chore: add tests

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

pkg/controllers/webhook/controller_test.go

@@ -50,6 +50,42 @@ func TestAddOperationsForValidatingWebhookConfMultiplePolicies(t *testing.T) {
 			expectedResult: map[string][]admissionregistrationv1.OperationType{
 				"ConfigMap": {"CREATE", "UPDATE", "DELETE", "CONNECT"},
 			},
+		}, {
+			name: "test-2",
+			policies: []kyverno.ClusterPolicy{
+				{
+					Spec: kyverno.Spec{
+						Rules: []kyverno.Rule{
+							{
+								MatchResources: kyverno.MatchResources{
+									ResourceDescription: kyverno.ResourceDescription{
+										Kinds:      []string{"Role"},
+										Operations: []kyverno.AdmissionOperation{"DELETE"},
+									},
+								},
+							},
+						},
+					},
+				},
+				{
+					Spec: kyverno.Spec{
+						Rules: []kyverno.Rule{
+							{
+								MatchResources: kyverno.MatchResources{
+									ResourceDescription: kyverno.ResourceDescription{
+										Kinds:      []string{"Secrets"},
+										Operations: []kyverno.AdmissionOperation{"CONNECT"},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			expectedResult: map[string][]admissionregistrationv1.OperationType{
+				"Role":    {"DELETE"},
+				"Secrets": {"CONNECT"},
+			},
 		},
 	}
 

pkg/controllers/webhook/utils.go

@@ -76,9 +76,10 @@ func (wh *webhook) buildRulesWithOperations(final map[string][]admissionregistra
 
 	for gv, resources := range wh.rules {
 		for res := range resources {
+			resource := sets.New(res)
 			// if we have pods, we add pods/ephemeralcontainers by default
-			if (gv.Group == "" || gv.Group == "*") && (gv.Version == "v1" || gv.Version == "*") && (resources.Has("pods") || resources.Has("*")) {
-				resources.Insert("pods/ephemeralcontainers")
+			if (gv.Group == "" || gv.Group == "*") && (gv.Version == "v1" || gv.Version == "*") && (resource.Has("pods") || resource.Has("*")) {
+				resource.Insert("pods/ephemeralcontainers")
 			}
 
 			operations := findKeyContainingSubstring(final, res, defaultOpn)
@@ -94,7 +95,7 @@ func (wh *webhook) buildRulesWithOperations(final map[string][]admissionregistra
 				Rule: admissionregistrationv1.Rule{
 					APIGroups:   []string{gv.Group},
 					APIVersions: []string{gv.Version},
-					Resources:   []string{res},
+					Resources:   sets.List(resource),
 					Scope:       ptr.To(gv.scopeType),
 				},
 				Operations: operations,

pkg/controllers/webhook/utils_test.go

@@ -375,12 +375,6 @@ func TestBuildRulesWithOperations(t *testing.T) {
 		{
 			name: "Test Case 1",
 			rules: map[groupVersionScope]sets.Set[string]{
-				groupVersionScope{
-					GroupVersion: corev1.SchemeGroupVersion,
-					scopeType:    admissionregistrationv1.AllScopes,
-				}: {
-					"namespaces": sets.Empty{},
-				},
 				groupVersionScope{
 					GroupVersion: corev1.SchemeGroupVersion,
 					scopeType:    admissionregistrationv1.NamespacedScope,
@@ -390,16 +384,25 @@ func TestBuildRulesWithOperations(t *testing.T) {
 				},
 			},
 			mapResourceToOpnType: map[string][]admissionregistrationv1.OperationType{
-				"Namespace": {},
-				"Pod":       {webhookCreate, webhookUpdate},
+				"Namespace":  {},
+				"Pod":        {webhookCreate, webhookUpdate},
+				"ConfigMaps": {webhookCreate},
 			},
 			expectedResult: []admissionregistrationv1.RuleWithOperations{
 				{
+					Operations: []admissionregistrationv1.OperationType{webhookCreate},
+					Rule: admissionregistrationv1.Rule{
+						APIGroups:   []string{""},
+						APIVersions: []string{"v1"},
+						Resources:   []string{"configmaps"},
+						Scope:       ptr.To(admissionregistrationv1.NamespacedScope),
+					},
+				}, {
 					Operations: []admissionregistrationv1.OperationType{webhookCreate, webhookUpdate},
 					Rule: admissionregistrationv1.Rule{
 						APIGroups:   []string{""},
 						APIVersions: []string{"v1"},
-						Resources:   []string{"configmaps", "pods", "pods/ephemeralcontainers"},
+						Resources:   []string{"pods", "pods/ephemeralcontainers"},
 						Scope:       ptr.To(admissionregistrationv1.NamespacedScope),
 					},
 				},