mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
kyverno/pkg/engine/variables/evaluate_test.go
treydock 8204028009
Add DurationOperator to handle duration comparison operations (#2214) 
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
2021-07-30 13:11:52 -07:00

1705 lines
38 KiB
Go
Raw Blame History

package variables
import (
"encoding/json"
"testing"
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
"github.com/kyverno/kyverno/pkg/engine/context"
"github.com/stretchr/testify/assert"
"sigs.k8s.io/controller-runtime/pkg/log"
)
// STRINGS
func Test_Eval_Equal_Const_String_Pass(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: "name",
Operator: kyverno.Equal,
Value: "name",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_Equal_Const_String_Fail(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: "name",
Operator: kyverno.Equal,
Value: "name1",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_NoEqual_Const_String_Pass(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: "name",
Operator: kyverno.NotEqual,
Value: "name1",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_NoEqual_Const_String_Fail(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: "name",
Operator: kyverno.NotEqual,
Value: "name",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_GreaterThanOrEquals_Const_string_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1",
Operator: kyverno.GreaterThanOrEquals,
Value: 1.0,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_GreaterThanOrEquals_Const_string_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1",
Operator: kyverno.GreaterThanOrEquals,
Value: 0,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_GreaterThanOrEquals_Const_string_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1.1",
Operator: kyverno.GreaterThanOrEquals,
Value: "2",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_GreaterThan_Const_string_Equal_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1",
Operator: kyverno.GreaterThan,
Value: 1.0,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_GreaterThan_Const_string_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1",
Operator: kyverno.GreaterThan,
Value: 0,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_GreaterThan_Const_string_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1.1",
Operator: kyverno.GreaterThan,
Value: "2",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_LessThanOrEquals_Const_string_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1",
Operator: kyverno.LessThanOrEquals,
Value: 1.0,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_LessThanOrEquals_Const_string_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "0",
Operator: kyverno.LessThanOrEquals,
Value: 1,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_LessThanOrEquals_Const_string_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "2.0",
Operator: kyverno.LessThanOrEquals,
Value: "1.1",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_LessThan_Const_string_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1",
Operator: kyverno.LessThan,
Value: 1.0,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_LessThan_Const_string_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "0",
Operator: kyverno.LessThan,
Value: 1,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_LessThan_Const_string_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "2.0",
Operator: kyverno.LessThan,
Value: "1.1",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationGreaterThanOrEquals_Const_string_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1h",
Operator: kyverno.DurationGreaterThanOrEquals,
Value: "1h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationGreaterThanOrEquals_Const_string_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "2h",
Operator: kyverno.DurationGreaterThanOrEquals,
Value: "1h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationGreaterThanOrEquals_Const_string_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1h",
Operator: kyverno.DurationGreaterThanOrEquals,
Value: "2h",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationGreaterThan_Const_string_Equal_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1h",
Operator: kyverno.DurationGreaterThan,
Value: "2h",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationGreaterThan_Const_string_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "2h",
Operator: kyverno.DurationGreaterThan,
Value: "1h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationGreaterThan_Const_string_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1h",
Operator: kyverno.DurationGreaterThan,
Value: "2h",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationLessThanOrEquals_Const_string_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "2h",
Operator: kyverno.DurationLessThanOrEquals,
Value: "2h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationLessThanOrEquals_Const_string_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1h",
Operator: kyverno.DurationLessThanOrEquals,
Value: "2h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationLessThanOrEquals_Const_string_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "2h",
Operator: kyverno.LessThanOrEquals,
Value: "1h",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationLessThan_Const_string_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1h",
Operator: kyverno.DurationLessThan,
Value: "1h",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationLessThan_Const_string_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1h",
Operator: kyverno.DurationLessThan,
