GitOps for k8s
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

policies_test.go 6.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243
  1. package kubernetes
  2. import (
  3. "bytes"
  4. "os"
  5. "testing"
  6. "text/template"
  7. "github.com/go-kit/kit/log"
  8. "github.com/stretchr/testify/assert"
  9. "github.com/fluxcd/flux/policy"
  10. "github.com/fluxcd/flux/resource"
  11. )
  12. func TestUpdatePolicies(t *testing.T) {
  13. for _, c := range []struct {
  14. name string
  15. in, out []string
  16. update resource.PolicyUpdate
  17. wantErr bool
  18. }{
  19. {
  20. name: "adding annotation with others existing",
  21. in: []string{"prometheus.io/scrape", "'false'"},
  22. out: []string{"prometheus.io/scrape", "'false'", "fluxcd.io/automated", "'true'"},
  23. update: resource.PolicyUpdate{
  24. Add: policy.Set{policy.Automated: "true"},
  25. },
  26. },
  27. {
  28. name: "adding annotation when already has annotation does not change prefix",
  29. in: []string{"flux.weave.works/automated", "'true'"},
  30. out: []string{"flux.weave.works/automated", "'true'"},
  31. update: resource.PolicyUpdate{
  32. Add: policy.Set{policy.Automated: "true"},
  33. },
  34. },
  35. {
  36. name: "adding annotation when already has annotation and others",
  37. in: []string{"flux.weave.works/automated", "'true'", "prometheus.io/scrape", "'false'"},
  38. out: []string{"flux.weave.works/automated", "'true'", "prometheus.io/scrape", "'false'"},
  39. update: resource.PolicyUpdate{
  40. Add: policy.Set{policy.Automated: "true"},
  41. },
  42. },
  43. {
  44. name: "adding first annotation (uses new prefix)",
  45. in: nil,
  46. out: []string{"fluxcd.io/automated", "'true'"},
  47. update: resource.PolicyUpdate{
  48. Add: policy.Set{policy.Automated: "true"},
  49. },
  50. },
  51. {
  52. name: "add and remove different annotations at the same time",
  53. in: []string{"flux.weave.works/automated", "'true'", "prometheus.io/scrape", "'false'"},
  54. out: []string{"prometheus.io/scrape", "'false'", "fluxcd.io/locked", "'true'"},
  55. update: resource.PolicyUpdate{
  56. Add: policy.Set{policy.Locked: "true"},
  57. Remove: policy.Set{policy.Automated: "true"},
  58. },
  59. },
  60. {
  61. name: "remove overrides add for same key",
  62. in: nil,
  63. out: nil,
  64. update: resource.PolicyUpdate{
  65. Add: policy.Set{policy.Locked: "true"},
  66. Remove: policy.Set{policy.Locked: "true"},
  67. },
  68. },
  69. {
  70. name: "remove annotation with others existing",
  71. in: []string{"fluxcd.io/automated", "true", "prometheus.io/scrape", "false"},
  72. out: []string{"prometheus.io/scrape", "false"},
  73. update: resource.PolicyUpdate{
  74. Remove: policy.Set{policy.Automated: "true"},
  75. },
  76. },
  77. {
  78. name: "remove last annotation",
  79. in: []string{"fluxcd.io/automated", "true"},
  80. out: nil,
  81. update: resource.PolicyUpdate{
  82. Remove: policy.Set{policy.Automated: "true"},
  83. },
  84. },
  85. {
  86. name: "remove annotation with no annotations",
  87. in: nil,
  88. out: nil,
  89. update: resource.PolicyUpdate{
  90. Remove: policy.Set{policy.Automated: "true"},
  91. },
  92. },
  93. {
  94. name: "remove annotation with only others",
  95. in: []string{"prometheus.io/scrape", "false"},
  96. out: []string{"prometheus.io/scrape", "false"},
  97. update: resource.PolicyUpdate{
  98. Remove: policy.Set{policy.Automated: "true"},
  99. },
  100. },
  101. {
  102. name: "multiline",
  103. in: []string{"fluxcd.io/locked_msg", "|-\n first\n second"},
  104. out: nil,
  105. update: resource.PolicyUpdate{
  106. Remove: policy.Set{policy.LockedMsg: "foo"},
  107. },
  108. },
  109. {
  110. name: "multiline with empty line",
  111. in: []string{"fluxcd.io/locked_msg", "|-\n first\n\n third"},
  112. out: nil,
  113. update: resource.PolicyUpdate{
  114. Remove: policy.Set{policy.LockedMsg: "foo"},
  115. },
  116. },
  117. {
  118. name: "add tag policy",
  119. in: nil,
