From 6c46674c5ddbd9de40642c43b6b5d087171a5be6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20R=C3=BCger?= Date: Tue, 25 Feb 2025 20:08:17 +0100 Subject: [PATCH 1/3] Add more acceptance tests --- acceptance.bats | 8 ++-- .../custom/constraint_FullMetadata.yaml | 34 +++++++++++++++++ test/output/custom/constraint_NoMetadata.yaml | 6 +++ .../custom/constraint_PartialMetadata.yaml | 11 ++++++ test/output/custom/constraint_Policies.yaml | 34 +++++++++++++++++ test/{ => output}/custom/constraint_Test.yaml | 0 test/output/custom/template_FullMetadata.yaml | 38 +++++++++++++++++++ test/output/custom/template_NoMetadata.yaml | 30 +++++++++++++++ .../custom/template_PartialMetadata.yaml | 30 +++++++++++++++ test/output/custom/template_Policies.yaml | 38 +++++++++++++++++++ test/{ => output}/custom/template_Test.yaml | 0 .../standard/constraint_NoMetadata.yaml | 4 ++ .../standard/constraint_PartialMetadata.yaml | 10 +++++ .../standard}/constraint_Test.yaml | 0 .../standard/template_FullMetadata.yaml | 38 +++++++++++++++++++ test/output/standard/template_NoMetadata.yaml | 30 +++++++++++++++ .../standard/template_PartialMetadata.yaml | 30 +++++++++++++++ test/output/standard/template_Policies.yaml | 38 +++++++++++++++++++ test/{ => output/standard}/template_Test.yaml | 0 test/{ => policies/full-metadata}/src.rego | 0 test/{ => policies}/lib/libraryA.rego | 0 test/{ => policies}/lib/libraryB.rego | 0 test/policies/no-metadata/src.rego | 10 +++++ test/policies/partial-metadata/src.rego | 19 ++++++++++ 24 files changed, 404 insertions(+), 4 deletions(-) create mode 100644 test/output/custom/constraint_FullMetadata.yaml create mode 100644 test/output/custom/constraint_NoMetadata.yaml create mode 100644 test/output/custom/constraint_PartialMetadata.yaml create mode 100644 test/output/custom/constraint_Policies.yaml rename test/{ => output}/custom/constraint_Test.yaml (100%) create mode 100644 test/output/custom/template_FullMetadata.yaml create mode 100644 test/output/custom/template_NoMetadata.yaml create mode 100644 test/output/custom/template_PartialMetadata.yaml create mode 100644 test/output/custom/template_Policies.yaml rename test/{ => output}/custom/template_Test.yaml (100%) create mode 100644 test/output/standard/constraint_NoMetadata.yaml create mode 100644 test/output/standard/constraint_PartialMetadata.yaml rename test/{ => output/standard}/constraint_Test.yaml (100%) create mode 100644 test/output/standard/template_FullMetadata.yaml create mode 100644 test/output/standard/template_NoMetadata.yaml create mode 100644 test/output/standard/template_PartialMetadata.yaml create mode 100644 test/output/standard/template_Policies.yaml rename test/{ => output/standard}/template_Test.yaml (100%) rename test/{ => policies/full-metadata}/src.rego (100%) rename test/{ => policies}/lib/libraryA.rego (100%) rename test/{ => policies}/lib/libraryB.rego (100%) create mode 100644 test/policies/no-metadata/src.rego create mode 100644 test/policies/partial-metadata/src.rego diff --git a/acceptance.bats b/acceptance.bats index 8b9f7f81..0f0d5f6f 100644 --- a/acceptance.bats +++ b/acceptance.bats @@ -19,13 +19,13 @@ } @test "[CREATE] Creating constraints using --output matches expected output" { - run ./build/konstraint create test --output test + run ./build/konstraint create test/policies --output test/output/standard [ "$status" -eq 0 ] - git diff --quiet -- test/ + git diff --quiet -- test/output/standard } @test "[CREATE] Creating constraints using --constraint-custom-template-file, --constraint-template-custom-template-file and --output matches expected output" { - run ./build/konstraint create test --constraint-custom-template-file internal/commands/constraint_template.tpl --constraint-template-custom-template-file internal/commands/constrainttemplate_template.tpl --partial-constraints --output test/custom + run ./build/konstraint create test/policies --constraint-custom-template-file