Skip to content
Snippets Groups Projects
Commit 8134a777 authored by Morgan Hoffman's avatar Morgan Hoffman
Browse files

update rego testing for allow rollout restart

parent 1c9dc3c3
Branches
Tags
1 merge request!63PLATFORM-2126 "allow rollout restart w/ testing"
Pipeline #763209 failed with stages
Stage:
    Stage:
      in 14 seconds
      Hide whitespace changes
      Inline Side-by-side
      Chart.yaml
      + 1
      1
      View file @ 8134a777
      apiVersion: v2
      name: constraint-templates
      version: 1.5.0
      version: 1.5.1
      appVersion: 1.0.0
      rego/allow_rollout_restart/policy_test.rego
      + 35
      17
      View file @ 8134a777
      package allow_rollout_restart
      test_with_deployment_and_correct_annotation {
      input := review_deployment_patch_existing("kubectl.kubernetes.io.restartedAt","14oclock","randomuser","13oclock")
      input := review_deployment_patch_existing("kubectl.kubernetes.io.restartedAt","14oclock","randomuser","randomgroup","13oclock")
      results := violation
      with input as input
      ......@@ -10,7 +10,7 @@ test_with_deployment_and_correct_annotation {
      }
      test_with_deployment_and_incorrect_annotation {
      input := review_deployment_patch_existing("wrongAnnotation","wrong","randomuser","13oclock")
      input := review_deployment_patch_existing("wrongAnnotation","wrong","randomuser","randomgroup","13oclock")
      results := violation
      with input as input
      ......@@ -19,7 +19,16 @@ test_with_deployment_and_incorrect_annotation {
      }
      test_with_deployment_and_incorrect_annotation_with_flux {
      input := review_deployment_patch_existing("wrongAnnotation","wrong","flux","13oclock")
      input := review_deployment_patch_existing("wrongAnnotation","wrong","flux","randomgroup","13oclock")
      results := violation
      with input as input
      count(results) == 0
      }
      test_with_deployment_and_incorrect_annotation_with_platform_admin_group {
      input := review_deployment_patch_existing("wrongAnnotation","wrong","randomuser","oidc:it.platform.roles.admin","13oclock")
      results := violation
      with input as input
      ......@@ -28,7 +37,7 @@ test_with_deployment_and_incorrect_annotation_with_flux {
      }
      test_with_deployment_and_too_many_annotations{
      input := review_deployment_patch_extra_annotations("kubectl.kubernetes.io.restartedAt","14oclock","randomuser","13oclock")
      input := review_deployment_patch_extra_annotations("kubectl.kubernetes.io.restartedAt","14oclock","randomuser","randomgroup","13oclock")
      results := violation
      with input as input
      ......@@ -37,7 +46,7 @@ test_with_deployment_and_too_many_annotations{
      }
      test_with_deployment_and_correct_annotation_no_existing_annotation {
      input := review_deployment_patch_absent("kubectl.kubernetes.io.restartedAt","14oclock","randomuser")
      input := review_deployment_patch_absent("kubectl.kubernetes.io.restartedAt","14oclock","randomuser","randomgroup")
      results := violation
      with input as input
      ......@@ -46,7 +55,7 @@ test_with_deployment_and_correct_annotation_no_existing_annotation {
      }
      test_with_deployment_and_incorrect_annotation_no_existing_annotation {
      input := review_deployment_patch_absent("wrongAnnotation","wrong","randomuser")
      input := review_deployment_patch_absent("wrongAnnotation","wrong","randomuser","randomgroup")
      results := violation
      with input as input
      ......@@ -54,19 +63,22 @@ test_with_deployment_and_incorrect_annotation_no_existing_annotation {
      count(results) == 1
      }
      review_deployment_patch_extra_annotations(annotationname,annotationvalue,username,previousrestarted) = out {
      review_deployment_patch_extra_annotations(annotationname,annotationvalue,username,groupname,previousrestarted) = out {
      out = {
      "review": {
      "userInfo": {
      "username": username
      "username": username,
      "groups": [
      groupname
      ]
      },
      "operation": "PATCH",
      "operation": "UPDATE",
      "kind": {
      "kind": "Deployment"
      },
      "object": {
      "spec": {
      "template: {
      "template": {
      "metadata": {
      "annotations": {
      "dreaded_gazebo": "indeed",
      ......@@ -78,7 +90,7 @@ review_deployment_patch_extra_annotations(annotationname,annotationvalue,usernam
      },
      "oldObject": {
      "spec": {
      "template: {
      "template:" {
      "metadata": {
      "annotations": {
      "kubectl.kubernetes.io.restartedAt": previousrestarted
      ......@@ -91,13 +103,16 @@ review_deployment_patch_extra_annotations(annotationname,annotationvalue,usernam
      }
      }
      review_deployment_patch_existing(annotationname,annotationvalue,username,previousrestarted) = out {
      review_deployment_patch_existing(annotationname,annotationvalue,username,groupname,previousrestarted) = out {
      out = {
      "review": {
      "userInfo": {
      "username": username
      "username": username,
      "groups": [
      groupname
      ]
      },
      "operation": "PATCH",
      "operation": "UPDATE",
      "kind": {
      "kind": "Deployment"
      },
      ......@@ -127,13 +142,16 @@ review_deployment_patch_existing(annotationname,annotationvalue,username,previou
      }
      }
      review_deployment_patch_absent(annotationname,annotationvalue,username) = out {
      review_deployment_patch_absent(annotationname,annotationvalue,username,groupname) = out {
      out = {
      "review": {
      "userInfo": {
      "username": username
      "username": username,
      "groups": [
      groupname
      ]
      },
      "operation": "PATCH",
      "operation": "UPDATE",
      "kind": {
      "kind": "Deployment"
      },
      ......
      0% or .
      You are about to add 0 people to the discussion. Proceed with caution.
      Finish editing this message first!
      Please register or to comment