Skip to content
Snippets Groups Projects

PLATFORM-2126 "allow rollout restart w/ testing"

Merged PLATFORM-2126 "allow rollout restart w/ testing"
swarm-PLATFORM-2126-rolloutrestarttesting into master
Merged Morgan Hoffman requested to merge swarm-PLATFORM-2126-rolloutrestarttesting into master
Compare
and
2 files
+ 34
21
Compare changes
  • Side-by-side
  • Inline
Files
2
rego/allow_rollout_restart/policy_test.rego
+ 33
20
package allow_rollout_restart
test_with_deployment_and_correct_annotation {
input := review_deployment_patch_existing("kubectl.kubernetes.io.restartedAt","14oclock","randomuser","13oclock")
input := review_deployment_patch_existing("kubectl.kubernetes.io/restartedAt","14oclock","randomuser","randomgroup","13oclock")
results := violation
with input as input
@@ -10,7 +10,7 @@ test_with_deployment_and_correct_annotation {
}
test_with_deployment_and_incorrect_annotation {
input := review_deployment_patch_existing("wrongAnnotation","wrong","randomuser","13oclock")
input := review_deployment_patch_existing("wrongAnnotation","wrong","randomuser","randomgroup","13oclock")
results := violation
with input as input
@@ -19,7 +19,16 @@ test_with_deployment_and_incorrect_annotation {
}
test_with_deployment_and_incorrect_annotation_with_flux {
input := review_deployment_patch_existing("wrongAnnotation","wrong","flux","13oclock")
input := review_deployment_patch_existing("wrongAnnotation","wrong","flux","randomgroup","13oclock")
results := violation
with input as input
count(results) == 0
}
test_with_deployment_and_incorrect_annotation_with_platform_admin_group {
input := review_deployment_patch_existing("wrongAnnotation","wrong","randomuser","oidc:it.platform.roles.admin","13oclock")
results := violation
with input as input
@@ -28,7 +37,7 @@ test_with_deployment_and_incorrect_annotation_with_flux {
}
test_with_deployment_and_too_many_annotations{
input := review_deployment_patch_extra_annotations("kubectl.kubernetes.io.restartedAt","14oclock","randomuser","13oclock")
input := review_deployment_patch_extra_annotations("kubectl.kubernetes.io/restartedAt","14oclock","randomuser","randomgroup","13oclock")
results := violation
with input as input
@@ -37,7 +46,7 @@ test_with_deployment_and_too_many_annotations{
}
test_with_deployment_and_correct_annotation_no_existing_annotation {
input := review_deployment_patch_absent("kubectl.kubernetes.io.restartedAt","14oclock","randomuser")
input := review_deployment_patch_absent("kubectl.kubernetes.io/restartedAt","14oclock","randomuser","randomgroup")
results := violation
with input as input
@@ -46,7 +55,7 @@ test_with_deployment_and_correct_annotation_no_existing_annotation {
}
test_with_deployment_and_incorrect_annotation_no_existing_annotation {
input := review_deployment_patch_absent("wrongAnnotation","wrong","randomuser")
input := review_deployment_patch_absent("wrongAnnotation","wrong","randomuser","randomgroup")
results := violation
with input as input
@@ -54,19 +63,20 @@ test_with_deployment_and_incorrect_annotation_no_existing_annotation {
count(results) == 1
}
review_deployment_patch_extra_annotations(annotationname,annotationvalue,username,previousrestarted) = out {
review_deployment_patch_extra_annotations(annotationname,annotationvalue,username,groupname,previousrestarted) = out {
out = {
"review": {
"userInfo": {
"username": username
"username": username,
"groups": [ groupname ]
},
"operation": "PATCH",
"operation": "UPDATE",
"kind": {
"kind": "Deployment"
},
"object": {
"spec": {
"template: {
"template": {
"metadata": {
"annotations": {
"dreaded_gazebo": "indeed",
@@ -78,10 +88,10 @@ review_deployment_patch_extra_annotations(annotationname,annotationvalue,usernam
},
"oldObject": {
"spec": {
"template: {
"template": {
"metadata": {
"annotations": {
"kubectl.kubernetes.io.restartedAt": previousrestarted
"kubectl.kubernetes.io/restartedAt": previousrestarted
}
}
}
@@ -91,13 +101,14 @@ review_deployment_patch_extra_annotations(annotationname,annotationvalue,usernam
}
}
review_deployment_patch_existing(annotationname,annotationvalue,username,previousrestarted) = out {
review_deployment_patch_existing(annotationname,annotationvalue,username,groupname,previousrestarted) = out {
out = {
"review": {
"userInfo": {
"username": username
"username": username,
"groups": [ groupname ]
},
"operation": "PATCH",
"operation": "UPDATE",
"kind": {
"kind": "Deployment"
},
@@ -117,7 +128,7 @@ review_deployment_patch_existing(annotationname,annotationvalue,username,previou
"template": {
"metadata": {
"annotations": {
"kubectl.kubernetes.io.restartedAt": previousrestarted
"kubectl.kubernetes.io/restartedAt": previousrestarted
}
}
}
@@ -127,13 +138,14 @@ review_deployment_patch_existing(annotationname,annotationvalue,username,previou
}
}
review_deployment_patch_absent(annotationname,annotationvalue,username) = out {
review_deployment_patch_absent(annotationname,annotationvalue,username,groupname) = out {
out = {
"review": {
"userInfo": {
"username": username
"username": username,
"groups": [ groupname ]
},
"operation": "PATCH",
"operation": "UPDATE",
"kind": {
"kind": "Deployment"
},
@@ -159,4 +171,5 @@ review_deployment_patch_absent(annotationname,annotationvalue,username) = out {
}
}
}
}
\ No newline at end of file
}