mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
kyverno/pkg/webhooks/handlers/dump_test.go
Charles-Edouard Brétéché 4634760e9e
refactor: resolve roles/cluster roles/top level GVK earlier in the admission chain (#6775) 
* refactor: remove more admission request pointers

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* more

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: resolve roles/cluster roles earlier in the admission chain

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* enrich

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* enrich

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2023-04-04 10:23:20 +00:00

176 lines
5.4 KiB
Go
Raw Blame History

package handlers
import (
"encoding/json"
"testing"
datautils "github.com/kyverno/kyverno/pkg/utils/data"
"gotest.tools/assert"
admissionv1 "k8s.io/api/admission/v1"
)
func Test_RedactPayload(t *testing.T) {
tc := []struct {
name string
requestPayload []byte
}{
{
name: "request payload with nil old object",
requestPayload: []byte(`{
"uid":"631a230b-b949-468d-b9ae-927fdd76217e",
"kind":{
"group":"",
"version":"v1",
"kind":"Secret"
},
"resource":{
"group":"",
"version":"v1",
"resource":"secrets"
},
"requestKind":{
"group":"",
"version":"v1",
"kind":"Secret"
},
"requestResource":{
"group":"",
"version":"v1",
"resource":"secrets"
},
"name":"mysecret2",
"namespace":"default",
"operation":"CREATE",
"userInfo":{
"username":"kubernetes-admin",
"groups":["system:masters","system:authenticated"]
},
"object":{
"kind":"Secret",
"apiVersion":"v1",
"metadata":{
"name":"mysecret2",
"namespace":"default",
"uid":"de6f1564-295d-4c57-a10b-f37358414a81",
"creationTimestamp":"2022-10-20T15:17:56Z",
"labels":{
"purpose":"production"
},
"annotations":{
"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"v1\",\"data\":{\"password\":\"MWYyZDFlMmU2N2Rm\",\"username\":\"YWRtaW4=\"},\"kind\":\"Secret\",\"metadata\":{\"annotations\":{},\"labels\":{\"purpose\":\"production\"},\"name\":\"mysecret2\",\"namespace\":\"default\"}}\n"},"managedFields":[{"manager":"kubectl-client-side-apply","operation":"Update","apiVersion":"v1","time":"2022-10-20T15:17:56Z","fieldsType":"FieldsV1","fieldsV1":{"f:data":{".":{},"f:password":{},"f:username":{}},"f:metadata":{"f:annotations":{".":{},"f:kubectl.kubernetes.io/last-applied-configuration":{}},"f:labels":{".":{},"f:purpose":{}}},"f:type":{}}}]},
"data":{
"password":"MWYyZDFlMmU2N2Rm",
"username":"YWRtaW4="
},
"type":"Opaque"
},
"oldObject":null,
"dryRun":false,
"options":{
"kind":"CreateOptions",
"apiVersion":"meta.k8s.io/v1",
"fieldManager":"kubectl-client-side-apply",
"fieldValidation":"Strict"
}
}`),
},
{
name: "request payload with non nil old object",
requestPayload: []byte(`{
"uid":"631a230b-b949-468d-b9ae-927fdd76217e",
"kind":{
"group":"",
"version":"v1",
"kind":"Secret"
},
"resource":{
"group":"",
"version":"v1",
"resource":"secrets"
},
"requestKind":{
"group":"",
"version":"v1",
"kind":"Secret"
},
"requestResource":{
"group":"",
"version":"v1",
"resource":"secrets"
},
"name":"mysecret2",
"namespace":"default",
"operation":"CREATE",
"userInfo":{
"username":"kubernetes-admin",
"groups":["system:masters","system:authenticated"]
},
"object": null,
"oldObject":{
"kind":"Secret",
"apiVersion":"v1",
"metadata":{
"name":"mysecret2",
"namespace":"default",
"uid":"de6f1564-295d-4c57-a10b-f37358414a81",
"creationTimestamp":"2022-10-20T15:17:56Z",
"labels":{
"purpose":"production"
},
"annotations":{
"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"v1\",\"data\":{\"password\":\"MWYyZDFlMmU2N2Rm\",\"username\":\"YWRtaW4=\"},\"kind\":\"Secret\",\"metadata\":{\"annotations\":{},\"labels\":{\"purpose\":\"production\"},\"name\":\"mysecret2\",\"namespace\":\"default\"}}\n"},"managedFields":[{"manager":"kubectl-client-side-apply","operation":"Update","apiVersion":"v1","time":"2022-10-20T15:17:56Z","fieldsType":"FieldsV1","fieldsV1":{"f:data":{".":{},"f:password":{},"f:username":{}},"f:metadata":{"f:annotations":{".":{},"f:kubectl.kubernetes.io/last-applied-configuration":{}},"f:labels":{".":{},"f:purpose":{}}},"f:type":{}}}]},
"data":{
"password":"MWYyZDFlMmU2N2Rm",
"username":"YWRtaW4="
},
"type":"Opaque"
},
"dryRun":false,
"options":{
"kind":"CreateOptions",
"apiVersion":"meta.k8s.io/v1",
"fieldManager":"kubectl-client-side-apply",
"fieldValidation":"Strict"
}
}`),
},
}
for _, c := range tc {
t.Run(c.name, func(t *testing.T) {
var req admissionv1.AdmissionRequest
err := json.Unmarshal(c.requestPayload, &req)
assert.NilError(t, err)
payload, err := newAdmissionRequestPayload(AdmissionRequest{AdmissionRequest: req})
assert.NilError(t, err)
if payload.Object.Object != nil {
data, err := datautils.ToMap(payload.Object.Object["data"])
assert.NilError(t, err)
for _, v := range data {
assert.Assert(t, v == "**REDACTED**")
}
metadata, err := datautils.ToMap(payload.Object.Object["metadata"])
assert.NilError(t, err)
annotations, err := datautils.ToMap(metadata["annotations"])
assert.NilError(t, err)
for _, v := range annotations {
assert.Assert(t, v == "**REDACTED**")
}
}
if payload.OldObject.Object != nil {
data, err := datautils.ToMap(payload.OldObject.Object["data"])
assert.NilError(t, err)
for _, v := range data {
assert.Assert(t, v == "**REDACTED**")
}
metadata, err := datautils.ToMap(payload.OldObject.Object["metadata"])
assert.NilError(t, err)
annotations, err := datautils.ToMap(metadata["annotations"])
assert.NilError(t, err)
for _, v := range annotations {
assert.Assert(t, v == "**REDACTED**")
}
}
})
}
}
View git blame Copy permalink