_testdata/policies/cpol-pod-requirements.yaml")
assert.NilError(t, err)
assert.Equal(t, len(policies), 1)
policy := policies[0]
er := engineapi.EngineResponse{}
er = er.WithPolicy(engineapi.NewKyvernoPolicy(policy))
er.PolicyResponse.Add(
engineapi.ExecutionStats{},
*engineapi.RuleFail(
"pods-require-account",
engineapi.Validation,
"validation error: User pods must include an account for charging. Rule pods-require-account failed at path /metadata/labels/",
),
*engineapi.RulePass(
"pods-require-limits",
engineapi.Validation,
"validation rule 'pods-require-limits' passed.",
),
)
clustered, namespaced := ComputePolicyReports(false, er)
assert.Equal(t, len(clustered), 1)
assert.Equal(t, len(namespaced), 0)
{
report := clustered[0]
assert.Equal(t, report.GetName(), policy.GetName())
assert.Equal(t, report.Kind, "ClusterPolicyReport")
assert.Equal(t, len(report.Results), 2)
assert.Equal(t, report.Results[0].Severity, policyreportv1alpha2.SeverityMedium)
assert.Equal(t, report.Results[0].Category, "Pod Security Standards (Restricted)")
assert.Equal(t, report.Summary.Pass, 1)
}
}
func TestComputePolicyReports(t *testing.T) {
policies, _, _, err := policy.Load(nil, "", "../_testdata/policies/pol-pod-requirements.yaml")
assert.NilError(t, err)
assert.Equal(t, len(policies), 1)
policy := policies[0]
er := engineapi.EngineResponse{}
er = er.WithPolicy(engineapi.NewKyvernoPolicy(policy))
er.PolicyResponse.Add(
engineapi.ExecutionStats{},
*engineapi.RuleFail(
"pods-require-account",
engineapi.Validation,
"validation error: User pods must include an account for charging. Rule pods-require-account failed at path /metadata/labels/",
),
*engineapi.RulePass(
"pods-require-limits",
engineapi.Validation,
"validation rule 'pods-require-limits' passed.",
),
)
clustered, namespaced := ComputePolicyReports(false, er)
assert.Equal(t, len(clustered), 0)
assert.Equal(t, len(namespaced), 1)
{
report := namespaced[0]
assert.Equal(t, report.GetName(), policy.GetName())
assert.Equal(t, report.GetNamespace(), policy.GetNamespace())
assert.Equal(t, report.Kind, "PolicyReport")
assert.Equal(t, len(report.Results), 2)
assert.Equal(t, report.Results[0].Severity, policyreportv1alpha2.SeverityMedium)
assert.Equal(t, report.Results[0].Category, "Pod Security Standards (Restricted)")
assert.Equal(t, report.Summary.Pass, 1)
}
}
func TestComputePolicyReportResultsPerPolicyOld(t *testing.T) {
policies, _, _, err := policy.Load(nil, "", "../_testdata/policies/cpol-pod-requirements.yaml")
assert.NilError(t, err)
assert.Equal(t, len(policies), 1)
policy := policies[0]
er := engineapi.EngineResponse{}
er = er.WithPolicy(engineapi.NewKyvernoPolicy(policy))
er.PolicyResponse.Add(
engineapi.ExecutionStats{}, *engineapi.RuleFail(
"pods-require-account",
engineapi.Validation,
"validation error: User pods must include an account for charging. Rule pods-require-account failed at path /metadata/labels/",
),
*engineapi.RulePass(
"pods-require-limits",
engineapi.Validation,
"validation rule 'pods-require-limits' passed.",
),
)
results := ComputePolicyReportResultsPerPolicy(false, er)
for _, result := range results {
assert.Equal(t, len(result), 2)
for _, r := range result {
switch r.Rule {
case "pods-require-limits":
assert.Equal(t, r.Result, policyreportv1alpha2.StatusPass)
case "pods-require-account":
assert.Equal(t, r.Result, policyreportv1alpha2.StatusFail)
}
}
}
}
func TestMergeClusterReport(t *testing.T) {
clustered := []policyreportv1alpha2.ClusterPolicyReport{{
