Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: rename chainsaw tests #213

Merged
merged 4 commits into from
Jul 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,8 @@ help: ## Display this help.

.PHONY: manifests
manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
$(CONTROLLER_GEN) rbac:roleName=nimbus-operator crd webhook paths="./internal/..." output:crd:artifacts:config=config/crd/bases
$(CONTROLLER_GEN) rbac:roleName=nimbus-operator webhook paths="./internal/..."
$(CONTROLLER_GEN) crd paths="./api/..." output:crd:artifacts:config=config/crd/bases

.PHONY: generate
generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/clustersecurityintentbinding_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ type ClusterSecurityIntentBindingStatus struct {
//+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.status"
//+kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
//+kubebuilder:printcolumn:name="Intents",type="integer",JSONPath=".status.numberOfBoundIntents"
//+kubebuilder:printcolumn:name="NimbusPolicies",type="integer",JSONPath=".status.numberofNimbusPolicies"
//+kubebuilder:printcolumn:name="NimbusPolicies",type="integer",JSONPath=".status.numberOfNimbusPolicies"
//+kubebuilder:printcolumn:name="ClusterNimbusPolicy",type="string",JSONPath=".status.clusterNimbusPolicy"
//+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ spec:
- jsonPath: .status.numberOfBoundIntents
name: Intents
type: integer
- jsonPath: .status.numberofNimbusPolicies
- jsonPath: .status.numberOfNimbusPolicies
name: NimbusPolicies
type: integer
- jsonPath: .status.clusterNimbusPolicy
Expand Down
2 changes: 1 addition & 1 deletion deployments/nimbus/templates/crds.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ spec:
- jsonPath: .status.numberOfBoundIntents
name: Intents
type: integer
- jsonPath: .status.numberofNimbusPolicies
- jsonPath: .status.numberOfNimbusPolicies
name: NimbusPolicies
type: integer
- jsonPath: .status.clusterNimbusPolicy
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,18 @@
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
name: exclude-names-add-csib
name: csib-exclude-names-add-update-csib
spec:
description: >
1. Add dev, staging, prod ns
2. Adds a csib for excludeNames with dev, staging
3. Update csib for excludeNames with dev, prod, regional
4. Add a ns with name management - this ns is not part of the excludeNames
Add a ns with name regional - this is part of the excludeNames
This test case tests out multiple scenarios.
1. First we add namespaces dev, staging, and prod. Then we create a csib with excludeNames for
dev and staging. This should result in creation of Nimbus policies for all namespaces
except "dev", "staging".
2. Then we update csib for excludeNames with dev, prod, regional. This should result in the
deletion of the the prod nimbus policy
3. Finally, we add a ns with names management, regional. management ns is not part of the excludeNames
while regional is part of the excludeNames. This step should result in creation of nimbus
policy for management ns, and nimbus policy for regional should not be created
steps:
- name: "1. Create prod, dev, staging Namespaces"
try:
Expand Down Expand Up @@ -106,3 +110,10 @@ spec:
content: kubectl -n regional get np nimbus-ctlr-gen-escape-to-host
check:
($error != null): true

- name: "Verify NimbusPolicy presence in management"
try:
- script:
content: kubectl -n management get np nimbus-ctlr-gen-escape-to-host
check:
($error == null): true
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,17 @@
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
name: multiple-ns-add-csib
name: csib-matchall-ns-add-csib
spec:
description: >
1. Create prod, dev, staging ns
2. Add security intent
3. Add csib
4. Delete prod namespace
5. Create prod namespace again
Multiple scenarios are tested here
1. Three namespaces are created - prod, dev, staging - and we create a csib with a
matchAll condition (*). This is supposed to create nimbus policies in all namespaces
except kube-system.
2. Then we delete the prod namespace, and verify that the nimbus policy no longer exists
in that namespace. The nimbus policies in the other namespaces should not be affected.
3. The we create the prod namespace again, and verify that the nimbus policy in prod
namespace is created again. Additionally, the existing nimbus policies are unaffected
steps:
- name: "Create prod, dev, staging Namespaces"
try:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,17 @@
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
name: match-names-add-csib
name: csib-match-names-add-update-csib
spec:
description: >
1. Adds a csib for matchNames with dev, staging
2. Delete staging ns
3. Update csib for matchNames with dev, prod
Multiple scenarios are tested here
1. First we create the dev and staging namespaces. Then we add a csib with matchNames with
dev, staging. This should result in creation of nimbus policies in dev, and staging namespaces
only, and not in other namespaces.
2. Then we delete the staging ns, and the nimbus policy in dev should not be affected. Also, no
nimbus policy should be present in prod.
3. Then we update csib for matchNames with dev, prod. This should result in creation of nimbus
policy in prod ns. Also, nimbus policy in dev should also be present.
steps:
- name: "Create prod, dev, staging Namespaces"
try:
Expand Down
Loading