From f3209045abccad9ab2f2fa11687859c2abf143e9 Mon Sep 17 00:00:00 2001 From: SANSKARJAIN2 Date: Wed, 2 Nov 2022 19:10:30 +0530 Subject: [PATCH 1/5] issue-5100:added logic to check nsPolicies Signed-off-by: SANSKARJAIN2 --- api/kyverno/v1beta1/constants.go | 4 + pkg/background/generate/generate.go | 12 +- pkg/common/common.go | 3 +- .../resource/generation/generation.go | 17 +- .../resource/generation/generation_test.go | 363 ++++++++++++++++++ 5 files changed, 392 insertions(+), 7 deletions(-) diff --git a/api/kyverno/v1beta1/constants.go b/api/kyverno/v1beta1/constants.go index 8b2fb4a8d640..533b32bf1410 100644 --- a/api/kyverno/v1beta1/constants.go +++ b/api/kyverno/v1beta1/constants.go @@ -14,4 +14,8 @@ const ( URGenerateResourceNSLabel = "generate.kyverno.io/resource-namespace" URGenerateResourceKindLabel = "generate.kyverno.io/resource-kind" URGenerateRetryCountAnnotation = "generate.kyverno.io/retry-count" + URGenerateClonePolicyKindLabel = "generate.kyverno.io/clone-policy-kind" + + PolicyKindNamespace = "Namespace" + PolicyKindCluster = "Cluster" ) diff --git a/pkg/background/generate/generate.go b/pkg/background/generate/generate.go index 32eef8f0a44c..aa372eb6125f 100644 --- a/pkg/background/generate/generate.go +++ b/pkg/background/generate/generate.go @@ -278,10 +278,8 @@ func (c *GenerateController) getPolicySpec(ur kyvernov1beta1.UpdateRequest) (kyv return policy, err } return kyvernov1.ClusterPolicy{ - ObjectMeta: metav1.ObjectMeta{ - Name: pName, - }, - Spec: npolicyObj.Spec, + ObjectMeta: npolicyObj.ObjectMeta, + Spec: npolicyObj.Spec, }, nil } @@ -493,6 +491,12 @@ func applyRule(log logr.Logger, client dclient.Interface, rule kyvernov1.Rule, r } label["policy.kyverno.io/policy-name"] = policy.GetName() + if policy.IsNamespaced() { + label["policy.kyverno.io/policy-kind"] = kyvernov1beta1.PolicyKindNamespace + } else { + label["policy.kyverno.io/policy-kind"] = kyvernov1beta1.PolicyKindCluster + } + label["policy.kyverno.io/gr-name"] = ur.Name if rdata.Action == Create { if rule.Generation.Synchronize { diff --git a/pkg/common/common.go b/pkg/common/common.go index 7cbbcc9ca730..f1efc0e01838 100644 --- a/pkg/common/common.go +++ b/pkg/common/common.go @@ -7,6 +7,7 @@ import ( "github.com/go-logr/logr" kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" + kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1" "github.com/kyverno/kyverno/pkg/client/clientset/versioned" kyvernov1beta1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1beta1" "github.com/kyverno/kyverno/pkg/clients/dclient" @@ -136,7 +137,7 @@ func removePolicyFromLabels(pName string, labels map[string]string) (bool, map[s if strings.Contains(policyNames, pName) { desiredLabels := make(map[string]string, len(labels)-1) for k, v := range labels { - if k != "generate.kyverno.io/clone-policy-name" { + if k != "generate.kyverno.io/clone-policy-name" && k != kyvernov1beta1.URGenerateClonePolicyKindLabel { desiredLabels[k] = v } } diff --git a/pkg/webhooks/resource/generation/generation.go b/pkg/webhooks/resource/generation/generation.go index 566206c2224f..f03c7edefdb1 100644 --- a/pkg/webhooks/resource/generation/generation.go +++ b/pkg/webhooks/resource/generation/generation.go @@ -137,6 +137,7 @@ func (h *generationHandler) HandleUpdatesForGenerateRules(request *admissionv1.A resource, err := enginutils.ConvertToUnstructured(request.OldObject.Raw) if err != nil { h.log.Error(err, "failed to convert object resource to unstructured format") + return } resLabels := resource.GetLabels() @@ -185,13 +186,24 @@ func (h *generationHandler) handleUpdateGenerateTargetResource(request *admissio newRes, err := enginutils.ConvertToUnstructured(request.Object.Raw) if err != nil { h.log.Error(err, "failed to convert object resource to unstructured format") + return } - + var policyKind = kyvernov1beta1.PolicyKindCluster policyName := resLabels["policy.kyverno.io/policy-name"] + + if resLabels["policy.kyverno.io/policy-kind"] == kyvernov1beta1.PolicyKindNamespace { + policyKind = kyvernov1beta1.PolicyKindNamespace + } + targetSourceName := newRes.GetName() targetSourceKind := newRes.GetKind() + var policy kyvernov1.PolicyInterface + if policyKind == kyvernov1beta1.PolicyKindCluster { + policy, err = h.kyvernoClient.KyvernoV1().ClusterPolicies().Get(context.TODO(), policyName, metav1.GetOptions{}) + } else { + policy, err = h.kyvernoClient.KyvernoV1().Policies(newRes.GetNamespace()).Get(context.TODO(), policyName, metav1.GetOptions{}) + } - policy, err := h.kyvernoClient.KyvernoV1().ClusterPolicies().Get(context.TODO(), policyName, metav1.GetOptions{}) if err != nil { h.log.Error(err, "failed to get policy from kyverno client.", "policy name", policyName) return @@ -202,6 +214,7 @@ func (h *generationHandler) handleUpdateGenerateTargetResource(request *admissio updatedRule, err := getGeneratedByResource(newRes, resLabels, h.client, rule, h.log) if err != nil { h.log.V(4).Info("skipping generate policy and resource pattern validaton", "error", err) + continue } else { data := updatedRule.Generation.DeepCopy().GetData() if data != nil { diff --git a/pkg/webhooks/resource/generation/generation_test.go b/pkg/webhooks/resource/generation/generation_test.go index 328ec0b04b5c..25cc342c756c 100644 --- a/pkg/webhooks/resource/generation/generation_test.go +++ b/pkg/webhooks/resource/generation/generation_test.go @@ -1,11 +1,33 @@ package generation import ( + "context" + "encoding/json" "reflect" "testing" "github.com/go-logr/logr" + kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1" + fakekyvernov1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/fake" + kyvernoinformers "github.com/kyverno/kyverno/pkg/client/informers/externalversions" + + kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1" + "github.com/kyverno/kyverno/pkg/clients/dclient" + "github.com/kyverno/kyverno/pkg/config" + unstructuredUtils "github.com/kyverno/kyverno/pkg/engine/utils" + "github.com/kyverno/kyverno/pkg/event" + log "github.com/kyverno/kyverno/pkg/logging" + "github.com/kyverno/kyverno/pkg/webhooks/updaterequest" + webhookutils "github.com/kyverno/kyverno/pkg/webhooks/utils" "gotest.tools/assert" + v1 "k8s.io/api/admission/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/informers" + "k8s.io/client-go/kubernetes/fake" ) func Test_updateFeildsInSourceAndUpdatedResource(t *testing.T) { @@ -273,3 +295,344 @@ func Test_updateFeildsInSourceAndUpdatedResource(t *testing.T) { } } + +type clientObject struct { + object runtime.Object + resource string + resourceList string +} + +func Test_handleUpdateGenerateTargetResource(t *testing.T) { + + tests := []struct { + name string + namespacePolicy bool + ur runtime.Object + triggerResourceJson []byte + generatedResourceJson []byte + sourceResourceJson []byte + targetList string + sourceList string + triggerResource string + sourceResource string + policyJson []byte + urName string + expectedUrState kyvernov1beta1.UpdateRequestState + }{ + { + name: "valid generated source updated", + namespacePolicy: true, + policyJson: []byte(`{ + "apiVersion": "kyverno.io/v2beta1", + "kind": "Policy", + "metadata": { + "name": "pol-sync-clone", + "namespace": "poltest" + }, + "spec": { + "rules": [ + { + "name": "gen-zk", + "match": { + "any": [ + { + "resources": { + "kinds": [ + "ConfigMap" + ] + } + } + ] + }, + "generate": { + "apiVersion": "v1", + "kind": "Secret", + "name": "myclonedsecret", + "namespace": "poltest", + "synchronize": true, + "clone": { + "namespace": "poltest", + "name": "regcred" + } + } + } + ] + } + }`), + ur: &kyvernov1beta1.UpdateRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "ur-valid", + Namespace: config.KyvernoNamespace(), + }, + Status: kyvernov1beta1.UpdateRequestStatus{ + State: kyvernov1beta1.Completed, + }, + }, + urName: "ur-valid", + targetList: "ConfigMapList", + triggerResource: "comfigmaps", + sourceList: "SecretList", + generatedResourceJson: []byte(` + { + "apiVersion":"v1", + "data":{ + "foo":"YmFy" + }, + "kind":"Secret", + "metadata":{ + "labels":{ + "app.kubernetes.io/managed-by":"kyverno", + "kyverno.io/generated-by-kind":"ConfigMap", + "kyverno.io/generated-by-name":"cm-2", + "kyverno.io/generated-by-namespace":"poltest", + "policy.kyverno.io/gr-name":"ur-valid", + "policy.kyverno.io/policy-kind":"Namespace", + "policy.kyverno.io/policy-name":"pol-sync-clone", + "policy.kyverno.io/synchronize":"enable" + }, + "name":"myclonedsecret", + "namespace":"poltest" + } + } + `), + sourceResource: "secrets", + expectedUrState: kyvernov1beta1.Pending, + sourceResourceJson: []byte(` + { + "apiVersion": "v1", + "data": { + "foo": "bar" + }, + "kind": "Secret", + "metadata": { + "name": "regcred", + "namespace": "poltest" + } + } + `), + triggerResourceJson: []byte(`{ + "apiVersion": "v1", + "data": { + "sj": "js" + }, + "kind": "ConfigMap", + "metadata": { + "name": "cm-2", + "namespace": "poltest" + } + }`), + }, + { + name: "valid generated source updated-cluster policy", + namespacePolicy: false, + policyJson: []byte(`{ + "apiVersion":"kyverno.io/v1", + "kind":"ClusterPolicy", + "metadata":{ + "name":"pol-sync-clone" + }, + "spec":{ + "rules":[ + { + "name":"gen-zk", + "match":{ + "any":[ + { + "resources":{ + "kinds":[ + "ConfigMap" + ] + } + } + ] + }, + "generate":{ + "apiVersion":"v1", + "kind":"Secret", + "name":"myclonedsecret", + "namespace":"poltest", + "synchronize":true, + "clone":{ + "namespace":"poltest", + "name":"regcred" + } + } + } + ] + } + }`), + ur: &kyvernov1beta1.UpdateRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "ur-valid", + Namespace: config.KyvernoNamespace(), + }, + Status: kyvernov1beta1.UpdateRequestStatus{ + State: kyvernov1beta1.Completed, + }, + }, + urName: "ur-valid", + targetList: "ConfigMapList", + triggerResource: "comfigmaps", + sourceList: "SecretList", + generatedResourceJson: []byte(` + { + "apiVersion":"v1", + "data":{ + "foo":"YmFy" + }, + "kind":"Secret", + "metadata":{ + "labels":{ + "app.kubernetes.io/managed-by":"kyverno", + "kyverno.io/generated-by-kind":"ConfigMap", + "kyverno.io/generated-by-name":"cm-2", + "kyverno.io/generated-by-namespace":"poltest", + "policy.kyverno.io/gr-name":"ur-valid", + "policy.kyverno.io/policy-kind":"Cluster", + "policy.kyverno.io/policy-name":"pol-sync-clone", + "policy.kyverno.io/synchronize":"enable" + }, + "name":"myclonedsecret", + "namespace":"poltest" + } + } + `), + sourceResource: "secrets", + expectedUrState: kyvernov1beta1.Pending, + sourceResourceJson: []byte(` + { + "apiVersion": "v1", + "data": { + "foo": "bar" + }, + "kind": "Secret", + "metadata": { + "name": "regcred", + "namespace": "poltest" + } + } + `), + triggerResourceJson: []byte(`{ + "apiVersion": "v1", + "data": { + "sj": "js" + }, + "kind": "ConfigMap", + "metadata": { + "name": "cm-2", + "namespace": "poltest" + } + }`), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + logger := log.WithName("Test_handleUpdateGenerateTargetResource") + ctx, cancel := context.WithCancel(context.Background()) + _ = ctx.Done() + t.Cleanup(cancel) + + var triggerUnstructured *unstructured.Unstructured + triggerUnstructured, err := unstructuredUtils.ConvertToUnstructured(tt.triggerResourceJson) + assert.NilError(t, err) + + var generatedResource corev1.Secret + err = json.Unmarshal(tt.generatedResourceJson, &generatedResource) + assert.NilError(t, err) + + var sourceResourceUnstructured *unstructured.Unstructured + sourceResourceUnstructured, err = unstructuredUtils.ConvertToUnstructured(tt.sourceResourceJson) + assert.NilError(t, err) + + clientObjects := []clientObject{ + clientObject{ + object: triggerUnstructured, + resource: tt.triggerResource, + resourceList: tt.targetList, + }, + clientObject{ + object: sourceResourceUnstructured, + resource: tt.sourceResource, + resourceList: tt.sourceList, + }, + } + var objects []runtime.Object + if tt.namespacePolicy { + var nsPolicy kyvernov1.Policy + err = json.Unmarshal(tt.policyJson, &nsPolicy) + assert.NilError(t, err) + objects = append(objects, &nsPolicy, tt.ur) + } else { + var clsPolicy kyvernov1.ClusterPolicy + err = json.Unmarshal(tt.policyJson, &clsPolicy) + assert.NilError(t, err) + objects = append(objects, &clsPolicy, tt.ur) + } + + gh, fakeUrLister, err := newFakeGenerateHandler(&ctx, logger, objects, clientObjects) + assert.NilError(t, err) + request := &v1.AdmissionRequest{ + Operation: v1.Update, + Kind: metav1.GroupVersionKind{Group: "", Version: "v1", Kind: "Secret"}, + Resource: metav1.GroupVersionResource{Group: "", Version: "v1", Resource: "Secret"}, + OldObject: runtime.RawExtension{ + Raw: []byte(tt.generatedResourceJson), + }, + Object: runtime.RawExtension{ + Raw: []byte(tt.generatedResourceJson), + }, + } + var policy []kyvernov1.PolicyInterface + gh.HandleUpdatesForGenerateRules(request, policy) + + ur, err := (*fakeUrLister).KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Get(ctx, "ur-valid", metav1.GetOptions{}) + assert.NilError(t, err) + assert.Equal(t, tt.expectedUrState, ur.Status.State) + + }) + } +} + +func newFakeGenerateHandler(ctx *context.Context, logger logr.Logger, objects []runtime.Object, clientObjs []clientObject) (GenerationHandler, *fakekyvernov1.Clientset, error) { + + kyvernoClient := fakekyvernov1.NewSimpleClientset(objects...) + kyvernoInformers := kyvernoinformers.NewSharedInformerFactory(kyvernoClient, 0) + kyvernoInformers.Start((*ctx).Done()) + kyvernoInformers.WaitForCacheSync((*ctx).Done()) + + client := fake.NewSimpleClientset() + informers := informers.NewSharedInformerFactory(client, 0) + informers.Start((*ctx).Done()) + + urLister := kyvernoInformers.Kyverno().V1beta1().UpdateRequests().Lister().UpdateRequests(config.KyvernoNamespace()) + kyvernoInformers.Start((*ctx).Done()) + kyvernoInformers.WaitForCacheSync((*ctx).Done()) + + nsLister := informers.Core().V1().Namespaces().Lister() + urGenerator := updaterequest.NewFake() + urUpdater := webhookutils.NewUpdateRequestUpdater(kyvernoClient, urLister) + eventGen := event.NewFake() + + gvrToListKind := map[schema.GroupVersionResource]string{} + scheme := runtime.NewScheme() + gvrs := make([]schema.GroupVersionResource, len(clientObjs)) + + clientResources := make([]runtime.Object, len(clientObjs)) + for index, clientObj := range clientObjs { + gvrs[index] = clientObj.object.GetObjectKind().GroupVersionKind().GroupVersion().WithResource(clientObj.resource) + gvrToListKind[gvrs[index]] = clientObj.resourceList + clientResources[index] = clientObj.object + scheme.AddKnownTypes(clientObj.object.GetObjectKind().GroupVersionKind().GroupVersion(), clientObj.object) + } + + dclientVar, err := dclient.NewFakeClient(scheme, gvrToListKind, clientResources...) + if err != nil { + return nil, nil, err + } + + dclientVar.SetDiscovery(dclient.NewFakeDiscoveryClient(gvrs)) + + fakeGh := NewGenerationHandler(logger, dclientVar, kyvernoClient, nsLister, urLister, urGenerator, urUpdater, eventGen) + + return fakeGh, kyvernoClient, nil +} From c9a02bd81eb22638d8cfe353468d2465c8875458 Mon Sep 17 00:00:00 2001 From: SANSKARJAIN2 Date: Wed, 16 Nov 2022 18:27:36 +0530 Subject: [PATCH 2/5] added kuttl test and linter fix Signed-off-by: SANSKARJAIN2 --- .../resource/generation/generation.go | 2 +- .../00-namespace-policy.yaml | 8 +++++++ .../nspol-clone-sync-create/01-trigger.yaml | 6 +++++ .../02-update-generated-resource.yaml | 6 +++++ .../nspol-clone-sync-create/99-cleanup.yaml | 5 +++++ .../nspol-clone-sync-create/configmap.yaml | 7 ++++++ .../nspol-clone-sync-create/manifests.yaml | 14 ++++++++++++ .../namespace-policy-ready.yaml | 10 +++++++++ .../namespace-policy.yaml | 22 +++++++++++++++++++ .../required-resources-ready.yaml | 12 ++++++++++ .../resource-assert.yaml | 11 ++++++++++ .../synchronized-generated-resource.yaml | 8 +++++++ .../update-generated-resource.yaml | 9 ++++++++ test/conformance/kuttl/kuttl-test.yaml | 1 + 14 files changed, 120 insertions(+), 1 deletion(-) create mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/00-namespace-policy.yaml create mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/01-trigger.yaml create mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/02-update-generated-resource.yaml create mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/99-cleanup.yaml create mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/configmap.yaml create mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/manifests.yaml create mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/namespace-policy-ready.yaml create mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/namespace-policy.yaml create mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/required-resources-ready.yaml create mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/resource-assert.yaml create mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/synchronized-generated-resource.yaml create mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/update-generated-resource.yaml diff --git a/pkg/webhooks/resource/generation/generation.go b/pkg/webhooks/resource/generation/generation.go index f03c7edefdb1..4e616fb124ea 100644 --- a/pkg/webhooks/resource/generation/generation.go +++ b/pkg/webhooks/resource/generation/generation.go @@ -188,7 +188,7 @@ func (h *generationHandler) handleUpdateGenerateTargetResource(request *admissio h.log.Error(err, "failed to convert object resource to unstructured format") return } - var policyKind = kyvernov1beta1.PolicyKindCluster + policyKind := kyvernov1beta1.PolicyKindCluster policyName := resLabels["policy.kyverno.io/policy-name"] if resLabels["policy.kyverno.io/policy-kind"] == kyvernov1beta1.PolicyKindNamespace { diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/00-namespace-policy.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/00-namespace-policy.yaml new file mode 100644 index 000000000000..ac46bc365569 --- /dev/null +++ b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/00-namespace-policy.yaml @@ -0,0 +1,8 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: +- manifests.yaml +- namespace-policy.yaml +assert: +- namespace-policy-ready.yaml +- required-resources-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/01-trigger.