internal/commands/constraint_template.tpl --constraint-template-custom-template-file internal/commands/constrainttemplate_template.tpl --partial-constraints --output test/output/custom [ "$status" -eq 0 ] - git diff --quiet -- test/custom + git diff --quiet -- test/output/custom } diff --git a/test/output/custom/constraint_FullMetadata.yaml b/test/output/custom/constraint_FullMetadata.yaml new file mode 100644 index 00000000..edd24173 --- /dev/null +++ b/test/output/custom/constraint_FullMetadata.yaml @@ -0,0 +1,34 @@ +# This is a custom template for constraints +apiVersion: constraints.gatekeeper.sh/v1beta1 +kind: FullMetadata +metadata: + name: fullmetadata +spec: + match: + excludedNamespaces: + - kube-system + - gatekeeper-system + kinds: + - apiGroups: + - "" + kinds: + - Pod + - apiGroups: + - apps + kinds: + - DaemonSet + - Deployment + - StatefulSet + labelSelector: + matchExpressions: + - key: foo + operator: In + values: + - bar + - baz + - key: doggos + operator: Exists + namespaces: + - dev + - stage + - prod diff --git a/test/output/custom/constraint_NoMetadata.yaml b/test/output/custom/constraint_NoMetadata.yaml new file mode 100644 index 00000000..74be30bb --- /dev/null +++ b/test/output/custom/constraint_NoMetadata.yaml @@ -0,0 +1,6 @@ +# This is a custom template for constraints +apiVersion: constraints.gatekeeper.sh/v1beta1 +kind: NoMetadata +metadata: + name: nometadata +spec: diff --git a/test/output/custom/constraint_PartialMetadata.yaml b/test/output/custom/constraint_PartialMetadata.yaml new file mode 100644 index 00000000..20d28ed3 --- /dev/null +++ b/test/output/custom/constraint_PartialMetadata.yaml @@ -0,0 +1,11 @@ +# This is a custom template for constraints +apiVersion: constraints.gatekeeper.sh/v1beta1 +kind: PartialMetadata +metadata: + name: partialmetadata +spec: + match: + namespaces: + - dev + - stage + - prod diff --git a/test/output/custom/constraint_Policies.yaml b/test/output/custom/constraint_Policies.yaml new file mode 100644 index 00000000..6fa779c6 --- /dev/null +++ b/test/output/custom/constraint_Policies.yaml @@ -0,0 +1,34 @@ +# This is a custom template for constraints +apiVersion: constraints.gatekeeper.sh/v1beta1 +kind: Policies +metadata: + name: policies +spec: + match: + excludedNamespaces: + - kube-system + - gatekeeper-system + kinds: + - apiGroups: + - "" + kinds: + - Pod + - apiGroups: + - apps + kinds: + - DaemonSet + - Deployment + - StatefulSet + labelSelector: + matchExpressions: + - key: foo + operator: In + values: + - bar + - baz + - key: doggos + operator: Exists + namespaces: + - dev + - stage + - prod diff --git a/test/custom/constraint_Test.yaml b/test/output/custom/constraint_Test.yaml similarity index 100% rename from test/custom/constraint_Test.yaml rename to test/output/custom/constraint_Test.yaml diff --git a/test/output/custom/template_FullMetadata.yaml b/test/output/custom/template_FullMetadata.yaml new file mode 100644 index 00000000..4149afba --- /dev/null +++ b/test/output/custom/template_FullMetadata.yaml @@ -0,0 +1,38 @@ +# This is a custom template for a constraint template +apiVersion: templates.gatekeeper.sh/v1 +kind: ConstraintTemplate +metadata: + name: fullmetadata +spec: + crd: + spec: + names: + kind: FullMetadata + validation: + openAPIV3Schema: + properties: + super: + description: |- + super duper cool parameter with a description + on two lines. + type: string + targets: + - libs: + - |- + package lib.libraryA + + import data.lib.libraryB + - |- + package lib.libraryB + rego: |- + package test + + import future.keywords.if + import data.lib.libraryA + + policyID := "P123456" + + violation if { + true # some comment + } + target: admission.k8s.gatekeeper.sh diff --git a/test/output/custom/template_NoMetadata.yaml b/test/output/custom/template_NoMetadata.yaml new file mode 100644 index 00000000..eb3cfad0 --- /dev/null +++ b/test/output/custom/template_NoMetadata.yaml @@ -0,0 +1,30 @@ +# This is a custom template for a