From 14b8a8698558b9a48988c109964a8663072ef019 Mon Sep 17 00:00:00 2001
From: ShutingZhao <shuting@nirmata.com>
Date: Mon, 19 Aug 2024 18:47:27 +0800
Subject: [PATCH] chore: chainsaw tests for generateExisting

Signed-off-by: ShutingZhao <shuting@nirmata.com>
---
 .../cpol-clone-sync-create/1-1-source.yaml    | 26 +++++++++++
 .../cpol-clone-sync-create/2-1-policy.yaml    | 43 +++++++++++++++++++
 .../2-2-policy-assert.yaml                    |  9 ++++
 .../3-1-cloned-target.yaml                    |  8 ++++
 .../3-2-no-cloned-target.yaml                 |  8 ++++
 .../existing/cpol-clone-sync-create/README.md | 11 +++++
 .../cpol-clone-sync-create/chainsaw-test.yaml | 23 ++++++++++
 7 files changed, 128 insertions(+)
 create mode 100755 test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/1-1-source.yaml
 create mode 100644 test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/2-1-policy.yaml
 create mode 100644 test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/2-2-policy-assert.yaml
 create mode 100644 test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/3-1-cloned-target.yaml
 create mode 100644 test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/3-2-no-cloned-target.yaml
 create mode 100644 test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/README.md
 create mode 100755 test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/chainsaw-test.yaml

diff --git a/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/1-1-source.yaml b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/1-1-source.yaml
new file mode 100755
index 000000000000..1ca846828112
--- /dev/null
+++ b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/1-1-source.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foreach-ns-1
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foreach-ns-2
+---
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: source-secret
+  namespace: default
+type: Opaque
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-deny
+  namespace: default
+data:
+  namespaces: foreach-ns-1,foreach-ns-2
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/2-1-policy.yaml b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/2-1-policy.yaml
new file mode 100644
index 000000000000..604f0a3622e7
--- /dev/null
+++ b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/2-1-policy.yaml
@@ -0,0 +1,43 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: foreach-cpol-clone-sync-create
+spec:
+  rules:
+  - match:
+      any:
+      - resources:
+          kinds:
+          - ConfigMap
+    name: k-kafka-address
+    context:
+    - name: configmapns
+      variable:
+        jmesPath: request.object.metadata.namespace
+    preconditions:
+      any:
+      - key: '{{configmapns}}'
+        operator: Equals
+        value: 'default'
+    generate:
+      generateExisting: true
+      synchronize: true
+      foreach:
+        - list: request.object.data.namespaces | split(@, ',')
+          context:
+          - name: ns
+            variable:
+              jmesPath: element
+          preconditions:
+            any:
+            - key: '{{ ns }}'
+              operator: AnyIn
+              value:
+              - foreach-ns-1
+          apiVersion: v1
+          kind: Secret
+          name: cloned-secret-{{ elementIndex }}-{{ ns }}
+          namespace: '{{ ns }}'
+          clone:
+            namespace: default
+            name: source-secret
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/2-2-policy-assert.yaml b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/2-2-policy-assert.yaml
new file mode 100644
index 000000000000..4750bf073c3c
--- /dev/null
+++ b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/2-2-policy-assert.yaml
@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: foreach-cpol-clone-sync-create
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/3-1-cloned-target.yaml b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/3-1-cloned-target.yaml
new file mode 100644
index 000000000000..29623e30a1a1
--- /dev/null
+++ b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/3-1-cloned-target.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: cloned-secret-0-foreach-ns-1
+  namespace: foreach-ns-1
+type: Opaque
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/3-2-no-cloned-target.yaml b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/3-2-no-cloned-target.yaml
new file mode 100644
index 000000000000..3be098ba4528
--- /dev/null
+++ b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/3-2-no-cloned-target.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  foo: YmFy
+kind: Secret
+metadata:
+  name: cloned-secret-0-foreach-ns-2
+  namespace: foreach-ns-2
+type: Opaque
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/README.md b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/README.md
new file mode 100644
index 000000000000..bf89bef0c1ab
--- /dev/null
+++ b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/README.md
@@ -0,0 +1,11 @@
+## Description
+
+This is a basic test for generate existing foreach clone policy, with preconditions and context variables. It checks that the basic functionality works whereby installation of the policy causes correct evaluation of the match and preconditions blocks.
+
+## Expected Behavior
+
+If only the `foreach-ns-1` Namespace receives a cloned Secret upon policy creation, the test passes. If either it does not or `foreach-ns-2` receives a cloned Secret, the test fails.
+
+## Reference Issue(s)
+
+https://github.com/kyverno/kyverno/issues/3542
\ No newline at end of file
diff --git a/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/chainsaw-test.yaml b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/chainsaw-test.yaml
new file mode 100755
index 000000000000..42cc8d3efa99
--- /dev/null
+++ b/test/conformance/chainsaw/generate/foreach/existing/cpol-clone-sync-create/chainsaw-test.yaml
@@ -0,0 +1,23 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: cpol-data-sync-create
+spec:
+  steps:
+  - name: step-01
+    try:
+    - apply:
+        file: 1-1-source.yaml
+  - name: step-02
+    try:
+    - apply:
+        file: 2-1-policy.yaml
+    - assert:
+        file: 2-2-policy-assert.yaml
+  - name: step-03
+    try:
+    - apply:
+        file: 3-1-cloned-target.yaml
+    - error:
+        file: 3-2-no-cloned-target.yaml