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/01-trigger.yaml new file mode 100644 index 000000000000..2dfc1cb6836b --- /dev/null +++ b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/01-trigger.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: + - configmap.yaml +assert: + - resource-assert.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/02-update-generated-resource.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/02-update-generated-resource.yaml new file mode 100644 index 000000000000..d082cc6bc0f0 --- /dev/null +++ b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/02-update-generated-resource.yaml @@ -0,0 +1,6 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: + - update-generated-resource.yaml +assert: + - synchronized-generated-resource.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/99-cleanup.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/99-cleanup.yaml new file mode 100644 index 000000000000..fb47ff59f1db --- /dev/null +++ b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/99-cleanup.yaml @@ -0,0 +1,5 @@ + +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - command: kubectl delete -f manifests.yaml --force --wait=true --ignore-not-found=true \ No newline at end of file diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/configmap.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/configmap.yaml new file mode 100644 index 000000000000..373dda027f31 --- /dev/null +++ b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + test: test +kind: ConfigMap +metadata: + name: cm-2 + namespace: poltest diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/manifests.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/manifests.yaml new file mode 100644 index 000000000000..7447177f05dd --- /dev/null +++ b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/manifests.yaml @@ -0,0 +1,14 @@ + +apiVersion: v1 +kind: Namespace +metadata: + name: poltest +--- +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: poltest +type: Opaque diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/namespace-policy-ready.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/namespace-policy-ready.yaml new file mode 100644 index 000000000000..3faa7925b385 --- /dev/null +++ b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/namespace-policy-ready.yaml @@ -0,0 +1,10 @@ +apiVersion: kyverno.io/v1 +kind: Policy +metadata: + name: pol-sync-clone + namespace: poltest +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/namespace-policy.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/namespace-policy.yaml new file mode 100644 index 000000000000..5232c2cbe318 --- /dev/null +++ b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/namespace-policy.yaml @@ -0,0 +1,22 @@ +apiVersion: kyverno.io/v2beta1 +kind: Policy +metadata: + name: pol-sync-clone + namespace: poltest +spec: + rules: + - name: gen-zk + match: + any: + - resources: + kinds: + - ConfigMap + generate: + apiVersion: v1 + kind: Secret + name: myclonedsecret + namespace: poltest + synchronize: true + clone: + namespace: poltest + name: regcred \ No newline at end of file diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/required-resources-ready.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/required-resources-ready.yaml new file mode 100644 index 000000000000..116cab60c586 --- /dev/null +++ b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/required-resources-ready.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: poltest +--- +apiVersion: v1 +kind: Namespace +metadata: + name: poltest +status: + phase: Active \ No newline at end of file diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/resource-assert.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/resource-assert.yaml new file mode 100644 index 000000000000..19948ba1d631 --- /dev/null +++ b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/resource-assert.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cm-2 + namespace: poltest +--- +apiVersion: v1 +kind: Secret +metadata: + name: myclonedsecret + namespace: poltest \ No newline at end of file diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/synchronized-generated-resource.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/synchronized-generated-resource.yaml new file mode 100644 index 000000000000..a47d39824fbf --- /dev/null +++ b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/synchronized-generated-resource.yaml @@ -0,0 +1,8 @@ + +apiVersion: v1 +kind: Secret +data: + foo: YmFy +metadata: + name: myclonedsecret + namespace: poltest \ No newline at end of file diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/update-generated-resource.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/update-generated-resource.yaml new file mode 100644 index 000000000000..8bf0fc9b4e2e --- /dev/null +++ b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/update-generated-resource.yaml @@ -0,0 +1,9 @@ + +apiVersion: v1 +data: + foo: dGVzdDIk +kind: Secret +metadata: + name: myclonedsecret + namespace: poltest +type: Opaque \ No newline at end of file diff --git a/test/conformance/kuttl/kuttl-test.yaml b/test/conformance/kuttl/kuttl-test.yaml index e7051c9a04e8..0813e96ed956 100644 --- a/test/conformance/kuttl/kuttl-test.yaml +++ b/test/conformance/kuttl/kuttl-test.yaml @@ -9,6 +9,7 @@ testDirs: - ./test/conformance/kuttl/generate/clusterpolicy/standard/data/sync - ./test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync - ./test/conformance/kuttl/generate/clusterpolicy/cornercases +- ./test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/ # Mutate tests - ./test/conformance/kuttl/mutate/clusterpolicy/standard - ./test/conformance/kuttl/mutate/clusterpolicy/standard/existing From eac418565a97c89c668a324c1fec5732b950d119 Mon Sep 17 00:00:00 2001 From: SANSKARJAIN2 Date: Thu, 17 Nov 2022 16:21:12 +0530 Subject: [PATCH 3/5] code formatting+ kuttle test dir change