  120. out: []string{"fluxcd.io/tag.nginx", "glob:*"},
  121. update: resource.PolicyUpdate{
  122. Add: policy.Set{policy.TagPrefix("nginx"): "glob:*"},
  123. },
  124. },
  125. {
  126. name: "add non-glob tag policy",
  127. in: nil,
  128. out: []string{"fluxcd.io/tag.nginx", "foo"},
  129. update: resource.PolicyUpdate{
  130. Add: policy.Set{policy.TagPrefix("nginx"): "foo"},
  131. },
  132. },
  133. {
  134. name: "add semver tag policy",
  135. in: nil,
  136. out: []string{"fluxcd.io/tag.nginx", "semver:*"},
  137. update: resource.PolicyUpdate{
  138. Add: policy.Set{policy.TagPrefix("nginx"): "semver:*"},
  139. },
  140. },
  141. {
  142. name: "add invalid semver tag policy",
  143. in: nil,
  144. out: []string{"fluxcd.io/tag.nginx", "semver:*"},
  145. update: resource.PolicyUpdate{
  146. Add: policy.Set{policy.TagPrefix("nginx"): "semver:invalid"},
  147. },
  148. wantErr: true,
  149. },
  150. {
  151. name: "add regexp tag policy",
  152. in: nil,
  153. out: []string{"fluxcd.io/tag.nginx", "regexp:(.*?)"},
  154. update: resource.PolicyUpdate{
  155. Add: policy.Set{policy.TagPrefix("nginx"): "regexp:(.*?)"},
  156. },
  157. },
  158. {
  159. name: "add invalid regexp tag policy",
  160. in: nil,
  161. out: []string{"fluxcd.io/tag.nginx", "regexp:(.*?)"},
  162. update: resource.PolicyUpdate{
  163. Add: policy.Set{policy.TagPrefix("nginx"): "regexp:*"},
  164. },
  165. wantErr: true,
  166. },
  167. {
  168. name: "add tag policy with alternative prefix does not change existing prefix",
  169. in: []string{"filter.fluxcd.io/nginx", "glob:*"},
  170. out: []string{"filter.fluxcd.io/nginx", "glob:*"},
  171. update: resource.PolicyUpdate{
  172. Add: policy.Set{policy.TagPrefix("nginx"): "glob:*"},
  173. },
  174. },
  175. {
  176. name: "set tag to all containers",
  177. in: nil,
  178. out: []string{"fluxcd.io/tag.nginx", "semver:*"},
  179. update: resource.PolicyUpdate{
  180. Add: policy.Set{policy.TagAll: "semver:*"},
  181. },
  182. },
  183. } {
  184. t.Run(c.name, func(t *testing.T) {
  185. caseIn := templToString(t, annotationsTemplate, c.in)
  186. caseOut := templToString(t, annotationsTemplate, c.out)
  187. resourceID := resource.MustParseID("default:deployment/nginx")
  188. manifests := NewManifests(ConstNamespacer("default"), log.NewLogfmtLogger(os.Stdout))
  189. out, err := manifests.UpdateWorkloadPolicies([]byte(caseIn), resourceID, c.update)
  190. assert.Equal(t, c.wantErr, err != nil, "unexpected error value: %s", err)
  191. if !c.wantErr {
  192. assert.Equal(t, string(out), caseOut)
  193. }
  194. })
  195. }
  196. }
  197. func TestUpdatePolicies_invalidTagPattern(t *testing.T) {
  198. resourceID := resource.MustParseID("default:deployment/nginx")
  199. update := resource.PolicyUpdate{
  200. Add: policy.Set{policy.TagPrefix("nginx"): "semver:invalid"},
  201. }
  202. _, err := (&manifests{}).UpdateWorkloadPolicies(nil, resourceID, update)
  203. assert.Error(t, err)
  204. }
  205. var annotationsTemplate = template.Must(template.New("").Parse(`---
  206. apiVersion: extensions/v1beta1
  207. kind: Deployment
  208. metadata: # comment really close to the war zone
  209. name: nginx{{with .}}
  210. annotations:{{range .}}
  211. {{index . 0}}: {{printf "%s" (index . 1)}}{{end}}{{end}}
  212. spec:
  213. replicas: 1
  214. template:
  215. metadata: # comment2
  216. labels:
  217. name: nginx
  218. spec:
  219. containers:
  220. - image: nginx # These keys are purposefully un-sorted.
  221. name: nginx # And these comments are testing comments.
  222. ports:
  223. - containerPort: 80
  224. `))
  225. func templToString(t *testing.T, templ *template.Template, data []string) string {
  226. var pairs [][]string
  227. for i := 0; i < len(data); i += 2 {
  228. pairs = append(pairs, []string{data[i], data[i+1]})
  229. }
  230. out := &bytes.Buffer{}
  231. err := templ.Execute(out, pairs)
  232. if err != nil {
  233. t.Fatal(err)
  234. }
  235. return out.String()
  236. }