Skip to content

Commit

Permalink
feat: use the check block for checking CLI output in chainsaw tests (k…
Browse files Browse the repository at this point in the history
…yverno#9616)

Signed-off-by: Mariam Fahmy <[email protected]>
  • Loading branch information
MariamFahmy98 authored Feb 5, 2024
1 parent f529ff9 commit 90ac90b
Show file tree
Hide file tree
Showing 14 changed files with 61 additions and 61 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,9 @@ spec:
- name: step-05
try:
- script:
content: "if kubectl logs deployment/kyverno-admission-controller -n kyverno
| grep \"reason=\\\"PolicyViolation\\\"\" \nthen \n echo \"Test succeeded.
PolicyViolation event was not created.\"\n exit 0\nelse \n echo \"Tested
failed. PolicyViolation event should have been created.\"\n exit 1\nfi\n"
content: kubectl logs deployment/kyverno-admission-controller -n kyverno
check:
# This check ensures that the string 'reason="PolicyViolation"' is found
# in stdout or else fails
(contains($stdout, 'reason=\"PolicyViolation\"')): true

Original file line number Diff line number Diff line change
Expand Up @@ -46,5 +46,8 @@ spec:
- name: step-07
try:
- script:
content: "if kubectl get updaterequests -n kyverno 2>&1 | grep -q 'No resources found in kyverno namespace.'\nthen \n exit 0 \nelse \n exit
1\nfi\n"
content: kubectl get updaterequests -n kyverno
check:
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
No resources found in kyverno namespace.
Original file line number Diff line number Diff line change
Expand Up @@ -37,5 +37,8 @@ spec:
- name: step-07
try:
- script:
content: "if kubectl get updaterequests -n kyverno 2>&1 | grep -q 'No resources found in kyverno namespace.'\nthen \n exit 0 \nelse \n exit
1\nfi\n"
content: kubectl get updaterequests -n kyverno
check:
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
No resources found in kyverno namespace.
Original file line number Diff line number Diff line change
Expand Up @@ -34,5 +34,8 @@ spec:
- name: step-07
try:
- script:
content: "if kubectl get updaterequests -n kyverno 2>&1 | grep -q 'No resources found in kyverno namespace.'\nthen \n exit 0 \nelse \n exit
1\nfi\n"
content: kubectl get updaterequests -n kyverno
check:
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
No resources found in kyverno namespace.
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ spec:
- name: step-02
try:
- script:
content: "if kubectl apply -f pod-fail.yaml 2>&1 | grep -q 'host-port-pods:
hostPort must either be unset or set to 0' \nthen \n echo \"Test succeeded.
The message is displayed.\"\n exit 0\nelse \n echo \"Test failed.
The message isn't found.\"\n exit 1\nfi\n"
content: kubectl apply -f pod-fail.yaml
check:
# This check below ensures that the string 'hostPort must either be unset or set to 0' is found in stderr or else fails
(contains($stderr, 'hostPort must either be unset or set to 0')): true
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ spec:
- name: step-01
try:
- script:
content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'invalid variable
used' \nthen \n echo \"Test succeeded. The phrase 'invalid variable used'
is found.\"\n exit 0\nelse \n echo \"Test failed. The phrase 'invalid
variable used' has not been found.\"\n exit 1\nfi\n"
content: kubectl apply -f manifests.yaml
check:
# This check below ensures that the string 'invalid variable used' is found in stderr or else fails
(contains($stderr, 'invalid variable used')): true
- name: step-02
try:
- error:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ spec:
- name: step-01
try:
- script:
content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'invalid variable
used' \nthen \n echo \"Test succeeded. The phrase 'invalid variable used'
is found.\"\n exit 0\nelse \n echo \"Test failed. The phrase 'invalid
variable used' has not been found.\"\n exit 1\nfi\n"
content: kubectl apply -f manifests.yaml
check:
# This check below ensures that the string 'invalid variable used' is found in stderr or else fails
(contains($stderr, 'invalid variable used')): true
- name: step-02
try:
- error:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,10 @@ spec:
- name: step-01
try:
- script:
content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'variable {{request.roles}}
is not allowed' \nthen \n echo \"Test succeeded. The phrase 'variable
{{request.roles}} is not allowed' is found.\"\n exit 0\nelse \n echo
\"Test failed. The phrase 'variable {{request.roles}} is not allowed' has