Signed-off-by: SANSKARJAIN2 --- go.mod | 2 +- pkg/webhooks/resource/generation/generation_test.go | 4 ++-- .../00-namespace-policy.yaml | 0 .../01-trigger.yaml | 0 .../02-update-generated-resource.yaml | 0 .../99-cleanup.yaml | 0 .../configmap.yaml | 0 .../manifests.yaml | 0 .../namespace-policy-ready.yaml | 0 .../namespace-policy.yaml | 0 .../required-resources-ready.yaml | 0 .../resource-assert.yaml | 0 .../synchronized-generated-resource.yaml | 0 .../update-generated-resource.yaml | 0 14 files changed, 3 insertions(+), 3 deletions(-) rename test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/{nspol-clone-sync-create => nspol-clone-sync-update}/00-namespace-policy.yaml (100%) rename test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/{nspol-clone-sync-create => nspol-clone-sync-update}/01-trigger.yaml (100%) rename test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/{nspol-clone-sync-create => nspol-clone-sync-update}/02-update-generated-resource.yaml (100%) rename test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/{nspol-clone-sync-create => nspol-clone-sync-update}/99-cleanup.yaml (100%) rename test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/{nspol-clone-sync-create => nspol-clone-sync-update}/configmap.yaml (100%) rename test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/{nspol-clone-sync-create => nspol-clone-sync-update}/manifests.yaml (100%) rename test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/{nspol-clone-sync-create => nspol-clone-sync-update}/namespace-policy-ready.yaml (100%) rename test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/{nspol-clone-sync-create => nspol-clone-sync-update}/namespace-policy.yaml (100%) rename test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/{nspol-clone-sync-create => nspol-clone-sync-update}/required-resources-ready.yaml (100%) rename test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/{nspol-clone-sync-create => nspol-clone-sync-update}/resource-assert.yaml (100%) rename test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/{nspol-clone-sync-create => nspol-clone-sync-update}/synchronized-generated-resource.yaml (100%) rename test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/{nspol-clone-sync-create => nspol-clone-sync-update}/update-generated-resource.yaml (100%) diff --git a/go.mod b/go.mod index 3a79b4d5837f..2a83a1b7daf5 100644 --- a/go.mod +++ b/go.mod @@ -69,6 +69,7 @@ require ( k8s.io/klog/v2 v2.80.1 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 k8s.io/pod-security-admission v0.25.2 + k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85 sigs.k8s.io/controller-runtime v0.13.0 sigs.k8s.io/kustomize/api v0.12.1 sigs.k8s.io/kustomize/kyaml v0.13.9 @@ -361,7 +362,6 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect k8s.io/component-base v0.25.2 // indirect k8s.io/kubectl v0.25.2 // indirect - k8s.io/utils v0.0.0-20221012122500-cfd413dd9e85 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/release-utils v0.7.3 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect diff --git a/pkg/webhooks/resource/generation/generation_test.go b/pkg/webhooks/resource/generation/generation_test.go index 25cc342c756c..52fdc468a588 100644 --- a/pkg/webhooks/resource/generation/generation_test.go +++ b/pkg/webhooks/resource/generation/generation_test.go @@ -545,12 +545,12 @@ func Test_handleUpdateGenerateTargetResource(t *testing.T) { assert.NilError(t, err) clientObjects := []clientObject{ - clientObject{ + { object: triggerUnstructured, resource: tt.triggerResource, resourceList: tt.targetList, }, - clientObject{ + { object: sourceResourceUnstructured, resource: tt.sourceResource, resourceList: tt.sourceList, diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/00-namespace-policy.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/00-namespace-policy.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/00-namespace-policy.yaml rename to test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/00-namespace-policy.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/01-trigger.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/01-trigger.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/01-trigger.yaml rename to test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/01-trigger.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/02-update-generated-resource.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/02-update-generated-resource.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/02-update-generated-resource.yaml rename to test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/02-update-generated-resource.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/99-cleanup.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/99-cleanup.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/99-cleanup.yaml rename to test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/99-cleanup.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/configmap.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/configmap.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/configmap.yaml rename to test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/configmap.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/manifests.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/manifests.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/manifests.yaml rename to test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/manifests.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/namespace-policy-ready.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/namespace-policy-ready.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/namespace-policy-ready.yaml rename to test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/namespace-policy-ready.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/namespace-policy.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/namespace-policy.