fix: unit tests

Signed-off-by: Charles-Edouard Brétéché <[email protected]>

pkg/data/data_test.go

@@ -10,7 +10,7 @@ import (
 func TestCrds(t *testing.T) {
 	data := Crds()
 	{
-		file, err := fs.Stat(data, "crds/json.kyverno.io_policies.yaml")
+		file, err := fs.Stat(data, "crds/json.kyverno.io_validationpolicies.yaml")
 		assert.NoError(t, err)
 		assert.NotNil(t, file)
 		assert.False(t, file.IsDir())

pkg/engine/template/kyverno/functions.go

@@ -70,7 +70,6 @@ var (
 	objectFromLists        = "object_from_lists"
 	random                 = "random"
 	x509_decode            = "x509_decode"
-	imageNormalize         = "image_normalize"
 )
 
 func GetBareFunctions() []gojmespath.FunctionEntry {

test/api/README.md

@@ -17,18 +17,17 @@ make install-crds
 ```bash
 kubectl apply -f - <<EOF
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: test
 spec:
   rules:
     - name: foo-bar-4
-      validate:
-        assert:
-          all:
-          - check:
-              foo:
-                bar: 4
+      assert:
+        all:
+        - check:
+            foo:
+              bar: 4
 EOF
 ```
 

test/dockerfile/policy.yaml

@@ -1,26 +1,25 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: check-dockerfile
 spec:
   rules:
     - name: no-external
-      validate:
-        assert:
-          all:
-          - message: "HTTP calls are not allowed"
-            check:
-              ~.(Stages[].Commands[].Args[].Value):
-                (contains(@, 'https://') || contains(@, 'http://')): false
-          - message: "HTTP calls are not allowed"
-            check:
-              ~.(Stages[].Commands[].CmdLine[]):
-                (contains(@, 'https://') || contains(@, 'http://')): false
-          - message: "curl is not allowed"
-            check:
-              ~.(Stages[].Commands[].CmdLine[]):
-                (contains(@, 'curl')): false
-          - message: "wget is not allowed"
-            check:
-              ~.(Stages[].Commands[].CmdLine[]):
-                (contains(@, 'wget')): false
+      assert:
+        all:
+        - message: "HTTP calls are not allowed"
+          check:
+            ~.(Stages[].Commands[].Args[].Value):
+              (contains(@, 'https://') || contains(@, 'http://')): false
+        - message: "HTTP calls are not allowed"
+          check:
+            ~.(Stages[].Commands[].CmdLine[]):
+              (contains(@, 'https://') || contains(@, 'http://')): false
+        - message: "curl is not allowed"
+          check:
+            ~.(Stages[].Commands[].CmdLine[]):
+              (contains(@, 'curl')): false
+        - message: "wget is not allowed"
+          check:
+            ~.(Stages[].Commands[].CmdLine[]):
+              (contains(@, 'wget')): false

test/escaped/policy.yaml

@@ -1,30 +1,29 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: test
 spec:
   rules:
     - name: foo-bar-4
-      validate:
-        assert:
-          all:
-          - check:
-              foo:
-                \(bar)\: 4
-          - check:
-              foo:
-                \(bar)\->test:
-                  ($test): 4
-          - check:
-              foo:
-                \(bar)->test\: 6
-          - check:
-              foo:
-                \(bar)->test\->test:
-                  ($test): 6
-          - check:
-              foo:
-                \~foos\:
-                - 1
-                - 2
-                - 3
+      assert:
+        all:
+        - check:
+            foo:
+              \(bar)\: 4
+        - check:
+            foo:
+              \(bar)\->test:
+                ($test): 4
+        - check:
+            foo:
+              \(bar)->test\: 6
+        - check:
+            foo:
+              \(bar)->test\->test:
+                ($test): 6
+        - check:
+            foo:
+              \~foos\:
+              - 1
+              - 2
+              - 3

test/foo-bar/policy.yaml

@@ -1,13 +1,12 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: test
 spec:
   rules:
     - name: foo-bar-4
-      validate:
-        assert:
-          all:
-          - check:
-              foo:
-                bar: 4
+      assert:
+        all:
+        - check:
+            foo:
+              bar: 4

