From b0862aba30da4876232dffdb22ac4a9fa51c6067 Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Tue, 20 Aug 2024 00:22:43 +0800 Subject: [PATCH] chore: add chainsaw test foreach clonelist, sync=true, delete source Signed-off-by: ShutingZhao --- .../1-0-existing.yaml | 39 +++++++++++++++ .../1-1-policy.yaml | 47 +++++++++++++++++++ .../1-2-policy-assert.yaml | 9 ++++ .../2-1-trigger.yaml | 13 +++++ .../3-1-target-expected.yaml | 11 +++++ .../3-2-target-none-expected.yaml | 11 +++++ .../README.md | 11 +++++ .../chainsaw-test.yaml | 37 +++++++++++++++ 8 files changed, 178 insertions(+) create mode 100755 test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/1-0-existing.yaml create mode 100755 test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/1-1-policy.yaml create mode 100755 test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/1-2-policy-assert.yaml create mode 100755 test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/2-1-trigger.yaml create mode 100644 test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/3-1-target-expected.yaml create mode 100644 test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/3-2-target-none-expected.yaml create mode 100644 test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/README.md create mode 100755 test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-test.yaml diff --git a/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/1-0-existing.yaml b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/1-0-existing.yaml new file mode 100755 index 000000000000..52c6c252b6c9 --- /dev/null +++ b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/1-0-existing.yaml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: foreach-cpol-clone-list-sync-delete-source-existing-ns +--- +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + labels: + allowedToBeCloned: "true" + location: europe + name: mysecret-1 + namespace: foreach-cpol-clone-list-sync-delete-source-existing-ns +type: Opaque +--- +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + labels: + allowedToBeCloned: "false" + location: europe + name: mysecret-2 + namespace: foreach-cpol-clone-list-sync-delete-source-existing-ns +type: Opaque +--- +apiVersion: v1 +kind: Namespace +metadata: + name: foreach-cpol-clone-list-sync-delete-source-target-ns-1 +--- +apiVersion: v1 +kind: Namespace +metadata: + name: foreach-cpol-clone-list-sync-delete-source-target-ns-2 + diff --git a/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/1-1-policy.yaml b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/1-1-policy.yaml new file mode 100755 index 000000000000..8287564d09b4 --- /dev/null +++ b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/1-1-policy.yaml @@ -0,0 +1,47 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: foreach-cpol-clone-list-sync-delete-source +spec: + rules: + - match: + any: + - resources: + kinds: + - ConfigMap + name: k-kafka-address + context: + - name: configmapns + variable: + jmesPath: request.object.metadata.namespace + preconditions: + any: + - key: '{{configmapns}}' + operator: Equals + value: '{{request.object.metadata.namespace}}' + generate: + generateExisting: false + synchronize: true + foreach: + - list: request.object.data.namespaces | split(@, ',') + context: + - name: ns + variable: + jmesPath: element + preconditions: + any: + - key: '{{ ns }}' + operator: AnyIn + value: + - foreach-cpol-clone-list-sync-delete-source-target-ns-1 + apiVersion: v1 + kind: Secret + name: cloned-secret-{{ elementIndex }}-{{ ns }} + namespace: '{{ ns }}' + cloneList: + kinds: + - v1/Secret + namespace: foreach-cpol-clone-list-sync-delete-source-existing-ns + selector: + matchLabels: + allowedToBeCloned: "true" diff --git a/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/1-2-policy-assert.yaml b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/1-2-policy-assert.yaml new file mode 100755 index 000000000000..0a7305d193dc --- /dev/null +++ b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/1-2-policy-assert.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: foreach-cpol-clone-list-sync-delete-source +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/2-1-trigger.yaml b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/2-1-trigger.yaml new file mode 100755 index 000000000000..8519cd2955b5 --- /dev/null +++ b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/2-1-trigger.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: foreach-cpol-clone-list-sync-delete-source-trigger-ns +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-deny + namespace: foreach-cpol-clone-list-sync-delete-source-trigger-ns +data: + namespaces: foreach-cpol-clone-list-sync-delete-source-target-ns-1,foreach-cpol-clone-list-sync-delete-source-target-ns-2 \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/3-1-target-expected.yaml b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/3-1-target-expected.yaml new file mode 100644 index 000000000000..bc59f51fdc49 --- /dev/null +++ b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/3-1-target-expected.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + labels: + allowedToBeCloned: "true" + location: europe + name: mysecret-1 + namespace: foreach-cpol-clone-list-sync-delete-source-target-ns-1 +type: Opaque \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/3-2-target-none-expected.yaml b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/3-2-target-none-expected.yaml new file mode 100644 index 000000000000..e988f04b417b --- /dev/null +++ b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/3-2-target-none-expected.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + labels: + allowedToBeCloned: "true" + location: europe + name: mysecret-2 + namespace: foreach-cpol-clone-list-sync-delete-source-target-ns-2 +type: Opaque \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/README.md b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/README.md new file mode 100644 index 000000000000..7f5041ad4460 --- /dev/null +++ b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/README.md @@ -0,0 +1,11 @@ +## Description + +This is a corner case test to ensure the corresponding downstream target is deleted when its trigger is deleted, for a generate cloneList type of policy. + +## Expected Behavior + +If the downstream resources `mysecret-1` and `mysecret-2` are remained in the namespace `cpol-clone-list-sync-delete-source-trigger-ns-2`, the test passes. If not, the test fails. + +## Reference Issue(s) + +https://github.com/kyverno/kyverno/issues/7535 \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-test.yaml new file mode 100755 index 000000000000..226c554b47d5 --- /dev/null +++ b/test/conformance/chainsaw/generate/foreach/clusterpolicy/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-list-sync-delete-source +spec: + steps: + - name: step-01 + try: + - apply: + file: 1-0-existing.yaml + - apply: + file: 1-1-policy.yaml + - assert: + file: 1-2-policy-assert.yaml + - name: step-02 + try: + - apply: + file: 2-1-trigger.yaml + - name: step-03 + try: + - assert: + file: 3-1-target-expected.yaml + - error: + file: 3-2-target-none-expected.yaml + - name: step-04 + try: + - delete: + ref: + apiVersion: v1 + kind: Secret + name: mysecret-1 + namespace: foreach-cpol-clone-list-sync-delete-source-existing-ns + - name: step-05 + try: + - error: + file: 3-1-target-expected.yaml