constraint template +apiVersion: templates.gatekeeper.sh/v1 +kind: ConstraintTemplate +metadata: + name: nometadata +spec: + crd: + spec: + names: + kind: NoMetadata + targets: + - libs: + - |- + package lib.libraryA + + import data.lib.libraryB + - |- + package lib.libraryB + rego: |- + package test_nometadata + + import future.keywords.if + import data.lib.libraryA + + policyID := "P123456" + + violation if { + true # some comment + } + target: admission.k8s.gatekeeper.sh diff --git a/test/output/custom/template_PartialMetadata.yaml b/test/output/custom/template_PartialMetadata.yaml new file mode 100644 index 00000000..f4690dec --- /dev/null +++ b/test/output/custom/template_PartialMetadata.yaml @@ -0,0 +1,30 @@ +# This is a custom template for a constraint template +apiVersion: templates.gatekeeper.sh/v1 +kind: ConstraintTemplate +metadata: + name: partialmetadata +spec: + crd: + spec: + names: + kind: PartialMetadata + targets: + - libs: + - |- + package lib.libraryA + + import data.lib.libraryB + - |- + package lib.libraryB + rego: |- + package test_partial_metadata + + import future.keywords.if + import data.lib.libraryA + + policyID := "P123456" + + violation if { + true # some comment + } + target: admission.k8s.gatekeeper.sh diff --git a/test/output/custom/template_Policies.yaml b/test/output/custom/template_Policies.yaml new file mode 100644 index 00000000..bd6b0a6a --- /dev/null +++ b/test/output/custom/template_Policies.yaml @@ -0,0 +1,38 @@ +# This is a custom template for a constraint template +apiVersion: templates.gatekeeper.sh/v1 +kind: ConstraintTemplate +metadata: + name: policies +spec: + crd: + spec: + names: + kind: Policies + validation: + openAPIV3Schema: + properties: + super: + description: |- + super duper cool parameter with a description + on two lines. + type: string + targets: + - libs: + - |- + package lib.libraryA + + import data.lib.libraryB + - |- + package lib.libraryB + rego: |- + package test + + import future.keywords.if + import data.lib.libraryA + + policyID := "P123456" + + violation if { + true # some comment + } + target: admission.k8s.gatekeeper.sh diff --git a/test/custom/template_Test.yaml b/test/output/custom/template_Test.yaml similarity index 100% rename from test/custom/template_Test.yaml rename to test/output/custom/template_Test.yaml diff --git a/test/output/standard/constraint_NoMetadata.yaml b/test/output/standard/constraint_NoMetadata.yaml new file mode 100644 index 00000000..186c6c15 --- /dev/null +++ b/test/output/standard/constraint_NoMetadata.yaml @@ -0,0 +1,4 @@ +apiVersion: constraints.gatekeeper.sh/v1beta1 +kind: NoMetadata +metadata: + name: nometadata diff --git a/test/output/standard/constraint_PartialMetadata.yaml b/test/output/standard/constraint_PartialMetadata.yaml new file mode 100644 index 00000000..d44b232e --- /dev/null +++ b/test/output/standard/constraint_PartialMetadata.yaml @@ -0,0 +1,10 @@ +apiVersion: constraints.gatekeeper.sh/v1beta1 +kind: PartialMetadata +metadata: + name: partialmetadata +spec: + match: + namespaces: + - dev + - stage + - prod diff --git a/test/constraint_Test.yaml b/test/output/standard/constraint_Test.yaml similarity index 100% rename from test/constraint_Test.yaml rename to test/output/standard/constraint_Test.yaml diff --git a/test/output/standard/template_FullMetadata.yaml b/test/output/standard/template_FullMetadata.yaml new file mode 100644 index 00000000..1e1e41fb --- /dev/null +++ b/test/output/standard/template_FullMetadata.yaml @@ -0,0 +1,38 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + creationTimestamp: null + name: fullmetadata +spec: + crd: + spec: + names: + kind: FullMetadata + validation: + openAPIV3Schema: + properties: + super: + description: |- + super duper cool parameter with a description + on two lines. + type: string + targets: + - libs: + - |- + package lib.libraryA + + import data.lib.libraryB + - package lib.libraryB + rego: |- + package test + + import future.keywords.if + import data.lib.libraryA + + policyID := "P123456" + + violation if { + true # some comment + } + target: admission.k8s.gatekeeper.sh +status: {} diff --git a/test/output/standard/template_NoMetadata.yaml b/test/output/standard/template_NoMetadata.yaml new file mode 100644 index 00000000..7ca2f71b --- /dev/null +++ b/test/output/standard/template_NoMetadata.yaml @@ -0,0 +1,30 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + creationTimestamp: null + name: nometadata +spec: + crd: + spec: + names: + kind: NoMetadata + targets: + - libs: + - |- + package lib.libraryA + + import data.lib.libraryB + - package lib.libraryB + rego: |- + package test_nometadata + + import future.keywords.if + import data.lib.libraryA + + policyID := "P123456" + + violation if { + true # some comment + } + target: admission.k8s.gatekeeper.sh +status: {} diff --git a/test/output/standard/template_PartialMetadata.yaml b/test/output/standard/template_PartialMetadata.yaml new file mode 100644 index 00000000..c25e0726 --- /dev/null +++ b/test/output/standard/template_PartialMetadata.yaml @@ -0,0 +1,30 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + creationTimestamp: null + name: partialmetadata +spec: + crd: + spec: + names: + kind: PartialMetadata + targets: + - libs: + - |- + package lib.libraryA + + import data.lib.libraryB + - package lib.libraryB + rego: |- + package test_partial_metadata + + import future.keywords.if + import data.lib.libraryA + + policyID := "P123456" + + violation if { + true # some comment + } + target: admission.k8s.gatekeeper.sh +status: {} diff --git a/test/output/standard/template_Policies.yaml b/test/output/standard/template_Policies.yaml new file mode 100644 index 00000000..c87c412e --- /dev/null +++ b/test/output/standard/template_Policies.yaml @@ -0,0 +1,38 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + creationTimestamp: null + name: policies +spec: + crd: + spec: + names: + kind: Policies + validation: + openAPIV3Schema: + properties: + super: + description: |- + super duper cool parameter with a description + on two lines. + type: string + targets: + - libs: + - |- + package lib.libraryA + + import data.lib.libraryB + - package lib.libraryB + rego: |- + package test + + import future.keywords.if + import data.lib.libraryA + + policyID := "P123456" + + violation if { + true # some comment + } + target: admission.k8s.gatekeeper.sh +status: {} diff --git a/test/template_Test.yaml b/test/output/standard/template_Test.yaml similarity index 100% rename from test/template_Test.yaml rename to test/output/standard/template_Test.yaml diff --git a/test/src.rego b/test/policies/full-metadata/src.rego similarity index 100% rename from test/src.rego rename to test/policies/full-metadata/src.rego diff --git a/test/lib/libraryA.rego b/test/policies/lib/libraryA.rego similarity index 100% rename from test/lib/libraryA.rego rename to test/policies/lib/libraryA.rego diff --git a/test/lib/libraryB.rego b/test/policies/lib/libraryB.rego similarity index 100% rename from test/lib/libraryB.rego rename to test/policies/lib/libraryB.rego diff --git a/test/policies/no-metadata/src.rego b/test/policies/no-metadata/src.rego new file mode 100644 index 00000000..c8a4449e --- /dev/null +++ b/test/policies/no-metadata/src.rego @@ -0,0 +1,10 @@ +package test_nometadata + +import future.keywords.if +import data.lib.libraryA + +policyID := "P123456" + +violation if { + true # some comment +} diff --git a/test/policies/partial-metadata/src.rego b/test/policies/partial-metadata/src.rego new file mode 100644 index 00000000..682afc3d --- /dev/null +++ b/test/policies/partial-metadata/src.rego @@ -0,0 +1,19 @@ +# METADATA +# title: The title +# description: The description +# custom: +# matchers: +# namespaces: +# - dev +# - stage +# - prod +package test_partial_metadata + +import future.keywords.if +import data.lib.libraryA + +policyID := "P123456" + +violation if { + true # some comment +} From c373ce029d0f096588e62f016dfbec28c54defe8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20R=C3=BCger?