mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-26 01:24:26 +00:00
Code Activity
kyverno/api/policies.kyverno.io/v1alpha1/imageverification_policy_test.go
shuting 5c5a5fc0b0
feat: reconcile ivpol.status (#12392) 
* feat: update ivpol.status api

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: fix unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: reconcile ivpol.status

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: linter issues

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: autogen fields replacement

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: update ivpol autogen rules

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: invoke ivpol webhook handler

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
2025-03-15 05:29:19 +05:30

422 lines
9 KiB
Go
Raw Blame History

package v1alpha1
import (
"testing"
"github.com/stretchr/testify/assert"
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/utils/ptr"
)
func TestImageVerificationPolicy_GetFailurePolicy(t *testing.T) {
tests := []struct {
name string
policy *ImageVerificationPolicy
want admissionregistrationv1.FailurePolicyType
}{{
name: "nil",
policy: &ImageVerificationPolicy{},
want: admissionregistrationv1.Fail,
}, {
name: "fail",
policy: &ImageVerificationPolicy{
Spec: ImageVerificationPolicySpec{
FailurePolicy: ptr.To(admissionregistrationv1.Fail),
},
},
want: admissionregistrationv1.Fail,
}, {
name: "ignore",
policy: &ImageVerificationPolicy{
Spec: ImageVerificationPolicySpec{
FailurePolicy: ptr.To(admissionregistrationv1.Ignore),
},
},
want: admissionregistrationv1.Ignore,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.policy.GetFailurePolicy()
assert.Equal(t, tt.want, got)
})
}
}
func TestAttestor_GetKey(t *testing.T) {
tests := []struct {
name string
attestor Attestor
want string
}{{
name: "foo",
attestor: Attestor{
Name: "foo",
},
want: "foo",
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.attestor.GetKey()
assert.Equal(t, tt.want, got)
})
}
}
func TestAttestor_IsCosign(t *testing.T) {
tests := []struct {
name string
attestor Attestor
want bool
}{{
name: "no",
attestor: Attestor{},
want: false,
}, {
name: "yes",
attestor: Attestor{
Cosign: &Cosign{},
},
want: true,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.attestor.IsCosign()
assert.Equal(t, tt.want, got)
})
}
}
func TestAttestor_IsNotary(t *testing.T) {
tests := []struct {
name string
attestor Attestor
want bool
}{{
name: "no",
attestor: Attestor{},
want: false,
}, {
name: "yes",
attestor: Attestor{
Notary: &Notary{},
},
want: true,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.attestor.IsNotary()
assert.Equal(t, tt.want, got)
})
}
}
func TestAttestation_GetKey(t *testing.T) {
tests := []struct {
name string
attestation Attestation
want string
}{{
name: "foo",
attestation: Attestation{
Name: "foo",
},
want: "foo",
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.attestation.GetKey()
assert.Equal(t, tt.want, got)
})
}
}
func TestAttestation_IsInToto(t *testing.T) {
tests := []struct {
name string
attestation Attestation
want bool
}{{
name: "no",
attestation: Attestation{},
want: false,
}, {
name: "yes",
attestation: Attestation{
InToto: &InToto{},
},
want: true,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.attestation.IsInToto()
assert.Equal(t, tt.want, got)
})
}
}
func TestAttestation_IsReferrer(t *testing.T) {
tests := []struct {
name string
attestation Attestation
want bool
}{{
name: "no",
attestation: Attestation{},
want: false,
}, {
name: "yes",
attestation: Attestation{
Referrer: &Referrer{},
},
want: true,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.attestation.IsReferrer()
assert.Equal(t, tt.want, got)
})
}
}
func TestImageVerificationPolicySpec_EvaluationMode(t *testing.T) {
tests := []struct {
name string
policy *ImageVerificationPolicySpec
want EvaluationMode
}{{
name: "nil",
policy: &ImageVerificationPolicySpec{},
want: EvaluationModeKubernetes,
}, {
name: "json",
policy: &ImageVerificationPolicySpec{
EvaluationConfiguration: &EvaluationConfiguration{
Mode: EvaluationModeJSON,
},
},
want: EvaluationModeJSON,
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.policy.EvaluationMode()
assert.Equal(t, tt.want, got)
})
}
}
func TestImageVerificationPolicy_GetMatchConstraints(t *testing.T) {
tests := []struct {
