8000 test: Add HTTP-CEL chainsaw test with test server by yrsuthari · Pull Request #12692 · kyverno/kyverno · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

test: Add HTTP-CEL chainsaw test with test server #12692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

test: Add HTTP-CEL chainsaw test with test server #12692

wants to merge 4 commits into from

Conversation

yrsuthari
Copy link

Add chainsaw conformance test for HTTP-CEL in ClusterPolicy validation with a dedicated test-server deployment. The test covers HTTP GET and POST methods, header validation, and response body handling.

Explanation

This PR adds a new chainsaw conformance test for the HTTP-CEL feature in ClusterPolicy validation. The test validates that HTTP-CEL expressions can properly perform GET and POST requests, validate headers, and process response bodies through a dedicated test server deployment.

Related issue

Closes #10544

Milestone of this PR

Documentation (required for features)

My PR contains new or altered behavior to Kyverno.

What type of PR is this

/kind test

Proposed Changes

This PR adds a comprehensive test for HTTP-CEL functionality in ClusterPolicy validations. It includes:

  • A dedicated test server deployment and service for HTTP endpoint testing
  • A ClusterPolicy with HTTP-CEL expressions that test GET and POST methods
  • Validation of header parameters and response body handling
  • Proper assertions to verify the test server is working as expected

Proof Manifests

# Test Server Deployment and Service
apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-server
  namespace: http-cel-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test-server
  template:
    metadata:
      labels:
        app: test-server
    spec:
      containers:
      - name: test-server
        image: kyverno/test-server:latest
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: test-server
  namespace: http-cel-test
spec:
  selector:
    app: test-server
  ports:
  - port: 8080
    targetPort: 8080
  type: ClusterIP

Checklist

  • I have read the contributing guidelines.
  • I have read the PR documentation guide and followed the process including adding proof manifests to this PR.
  • This is a bug fix and I have added unit tests that prove my fix is effective.
  • This is a feature and I have added CLI tests that are applicable.
  • My PR needs to be cherry picked to a specific release branch which is .
  • My PR contains new or altered behavior to Kyverno and
    • CLI support should be added and my PR doesn't contain that functionality.

@dosubot dosubot bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Apr 10, 2025
@yrsuthari
Copy link
Author

@JimBugwadia PTAL. Thanks!

@yrsuthari yrsuthari mentioned this pull request Apr 11, 2025
Merged
@fjogeleit
Copy link
Member

Hey, how does your PR relate to #10544?

If this PR relates to #12690 (which you mentioned in the readme) some clarification:

  1. Our HTTP CEL lib is not available for the Policy and ClusterPolicy type. Only for our new ImageValidatingPolicy and ValidatingPolicy types
  2. The Signature of our HTTP CEL lib is different to the one you used in your expression.

You can checkout https://github.com/kyverno/kyverno/tree/main/test/conformance/chainsaw/validating-policies/context/api-call as reference.

@yrsuthari
Copy link
Author

Hey, how does your PR relate to #10544?

If this PR relates to #12690 (which you mentioned in the readme) some clarification:

1. Our HTTP CEL lib is not available for the Policy and ClusterPolicy type. Only for our new ImageValidatingPolicy and ValidatingPolicy types

2. The Signature of our HTTP CEL lib is different to the one you used in your expression.

You can checkout https://github.com/kyverno/kyverno/tree/main/test/conformance/chainsaw/validating-policies/context/api-call as reference.

@fjogeleit Thank you for the feedback on the HTTP-CEL tests! I've addressed all your concerns:

  • Replaced ClusterPolicy with ValidatingPolicy as you correctly pointed out that HTTP CEL library is only available for ValidatingPolicy and ImageValidatingPolicy types

  • Updated the HTTP CEL function signatures to match the current implementation:

    • Changed from previous format to the correct http.Get() and http.Post() style
    • Properly handling the response structure with status field
    • Correctly referencing body fields in validations

  • Restructured the policy following the reference you provided:

    • Using variables section for HTTP call definitions
    • Using validations section for response validation

Tested the implementation by adapting to use httpbin.org pattern endpoints similar to the reference implementation

I've manually tested these changes and confirmed the HTTP CEL functionality works correctly with various scenarios (GET/POST, headers handling, response validation). The test passes successfully with the updated ValidatingPolicy format.
Could you please review the changes when you have a chance? Thanks again for your guidance!

@yrsuthari yrsuthari force-pushed the feature/http-cel-test branch from 44c1e22 to b76c66d Compare May 2, 2025 08:20
@dosubot dosubot bot added size:XL This PR changes 500-999 lines, ignoring generated files. and removed size:L This PR changes 100-499 lines, ignoring generated files. labels May 2, 2025
@yrsuthari
test: Add HTTP-CEL chainsaw test with test server
be784c9 
Add chainsaw conformance test for HTTP-CEL in ValidatingPolicy validation with a dedicated test-server deployment. The test covers HTTP GET and POST methods, header validation, and response body handling.

Fixes kyverno#12690

Signed-off-by: Yogi Suthari <yrsuthari@gmail.com>
@yrsuthari yrsuthari force-pushed the feature/http-cel-test branch from b76c66d to be784c9 Compare May 2, 2025 08:23
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. and removed size:XL This PR changes 500-999 lines, ignoring generated files. labels May 2, 2025
@codecov Codecov
Copy link
codecov bot commented May 9, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 15.33%. Comparing base (b0b2ea9) to head (3c2d18d).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #12692   +/-   ##
=======================================
  Coverage   15.33%   15.33%           
=======================================
  Files         923      923           
  Lines      100287   100287           
=======================================
  Hits        15376    15376           
  Misses      83199    83199           
  Partials     1712     1712

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eddycharly eddycharly Awaiting requested review from eddycharly eddycharly is a code owner

@realshuting realshuting Awaiting requested review from realshuting realshuting is a code owner

@MariamFahmy98 MariamFahmy98 Awaiting requested review from MariamFahmy98 MariamFahmy98 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
size:L This PR changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yrsuthari @fjogeleit
0