open-cluster-management.io/governance-policy-propagator@v0.13.0/test/e2e/case17_policy_webhook_test.go (about) 1 // Copyright (c) 2020 Red Hat, Inc. 2 // Copyright Contributors to the Open Cluster Management project 3 4 package e2e 5 6 import ( 7 "context" 8 "unicode/utf8" 9 10 . "github.com/onsi/ginkgo/v2" 11 . "github.com/onsi/gomega" 12 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 13 14 "open-cluster-management.io/governance-policy-propagator/test/utils" 15 ) 16 17 var _ = Describe("Test policy webhook", Label("webhook"), Ordered, func() { 18 const ( 19 case17Prefix string = "../resources/case17_policy_webhook/" 20 case17PolicyLongYaml string = case17Prefix + "case17_policy_long.yaml" 21 case17PolicyReplicatedYaml string = case17Prefix + "case17_policy_replicate.yaml" 22 case17PolicyRemediationYaml string = case17Prefix + "case17_invalid_remediation_policy.yaml" 23 case17PolicyRootRemediationYaml string = case17Prefix + "case17_valid_remediation_policy_root.yaml" 24 case17PolicyCfplcRemediationYaml string = case17Prefix + "case17_valid_remediation_policy_cfplc.yaml" 25 longNamespace string = "long-long-long-long-long-long-long" 26 case17PolicyReplicatedName string = "case17-test-policy-replicated-longlong" 27 case17PolicyReplicatedPlr string = "case17-test-policy-replicated-longlong-plr" 28 case17PolicyReplicatedPb string = "case17-test-policy-replicated-longlong-pb" 29 case17PolicyRemediationName string = "case17-test-policy-no-remediation" 30 case17PolicyRootRemediationName string = "case17-test-policy-root-remediation" 31 case17PolicyCfplcRemediationName string = "case17-test-policy-cfplc-remediation" 32 errPrefix string = `admission webhook "policy.open-cluster-management.io.webhook" ` + 33 `denied the request: ` 34 combinedLengthErr string = errPrefix + "the combined length of the policy namespace and name " + 35 "cannot exceed 62 characters" 36 remediationErr string = errPrefix + "RemediationAction field of the policy and policy template " + 37 "cannot both be unset" 38 ) 39 40 Describe("Test name + namespace over 63", func() { 41 BeforeAll(func() { 42 _, err := utils.KubectlWithOutput("create", 43 "ns", longNamespace, "--kubeconfig="+kubeconfigHub, 44 ) 45 Expect(err).ShouldNot(HaveOccurred()) 46 }) 47 AfterAll(func() { 48 // cleanup 49 _, err := utils.KubectlWithOutput("delete", 50 "ns", longNamespace, 51 "--kubeconfig="+kubeconfigHub, 52 "--ignore-not-found", 53 ) 54 Expect(err).ShouldNot(HaveOccurred()) 55 56 _, err = utils.KubectlWithOutput("delete", 57 "policy", case17PolicyReplicatedName, 58 "-n", testNamespace, 59 "--kubeconfig="+kubeconfigHub, 60 "--ignore-not-found", 61 ) 62 Expect(err).ShouldNot(HaveOccurred()) 63 64 _, err = utils.KubectlWithOutput("delete", 65 "placementrule", case17PolicyReplicatedPlr, 66 "-n", testNamespace, 67 "--kubeconfig="+kubeconfigHub, 68 "--ignore-not-found", 69 ) 70 Expect(err).ShouldNot(HaveOccurred()) 71 72 _, err = utils.KubectlWithOutput("delete", 73 "placementbinding", case17PolicyReplicatedPb, 74 "-n", testNamespace, 75 "--kubeconfig="+kubeconfigHub, 76 "--ignore-not-found", 77 ) 78 Expect(err).ShouldNot(HaveOccurred()) 79 }) 80 It("Should the error message is presented", func() { 81 output, err := utils.KubectlWithOutput("apply", 82 "-f", case17PolicyLongYaml, 83 "-n", longNamespace, 84 "--kubeconfig="+kubeconfigHub) 85 Expect(err).Should(HaveOccurred()) 86 Expect(output).Should(ContainSubstring(combinedLengthErr)) 87 }) 88 It("Should replicated policy should not be validated", func() { 89 _, err := utils.KubectlWithOutput("apply", 90 "-f", case17PolicyReplicatedYaml, 91 "-n", testNamespace, 92 "--kubeconfig="+kubeconfigHub) 93 Expect(err).ShouldNot(HaveOccurred()) 94 plr := utils.GetWithTimeout( 95 clientHubDynamic, gvrPlacementRule, case17PolicyReplicatedName+"-plr", 96 testNamespace, true, defaultTimeoutSeconds, 