= Date: Thu, 20 Feb 2025 18:59:27 +0100 Subject: [PATCH 2/3] Fix constraint template --- internal/commands/constraint_template.tpl | 19 ++++++--- test/output/custom/constraint_Test.yaml | 48 ----------------------- 2 files changed, 14 insertions(+), 53 deletions(-) diff --git a/internal/commands/constraint_template.tpl b/internal/commands/constraint_template.tpl index 39390eae..e25b594c 100644 --- a/internal/commands/constraint_template.tpl +++ b/internal/commands/constraint_template.tpl @@ -10,12 +10,21 @@ metadata: {{- end }} name: {{ .Name }} spec: - {{- if .Matchers }} - match: {{- .GetAnnotation "matchers" | toIndentYAML 2 | nindent 4 }} - {{- end }} {{- if ne .Enforcement "deny" }} enforcementAction: {{ .Enforcement }} {{- end -}} - {{- if .AnnotationParameters }} - parameters: {{- .AnnotationParameters | toIndentYAML 2 | nindent 4 }} + {{- if or .AnnotationKindMatchers .AnnotationNamespaceMatchers .AnnotationExcludedNamespaceMatchers .AnnotationLabelSelectorMatcher }} + match: + {{- if .AnnotationExcludedNamespaceMatchers }} + excludedNamespaces: {{- .AnnotationExcludedNamespaceMatchers | toIndentYAML 2 | nindent 6 }} + {{- end }} + {{- if .AnnotationKindMatchers }} + kinds: {{- .AnnotationKindMatchers | toJSON | fromJSON | toIndentYAML 2 | nindent 6 }} + {{- end }} + {{- if .AnnotationLabelSelectorMatcher }} + labelSelector: {{- .AnnotationLabelSelectorMatcher | toJSON | fromJSON | toIndentYAML 2 | nindent 6 }} + {{- end }} + {{- if .AnnotationNamespaceMatchers }} + namespaces: {{- .AnnotationNamespaceMatchers | toIndentYAML 2 | nindent 6 }} + {{- end }} {{- end }} diff --git a/test/output/custom/constraint_Test.yaml b/test/output/custom/constraint_Test.yaml index ad444ccc..514b3302 100644 --- a/test/output/custom/constraint_Test.yaml +++ b/test/output/custom/constraint_Test.yaml @@ -32,51 +32,3 @@ spec: - dev - stage - prod - parameters: - super: - id: "" - schema: "" - ref: null - description: |- - super duper cool parameter with a description - on two lines. - type: string - format: "" - title: "" - default: null - maximum: null - exclusivemaximum: false - minimum: null - exclusiveminimum: false - maxlength: null - minlength: null - pattern: "" - maxitems: null - minitems: null - uniqueitems: false - multipleof: null - enum: [] - maxproperties: null - minproperties: null - required: [] - items: null - allof: [] - oneof: [] - anyof: [] - not: null - properties: {} - additionalproperties: null - patternproperties: {} - dependencies: {} - additionalitems: null - definitions: {} - externaldocs: null - example: null - nullable: false - xpreserveunknownfields: null - xembeddedresource: false - xintorstring: false - xlistmapkeys: [] - xlisttype: null - xmaptype: null - xvalidations: [] From 97bc7c6e771e14c10182c4477581ba5a22ca233a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20R=C3=BCger?= Date: Tue, 25 Feb 2025 20:18:25 +0100 Subject: [PATCH 3/3] Fix tests --- .github/workflows/cron_e2e.yaml | 1 - .github/workflows/pull_request.yaml | 1 - internal/commands/create_test.go | 10 ++--- test/output/custom/constraint_Policies.yaml | 34 ---------------- test/output/custom/constraint_Test.yaml | 34 ---------------- test/output/custom/template_FullMetadata.yaml | 2 +- .../custom/template_PartialMetadata.yaml | 2 +- test/output/custom/template_Policies.yaml | 38 ------------------ test/output/custom/template_Test.yaml | 38 ------------------ ...Test.yaml => constraint_FullMetadata.yaml} | 4 +- .../standard/template_FullMetadata.yaml | 5 ++- test/output/standard/template_NoMetadata.yaml | 2 +- .../standard/template_PartialMetadata.yaml | 4 +- test/output/standard/template_Policies.yaml | 38 ------------------ test/output/standard/template_Test.yaml | 39 ------------------- test/policies/full-metadata/src.rego | 2 +- test/policies/partial-metadata/src.rego | 2 +- 17 files