Skip to content

Add complete interpreter test coverage for Policy #7146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Abhay349 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add complete interpreter test coverage for Policy #7146

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
138 changes: 138 additions & 0 deletions ...thirdparty/resourcecustomizations/kyverno.io/v1/Policy/testdata/aggregatestatus-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# test case for aggregating status of Policy
# case1. Policy with two status items
# case2. Policy with different Ready reasons
# case3. Policy with nil statusItems
Copy link
Contributor

@FAUST-BENCHOU FAUST-BENCHOU Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

conseder add a mixed test that a certain statusItem has no status or its status is empty.


name: "Policy with two status items"
description: "Test aggregating status of Policy with two status items"
Expand Down Expand Up @@ -145,3 +147,139 @@ statusItems:
verifyimages: 0
operation: AggregateStatus
output:
aggregatedStatus:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: sample
namespace: test-policy
spec:
validationFailureAction: Enforce
rules:
- name: require-pod-purpose-label
match:
any:
- resources:
kinds:
- Pod
validate:
message: "You must have label `purpose` with value `production` set on all new Pod in test-policy Namespace."
pattern:
metadata:
labels:
purpose: production
status:
ready: true
autogen:
rules:
- match:
any:
- resources:
kinds:
- DaemonSet
- Deployment
- Job
- StatefulSet
- ReplicaSet
- ReplicationController
name: autogen-require-pod-purpose-label
validate:
message: You must have label `purpose` with value `production` set on all new Pod in test-policy Namespace.
pattern:
spec:
template:
metadata:
labels:
purpose: production
- match:
any:
- resources:
kinds:
- CronJob
name: autogen-cronjob-require-pod-purpose-label
validate:
message: You must have label `purpose` with value `production` set on all new Pod in test-policy Namespace.
pattern:
spec:
jobTemplate:
spec:
template:
metadata:
labels:
purpose: production
rulecount:
generate: 0
mutate: 0
validate: 2
verifyimages: 0
conditions:
- type: Ready
status: "True"
reason: Succeeded
lastTransitionTime: "2023-05-07T09:19:06Z"
message: "member2=, member3="
---
name: "Policy with different Ready reasons"
description: "Conditions with different reasons should not be merged"
desiredObj:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: mixed-reasons
namespace: test-policy
statusItems:
- clusterName: member1
status:
conditions:
- type: Ready
status: "True"
reason: Succeeded
message: "ok"
- clusterName: member2
status:
conditions:
- type: Ready
status: "True"
reason: Failed
message: "error"
operation: AggregateStatus
output:
aggregatedStatus:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: mixed-reasons
namespace: test-policy
status:
conditions:
- type: Ready
status: "True"
reason: Succeeded
message: "member1=ok"
- type: Ready
status: "True"
reason: Failed
message: "member2=error"
rulecount:
generate: 0
mutate: 0
validate: 0
verifyimages: 0
---
name: "Policy with nil statusItems"
description: "AggregateStatus should return desiredObj unchanged when statusItems is nil"
desiredObj:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: no-status
namespace: test-policy
statusItems: null
operation: AggregateStatus
output:
aggregatedStatus:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: no-status
namespace: test-policy
94 changes: 94 additions & 0 deletions ...thirdparty/resourcecustomizations/kyverno.io/v1/Policy/testdata/interprethealth-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
# testcases for interprethealth of Policy
# case1. Policy with status.ready = true
# case2. Policy with status.ready false
# case3. Policy with Ready=True and Succeeded condition
# case4. Policy with Ready=True but non-succeeded reason
Copy link
Contributor

@FAUST-BENCHOU FAUST-BENCHOU Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: The test case here covers "there is a Ready condition but the reason is incorrect"; consider adding a test to cover "there is no Ready condition at all" (status.conditions is not empty, but there is no type=Ready).