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/namespace-policy.yaml rename to test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/namespace-policy.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/required-resources-ready.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/required-resources-ready.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/required-resources-ready.yaml rename to test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/required-resources-ready.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/resource-assert.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/resource-assert.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/resource-assert.yaml rename to test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/resource-assert.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/synchronized-generated-resource.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/synchronized-generated-resource.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/synchronized-generated-resource.yaml rename to test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/synchronized-generated-resource.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/update-generated-resource.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/update-generated-resource.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-create/update-generated-resource.yaml rename to test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/update-generated-resource.yaml From 0d8e6b0ade8478f3bb25b6e30100e44a22df4c8c Mon Sep 17 00:00:00 2001 From: SANSKARJAIN2 Date: Fri, 18 Nov 2022 19:24:43 +0530 Subject: [PATCH 4/5] minor changes Signed-off-by: SANSKARJAIN2 --- .../sync/nspol-clone-sync-update/manifests.yaml | 14 -------------- .../kuttl/generate/policy/standard/README.md | 3 +++ .../01-namespace-policy.yaml} | 1 - .../nspol-clone-sync-update/02-trigger.yaml} | 0 .../03-update-generated-resource.yaml} | 0 .../nspol-clone-sync-update/99-cleanup.yaml | 0 .../sync/nspol-clone-sync-update/README.md | 12 ++++++++++++ .../sync/nspol-clone-sync-update/configmap.yaml | 0 .../nspol-clone-sync-update/manifests.yaml} | 17 ++++++++++++++++- .../namespace-policy-ready.yaml | 0 .../required-resources-ready.yaml | 0 .../resource-assert.yaml | 0 .../synchronized-generated-resource.yaml | 0 .../update-generated-resource.yaml | 0 test/conformance/kuttl/kuttl-test.yaml | 2 +- 15 files changed, 32 insertions(+), 17 deletions(-) delete mode 100644 test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/manifests.yaml create mode 100644 test/conformance/kuttl/generate/policy/standard/README.md rename test/conformance/kuttl/generate/{namespacePolicy/standard/clone/sync/nspol-clone-sync-update/00-namespace-policy.yaml => policy/standard/clone/sync/nspol-clone-sync-update/01-namespace-policy.yaml} (85%) rename test/conformance/kuttl/generate/{namespacePolicy/standard/clone/sync/nspol-clone-sync-update/01-trigger.yaml => policy/standard/clone/sync/nspol-clone-sync-update/02-trigger.yaml} (100%) rename test/conformance/kuttl/generate/{namespacePolicy/standard/clone/sync/nspol-clone-sync-update/02-update-generated-resource.yaml => policy/standard/clone/sync/nspol-clone-sync-update/03-update-generated-resource.yaml} (100%) rename test/conformance/kuttl/generate/{namespacePolicy => policy}/standard/clone/sync/nspol-clone-sync-update/99-cleanup.yaml (100%) create mode 100644 test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/README.md rename test/conformance/kuttl/generate/{namespacePolicy => policy}/standard/clone/sync/nspol-clone-sync-update/configmap.yaml (100%) rename test/conformance/kuttl/generate/{namespacePolicy/standard/clone/sync/nspol-clone-sync-update/namespace-policy.yaml => policy/standard/clone/sync/nspol-clone-sync-update/manifests.yaml} (66%) rename test/conformance/kuttl/generate/{namespacePolicy => policy}/standard/clone/sync/nspol-clone-sync-update/namespace-policy-ready.yaml (100%) rename test/conformance/kuttl/generate/{namespacePolicy => policy}/standard/clone/sync/nspol-clone-sync-update/required-resources-ready.yaml (100%) rename test/conformance/kuttl/generate/{namespacePolicy => policy}/standard/clone/sync/nspol-clone-sync-update/resource-assert.yaml (100%) rename test/conformance/kuttl/generate/{namespacePolicy => policy}/standard/clone/sync/nspol-clone-sync-update/synchronized-generated-resource.yaml (100%) rename test/conformance/kuttl/generate/{namespacePolicy => policy}/standard/clone/sync/nspol-clone-sync-update/update-generated-resource.yaml (100%) diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/manifests.yaml b/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/manifests.yaml deleted file mode 100644 index 7447177f05dd..000000000000 --- a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/manifests.yaml +++ /dev/null @@ -1,14 +0,0 @@ - -apiVersion: v1 -kind: Namespace -metadata: - name: poltest ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcred - namespace: poltest -type: Opaque diff --git a/test/conformance/kuttl/generate/policy/standard/README.md b/test/conformance/kuttl/generate/policy/standard/README.md new file mode 100644 index 000000000000..030e0f583b5d --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/README.md @@ -0,0 +1,3 @@ +# Title + +Tests in the `standard` directory should only cover basic functionality of a feature. diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/00-namespace-policy.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/01-namespace-policy.yaml similarity index 85% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/00-namespace-policy.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/01-namespace-policy.yaml index ac46bc365569..faa14cd2b600 100644 --- a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/00-namespace-policy.yaml +++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/01-namespace-policy.yaml @@ -2,7 +2,6 @@ apiVersion: kuttl.dev/v1beta1 kind: TestStep apply: - manifests.yaml -- namespace-policy.yaml assert: - namespace-policy-ready.yaml - required-resources-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/01-trigger.