changed, 17 insertions(+), 239 deletions(-) delete mode 100644 test/output/custom/constraint_Policies.yaml delete mode 100644 test/output/custom/constraint_Test.yaml delete mode 100644 test/output/custom/template_Policies.yaml delete mode 100644 test/output/custom/template_Test.yaml rename test/output/standard/{constraint_Test.yaml => constraint_FullMetadata.yaml} (92%) delete mode 100644 test/output/standard/template_Policies.yaml delete mode 100644 test/output/standard/template_Test.yaml diff --git a/.github/workflows/cron_e2e.yaml b/.github/workflows/cron_e2e.yaml index d57850a3..76a4b72c 100644 --- a/.github/workflows/cron_e2e.yaml +++ b/.github/workflows/cron_e2e.yaml @@ -65,7 +65,6 @@ jobs: run: | chmod +x ./konstraint ./konstraint create -o e2e-resources examples - ./konstraint create -o e2e-resources test - name: create kind cluster run: kind create cluster diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 39d25614..e8549459 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -196,7 +196,6 @@ jobs: run: | chmod +x ./konstraint ./konstraint create -o e2e-resources examples - ./konstraint create -o e2e-resources test - name: create kind cluster run: kind create cluster diff --git a/internal/commands/create_test.go b/internal/commands/create_test.go index dcd926bd..4ce49a8a 100644 --- a/internal/commands/create_test.go +++ b/internal/commands/create_test.go @@ -19,7 +19,7 @@ func TestRenderConstraint(t *testing.T) { t.Errorf("Error getting violations: %v", err) } - expected, err := os.ReadFile("../../test/constraint_Test.yaml") + expected, err := os.ReadFile("../../test/output/standard/constraint_FullMetadata.yaml") if err != nil { t.Errorf("Error reading expected file: %v", err) } @@ -48,7 +48,7 @@ func TestRenderConstraintWithCustomTemplate(t *testing.T) { t.Errorf("Error getting violations: %v", err) } - expected, err := os.ReadFile("../../test/custom/constraint_Test.yaml") + expected, err := os.ReadFile("../../test/output/custom/constraint_FullMetadata.yaml") if err != nil { t.Errorf("Error reading expected file: %v", err) } @@ -77,7 +77,7 @@ func TestRenderConstraintTemplate(t *testing.T) { t.Errorf("Error getting violations: %v", err) } - expected, err := os.ReadFile("../../test/template_Test.yaml") + expected, err := os.ReadFile("../../test/output/standard/template_FullMetadata.yaml") if err != nil { t.Errorf("Error reading expected file: %v", err) } @@ -106,7 +106,7 @@ func TestRenderConstraintTemplateWithCustomTemplate(t *testing.T) { t.Errorf("Error getting violations: %v", err) } - expected, err := os.ReadFile("../../test/custom/template_Test.yaml") + expected, err := os.ReadFile("../../test/output/custom/template_FullMetadata.yaml") if err != nil { t.Errorf("Error reading expected file: %v", err) } @@ -129,7 +129,7 @@ func TestRenderConstraintTemplateWithCustomTemplate(t *testing.T) { } func GetViolations() ([]rego.Rego, error) { - violations, err := rego.GetViolations("../../test") + violations, err := rego.GetViolations("../../test/policies/") if err != nil { return nil, err } diff --git a/test/output/custom/constraint_Policies.yaml b/test/output/custom/constraint_Policies.yaml deleted file mode 100644 index 6fa779c6..00000000 --- a/test/output/custom/constraint_Policies.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This is a custom template for constraints -apiVersion: constraints.gatekeeper.sh/v1beta1 -kind: Policies -metadata: - name: policies -spec: - match: - excludedNamespaces: - - kube-system - - gatekeeper-system - kinds: - - apiGroups: - - "" - kinds: - - Pod - - apiGroups: - - apps - kinds: - - DaemonSet - - Deployment - - StatefulSet - labelSelector: - matchExpressions: - - key: foo - operator: In - values: - - bar - - baz - - key: doggos - operator: Exists - namespaces: - - dev - - stage - - prod diff --git a/test/output/custom/constraint_Test.yaml b/test/output/custom/constraint_Test.yaml deleted file mode 100644 index 514b3302..00000000 --- a/test/output/custom/constraint_Test.