open-cluster-management.io/governance-policy-propagator@v0.13.0/test/e2e/case15_dep_crd_validation_test.go (about)

     1  // Copyright (c) 2022 Red Hat, Inc.
     2  // Copyright Contributors to the Open Cluster Management project
     3  
     4  package e2e
     5  
     6  import (
     7  	"context"
     8  
     9  	. "github.com/onsi/ginkgo/v2"
    10  	. "github.com/onsi/gomega"
    11  	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    12  	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
    13  	"k8s.io/client-go/dynamic"
    14  
    15  	"open-cluster-management.io/governance-policy-propagator/test/utils"
    16  )
    17  
    18  var _ = Describe("Test CRD validation", func() {
    19  	basicPolicy := func() *unstructured.Unstructured {
    20  		return utils.ParseYaml("../resources/case15_dep_crd_validation/basic-policy.yaml")
    21  	}
    22  
    23  	addDependency := func(pol *unstructured.Unstructured, name, ns, kind string) *unstructured.Unstructured {
    24  		deps := []interface{}{map[string]interface{}{
    25  			"apiVersion": "policy.open-cluster-management.io/v1",
    26  			"kind":       kind,
    27  			"name":       name,
    28  			"namespace":  ns,
    29  			"compliance": "Compliant",
    30  		}}
    31  
    32  		err := unstructured.SetNestedSlice(pol.Object, deps, "spec", "dependencies")
    33  		Expect(err).ToNot(HaveOccurred())
    34  
    35  		return pol
    36  	}
    37  
    38  	addExtraDependency := func(pol *unstructured.Unstructured, name, ns, kind string) *unstructured.Unstructured {
    39  		templates, found, err := unstructured.NestedSlice(pol.Object, "spec", "policy-templates")
    40  		Expect(found).To(BeTrue())
    41  		Expect(err).ToNot(HaveOccurred())
    42  
    43  		tmpl0 := templates[0].(map[string]interface{})
    44  		tmpl0["extraDependencies"] = []interface{}{map[string]interface{}{
    45  			"apiVersion": "policy.open-cluster-management.io/v1",
    46  			"kind":       kind,
    47  			"name":       name,
    48  			"namespace":  ns,
    49  			"compliance": "Compliant",
    50  		}}
    51  
    52  		err = unstructured.SetNestedSlice(pol.Object, templates, "spec", "policy-templates")
    53  		Expect(err).ToNot(HaveOccurred())
    54  
    55  		return pol
    56  	}
    57  
    58  	policyClient := func() dynamic.ResourceInterface {
    59  		return clientHubDynamic.Resource(gvrPolicy).Namespace("default")
    60  	}
    61  
    62  	AfterEach(func() {
    63  		By("Removing the policy")
    64  		// ignore error, because invalid policies will not have been created
    65  		_ = policyClient().Delete(context.TODO(), "basic", v1.DeleteOptions{})
    66  	})
    67  
    68  	Describe("Test dependency namespace validation", func() {
    69  		tests := map[string]struct {
    70  			validWithNamespace    bool
    71  			validWithoutNamespace bool
    72  		}{
    73  			"ConfigurationPolicy": {false, true},
    74  			"CertificatePolicy":   {false, true},
    75  			"IamPolicy":           {false, true},
    76  			"Policy":              {true, true},
    77  			"PolicySet":           {true, true},
    78  			"OtherType":           {true, true},
    79  		}
    80  
    81  		for kind, tc := range tests {
    82  			kind := kind
    83  			tc := tc
    84  
    85  			It("checks creating a policy with a "+kind+" dependency with a namespace", func() {
    86  				pol := addDependency(basicPolicy(), "foo", "default", kind)
    87  				_, err := policyClient().Create(context.TODO(), pol, v1.CreateOptions{})
    88  				Expect(err == nil).To(Equal(tc.validWithNamespace))
    89  			})
    90  			It("checks creating a policy with a "+kind+" dependency without a namespace", func() {
    91  				pol := addDependency(basicPolicy(), "foo", "", kind)
    92  				_, err := policyClient().Create(context.TODO(), pol, v1.CreateOptions{})
    93  				Expect(err == nil).To(Equal(tc.validWithoutNamespace))
    94  			})
    95  		}
    96  	})
    97  
    98  	Describe("Test extraDependency namespace validation", func() {
    99  		tests := map[string]struct {
   100  			validWithNamespace    bool
   101  			validWithoutNamespace bool
   102  		}{
   103  			"ConfigurationPolicy": {false, true},
   104  			"CertificatePolicy":   {false, true},
   105  			"IamPolicy":           {false, true},
   106  			"Policy":              {true, true},
   107  			"PolicySet":           {true, true},
   108  			"OtherType":           {true, true},
   109  		}
   110  
   111  		for kind, tc := range tests {
   112  			kind := kind
   113  			tc := tc
   114  
   115  			It("checks creating a policy with a "+kind+" extraDependency with a namespace", func() {
   116  				pol := addExtraDependency(basicPolicy(), "foo", "default", kind)
   117  				_, err := policyClient().Create(context.TODO(), pol, v1.CreateOptions{})
   118  				Expect(err == nil).To(Equal(tc.validWithNamespace))
   119  			})
   120  			It("checks creating a policy with a "+kind+" extraDependency without a namespace", func() {
   121  				pol := addExtraDependency(basicPolicy(), "foo", "", kind)
   122  				_, err := policyClient().Create(context.TODO(), pol, v1.CreateOptions{})
   123  				Expect(err == nil).To(Equal(tc.validWithoutNamespace))
   124  			})
   125  		}
   126  	})
   127  })