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/02-trigger.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/01-trigger.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/02-trigger.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/02-update-generated-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/03-update-generated-resource.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/02-update-generated-resource.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/03-update-generated-resource.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/99-cleanup.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/99-cleanup.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/99-cleanup.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/99-cleanup.yaml diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/README.md b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/README.md new file mode 100644 index 000000000000..e36fc7be7a36 --- /dev/null +++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/README.md @@ -0,0 +1,12 @@ +## Description + +This test verifies the synchronized behavior of generated resource. If the generated resource is updated, then the generated resource should revert to the source resource. + +## Expected Behavior + +This test ensures that any update in generated resource(Secret: myclonedsecret) should result in reverting the generated resource to the source resource, otherwise the test fails. +The source resource is identified through the policy which created the generated resource. + +## Reference Issue(s) + +#5100 \ No newline at end of file diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/configmap.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/configmap.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/configmap.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/configmap.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/namespace-policy.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/manifests.yaml similarity index 66% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/namespace-policy.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/manifests.yaml index 5232c2cbe318..f642a1be4dcf 100644 --- a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/namespace-policy.yaml +++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/manifests.yaml @@ -1,3 +1,18 @@ + +apiVersion: v1 +kind: Namespace +metadata: + name: poltest +--- +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: poltest +type: Opaque +--- apiVersion: kyverno.io/v2beta1 kind: Policy metadata: @@ -19,4 +34,4 @@ spec: synchronize: true clone: namespace: poltest - name: regcred \ No newline at end of file + name: regcred diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/namespace-policy-ready.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/namespace-policy-ready.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/namespace-policy-ready.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/namespace-policy-ready.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/required-resources-ready.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/required-resources-ready.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/required-resources-ready.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/required-resources-ready.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/resource-assert.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/resource-assert.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/resource-assert.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/resource-assert.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/synchronized-generated-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/synchronized-generated-resource.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/synchronized-generated-resource.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/synchronized-generated-resource.yaml diff --git a/test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/update-generated-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/update-generated-resource.yaml similarity index 100% rename from test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/nspol-clone-sync-update/update-generated-resource.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/update-generated-resource.yaml diff --git a/test/conformance/kuttl/kuttl-test.yaml b/test/conformance/kuttl/kuttl-test.yaml index 0813e96ed956..e5163da63b2d 100644 --- a/test/conformance/kuttl/kuttl-test.yaml +++ b/test/conformance/kuttl/kuttl-test.yaml @@ -9,7 +9,7 @@ testDirs: - ./test/conformance/kuttl/generate/clusterpolicy/standard/data/sync - ./test/conformance/kuttl/generate/clusterpolicy/standard/data/nosync - ./test/conformance/kuttl/generate/clusterpolicy/cornercases -- ./test/conformance/kuttl/generate/namespacePolicy/standard/clone/sync/ +- ./test/conformance/kuttl/generate/policy/standard/clone/sync/ # Mutate tests - ./test/conformance/kuttl/mutate/clusterpolicy/standard - ./test/conformance/kuttl/mutate/clusterpolicy/standard/existing From b728cb81b219cc2309f887330c57e7d19626b1f9 Mon Sep 17 00:00:00 2001 From: SANSKARJAIN2 Date: Fri, 25 Nov 2022 18:27:25 +0530 Subject: [PATCH 5/5] issue-5100: file, dir name changes kuttl Signed-off-by: SANSKARJAIN2 --- .../01-policy.yaml} | 2 +- .../02-trigger.yaml | 0 .../03-update-generated-resource.yaml | 0 .../99-cleanup.yaml | 0 .../README.md | 0 .../configmap.yaml | 0 .../manifests.yaml | 0 .../policy-ready.yaml} | 0 .../required-resources-ready.yaml | 0 .../resource-assert.yaml | 0 .../synchronized-generated-resource.yaml | 0 .../update-generated-resource.yaml | 0 12 files changed, 1 insertion(+), 1 deletion(-) rename test/conformance/kuttl/generate/policy/standard/clone/sync/{nspol-clone-sync-update/01-namespace-policy.yaml => pol-clone-sync-update/01-policy.yaml} (78%) rename test/conformance/kuttl/generate/policy/standard/clone/sync/{nspol-clone-sync-update => pol-clone-sync-update}/02-trigger.yaml (100%) rename test/conformance/kuttl/generate/policy/standard/clone/sync/{nspol-clone-sync-update => pol-clone-sync-update}/03-update-generated-resource.yaml (100%) rename test/conformance/kuttl/generate/policy/standard/clone/sync/{nspol-clone-sync-update => pol-clone-sync-update}/99-cleanup.yaml (100%) rename test/conformance/kuttl/generate/policy/standard/clone/sync/{nspol-clone-sync-update => pol-clone-sync-update}/README.md (100%) rename test/conformance/kuttl/generate/policy/standard/clone/sync/{nspol-clone-sync-update => pol-clone-sync-update}/configmap.yaml (100%) rename test/conformance/kuttl/generate/policy/standard/clone/sync/{nspol-clone-sync-update => pol-clone-sync-update}/manifests.yaml (100%) rename test/conformance/kuttl/generate/policy/standard/clone/sync/{nspol-clone-sync-update/namespace-policy-ready.yaml => pol-clone-sync-update/policy-ready.yaml} (100%) rename test/conformance/kuttl/generate/policy/standard/clone/sync/{nspol-clone-sync-update => pol-clone-sync-update}/required-resources-ready.yaml (100%) rename test/conformance/kuttl/generate/policy/standard/clone/sync/{nspol-clone-sync-update => pol-clone-sync-update}/resource-assert.yaml (100%) rename test/conformance/kuttl/generate/policy/standard/clone/sync/{nspol-clone-sync-update => pol-clone-sync-update}/synchronized-generated-resource.yaml (100%) rename test/conformance/kuttl/generate/policy/standard/clone/sync/{nspol-clone-sync-update => pol-clone-sync-update}/update-generated-resource.yaml (100%) diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/01-namespace-policy.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/01-policy.yaml similarity index 78% rename from test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/01-namespace-policy.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/01-policy.yaml index faa14cd2b600..2daccec27d7b 100644 --- a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/01-namespace-policy.yaml +++ b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/01-policy.yaml @@ -3,5 +3,5 @@ kind: TestStep apply: - manifests.yaml assert: -- namespace-policy-ready.yaml +- policy-ready.yaml - required-resources-ready.yaml \ No newline at end of file diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/02-trigger.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/02-trigger.yaml similarity index 100% rename from test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/02-trigger.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/02-trigger.yaml diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/03-update-generated-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/03-update-generated-resource.yaml similarity index 100% rename from test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/03-update-generated-resource.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/03-update-generated-resource.yaml diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/99-cleanup.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/99-cleanup.yaml similarity index 100% rename from test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/99-cleanup.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/99-cleanup.yaml diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/README.md b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/README.md similarity index 100% rename from test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/README.md rename to test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/README.md diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/configmap.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/configmap.yaml similarity index 100% rename from test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/configmap.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/configmap.yaml diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/manifests.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/manifests.yaml similarity index 100% rename from test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/manifests.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/manifests.yaml diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/namespace-policy-ready.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/policy-ready.yaml similarity index 100% rename from test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/namespace-policy-ready.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/policy-ready.yaml diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/required-resources-ready.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/required-resources-ready.yaml similarity index 100% rename from test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/required-resources-ready.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/required-resources-ready.yaml diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/resource-assert.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/resource-assert.yaml similarity index 100% rename from test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/resource-assert.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/resource-assert.yaml diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/synchronized-generated-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/synchronized-generated-resource.yaml similarity index 100% rename from test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/synchronized-generated-resource.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/synchronized-generated-resource.yaml diff --git a/test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/update-generated-resource.yaml b/test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/update-generated-resource.yaml similarity index 100% rename from test/conformance/kuttl/generate/policy/standard/clone/sync/nspol-clone-sync-update/update-generated-resource.yaml rename to test/conformance/kuttl/generate/policy/standard/clone/sync/pol-clone-sync-update/update-generated-resource.yaml