# case5. Policy with empty status
# case6. Policy without status

name: "Policy with status.ready true"
description: "InterpretHealth should return true when status.ready is true"
observedObj:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: sample
namespace: test-policy
status:
ready: true
operation: InterpretHealth
output:
healthy: true
---
name: "Policy with status.ready false"
description: "InterpretHealth should return false when status.ready is false"
observedObj:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: sample
namespace: test-policy
status:
ready: false
operation: InterpretHealth
output:
healthy: false
---
name: "Policy with Ready condition succeeded"
description: "InterpretHealth should return true when Ready condition is True and Succeeded"
observedObj:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: sample
namespace: test-policy
status:
conditions:
- type: Ready
status: "True"
reason: Succeeded
operation: InterpretHealth
output:
healthy: true
---
name: "Policy with Ready condition but failed reason"
description: "InterpretHealth should return false if Ready condition reason is not Succeeded"
observedObj:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: sample
namespace: test-policy
status:
conditions:
- type: Ready
status: "True"
reason: Failed
operation: InterpretHealth
output:
healthy: false
---
name: "Policy with empty status"
description: "InterpretHealth should return false when status has no ready or conditions"
observedObj:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: sample
namespace: test-policy
status: {}
operation: InterpretHealth
output:
healthy: false
---
name: "Policy without status"
description: "InterpretHealth should return false when status is nil"
observedObj:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: sample
namespace: test-policy
operation: InterpretHealth
output:
healthy: false
107 changes: 107 additions & 0 deletions ...thirdparty/resourcecustomizations/kyverno.io/v1/Policy/testdata/interpretstatus-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
# test case for interpreting status of Policy
# case1. Policy: interpret status test
# case2. Policy with nil status
# case3. Policy with only ready field
Copy link
Contributor

@FAUST-BENCHOU FAUST-BENCHOU Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Besides Policy with only ready field we can also add only conditions and only autogen case

karmada/pkg/resourceinterpreter/default/thirdparty/resourcecustomizations/kyverno.io/v1/Policy/customizations.yaml

Lines 82 to 83 in cd8e250

status.autogen = observedObj.status.autogen
status.conditions = observedObj.status.conditions

# case4. Policy without conditions

name: "Policy: interpret status test"
description: "Test interpreting status for Policy"
Expand Down Expand Up @@ -92,3 +95,107 @@ observedObj:
verifyimages: 0
operation: InterpretStatus
output:
status:
autogen:
rules:
- exclude: {}
generate: {}
match:
any:
- resources:
kinds:
- DaemonSet
- Deployment
- Job
- StatefulSet
- ReplicaSet
- ReplicationController
name: autogen-require-pod-purpose-label
validate:
message: You must have label `purpose` with value `production` set on all new Pod in test-policy Namespace.
pattern:
spec:
template:
metadata:
labels:
purpose: production
- exclude: {}
generate: {}
match:
any:
- resources:
kinds:
- CronJob
name: autogen-cronjob-require-pod-purpose-label
validate:
message: You must have label `purpose` with value `production` set on all new Pod in test-policy Namespace.
pattern:
spec:
jobTemplate:
spec:
template:
metadata:
labels:
purpose: production
conditions:
- lastTransitionTime: "2023-05-07T09:19:06Z"
message: ""
reason: Succeeded
status: "True"
type: Ready
ready: true
rulecount:
generate: 0
mutate: 0
validate: 1
verifyimages: 0
---
name: "Policy with nil status"
description: "InterprettStatus should return empty status when status is nil"
Copy link
Contributor

@FAUST-BENCHOU FAUST-BENCHOU Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

spell error

observedObj:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: sample
namespace: test-policy
operation: InterpretStatus
output:
status: {}
---
name: "Policy with only ready"
description: "InterpretStatus should copy ready when other fields are missing"
observedObj:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: sample
namespace: test-policy
status:
ready: false
operation: InterpretStatus
output:
status:
ready: false
---
name: "Policy without conditions"
description: "InterpretStatus should work when conditions are absent"
observedObj:
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: sample
namespace: test-policy
status:
rulecount:
generate: 0
mutate: 1
validate: 0
verifyimages: 0
operation: InterpretStatus
output:
status:
rulecount:
generate: 0
mutate: 1
validate: 0
verifyimages: 0