97 ) 98 plr.Object["status"] = utils.GeneratePlrStatus("managed1") 99 _, err = clientHubDynamic.Resource(gvrPlacementRule).Namespace(testNamespace).UpdateStatus( 100 context.TODO(), plr, metav1.UpdateOptions{}, 101 ) 102 Expect(err).ToNot(HaveOccurred()) 103 104 By("Replicated policy name and cluster namespace should be over 63 character") 105 Expect(utf8.RuneCountInString("managed1." + testNamespace + 106 "." + case17PolicyReplicatedName)).Should(BeNumerically(">", 63)) 107 108 By("Replicated policy should be created") 109 plc := utils.GetWithTimeout( 110 clientHubDynamic, gvrPolicy, testNamespace+"."+case17PolicyReplicatedName, 111 "managed1", true, defaultTimeoutSeconds, 112 ) 113 Expect(plc).ToNot(BeNil()) 114 }) 115 }) 116 117 Describe("The remediationAction field should not be unset in both root policy and policy templates", func() { 118 AfterAll(func() { 119 _, err := utils.KubectlWithOutput("delete", 120 "policy", case17PolicyRemediationName, 121 "-n", testNamespace, 122 "--kubeconfig="+kubeconfigHub, 123 "--ignore-not-found", 124 ) 125 Expect(err).ShouldNot(HaveOccurred()) 126 127 _, err = utils.KubectlWithOutput("delete", 128 "policy", case17PolicyRootRemediationName, 129 "-n", testNamespace, 130 "--kubeconfig="+kubeconfigHub, 131 "--ignore-not-found", 132 ) 133 Expect(err).ShouldNot(HaveOccurred()) 134 135 _, err = utils.KubectlWithOutput("delete", 136 "policy", case17PolicyCfplcRemediationName, 137 "-n", testNamespace, 138 "--kubeconfig="+kubeconfigHub, 139 "--ignore-not-found", 140 ) 141 Expect(err).ShouldNot(HaveOccurred()) 142 }) 143 144 It("Should return a validation error when creating policies", func() { 145 By("Applying a policy where both the remediationAction of the root policy " + 146 "and the configuration policy in the policy templates are unset") 147 output, err := utils.KubectlWithOutput("apply", 148 "-f", case17PolicyRemediationYaml, 149 "-n", testNamespace, 150 "--kubeconfig="+kubeconfigHub) 151 Expect(err).Should(HaveOccurred()) 152 Expect(output).Should(ContainSubstring(remediationErr)) 153 }) 154 155 It("Should not return a validation error when creating policies", func() { 156 By("Applying a policy where only the remediationAction of the " + 157 "root policy is set") 158 _, err := utils.KubectlWithOutput("apply", 159 "-f", case17PolicyRootRemediationYaml, 160 "-n", testNamespace, 161 "--kubeconfig="+kubeconfigHub) 162 Expect(err).ShouldNot(HaveOccurred()) 163 164 By("Applying a policy where only the remediationAction of the " + 165 "configuration policy in the policy templates is set") 166 _, err = utils.KubectlWithOutput("apply", 167 "-f", case17PolicyCfplcRemediationYaml, 168 "-n", testNamespace, 169 "--kubeconfig="+kubeconfigHub) 170 Expect(err).ShouldNot(HaveOccurred()) 171 }) 172 173 It("Should return a validation error when updating policies", func() { 174 By("Patching a policy so that the remediationAction field of both " + 175 "the root policy and configuration policy is unset") 176 177 output, err := utils.KubectlWithOutput("patch", "policy", 178 case17PolicyRootRemediationName, "-n", testNamespace, 179 "--kubeconfig="+kubeconfigHub, 180 "--type=json", "-p", "[{'op': 'remove', 'path': '/spec/remediationAction'}]", 181 ) 182 183 Expect(err).Should(HaveOccurred()) 184 Expect(output).Should(ContainSubstring(remediationErr)) 185 }) 186 187 It("Should not return a validation error when updating policies", func() { 188 By("Patching a policy so that only the remediationAction field of the root policy is unset") 189 190 _, err := utils.KubectlWithOutput("patch", "policy", 191 case17PolicyRootRemediationName, "-n", testNamespace, 192 "--kubeconfig="+kubeconfigHub, "--type=json", "-p", 193 "[{'op': 'add', 'path': '/spec/remediationAction', 'value': 'inform'}]", 194 ) 195 196 Expect(err).ShouldNot(HaveOccurred()) 197 }) 198 }) 199 })