test/payload-yaml/policy.yaml

@@ -1,5 +1,5 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: required-s3-tags
 spec:
@@ -12,10 +12,9 @@ spec:
       - name: tags
         variable:
           Team: Kyverno
-      validate:
-        assert:
-          all:
-          - message: Bucket `{{ name }}` ({{ address }}) does not have the required tags {{ to_string($tags) }}
-            check:
-              values:
-                tags: ($tags)
+      assert:
+        all:
+        - message: Bucket `{{ name }}` ({{ address }}) does not have the required tags {{ to_string($tags) }}
+          check:
+            values:
+              tags: ($tags)

test/pod-all-latest/policy.yaml

@@ -1,5 +1,5 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: test
 spec:
@@ -14,12 +14,11 @@ spec:
         any:
         - apiVersion: v1
           kind: Pod
-      validate:
-        assert:
-          all:
-          - check:
-              ~.(spec.containers[*].image):
-                # an image tag is required
-                (contains(@, ':')): true
-                # using a mutable image tag e.g. 'latest' is not allowed
-                (ends_with(@, $tag)): true
+      assert:
+        all:
+        - check:
+            ~.(spec.containers[*].image):
+              # an image tag is required
+              (contains(@, ':')): true
+              # using a mutable image tag e.g. 'latest' is not allowed
+              (ends_with(@, $tag)): true

test/pod-no-latest/policy.yaml

@@ -1,5 +1,5 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: test
 spec:
@@ -12,28 +12,27 @@ spec:
         any:
         - apiVersion: v1
           kind: Pod
-      validate:
-        assert:
-          all:
-          - check:
-              spec:
-                ~foo.containers->foos:
-                  (at($foos, $foo).image)->foo:
-                    # an image tag is required
-                    (contains($foo, ':')): true
-                    # using a mutable image tag e.g. 'latest' is not allowed
-                    (ends_with($foo, $tag)): false
-          - check:
-              spec:
-                ~.containers->foo:
-                  image:
-                    # an image tag is required
-                    (contains(@, ':')): true
-                    # using a mutable image tag e.g. 'latest' is not allowed
-                    (ends_with(@, ':latest')): false
-          - check:
-              ~index.(spec.containers[*].image)->images:
-                # an image tag is required
-                (contains(@, ':')): true
-                # using a mutable image tag e.g. 'latest' is not allowed
-                (ends_with(@, ':latest')): false
+      assert:
+        all:
+        - check:
+            spec:
+              ~foo.containers->foos:
+                (at($foos, $foo).image)->foo:
+                  # an image tag is required
+                  (contains($foo, ':')): true
+                  # using a mutable image tag e.g. 'latest' is not allowed
+                  (ends_with($foo, $tag)): false
+        - check:
+            spec:
+              ~.containers->foo:
+                image:
+                  # an image tag is required
+                  (contains(@, ':')): true
+                  # using a mutable image tag e.g. 'latest' is not allowed
+                  (ends_with(@, ':latest')): false
+        - check:
+            ~index.(spec.containers[*].image)->images:
+              # an image tag is required
+              (contains(@, ':')): true
+              # using a mutable image tag e.g. 'latest' is not allowed
+              (ends_with(@, ':latest')): false

test/scripted/policy.yaml

@@ -1,17 +1,16 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: test
 spec:
   rules:
     - name: foo-bar-4
-      validate:
-        assert:
-          all:
-          - check:
-              foo:
-                (bar > `3`): true
-                (!baz): false
-          - check:
-              foo:
-                (bar + bat): 10
+      assert:
+        all:
+        - check:
+            foo:
+              (bar > `3`): true
+              (!baz): false
+        - check:
+            foo:
+              (bar + bat): 10

test/tf-plan/policy.yaml

@@ -1,5 +1,5 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: required-s3-tags
 spec:
@@ -12,10 +12,9 @@ spec:
       - name: tags
         variable:
           Team: Kyverno
-      validate:
-        assert:
-          all:
-          - message: Bucket `{{ name }}` ({{ address }}) does not have the required tags {{ to_string($tags) }}
-            check:
-              values:
-                tags: ($tags)
+      assert:
+        all:
+        - message: Bucket `{{ name }}` ({{ address }}) does not have the required tags {{ to_string($tags) }}
+          check:
+            values:
+              tags: ($tags)

test/wildcard/policy.yaml

@@ -1,5 +1,5 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: required-s3-tags
 spec:
@@ -11,9 +11,8 @@ spec:
       exclude:
         any:
         - (wildcard('bypass-*', name)): true
-      validate:
-        assert:
-          all:
-          - check:
-              tags:
-                (wildcard('?*', Team)): false
+      assert:
+        all:
+        - check:
+            tags:
+              (wildcard('?*', Team)): false