Value: "2h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationLessThan_Const_string_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "2h",
Operator: kyverno.DurationLessThan,
Value: "1h",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
//Bool
func Test_Eval_Equal_Const_Bool_Pass(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: true,
Operator: kyverno.Equal,
Value: true,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_Equal_Const_Bool_Fail(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: true,
Operator: kyverno.Equal,
Value: false,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_NoEqual_Const_Bool_Pass(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: true,
Operator: kyverno.NotEqual,
Value: false,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_NoEqual_Const_Bool_Fail(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: true,
Operator: kyverno.NotEqual,
Value: true,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
// int
func Test_Eval_Equal_Const_int_Pass(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: 1,
Operator: kyverno.Equal,
Value: 1,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_Equal_Const_int_Fail(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: 1,
Operator: kyverno.Equal,
Value: 2,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_NoEqual_Const_int_Pass(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: 1,
Operator: kyverno.NotEqual,
Value: 2,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_NoEqual_Const_int_Fail(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: 1,
Operator: kyverno.NotEqual,
Value: 1,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_GreaterThanOrEquals_Const_int_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1,
Operator: kyverno.GreaterThanOrEquals,
Value: 1.0,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_GreaterThanOrEquals_Const_int_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1,
Operator: kyverno.GreaterThanOrEquals,
Value: 0,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_GreaterThanOrEquals_Const_int_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1,
Operator: kyverno.GreaterThanOrEquals,
Value: "2",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_GreaterThan_Const_int_Equal_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1,
Operator: kyverno.GreaterThan,
Value: 1.0,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_GreaterThan_Const_int_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1,
Operator: kyverno.GreaterThan,
Value: 0,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_GreaterThan_Const_int_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1,
Operator: kyverno.GreaterThan,
Value: "2",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_LessThanOrEquals_Const_int_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1,
Operator: kyverno.LessThanOrEquals,
Value: 1.0,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_LessThanOrEquals_Const_int_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 0,
Operator: kyverno.LessThanOrEquals,
Value: 1,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_LessThanOrEquals_Const_int_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 2,
Operator: kyverno.LessThanOrEquals,
Value: "1",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_LessThan_Const_int_Equal_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1,
Operator: kyverno.LessThan,
Value: 1.0,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_LessThan_Const_int_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 0,
Operator: kyverno.LessThan,
Value: 1,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_LessThan_Const_int_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 2,
Operator: kyverno.LessThan,
Value: "1",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationGreaterThanOrEquals_Const_int_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1h",
Operator: kyverno.DurationGreaterThanOrEquals,
Value: 3600,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationGreaterThanOrEquals_Const_int_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "2h",
Operator: kyverno.DurationGreaterThanOrEquals,
Value: 3600,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationGreaterThanOrEquals_Const_int_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1h",
Operator: kyverno.DurationGreaterThanOrEquals,
Value: 7200,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationGreaterThan_Const_int_Equal_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 3600,
Operator: kyverno.DurationGreaterThan,
Value: 7200,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationGreaterThan_Const_int_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "2h",
Operator: kyverno.DurationGreaterThan,
Value: 3600,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationGreaterThan_Const_int_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 3600,
Operator: kyverno.DurationGreaterThan,
Value: 7200,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationLessThanOrEquals_Const_int_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "2h",
Operator: kyverno.DurationLessThanOrEquals,
Value: 7200,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationLessThanOrEquals_Const_int_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1h",
Operator: kyverno.DurationLessThanOrEquals,
Value: 7200,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationLessThanOrEquals_Const_int_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 7200,
Operator: kyverno.LessThanOrEquals,
Value: 3600,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationLessThan_Const_int_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 3600,
