Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The results of some of the rules in a policy are missing in their corresponding test.yaml. #2169

Closed
viveksahu26 opened this issue Jul 20, 2021 · 6 comments
Closed

The results of some of the rules in a policy are missing in their corresponding test.yaml. #2169

viveksahu26 opened this issue Jul 20, 2021 · 6 comments
Assignees
@NoSkillGirl
Labels
type:cli cli releated issue
Milestone
Kyverno Release 1...

Comments

@viveksahu26
Copy link
Collaborator

Description of the problem
The results of some of the rules in a policy are missing in their corresponding test.yaml. For example, In this policy, 3 rules are present in disallow_cri_sock_mount.yaml but if you look at test.yaml file, contains the results for 2 rules only.

To reproduce:-
Get the policy, resource and test.yaml file from here(https://github.com/kyverno/policies/tree/main/best-practices/disallow_cri_sock_mount).
Run the command kubectl kyverno apply disallow_cri_sock_mount.yaml -r resource.yaml --policy-report.

Policy-report summary:
error: 0
fail: 1
pass: 2
skip: 0
warn: 0

As we can see that, out of 3 rules, 2 rules are pass and one rule fails. But, in test.yaml, results for 2 rules are mention but results for one rule is missing.

Solution:-
So, finally, the conclusion is results of each rule mention in the policy should be present in the test.yaml file.

Originally posted by @viveksahu26 in #2039
@viveksahu26 viveksahu26 changed the title The results of some of the rules in a policy are missing in their corresponding test.yaml. For example, In [this](https://github.com/kyverno/policies/tree/main/best-practices/disallow_cri_sock_mount) policy, 3 rules are present in [disallow_cri_sock_mount.yaml](https://github.com/kyverno/policies/blob/main/best-practices/disallow_cri_sock_mount/disallow_cri_sock_mount.yaml) but if you look at [test.yaml](https://github.com/kyverno/policies/blob/main/best-practices/disallow_cri_sock_mount/test.yaml) file, contains the results for 2 rules only. The results of some of the rules in a policy are missing in their corresponding test.yaml. Jul 20, 2021
@chipzoller chipzoller added the type:cli cli releated issue label Jul 20, 2021
@chipzoller
Copy link
Member

Should you be assigned this instead, @viveksahu26 ?

@viveksahu26
Copy link
Collaborator Author

Let it be with @NoSkillGirl .

@NoSkillGirl
Copy link
Contributor

NoSkillGirl commented Jul 20, 2021
edited

@viveksahu26 - The test case is working as expected. I think you are little confused between the use case of apply and test command.

Considering the above case:
In apply we will get in total 3 result (pass, fail, skip, etc ...) as apply shows the final result of complete policy applied on a resource.
In test we will get only 2 results as test results shows the pass or fail for the cases that are mentioned in the test.yaml. For getting 3 results user should mention 3 test cases in test.yaml.

For more information check the documentation - https://kyverno.io/docs/kyverno-cli/

@chipzoller - please check it once, how clear is the above case is to the user while you are reviewing the documentation.

@NoSkillGirl NoSkillGirl added this to the Kyverno Release 1.4.2 milestone Jul 20, 2021
@chipzoller
Copy link
Member

Honestly, the CLI documentation needs a major rework as there isn't enough information in either of these commands to give a complete enough explanation on what they do and how to use them.

@NoSkillGirl
Copy link
Contributor

@chipzoller - Please try to mention the points as much you can. If you need any help about the functionality description, do let me know.

@NoSkillGirl
Copy link
Contributor

NoSkillGirl commented Jul 21, 2021
edited

update documentation for this issue - kyverno/website#212

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NoSkillGirl NoSkillGirl

Labels
type:cli cli releated issue
Projects
None yet
Milestone
Kyverno Release 1.4.2
Development

No branches or pull requests
3 participants
@chipzoller @NoSkillGirl @viveksahu26