Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added 2241 test case #2255

Merged
merged 2 commits into from
Aug 20, 2021
Merged

Added 2241 test case #2255

merged 2 commits into from
Aug 20, 2021

Conversation

kacejot
Copy link
Contributor

@kacejot kacejot commented Aug 11, 2021

Signed-off-by: Maxim Goncharenko goncharenko.maxim@apriorit.com

Related issue

Closes #2241

What type of PR is this

/kind failing-test

Proposed Changes

Added test case from #2241 using new variant of this policy with preconditions.

Proof Manifests

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: flux-multi-tenancy
spec:
  validationFailureAction: enforce
  rules:
    - name: serviceAccountName
      exclude:
        resources:
          namespaces:
            - flux-system
      match:
        resources:
          kinds:
            - Kustomization
            - HelmRelease
      validate:
        message: ".spec.serviceAccountName is required"
        pattern:
          spec:
            serviceAccountName: "?*"
    - name: sourceRefNamespace
      exclude:
        resources:
          namespaces:
            - flux-system
      match:
        resources:
          kinds:
            - Kustomization
            - HelmRelease
      preconditions:
        any:
        - key: "{{request.object.spec.sourceRef.namespace}}"
          operator: NotEquals
          value: ""
      validate:
        message: "spec.sourceRef.namespace must be the same as metadata.namespace"
        deny:
          conditions:
            - key: "{{request.object.spec.sourceRef.namespace}}"
              operator: NotEquals
              value:  "{{request.object.metadata.namespace}}"
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
  name: tenants
  namespace: flux-system
spec:
  interval: 5m
  sourceRef:
    kind: GitRepository
    name: flux-system
  path: ./tenants/production
  prune: true
  validation: client

Checklist

  • I have read the contributing guidelines.
  • I have added tests that prove my fix is effective or that my feature works.
  • My PR contains new or altered behavior to Kyverno and
    • I have added or changed the documentation myself in an existing PR and the link is:
    • I have raised an issue in kyverno/website to track the doc update and the link is:
    • I have read the PR documentation guide and followed the process including adding proof manifests to this PR.

Further Comments

@kacejot
added 2241 test case
6604db9 
Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>
@realshuting
Copy link
Member

@kacejot - can we also update the log level for not resolved variables?

@realshuting realshuting self-assigned this Aug 11, 2021
@kacejot
update the log level for not resolved variables
542edc2 
Signed-off-by: Max Goncharenko <kacejot@fex.net>
@realshuting realshuting merged commit ab24da9 into kyverno:main Aug 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@realshuting realshuting realshuting approved these changes

Assignees

@realshuting realshuting

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] flux2-multi-tenancy fails to update kyverno to v1.4.2-rc3
2 participants
@kacejot @realshuting