Operator: kyverno.DurationLessThan,
Value: "1h",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationLessThan_Const_int_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 3600,
Operator: kyverno.DurationLessThan,
Value: "2h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationLessThan_Const_int_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 7200,
Operator: kyverno.DurationLessThan,
Value: 3600,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
// int64
func Test_Eval_Equal_Const_int64_Pass(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: int64(1),
Operator: kyverno.Equal,
Value: int64(1),
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_Equal_Const_int64_Fail(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: int64(1),
Operator: kyverno.Equal,
Value: int64(2),
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_NoEqual_Const_int64_Pass(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: int64(1),
Operator: kyverno.NotEqual,
Value: int64(2),
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_NoEqual_Const_int64_Fail(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: int64(1),
Operator: kyverno.NotEqual,
Value: int64(1),
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationGreaterThanOrEquals_Const_int64_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: int64(3600),
Operator: kyverno.DurationGreaterThanOrEquals,
Value: "1h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationGreaterThanOrEquals_Const_int64_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: int64(7200),
Operator: kyverno.DurationGreaterThanOrEquals,
Value: "1h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationGreaterThanOrEquals_Const_int64_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: int64(3600),
Operator: kyverno.DurationGreaterThanOrEquals,
Value: int64(7200),
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationGreaterThan_Const_int64_Equal_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: int64(3600),
Operator: kyverno.DurationGreaterThan,
Value: int64(7200),
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationGreaterThan_Const_int64_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: int64(7200),
Operator: kyverno.DurationGreaterThan,
Value: int64(3600),
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationGreaterThan_Const_int64_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: int64(3600),
Operator: kyverno.DurationGreaterThan,
Value: int64(7200),
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationLessThanOrEquals_Const_int64_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: int64(7200),
Operator: kyverno.DurationLessThanOrEquals,
Value: "2h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationLessThanOrEquals_Const_int64_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: int64(3600),
Operator: kyverno.DurationLessThanOrEquals,
Value: "2h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationLessThanOrEquals_Const_int64_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: int64(7200),
Operator: kyverno.LessThanOrEquals,
Value: int64(3600),
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationLessThan_Const_int64_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: int64(3600),
Operator: kyverno.DurationLessThan,
Value: "1h",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationLessThan_Const_int64_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: int64(3600),
Operator: kyverno.DurationLessThan,
Value: "2h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationLessThan_Const_int64_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: int64(7200),
Operator: kyverno.DurationLessThan,
Value: int64(3600),
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
//float64
func Test_Eval_Equal_Const_float64_Pass(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: 1.5,
Operator: kyverno.Equal,
Value: 1.5,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_Equal_Const_float64_Fail(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: 1.5,
Operator: kyverno.Equal,
Value: 1.6,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_NoEqual_Const_float64_Pass(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: 1.5,
Operator: kyverno.NotEqual,
Value: 1.6,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_NoEqual_Const_float64_Fail(t *testing.T) {
ctx := context.NewContext()
// no variables
condition := kyverno.Condition{
Key: 1.5,
Operator: kyverno.NotEqual,
Value: 1.5,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_GreaterThanOrEquals_Const_float64_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1.0,
Operator: kyverno.GreaterThanOrEquals,
Value: 1.0,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_GreaterThanOrEquals_Const_float64_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1.5,
Operator: kyverno.GreaterThanOrEquals,
Value: 0,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_GreaterThanOrEquals_Const_float64_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1.95,
Operator: kyverno.GreaterThanOrEquals,
Value: "2",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_GreaterThan_Const_float64_Equal_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1.0,
Operator: kyverno.GreaterThan,
Value: 1.0,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_GreaterThan_Const_float64_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1.5,
Operator: kyverno.GreaterThan,
Value: "0",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_GreaterThan_Const_float64_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1.95,
Operator: kyverno.GreaterThan,
Value: "2.5",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_LessThanOrEquals_Const_float64_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1.0,
