From c47b538fd604c311c7fc1974c26c58dea230b6c8 Mon Sep 17 00:00:00 2001 From: Kay Yan Date: Fri, 20 Dec 2024 09:46:39 +0000 Subject: [PATCH] fix: [Bug] Filter PolicyReport ignores namespace flag Signed-off-by: Kay Yan --- pkg/integration/kyverno/analyzer.go | 2 +- pkg/integration/kyverno/analyzer_test.go | 114 +++++++++++++++++++++++ 2 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 pkg/integration/kyverno/analyzer_test.go diff --git a/pkg/integration/kyverno/analyzer.go b/pkg/integration/kyverno/analyzer.go index 0a20e82e2e..8b8cb22164 100644 --- a/pkg/integration/kyverno/analyzer.go +++ b/pkg/integration/kyverno/analyzer.go @@ -39,7 +39,7 @@ func (KyvernoAnalyzer) analyzePolicyReports(a common.Analyzer) ([]common.Result, if err != nil { return nil, err } - if err := client.List(a.Context, result, &ctrl.ListOptions{}); err != nil { + if err := client.List(a.Context, result, &ctrl.ListOptions{Namespace: a.Namespace}); err != nil { return nil, err } diff --git a/pkg/integration/kyverno/analyzer_test.go b/pkg/integration/kyverno/analyzer_test.go new file mode 100644 index 0000000000..e658ceda38 --- /dev/null +++ b/pkg/integration/kyverno/analyzer_test.go @@ -0,0 +1,114 @@ +/* +Copyright 2023 The K8sGPT Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package kyverno + +import ( + "context" + "testing" + + "github.com/k8sgpt-ai/k8sgpt/pkg/common" + "github.com/k8sgpt-ai/k8sgpt/pkg/kubernetes" + "github.com/kyverno/policy-reporter-kyverno-plugin/pkg/crd/api/policyreport/v1alpha2" + + "github.com/stretchr/testify/assert" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/fake" +) + +func buildFakeClient() client.Client { + objects := []client.Object{ + &v1alpha2.PolicyReport{ + ObjectMeta: metav1.ObjectMeta{ + Name: "policy-1", + Namespace: "test-ns", + }, + Results: []v1alpha2.PolicyReportResult{ + { + Category: "Other", + Message: "validation failure: Images built more than 6 months ago are prohibited.", + Policy: "block-stale-images", + Result: "fail", + }, + }, + }, + &v1alpha2.PolicyReport{ + ObjectMeta: metav1.ObjectMeta{ + Name: "policy-2", + Namespace: "other-ns", + }, + Results: []v1alpha2.PolicyReportResult{ + { + Category: "Other", + Message: "validation failure: Images built more than 6 months ago are prohibited.", + Policy: "block-stale-images", + Result: "fail", + }, + }, + }, + } + + scheme := runtime.NewScheme() + v1alpha2.AddToScheme(scheme) + return fake.NewClientBuilder().WithScheme(scheme).WithObjects(objects...).Build() +} + +func TestAnalyzerNamespaceFiltering(t *testing.T) { + + config := common.Analyzer{ + Client: &kubernetes.Client{ + CtrlClient: buildFakeClient(), + }, + Context: context.Background(), + Namespace: "test-ns", + } + + // Create and run analyzer + analyzer := KyvernoAnalyzer{ + policyReportAnalysis: true, + } + results, err := analyzer.Analyze(config) + if err != nil { + t.Error(err) + } + + // Verify results + assert.Equal(t, len(results), 1) + assert.Equal(t, results[0].Kind, "PolicyReport") + assert.Equal(t, results[0].Name, "test-ns/policy-1") +} + +func TestAnalyzerAllNamespace(t *testing.T) { + + config := common.Analyzer{ + Client: &kubernetes.Client{ + CtrlClient: buildFakeClient(), + }, + Context: context.Background(), + } + + // Create and run analyzer + analyzer := KyvernoAnalyzer{ + policyReportAnalysis: true, + } + results, err := analyzer.Analyze(config) + if err != nil { + t.Error(err) + } + + // Verify results + assert.Equal(t, len(results), 2) + +}