TypeMeta: metav1.TypeMeta{
Kind: "ClusterPolicyReport",
APIVersion: policyreportv1alpha2.SchemeGroupVersion.String(),
},
ObjectMeta: metav1.ObjectMeta{
Name: "cpolr-4",
},
Results: []policyreportv1alpha2.PolicyReportResult{
{
Policy: "cpolr-4",
Result: policyreportv1alpha2.StatusFail,
},
},
}, {
TypeMeta: metav1.TypeMeta{
Kind: "ClusterPolicyReport",
APIVersion: policyreportv1alpha2.SchemeGroupVersion.String(),
},
ObjectMeta: metav1.ObjectMeta{
Name: "cpolr-5",
},
Results: []policyreportv1alpha2.PolicyReportResult{
{
Policy: "cpolr-5",
Result: policyreportv1alpha2.StatusFail,
},
},
}}
expectedResults := []policyreportv1alpha2.PolicyReportResult{{
Policy: "cpolr-4",
Result: policyreportv1alpha2.StatusFail,
}, {
Policy: "cpolr-5",
Result: policyreportv1alpha2.StatusFail,
}}
cpolr := MergeClusterReports(clustered)
assert.Equal(t, cpolr.APIVersion, policyreportv1alpha2.SchemeGroupVersion.String())
assert.Equal(t, cpolr.Kind, "ClusterPolicyReport")
assert.DeepEqual(t, cpolr.Results, expectedResults)
assert.Equal(t, cpolr.Summary.Pass, 0)
assert.Equal(t, cpolr.Summary.Fail, 2)
}
func TestComputePolicyReportResult(t *testing.T) {
policies, _, _, err := policy.Load(nil, "", "../_testdata/policies/cpol-pod-requirements.yaml")
assert.NilError(t, err)
assert.Equal(t, len(policies), 1)
policy := policies[0]
tests := []struct {
name string
auditWarn bool
engineResponse engineapi.EngineResponse
ruleResponse engineapi.RuleResponse
want policyreportv1alpha2.PolicyReportResult
}{{
name: "skip",
auditWarn: false,
engineResponse: engineapi.NewEngineResponse(unstructured.Unstructured{}, engineapi.NewKyvernoPolicy(policy), nil),
ruleResponse: *engineapi.RuleSkip("xxx", engineapi.Mutation, "test"),
want: policyreportv1alpha2.PolicyReportResult{
Source: "kyverno",
Policy: "pod-requirements",
Rule: "xxx",
Result: policyreportv1alpha2.StatusSkip,
Resources: []corev1.ObjectReference{{}},
Message: "test",
Scored: true,
Category: "Pod Security Standards (Restricted)",
Severity: policyreportv1alpha2.SeverityMedium,
},
}, {
name: "pass",
auditWarn: false,
engineResponse: engineapi.NewEngineResponse(unstructured.Unstructured{}, engineapi.NewKyvernoPolicy(policy), nil),
ruleResponse: *engineapi.RulePass("xxx", engineapi.Mutation, "test"),
want: policyreportv1alpha2.PolicyReportResult{
Source: "kyverno",
Policy: "pod-requirements",
Rule: "xxx",
Result: policyreportv1alpha2.StatusPass,
Resources: []corev1.ObjectReference{{}},
Message: "test",
Scored: true,
Category: "Pod Security Standards (Restricted)",
Severity: policyreportv1alpha2.SeverityMedium,
},
}, {
name: "fail",
auditWarn: false,
engineResponse: engineapi.NewEngineResponse(unstructured.Unstructured{}, engineapi.NewKyvernoPolicy(policy), nil),
ruleResponse: *engineapi.RuleFail("xxx", engineapi.Mutation, "test"),
want: policyreportv1alpha2.PolicyReportResult{
Source: "kyverno",
Policy: "pod-requirements",
Rule: "xxx",
Result: policyreportv1alpha2.StatusFail,
Resources: []corev1.ObjectReference{{}},
Message: "test",
Scored: true,
Category: "Pod Security Standards (Restricted)",
Severity: policyreportv1alpha2.SeverityMedium,
},
}, {
name: "fail - audit warn",
auditWarn: true,
engineResponse: engineapi.NewEngineResponse(unstructured.Unstructured{}, engineapi.NewKyvernoPolicy(policy), nil),
ruleResponse: *engineapi.RuleFail("xxx", engineapi.Mutation, "test"),
want: policyreportv1alpha2.PolicyReportResult{
Source: "kyverno",
Policy: "pod-requirements",
Rule: "xxx",