Operator: kyverno.LessThanOrEquals,
Value: 1.0,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_LessThanOrEquals_Const_float64_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 0.5,
Operator: kyverno.LessThanOrEquals,
Value: 1,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_LessThanOrEquals_Const_float64_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 2.0,
Operator: kyverno.LessThanOrEquals,
Value: "1.95",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_LessThan_Const_float64_Equal_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 1.0,
Operator: kyverno.LessThan,
Value: 1.0,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_LessThan_Const_float64_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 0.5,
Operator: kyverno.LessThan,
Value: "1.5",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_LessThan_Const_float64_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 2.5,
Operator: kyverno.LessThan,
Value: 1.95,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationGreaterThanOrEquals_Const_float64_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 3600.0,
Operator: kyverno.DurationGreaterThanOrEquals,
Value: "1h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationGreaterThanOrEquals_Const_float64_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 7200.0,
Operator: kyverno.DurationGreaterThanOrEquals,
Value: "1h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationGreaterThanOrEquals_Const_float64_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 3600.0,
Operator: kyverno.DurationGreaterThanOrEquals,
Value: 7200.0,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationGreaterThan_Const_float64_Equal_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 3600.0,
Operator: kyverno.DurationGreaterThan,
Value: 7200.0,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationGreaterThan_Const_float64_Greater_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 7200.0,
Operator: kyverno.DurationGreaterThan,
Value: "1h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationGreaterThan_Const_float64_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 3600.0,
Operator: kyverno.DurationGreaterThan,
Value: 7200.0,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationLessThanOrEquals_Const_float64_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 7200.0,
Operator: kyverno.DurationLessThanOrEquals,
Value: "2h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationLessThanOrEquals_Const_float64_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 3600.0,
Operator: kyverno.DurationLessThanOrEquals,
Value: "2h",
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationLessThanOrEquals_Const_float64_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 7200.0,
Operator: kyverno.LessThanOrEquals,
Value: "1h",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationLessThan_Const_float64_Equal_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 3600.0,
Operator: kyverno.DurationLessThan,
Value: "1h",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_DurationLessThan_Const_float64_Less_Pass(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: "1h",
Operator: kyverno.DurationLessThan,
Value: 7200.0,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_DurationLessThan_Const_float64_Fail(t *testing.T) {
ctx := context.NewContext()
condition := kyverno.Condition{
Key: 7200.0,
Operator: kyverno.DurationLessThan,
Value: 3600.0,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
//object/map[string]interface
func Test_Eval_Equal_Const_object_Pass(t *testing.T) {
ctx := context.NewContext()
var err error
obj1Raw := []byte(`{ "dir": { "file1": "a" } }`)
obj2Raw := []byte(`{ "dir": { "file1": "a" } }`)
var obj1, obj2 interface{}
err = json.Unmarshal(obj1Raw, &obj1)
if err != nil {
t.Error(err)
}
err = json.Unmarshal(obj2Raw, &obj2)
if err != nil {
t.Error(err)
}
// no variables
condition := kyverno.Condition{
Key: obj1,
Operator: kyverno.Equal,
Value: obj2,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_Equal_Const_object_Fail(t *testing.T) {
ctx := context.NewContext()
var err error
obj1Raw := []byte(`{ "dir": { "file1": "a" } }`)
obj2Raw := []byte(`{ "dir": { "file1": "b" } }`)
var obj1, obj2 interface{}
err = json.Unmarshal(obj1Raw, &obj1)
if err != nil {
t.Error(err)
}
err = json.Unmarshal(obj2Raw, &obj2)
if err != nil {
t.Error(err)
}
// no variables
condition := kyverno.Condition{
Key: obj1,
Operator: kyverno.Equal,
Value: obj2,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_NotEqual_Const_object_Pass(t *testing.T) {
ctx := context.NewContext()
var err error
obj1Raw := []byte(`{ "dir": { "file1": "a" } }`)
obj2Raw := []byte(`{ "dir": { "file1": "b" } }`)
var obj1, obj2 interface{}
err = json.Unmarshal(obj1Raw, &obj1)
if err != nil {
t.Error(err)
}
err = json.Unmarshal(obj2Raw, &obj2)
if err != nil {
t.Error(err)
}
// no variables
condition := kyverno.Condition{
Key: obj1,
Operator: kyverno.NotEqual,
Value: obj2,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_NotEqual_Const_object_Fail(t *testing.T) {
ctx := context.NewContext()
var err error
obj1Raw := []byte(`{ "dir": { "file1": "a" } }`)
obj2Raw := []byte(`{ "dir": { "file1": "a" } }`)
var obj1, obj2 interface{}
err = json.Unmarshal(obj1Raw, &obj1)
if err != nil {
t.Error(err)
}
err = json.Unmarshal(obj2Raw, &obj2)
if err != nil {
t.Error(err)
}
// no variables
condition := kyverno.Condition{
Key: obj1,
Operator: kyverno.NotEqual,
Value: obj2,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
// list/ []interface{}
func Test_Eval_Equal_Const_list_Pass(t *testing.T) {