name string
policy *ImageVerificationPolicy
want admissionregistrationv1.MatchResources
}{{
name: "nil",
policy: &ImageVerificationPolicy{},
want: admissionregistrationv1.MatchResources{},
}, {
name: "not nil",
policy: &ImageVerificationPolicy{
Spec: ImageVerificationPolicySpec{
MatchConstraints: &admissionregistrationv1.MatchResources{},
},
},
want: admissionregistrationv1.MatchResources{},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.policy.GetMatchConstraints()
assert.Equal(t, tt.want, got)
})
}
}
func TestImageVerificationPolicy_GetMatchConditions(t *testing.T) {
tests := []struct {
name string
policy *ImageVerificationPolicy
want []admissionregistrationv1.MatchCondition
}{{
name: "nil",
policy: &ImageVerificationPolicy{},
want: nil,
}, {
name: "empty",
policy: &ImageVerificationPolicy{
Spec: ImageVerificationPolicySpec{
MatchConditions: []admissionregistrationv1.MatchCondition{},
},
},
want: []admissionregistrationv1.MatchCondition{},
}, {
name: "not empty",
policy: &ImageVerificationPolicy{
Spec: ImageVerificationPolicySpec{
MatchConditions: []admissionregistrationv1.MatchCondition{{
Name: "dummy",
Expression: "expression",
}},
},
},
want: []admissionregistrationv1.MatchCondition{{
Name: "dummy",
Expression: "expression",
}},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.policy.GetMatchConditions()
assert.Equal(t, tt.want, got)
})
}
}
func TestImageVerificationPolicy_GetWebhookConfiguration(t *testing.T) {
tests := []struct {
name string
policy *ImageVerificationPolicy
want *WebhookConfiguration
}{{
name: "nil",
policy: &ImageVerificationPolicy{},
want: nil,
}, {
name: "fail",
policy: &ImageVerificationPolicy{
Spec: ImageVerificationPolicySpec{
WebhookConfiguration: &WebhookConfiguration{},
},
},
want: &WebhookConfiguration{},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.policy.GetWebhookConfiguration()
assert.Equal(t, tt.want, got)
})
}
}
func TestImageVerificationPolicy_GetVariables(t *testing.T) {
tests := []struct {
name string
policy *ImageVerificationPolicy
want []admissionregistrationv1.Variable
}{{
name: "nil",
policy: &ImageVerificationPolicy{},
want: nil,
}, {
name: "empty",
policy: &ImageVerificationPolicy{
Spec: ImageVerificationPolicySpec{
Variables: []admissionregistrationv1.Variable{},
},
},
want: []admissionregistrationv1.Variable{},
}, {
name: "not empty",
policy: &ImageVerificationPolicy{
Spec: ImageVerificationPolicySpec{
Variables: []admissionregistrationv1.Variable{{
Name: "dummy",
Expression: "expression",
}},
},
},
want: []admissionregistrationv1.Variable{{
Name: "dummy",
Expression: "expression",
}},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.policy.GetVariables()
assert.Equal(t, tt.want, got)
})
}
}
func TestImageVerificationPolicy_GetSpec(t *testing.T) {
tests := []struct {
name string
policy *ImageVerificationPolicy
want *ImageVerificationPolicySpec
}{{
name: "empty",
policy: &ImageVerificationPolicy{
Spec: ImageVerificationPolicySpec{
Variables: []admissionregistrationv1.Variable{},
},
},
want: &ImageVerificationPolicySpec{
Variables: []admissionregistrationv1.Variable{},
},
}, {
name: "not empty",
policy: &ImageVerificationPolicy{
Spec: ImageVerificationPolicySpec{
Variables: []admissionregistrationv1.Variable{{
Name: "dummy",
Expression: "expression",
}},
},
},
want: &ImageVerificationPolicySpec{
Variables: []admissionregistrationv1.Variable{{
Name: "dummy",
Expression: "expression",
}},
},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.policy.GetSpec()
assert.Equal(t, tt.want, got)
})
}
}
func TestImageVerificationPolicy_GetStatus(t *testing.T) {
tests := []struct {
name string
policy *ImageVerificationPolicy
want *IvpolStatus
}{{
policy: &ImageVerificationPolicy{},
want: &IvpolStatus{},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.policy.GetStatus()
assert.Equal(t, tt.want, got)
})
}
}
func TestImageVerificationPolicy_GetKind(t *testing.T) {
tests := []struct {
name string
policy *ImageVerificationPolicy
want string
}{{
name: "not set",
policy: &ImageVerificationPolicy{},
want: "ImageVerificationPolicy",
}, {
name: "set",
policy: &ImageVerificationPolicy{
TypeMeta: v1.TypeMeta{
Kind: "Foo",
},
},
want: "ImageVerificationPolicy",
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tt.policy.GetKind()
assert.Equal(t, tt.want, got)
})
}
}
View git blame Copy permalink