Result: policyreportv1alpha2.StatusWarn,
Resources: []corev1.ObjectReference{{}},
Message: "test",
Scored: true,
Category: "Pod Security Standards (Restricted)",
Severity: policyreportv1alpha2.SeverityMedium,
},
}, {
name: "error",
auditWarn: false,
engineResponse: engineapi.NewEngineResponse(unstructured.Unstructured{}, engineapi.NewKyvernoPolicy(policy), nil),
ruleResponse: *engineapi.RuleError("xxx", engineapi.Mutation, "test", nil),
want: policyreportv1alpha2.PolicyReportResult{
Source: "kyverno",
Policy: "pod-requirements",
Rule: "xxx",
Result: policyreportv1alpha2.StatusError,
Resources: []corev1.ObjectReference{{}},
Message: "test",
Scored: true,
Category: "Pod Security Standards (Restricted)",
Severity: policyreportv1alpha2.SeverityMedium,
},
}, {
name: "warn",
auditWarn: false,
engineResponse: engineapi.NewEngineResponse(unstructured.Unstructured{}, engineapi.NewKyvernoPolicy(policy), nil),
ruleResponse: *engineapi.RuleWarn("xxx", engineapi.Mutation, "test"),
want: policyreportv1alpha2.PolicyReportResult{
Source: "kyverno",
Policy: "pod-requirements",
Rule: "xxx",
Result: policyreportv1alpha2.StatusWarn,
Resources: []corev1.ObjectReference{{}},
Message: "test",
Scored: true,
Category: "Pod Security Standards (Restricted)",
Severity: policyreportv1alpha2.SeverityMedium,
},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := ComputePolicyReportResult(tt.auditWarn, tt.engineResponse, tt.ruleResponse)
got.Timestamp = metav1.Timestamp{}
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("ComputePolicyReportResult() = %v, want %v", got, tt.want)
}
})
}
}
func TestPSSComputePolicyReportResult(t *testing.T) {
policies, _, _, err := policy.Load(nil, "", "../_testdata/policies/restricted.yaml")
assert.NilError(t, err)
assert.Equal(t, len(policies), 1)
policy := policies[0]
tests := []struct {
name string
auditWarn bool
engineResponse engineapi.EngineResponse
ruleResponse engineapi.RuleResponse
want policyreportv1alpha2.PolicyReportResult
}{{
name: "fail",
auditWarn: false,
engineResponse: engineapi.NewEngineResponse(unstructured.Unstructured{}, engineapi.NewKyvernoPolicy(policy), nil),
ruleResponse: *engineapi.RuleFail("xxx", engineapi.Mutation, "test"),
want: policyreportv1alpha2.PolicyReportResult{
Source: "kyverno",
Policy: "psa",
Rule: "xxx",
Result: policyreportv1alpha2.StatusFail,
Resources: []corev1.ObjectReference{{}},
Message: "test",
Scored: true,
Category: "Pod Security Standards (Restricted)",
Severity: policyreportv1alpha2.SeverityMedium,
Properties: nil,
},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := ComputePolicyReportResult(tt.auditWarn, tt.engineResponse, tt.ruleResponse)
got.Timestamp = metav1.Timestamp{}
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("ComputePolicyReportResult() = %v, want %v", got, tt.want)
}
})
}
}
func TestComputePolicyReportResultsPerPolicy(t *testing.T) {
tests := []struct {
name string
auditWarn bool
engineResponses []engineapi.EngineResponse
want map[engineapi.GenericPolicy][]policyreportv1alpha2.PolicyReportResult
}{{
name: "empty",
auditWarn: false,
engineResponses: func() []engineapi.EngineResponse {
return []engineapi.EngineResponse{{}}
}(),
want: nil,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := ComputePolicyReportResultsPerPolicy(tt.auditWarn, tt.engineResponses...)
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("ComputePolicyReportResultsPerPolicy() = %v, want %v", got, tt.want)
}
})
}
}
View git blame Copy permalink