New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] test
Command Not Respecting Autogen Rules for Pod Controllers
#1922
Comments
@daviddyball Extremely sorry for late reply. Autogen rule apply only for Kind Pod. If we want policy for deployment we have create another policy specific for deloyment, or we can add deployment in match-resource-kind. |
@vyankyGH What you suggested is the workaround I've implemented in my tests... but it's not a fix. Isn't the point of auto-gen rules to take policies that target As far as I'm aware this is only affecting the Edit: I've added notes about the different behaviour of |
Thanks for opening this issue! Please review the labels and make any necessary changes. |
@vyankd - any updates? |
Hi @daviddyball I have tried the above policy and resource with apply command I get the same behavior as test command.
There are 3 resources fail and 1 pass for pod with labels. And we want test command against Pod auto-gen rules,
I made following changes in deployment resource and test.yaml accordingly and it works.
I have added autogen- to the rule name
Result:
Please Let me know, If its work's. |
@vyankyGH thanks for coming back to me.... I see what you are saying.... I have to manually specify the
I guess this confusion came about because it's not documented anywhere for the end user that, when doing tests on auto-gen rules you have to use the This isn't great from a UX perspective because, as a user, I have to understand the auto-gen naming format and anticipate/guess what the resulting name of my policy will be at runtime. What's to stop that from behaving differently in the future and breaking all of my tests? |
@daviddyball yes your correct we should documented that and will do that. |
Hi @daviddyball I will raised PR for support autogen-naming for test command. After that, for test against autogen rule's, No need to add autogen- prefix for rule names.it will work as you defined in test.yaml. |
Software version numbers
kyverno test
)1.3.6
Describe the bug
When writing test-cases for use with the
kyverno test
sub-command it appears that autogen rules for pod-controllers aren't respected. If I write a policy that includesmatch.resources.kinds: ["Pod"]
NOTE: The same policy works fine when using
kyverno apply
, which suggests that it is only thetest
sub-command that is not respecting auto-gen rules correctly.To Reproduce
Create the following files
policy.yaml
resource.yaml
test.yaml
Expected behavior
The run
kyverno test .
in the same directory. The two tests onPod
resources should succeed, but the twoDeployment
resource tests will fail.Using the same policy above when using
kyverno apply --resource resource.yaml
works fine with the above policy (the auto-gen correctly creates policies forDeployment
,DaemonSet
andJob
as expected.Debug Output
Additional context
N/A
The text was updated successfully, but these errors were encountered: