fixing e2e bats tests

Signed-off-by: Jaydip Gabani <gabanijaydip@gmail.com>
open-policy-agent · Jul 24, 2024 · 4fb224b · 4fb224b
1 parent 5800127
commit 4fb224b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 14 deletions.
diff --git a/test/bats/test.bats b/test/bats/test.bats
@@ -78,30 +78,23 @@ teardown_file() {
 
     wait_for_process ${WAIT_TIME} ${SLEEP_TIME} "kubectl get ValidatingAdmissionPolicy gatekeeper-k8srequiredlabelsvap"
 
+    wait_for_process ${WAIT_TIME} ${SLEEP_TIME} "kubectl apply -f ${BATS_TESTS_DIR}/constraints/all_ns_must_have_label_provided_vapbinding_scoped.yaml"
+
     wait_for_process ${WAIT_TIME} ${SLEEP_TIME} "kubectl apply -f ${BATS_TESTS_DIR}/constraints/all_ns_must_have_label_provided_vapbinding.yaml"
 
     wait_for_process ${WAIT_TIME} ${SLEEP_TIME} "kubectl get ValidatingAdmissionPolicyBinding gatekeeper-all-must-have-label"
-
-    run kubectl apply -f ${BATS_TESTS_DIR}/bad/bad_ns.yaml
-    assert_match 'denied' "${output}"
-    assert_failure
-    kubectl apply -f ${BATS_TESTS_DIR}/good/good_ns.yaml
-    kubectl delete --ignore-not-found -f ${BATS_TESTS_DIR}/good/good_ns.yaml
-    kubectl delete --ignore-not-found -f ${BATS_TESTS_DIR}/bad/bad_ns.yaml
-    kubectl delete --ignore-not-found -f ${BATS_TESTS_DIR}/constraints/all_ns_must_have_label_provided_vapbinding.yaml
 
-    # VAP test using scoped enforcement actions
-
-    wait_for_process ${WAIT_TIME} ${SLEEP_TIME} "kubectl apply -f ${BATS_TESTS_DIR}/constraints/all_ns_must_have_label_provided_vapbinding_scoped.yaml"
-
     wait_for_process ${WAIT_TIME} ${SLEEP_TIME} "kubectl get ValidatingAdmissionPolicyBinding gatekeeper-all-must-have-label-scoped"
-
+    
     run kubectl apply -f ${BATS_TESTS_DIR}/bad/bad_ns.yaml
+    assert_match 'Warning' "${output}"
     assert_match 'denied' "${output}"
     assert_failure
     kubectl apply -f ${BATS_TESTS_DIR}/good/good_ns.yaml
     kubectl delete --ignore-not-found -f ${BATS_TESTS_DIR}/good/good_ns.yaml
     kubectl delete --ignore-not-found -f ${BATS_TESTS_DIR}/bad/bad_ns.yaml
+    kubectl delete --ignore-not-found -f ${BATS_TESTS_DIR}/constraints/all_ns_must_have_label_provided_vapbinding.yaml
+    kubectl delete --ignore-not-found -f ${BATS_TESTS_DIR}/constraints/all_ns_must_have_label_provided_vapbinding_scoped.yaml
 
     wait_for_process ${WAIT_TIME} ${SLEEP_TIME} "kubectl delete --ignore-not-found -f ${BATS_TESTS_DIR}/templates/k8srequiredlabels_template_vap.yaml"
   fi

diff --git a/test/bats/tests/constraints/all_ns_must_have_label_provided_vapbinding_scoped.yaml b/test/bats/tests/constraints/all_ns_must_have_label_provided_vapbinding_scoped.yaml
@@ -5,9 +5,10 @@ metadata:
 spec:
   enforcementAction: scoped
   scopedEnforcementActions:
-    - action: deny
+    - action: warn
       enforcementPoints:
         - name: vap.k8s.io
+        - name: validation.gatekeeper.sh
   match:
     kinds:
       - apiGroups: [""]