chore: chainsaw tests for generateExisting

Signed-off-by: ShutingZhao <[email protected]>

test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/1-1-source.yaml

@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foreach-ns-1
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foreach-ns-2
+---
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: source-secret
+  namespace: default
+type: Opaque
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-deny
+  namespace: default
+data:
+  namespaces: foreach-ns-1,foreach-ns-2

test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/2-1-policy.yaml

@@ -0,0 +1,43 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: foreach-cpol-clone-sync-create
+spec:
+  rules:
+  - match:
+      any:
+      - resources:
+          kinds:
+          - ConfigMap
+    name: k-kafka-address
+    context:
+    - name: configmapns
+      variable:
+        jmesPath: request.object.metadata.namespace
+    preconditions:
+      any:
+      - key: '{{configmapns}}'
+        operator: Equals
+        value: 'default'
+    generate:
+      generateExisting: true
+      synchronize: true
+      foreach:
+        - list: request.object.data.namespaces | split(@, ',')
+          context:
+          - name: ns
+            variable:
+              jmesPath: element
+          preconditions:
+            any:
+            - key: '{{ ns }}'
+              operator: AnyIn
+              value:
+              - foreach-ns-1
+          apiVersion: v1
+          kind: Secret
+          name: cloned-secret-{{ elementIndex }}-{{ ns }}
+          namespace: '{{ ns }}'
+          clone:
+            namespace: default
+            name: source-secret

test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/2-2-policy-assert.yaml

@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: foreach-cpol-clone-sync-create
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready

test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/3-1-cloned-target.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: cloned-secret-0-foreach-ns-1
+  namespace: foreach-ns-1
+type: Opaque

test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/3-2-no-cloned-target.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: cloned-secret-0-foreach-ns-2
+  namespace: foreach-ns-2
+type: Opaque

test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/README.md

@@ -0,0 +1,11 @@
+## Description
+
+This is a basic test for generate existing foreach clone policy, with preconditions and context variables. It checks that the basic functionality works whereby installation of the policy causes correct evaluation of the match and preconditions blocks.
+
+## Expected Behavior
+
+If only the `foreach-ns-1` Namespace receives a cloned Secret upon policy creation, the test passes. If either it does not or `foreach-ns-2` receives a cloned Secret, the test fails.
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/issues/3542

test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/chainsaw-test.yaml

@@ -0,0 +1,23 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: cpol-data-sync-create
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: 1-1-source.yaml
+  - name: step-02
+    try:
+    - apply:
+        file: 2-1-policy.yaml
+    - assert:
+        file: 2-2-policy-assert.yaml
+  - name: step-03
+    try:
+    - apply:
+        file: 3-1-cloned-target.yaml
+    - error:
+        file: 3-2-no-cloned-target.yaml