ctx := context.NewContext()
var err error
obj1Raw := []byte(`[ { "name": "a", "file": "a" }, { "name": "b", "file": "b" } ]`)
obj2Raw := []byte(`[ { "name": "a", "file": "a" }, { "name": "b", "file": "b" } ]`)
var obj1, obj2 interface{}
err = json.Unmarshal(obj1Raw, &obj1)
if err != nil {
t.Error(err)
}
err = json.Unmarshal(obj2Raw, &obj2)
if err != nil {
t.Error(err)
}
// no variables
condition := kyverno.Condition{
Key: obj1,
Operator: kyverno.Equal,
Value: obj2,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_Equal_Const_list_Fail(t *testing.T) {
ctx := context.NewContext()
var err error
obj1Raw := []byte(`[ { "name": "a", "file": "a" }, { "name": "b", "file": "b" } ]`)
obj2Raw := []byte(`[ { "name": "b", "file": "a" }, { "name": "b", "file": "b" } ]`)
var obj1, obj2 interface{}
err = json.Unmarshal(obj1Raw, &obj1)
if err != nil {
t.Error(err)
}
err = json.Unmarshal(obj2Raw, &obj2)
if err != nil {
t.Error(err)
}
// no variables
condition := kyverno.Condition{
Key: obj1,
Operator: kyverno.Equal,
Value: obj2,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
func Test_Eval_NotEqual_Const_list_Pass(t *testing.T) {
ctx := context.NewContext()
var err error
obj1Raw := []byte(`[ { "name": "a", "file": "a" }, { "name": "b", "file": "b" } ]`)
obj2Raw := []byte(`[ { "name": "b", "file": "a" }, { "name": "b", "file": "b" } ]`)
var obj1, obj2 interface{}
err = json.Unmarshal(obj1Raw, &obj1)
if err != nil {
t.Error(err)
}
err = json.Unmarshal(obj2Raw, &obj2)
if err != nil {
t.Error(err)
}
// no variables
condition := kyverno.Condition{
Key: obj1,
Operator: kyverno.NotEqual,
Value: obj2,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
func Test_Eval_NotEqual_Const_list_Fail(t *testing.T) {
ctx := context.NewContext()
var err error
obj1Raw := []byte(`[ { "name": "a", "file": "a" }, { "name": "b", "file": "b" } ]`)
obj2Raw := []byte(`[ { "name": "a", "file": "a" }, { "name": "b", "file": "b" } ]`)
var obj1, obj2 interface{}
err = json.Unmarshal(obj1Raw, &obj1)
if err != nil {
t.Error(err)
}
err = json.Unmarshal(obj2Raw, &obj2)
if err != nil {
t.Error(err)
}
// no variables
condition := kyverno.Condition{
Key: obj1,
Operator: kyverno.NotEqual,
Value: obj2,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
// Variables
func Test_Eval_Equal_Var_Pass(t *testing.T) {
resourceRaw := []byte(`
{
"metadata": {
"name": "temp",
"namespace": "n1"
},
"spec": {
"namespace": "n1",
"name": "temp1"
}
}
`)
// context
ctx := context.NewContext()
err := ctx.AddResource(resourceRaw)
if err != nil {
t.Error(err)
}
condition := kyverno.Condition{
Key: "{{request.object.metadata.name}}",
Operator: kyverno.Equal,
Value: "temp",
}
conditionJSON, err := json.Marshal(condition)
assert.Nil(t, err)
var conditionMap interface{}
err = json.Unmarshal(conditionJSON, &conditionMap)
assert.Nil(t, err)
conditionWithResolvedVars, err := SubstituteAllInPreconditions(log.Log, ctx, conditionMap)
conditionJSON, err = json.Marshal(conditionWithResolvedVars)
assert.Nil(t, err)
err = json.Unmarshal(conditionJSON, &condition)
assert.Nil(t, err)
assert.True(t, Evaluate(log.Log, ctx, condition))
}
func Test_Eval_Equal_Var_Fail(t *testing.T) {
resourceRaw := []byte(`
{
"metadata": {
"name": "temp",
"namespace": "n1"
},
"spec": {
"namespace": "n1",
"name": "temp1"
}
}
`)
// context
ctx := context.NewContext()
err := ctx.AddResource(resourceRaw)
if err != nil {
t.Error(err)
}
condition := kyverno.Condition{
Key: "{{request.object.metadata.name}}",
Operator: kyverno.Equal,
Value: "temp1",
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
// subset test
// test passes if ALL values in "key" are in "value" ("key" is a subset of "value")
func Test_Eval_In_String_Set_Pass(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"1.1.1.1", "2.2.2.2"}
keyInterface := make([]interface{}, len(key), len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value), len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.In,
Value: valueInterface,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
// test passes if NOT ALL values in "key" are in "value" ("key" is not a subset of "value")
func Test_Eval_In_String_Set_Fail(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"1.1.1.1", "4.4.4.4"}
keyInterface := make([]interface{}, len(key), len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value), len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.In,
Value: valueInterface,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
// test passes if ONE of the values in "key" is NOT in "value" ("key" is not a subset of "value")
func Test_Eval_NotIn_String_Set_Pass(t *testing.T) {
ctx := context.NewContext()
key := [3]string{"1.1.1.1", "4.4.4.4", "5.5.5.5"}
keyInterface := make([]interface{}, len(key), len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value), len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.NotIn,
Value: valueInterface,
}
if !Evaluate(log.Log, ctx, condition) {
t.Error("expected to pass")
}
}
// test passes if ALL of the values in "key" are in "value" ("key" is a subset of "value")
func Test_Eval_NotIn_String_Set_Fail(t *testing.T) {
ctx := context.NewContext()
key := [2]string{"1.1.1.1", "2.2.2.2"}
keyInterface := make([]interface{}, len(key), len(key))
for i := range key {
keyInterface[i] = key[i]
}
value := [3]string{"1.1.1.1", "2.2.2.2", "3.3.3.3"}
valueInterface := make([]interface{}, len(value), len(value))
for i := range value {
valueInterface[i] = value[i]
}
condition := kyverno.Condition{
Key: keyInterface,
Operator: kyverno.NotIn,
Value: valueInterface,
}
if Evaluate(log.Log, ctx, condition) {
t.Error("expected to fail")
}
}
View git blame Copy permalink