fix tests

pkg/validator/controller_test.go

@@ -222,5 +222,21 @@ func TestControllerExemptions(t *testing.T) {
 	if err != nil {
 		panic(err)
 	}
-	assert.Equal(t, 0, len(actualResults))
+	expectedExemptSum := CountSummary{
+		Successes: uint(0),
+		Warnings:  uint(0),
+		Dangers:   uint(0),
+	}
+	assert.Equal(t, 1, len(actualResults))
+	assert.Equal(t, "Deployment", actualResults[0].Kind)
+	assert.EqualValues(t, expectedExemptSum, actualResults[0].GetSummary())
+
+	c.DisallowExemptions = true
+	actualResults, err = ValidateControllers(&c, resources)
+	if err != nil {
+		panic(err)
+	}
+	assert.Equal(t, 1, len(actualResults))
+	assert.Equal(t, "Deployment", actualResults[0].Kind)
+	assert.EqualValues(t, expectedSum, actualResults[0].GetSummary())
 }

pkg/validator/schema.go

@@ -137,7 +137,7 @@ func applyPodSchemaChecks(conf *config.Configuration, controller kube.GenericWor
 	results := ResultSet{}
 	checkIDs := getSortedKeys(conf.Checks)
 	for _, checkID := range checkIDs {
-		if hasExemptionAnnotation(controller, checkID) {
+		if !conf.DisallowExemptions && hasExemptionAnnotation(controller, checkID) {
 			continue
 		}
 		check, err := resolveCheck(conf, checkID, controller.Kind, config.TargetPod, controller.ObjectMeta, "", false)
@@ -160,7 +160,7 @@ func applyControllerSchemaChecks(conf *config.Configuration, controller kube.Gen
 	results := ResultSet{}
 	checkIDs := getSortedKeys(conf.Checks)
 	for _, checkID := range checkIDs {
-		if hasExemptionAnnotation(controller, checkID) {
+		if !conf.DisallowExemptions && hasExemptionAnnotation(controller, checkID) {
 			continue
 		}
 		check, err := resolveCheck(conf, checkID, controller.Kind, config.TargetController, controller.ObjectMeta, "", false)
@@ -183,7 +183,7 @@ func applyContainerSchemaChecks(conf *config.Configuration, controller kube.Gene
 	results := ResultSet{}
 	checkIDs := getSortedKeys(conf.Checks)
 	for _, checkID := range checkIDs {
-		if hasExemptionAnnotation(controller, checkID) {
+		if !conf.DisallowExemptions && hasExemptionAnnotation(controller, checkID) {
 			continue
 		}
 		check, err := resolveCheck(conf, checkID, controller.Kind, config.TargetContainer, controller.ObjectMeta, container.Name, isInit)

test/webhook_test.sh

@@ -3,6 +3,8 @@ set -e
 
 # Testing to ensure that the webhook starts up, allows a correct deployment to pass,
 # and prevents a incorrectly formatted deployment.
+BLUE='\033[0;34m'
+GREEN='\033[0;32m'
 RED='\033[0;31m'
 NC='\033[0m' # No Color
 
@@ -100,22 +102,26 @@ ALL_TESTS_PASSED=1
 # Run tests against correctly configured objects
 for filename in test/webhook_cases/passing_test.*.yaml; do
     echo -e "\n\n"
-    echo $filename
+    echo -e "${BLUE}TEST CASE: $filename${NC}"
     if ! kubectl apply -n tests -f $filename; then
         ALL_TESTS_PASSED=0
-        echo -e "${RED}****Test Failed: Polaris prevented a deployment with no configuration issues****${NC}"
+        echo -e "${RED}****Test Failed: Polaris prevented a resource with no configuration issues****${NC}"
+    else
+        echo -e "${GREEN}****Test Passed: Polaris correctly allowed this resource****${NC}"
     fi
     kubectl delete -n tests -f $filename || true
 done
 
 # Run tests against incorrectly configured objects
 for filename in test/webhook_cases/failing_test.*.yaml; do
     echo -e "\n\n"
-    echo $filename
+    echo -e "${BLUE}TEST CASE: $filename${NC}"
     if kubectl apply -n tests -f $filename; then
         ALL_TESTS_PASSED=0
-        echo -e "${RED}****Test Failed: Polaris should have prevented this deployment due to configuration issues.****${NC}"
+        echo -e "${RED}****Test Failed: Polaris should have prevented this resource due to configuration issues.****${NC}"
         kubectl logs -n polaris $(kubectl get po -oname -n polaris | grep webhook)
+    else
+      echo -e "${GREEN}****Test Passed: Polaris correctly prevented this resource****${NC}"
     fi
     kubectl delete -n tests -f $filename || true
 done