not been found.\"\n exit 1\nfi\n"
content: kubectl apply -f manifests.yaml
check:
# This check below ensures that the string 'variable {{request.roles}} is not allowed' is found in stderr or else fails
(contains($stderr, 'variable {{request.roles}} is not allowed')): true
- name: step-02
try:
- error:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,10 @@ spec:
- name: step-01
try:
- script:
content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'variable {{serviceAccountName}}
is not allowed' \nthen \n echo \"Test succeeded. The phrase 'variable
{{serviceAccountName}} is not allowed' is found.\"\n exit 0\nelse \n
\ echo \"Test failed. The phrase 'variable {{serviceAccountName}} is not
allowed' has not been found.\"\n exit 1\nfi\n"
content: kubectl apply -f manifests.yaml
check:
# This check below ensures that the string 'variable {{serviceAccountName}} is not allowed' is found in stderr or else fails
(contains($stderr, 'variable {{serviceAccountName}} is not allowed')): true
- name: step-02
try:
- error:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,10 @@ spec:
- name: step-01
try:
- script:
content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'variable {{request.userInfo}}
is not allowed' \nthen \n echo \"Test succeeded. The phrase 'variable
{{request.userInfo}} is not allowed' is found.\"\n exit 0\nelse \n echo
\"Test failed. The phrase 'variable {{request.userInfo}} is not allowed'
has not been found.\"\n exit 1\nfi\n"
content: kubectl apply -f manifests.yaml
check:
# This check below ensures that the string 'variable {{request.userInfo}} is not allowed' is found in stderr or else fails
(contains($stderr, 'variable {{request.userInfo}} is not allowed')): true
- name: step-02
try:
- error:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,7 @@ spec:
- name: step-02
try:
- script:
content: "if kubectl -n test-validate exec nginx -it -- sh 2>&1 | grep -q
\"Exec'ing into Pods protected with the label 'exec=false' is forbidden\"
\nthen \n echo \"Tested failed. Exec Request was not blocked.\"\n exit
1 \nelse \n echo \"Test succeeded. Exec Request was blocked.\"\n exit
0\nfi\n"
content: kubectl -n test-validate exec nginx -it -- sh
check:
# This check below ensures that the string "Exec'ing into Pods protected with the label 'exec=false' is forbidden" isn't found in stderr or else fails
(contains($stderr, 'Exec\'ing into Pods protected with the label \'exec=false\' is forbidden')): false
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,7 @@ spec:
- name: step-02
try:
- script:
content: "if kubectl scale deployment nginx-test --replicas=1 -n test-validate
2>&1 | grep -q 'validation error: nginx-test needs to have 2 replicas' \nthen
\n echo \"Test failed. Resource was blocked from scaling.\"\n exit 1\nelse
\n echo \"Tested succeeded. Resource was allowed to scale.\"\n exit 0
\nfi\n"
content: kubectl scale deployment nginx-test --replicas=1 -n test-validate
check:
# This check below ensures that the string "nginx-test needs to have 2 replicas" isn't found in stderr or else fails
(contains($stderr, 'nginx-test needs to have 2 replicas')): false
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,10 @@ spec:
- name: step-02
try:
- script:
content: |
if kubectl apply -f resource.yaml 2>&1 | grep -q "label ''app.kubernetes.io/name'' is required"
then
echo "Test succeeded. Resource was blocked from label."
exit 0
else
echo "Tested failed. Resource was allowed to create."
exit 1
fi
content: kubectl apply -f resource.yaml
check:
# This check below ensures that the string "label ''app.kubernetes.io/name'' is required" is found in stderr or else fails
(contains($stderr, 'label \'\'app.kubernetes.io/name\'\' is required')): true
- name: step-03
try:
- apply:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@ spec:
- name: step-02
try:
- script:
content: "if kubectl scale deployment nginx-test --replicas=1 -n test-validate
2>&1 | grep -q 'validation error: nginx-test needs to have 2 replicas' \nthen
\n echo \"Test succeeded. Resource was blocked from scaling.\"\n exit
0\nelse \n echo \"Tested failed. Resource was allowed to scale.\"\n exit
1 \nfi\n"
content: kubectl scale deployment nginx-test --replicas=1 -n test-validate
check:
# This check below ensures that the string "validation error: nginx-test needs to have 2 replicas" isn't found in stderr or else fails
(contains($stderr, 'nginx-test needs to have 2 replicas')): true

0 comments on commit 90ac90b

Please sign in to comment.