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This is a custom template for constraints -apiVersion: constraints.gatekeeper.sh/v1beta1 -kind: Test -metadata: - name: test -spec: - match: - excludedNamespaces: - - kube-system - - gatekeeper-system - kinds: - - apiGroups: - - "" - kinds: - - Pod - - apiGroups: - - apps - kinds: - - DaemonSet - - Deployment - - StatefulSet - labelSelector: - matchExpressions: - - key: foo - operator: In - values: - - bar - - baz - - key: doggos - operator: Exists - namespaces: - - dev - - stage - - prod diff --git a/test/output/custom/template_FullMetadata.yaml b/test/output/custom/template_FullMetadata.yaml index 4149afba..90312b3c 100644 --- a/test/output/custom/template_FullMetadata.yaml +++ b/test/output/custom/template_FullMetadata.yaml @@ -25,7 +25,7 @@ spec: - |- package lib.libraryB rego: |- - package test + package test_fullmetadata import future.keywords.if import data.lib.libraryA diff --git a/test/output/custom/template_PartialMetadata.yaml b/test/output/custom/template_PartialMetadata.yaml index f4690dec..0d1f549a 100644 --- a/test/output/custom/template_PartialMetadata.yaml +++ b/test/output/custom/template_PartialMetadata.yaml @@ -17,7 +17,7 @@ spec: - |- package lib.libraryB rego: |- - package test_partial_metadata + package test_partialmetadata import future.keywords.if import data.lib.libraryA diff --git a/test/output/custom/template_Policies.yaml b/test/output/custom/template_Policies.yaml deleted file mode 100644 index bd6b0a6a..00000000 --- a/test/output/custom/template_Policies.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# This is a custom template for a constraint template -apiVersion: templates.gatekeeper.sh/v1 -kind: ConstraintTemplate -metadata: - name: policies -spec: - crd: - spec: - names: - kind: Policies - validation: - openAPIV3Schema: - properties: - super: - description: |- - super duper cool parameter with a description - on two lines. - type: string - targets: - - libs: - - |- - package lib.libraryA - - import data.lib.libraryB - - |- - package lib.libraryB - rego: |- - package test - - import future.keywords.if - import data.lib.libraryA - - policyID := "P123456" - - violation if { - true # some comment - } - target: admission.k8s.gatekeeper.sh diff --git a/test/output/custom/template_Test.yaml b/test/output/custom/template_Test.yaml deleted file mode 100644 index 310a8978..00000000 --- a/test/output/custom/template_Test.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# This is a custom template for a constraint template -apiVersion: templates.gatekeeper.sh/v1 -kind: ConstraintTemplate -metadata: - name: test -spec: - crd: - spec: - names: - kind: Test - validation: - openAPIV3Schema: - properties: - super: - description: |- - super duper cool parameter with a description - on two lines. - type: string - targets: - - libs: - - |- - package lib.libraryA - - import data.lib.libraryB - - |- - package lib.libraryB - rego: |- - package test - - import future.keywords.if - import data.lib.libraryA - - policyID := "P123456" - - violation if { - true # some comment - } - target: admission.k8s.gatekeeper.sh diff --git a/test/output/standard/constraint_Test.yaml b/test/output/standard/constraint_FullMetadata.yaml similarity index 92% rename from test/output/standard/constraint_Test.yaml rename to test/output/standard/constraint_FullMetadata.yaml index 8f78b1f4..0723b101 100644 --- a/test/output/standard/constraint_Test.yaml +++ b/test/output/standard/constraint_FullMetadata.yaml @@ -1,7 +1,7 @@ apiVersion: constraints.gatekeeper.sh/v1beta1 -kind: Test +kind: FullMetadata metadata: - name: test + name: fullmetadata spec: match: excludedNamespaces: diff --git a/test/output/standard/template_FullMetadata.yaml b/test/output/standard/template_FullMetadata.yaml index 1e1e41fb..9ef47425 100644 --- a/test/output/standard/template_FullMetadata.yaml +++ b/test/output/standard/template_FullMetadata.yaml @@ -1,4 +1,4 @@ -apiVersion: templates.gatekeeper.sh/v1beta1 +apiVersion: templates.gatekeeper.sh/v1 kind: ConstraintTemplate metadata: creationTimestamp: null @@ -16,6 +16,7 @@ spec: super duper cool parameter with a description on two lines. type: string + type: object targets: - libs: - |- @@ -24,7 +25,7 @@ spec: import data.lib.libraryB - package lib.libraryB rego: |- - package test + package test_fullmetadata import future.keywords.if import data.lib.libraryA diff --git a/test/output/standard/template_NoMetadata.yaml b/test/output/standard/template_NoMetadata.yaml index 7ca2f71b..ce1dd7ee 100644 --- a/test/output/standard/template_NoMetadata.yaml +++ b/test/output/standard/template_NoMetadata.yaml @@ -1,4 +1,4 @@ -apiVersion: templates.gatekeeper.sh/v1beta1 +apiVersion: templates.gatekeeper.sh/v1 kind: ConstraintTemplate metadata: creationTimestamp: null diff --git a/test/output/standard/template_PartialMetadata.yaml b/test/output/standard/template_PartialMetadata.yaml index c25e0726..45b20bad 100644 --- a/test/output/standard/template_PartialMetadata.yaml +++ b/test/output/standard/template_PartialMetadata.yaml @@ -1,4 +1,4 @@ -apiVersion: templates.gatekeeper.sh/v1beta1 +apiVersion: templates.gatekeeper.sh/v1 kind: ConstraintTemplate metadata: creationTimestamp: null @@ -16,7 +16,7 @@ spec: import data.lib.libraryB - package lib.libraryB rego: |- - package test_partial_metadata + package test_partialmetadata import future.keywords.if import data.lib.libraryA diff --git a/test/output/standard/template_Policies.yaml b/test/output/standard/template_Policies.yaml deleted file mode 100644 index c87c412e..00000000 --- a/test/output/standard/template_Policies.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: templates.gatekeeper.sh/v1beta1 -kind: ConstraintTemplate -metadata: - creationTimestamp: null - name: policies -spec: - crd: - spec: - names: - kind: Policies - validation: - openAPIV3Schema: - properties: - super: - description: |- - super duper cool parameter with a description - on two lines. - type: string - targets: - - libs: - - |- - package lib.libraryA - - import data.lib.libraryB - - package lib.libraryB - rego: |- - package test - - import future.keywords.if - import data.lib.libraryA - - policyID := "P123456" - - violation if { - true # some comment - } - target: admission.k8s.gatekeeper.sh -status: {} diff --git a/test/output/standard/template_Test.yaml b/test/output/standard/template_Test.yaml deleted file mode 100644 index 93563030..00000000 --- a/test/output/standard/template_Test.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: templates.gatekeeper.sh/v1 -kind: ConstraintTemplate -metadata: - creationTimestamp: null - name: test -spec: - crd: - spec: - names: - kind: Test - validation: - openAPIV3Schema: - properties: - super: - description: |- - super duper cool parameter with a description - on two lines. - type: string - type: object - targets: - - libs: - - |- - package lib.libraryA - - import data.lib.libraryB - - package lib.libraryB - rego: |- - package test - - import future.keywords.if - import data.lib.libraryA - - policyID := "P123456" - - violation if { - true # some comment - } - target: admission.k8s.gatekeeper.sh -status: {} diff --git a/test/policies/full-metadata/src.rego b/test/policies/full-metadata/src.rego index 663e1ab2..5ae76b1b 100644 --- a/test/policies/full-metadata/src.rego +++ b/test/policies/full-metadata/src.rego @@ -36,7 +36,7 @@ # - dev # - stage # - prod -package test +package test_fullmetadata import future.keywords.if import data.lib.libraryA diff --git a/test/policies/partial-metadata/src.rego b/test/policies/partial-metadata/src.rego index 682afc3d..ed4619c2 100644 --- a/test/policies/partial-metadata/src.rego +++ b/test/policies/partial-metadata/src.rego @@ -7,7 +7,7 @@ # - dev # - stage # - prod -package test_partial_metadata +package test_partialmetadata import future.keywords.if import data.lib.libraryA