Skip to content

Commit

Permalink
chore: add policy loader unit tests (#160)
Browse files Browse the repository at this point in the history 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
  • Loading branch information
@eddycharly @JimBugwadia
eddycharly and JimBugwadia authored Oct 30, 2023
1 parent 7e8fd97 commit cdf703c
Show file tree
Hide file tree
Showing 9 changed files with 217 additions and 0 deletions.
126 changes: 126 additions & 0 deletions pkg/policy/load_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
package policy

import (
"path/filepath"
"testing"

"github.com/kyverno/kyverno-json/pkg/apis/v1alpha1"
"github.com/stretchr/testify/require"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func TestLoad(t *testing.T) {
basePath := "../../test/policy"
tests := []struct {
name string
path string
want []*v1alpha1.ValidatingPolicy
wantErr bool
}{{
name: "confimap",
path: filepath.Join(basePath, "configmap.yaml"),
wantErr: true,
}, {
name: "not found",
path: filepath.Join(basePath, "not-found.yaml"),
wantErr: true,
}, {
name: "empty",
path: filepath.Join(basePath, "empty.yaml"),
wantErr: false,
}, {
name: "no spec",
path: filepath.Join(basePath, "no-spec.yaml"),
wantErr: true,
}, {
name: "no rules",
path: filepath.Join(basePath, "no-rules.yaml"),
wantErr: true,
}, {
name: "invalid rule",
path: filepath.Join(basePath, "bad-rule.yaml"),
wantErr: true,
}, {
name: "rule name missing",
path: filepath.Join(basePath, "rule-name-missing.yaml"),
wantErr: true,
}, {
name: "ok",
path: filepath.Join(basePath, "ok.yaml"),
want: []*v1alpha1.ValidatingPolicy{{
TypeMeta: metav1.TypeMeta{
APIVersion: "json.kyverno.io/v1alpha1",
Kind: "ValidatingPolicy",
},
ObjectMeta: metav1.ObjectMeta{
Name: "test",
},
Spec: v1alpha1.ValidatingPolicySpec{
Rules: []v1alpha1.ValidatingRule{{
Name: "pod-no-latest",
Match: &v1alpha1.Match{
Any: []v1alpha1.Any{{
Value: map[string]interface{}{
"apiVersion": "v1",
"kind": "Pod",
},
}},
},
Assert: &v1alpha1.Assert{
All: []v1alpha1.Assertion{{
Check: v1alpha1.Any{
Value: map[string]interface{}{
"spec": map[string]interface{}{
"~foo.containers->foos": map[string]interface{}{
"(at($foos, $foo).image)->foo": map[string]interface{}{
"(contains($foo, ':'))": true,
"(ends_with($foo, ':latest'))": false,
},
},
},
},
},
}},
},
}},
},
}},
}, {
name: "multiple",
path: filepath.Join(basePath, "multiple.yaml"),
want: []*v1alpha1.ValidatingPolicy{{
TypeMeta: metav1.TypeMeta{
APIVersion: "json.kyverno.io/v1alpha1",
Kind: "ValidatingPolicy",
},
ObjectMeta: metav1.ObjectMeta{
Name: "test-1",
},
Spec: v1alpha1.ValidatingPolicySpec{
Rules: []v1alpha1.ValidatingRule{},
},
}, {
TypeMeta: metav1.TypeMeta{
APIVersion: "json.kyverno.io/v1alpha1",
Kind: "ValidatingPolicy",
},
ObjectMeta: metav1.ObjectMeta{
Name: "test-2",
},
Spec: v1alpha1.ValidatingPolicySpec{
Rules: []v1alpha1.ValidatingRule{},
},
}},
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Load(tt.path)
if tt.wantErr {
require.Error(t, err)
} else {
require.NoError(t, err)
}
require.Equal(t, tt.want, got)
})
}
}
22 changes: 22 additions & 0 deletions test/policy/bad-rule.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
apiVersion: json.kyverno.io/v1alpha1
kind: ValidatingPolicy
metadata:
name: test
spec:
rules:
- name: pod-no-latest
# matches instead of match
matches:
any:
- apiVersion: v1
kind: Pod
assert:
all:
- check:
spec:
~foo.containers->foos:
(at($foos, $foo).image)->foo:
# an image tag is required
(contains($foo, ':')): true
# using a mutable image tag e.g. 'latest' is not allowed
(ends_with($foo, ':latest')): false
6 changes: 6 additions & 0 deletions test/policy/configmap.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: default
data:
foo: bar
Empty file added test/policy/empty.yaml
View file
Empty file.
13 changes: 13 additions & 0 deletions test/policy/multiple.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: json.kyverno.io/v1alpha1
kind: ValidatingPolicy
metadata:
name: test-1
spec:
rules: []
---
apiVersion: json.kyverno.io/v1alpha1
kind: ValidatingPolicy
metadata:
name: test-2
spec:
rules: []
5 changes: 5 additions & 0 deletions test/policy/no-rules.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: json.kyverno.io/v1alpha1
kind: ValidatingPolicy
metadata:
name: test
spec: {}
4 changes: 4 additions & 0 deletions test/policy/no-spec.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: json.kyverno.io/v1alpha1
kind: ValidatingPolicy
metadata:
name: test
21 changes: 21 additions & 0 deletions test/policy/ok.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: json.kyverno.io/v1alpha1
kind: ValidatingPolicy
metadata:
name: test
spec:
rules:
- name: pod-no-latest
match:
any:
- apiVersion: v1
kind: Pod
assert:
all:
- check:
spec:
~foo.containers->foos:
(at($foos, $foo).image)->foo:
# an image tag is required
(contains($foo, ':')): true
# using a mutable image tag e.g. 'latest' is not allowed
(ends_with($foo, ':latest')): false
20 changes: 20 additions & 0 deletions test/policy/rule-name-missing.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
apiVersion: json.kyverno.io/v1alpha1
kind: ValidatingPolicy
metadata:
name: test
spec:
rules:
- match:
any:
- apiVersion: v1
kind: Pod
assert:
all:
- check:
spec:
~foo.containers->foos:
(at($foos, $foo).image)->foo:
# an image tag is required
(contains($foo, ':')): true
# using a mutable image tag e.g. 'latest' is not allowed
(ends_with($foo, ':latest')): false

0 comments on commit cdf703c

Please sign in to comment.