Allow replace metadata.name and metadata.namespace for single (#23)

serngawy · web-flow · commit b5900f80e031 · 2021-10-13T16:11:03.000+02:00
yaml structure manifest

Signed-off-by: melserngawy &lt;melserng@redhat.com&gt;
diff --git a/docs/policygenerator-reference.yaml b/docs/policygenerator-reference.yaml
@@ -76,9 +76,11 @@ policies:
             kind: ""
             metadata:
               # Optional: Only required when there are multiple manifests in the path.
+              # Optional: Replace metadata.name is only allowed for a single YAML structure manifest.
               name: ""
               # Optional: Only required when there are multiple manifests in the path and it's a
               # manifest to a namespaced resource.
+              # Optional: Replace metadata.namespace is only allowed for a single YAML structure manifest.
               namespace: ""
               # An example modification to the manifest
               annotations:
diff --git a/internal/patches.go b/internal/patches.go
@@ -20,7 +20,7 @@ type manifestPatcher struct {
 	patches []map[string]interface{}
 }
 
-// validateManifestInfo verifes that the apiVersion, kind, metadata.name fields from a manifest
+// validateManifestInfo verifies that the apiVersion, kind, metadata.name fields from a manifest
 // are set. If at least one is not present, an error is returned based on the input error template
 // which accepts the field name.
 func validateManifestInfo(manifest map[string]interface{}, errTemplate string) error {
diff --git a/internal/utils.go b/internal/utils.go
@@ -21,6 +21,7 @@ func getManifests(policyConf *types.PolicyConfig) ([]map[string]interface{}, err
 	manifests := []map[string]interface{}{}
 	for _, manifest := range policyConf.Manifests {
 		manifestPaths := []string{}
+		manifestFiles := []map[string]interface{}{}
 		readErr := fmt.Errorf("failed to read the manifest path %s", manifest.Path)
 		manifestPathInfo, err := os.Stat(manifest.Path)
 		if err != nil {
@@ -47,10 +48,36 @@ func getManifests(policyConf *types.PolicyConfig) ([]map[string]interface{}, err
 				manifestPaths = append(manifestPaths, yamlPath)
 			}
 		} else {
-			manifestPaths = append(manifestPaths, manifest.Path)
+			// Unmarshal the manifest in order to check for metadata patch replacement
+			manifestFile, err := unmarshalManifestFile(manifest.Path)
+			if err != nil {
+				return nil, err
+			}
+
+			if len(*manifestFile) == 0 {
+				continue
+			}
+			// Allowing replace the original manifest metadata.name and/or metadata.namespace if it is a single
+			// yaml structure in the manifest path
+			if len(*manifestFile) == 1 && len(manifest.Patches) == 1 {
+				if patchMetadata, ok := manifest.Patches[0]["metadata"].(map[string]interface{}); ok {
+					if metadata, ok := (*manifestFile)[0]["metadata"].(map[string]interface{}); ok {
+						name, ok := patchMetadata["name"].(string)
+						if ok && name != "" {
+							metadata["name"] = name
+						}
+						namespace, ok := patchMetadata["namespace"].(string)
+						if ok && namespace != "" {
+							metadata["namespace"] = namespace
+						}
+						(*manifestFile)[0]["metadata"] = metadata
+					}
+				}
+			}
+
+			manifestFiles = append(manifestFiles, *manifestFile...)
 		}
 
-		manifestFiles := []map[string]interface{}{}
 		for _, manifestPath := range manifestPaths {
 			manifestFile, err := unmarshalManifestFile(manifestPath)
 			if err != nil {
diff --git a/internal/utils_test.go b/internal/utils_test.go
@@ -253,6 +253,150 @@ data:
 	assertReflectEqual(t, annotations, map[string]interface{}{"monica": "geller"})
 }
 
+func TestGetPolicyTemplateMetadataPatches(t *testing.T) {
+	t.Parallel()
+	tmpDir := t.TempDir()
+	manifestPath := path.Join(tmpDir, "patch-configmap.yaml")
+	manifestYAML := `
+---
+apiVersion: v1
+kind: configmap
+metadata:
+  name: test-configmap
+  namespace: test-namespace
+data:
+  image: "quay.io/potatos1"
+`
+	err := ioutil.WriteFile(manifestPath, []byte(manifestYAML), 0o666)
+	if err != nil {
+		t.Fatalf("Failed to write %s", manifestPath)
+	}
+
+	patches := []map[string]interface{}{
+		{
+			"metadata": map[string]interface{}{
+				"name":      "patch-configmap",
+				"namespace": "patch-namespace",
+			},
+			"data": map[string]interface{}{
+				"image": "quay.io/potatos2",
+			},
+		},
+	}
+
+	manifests := []types.Manifest{
+		{Path: manifestPath, Patches: patches},
+	}
+	policyConf := types.PolicyConfig{
+		Manifests: manifests,
+		Name:      "policy-app-config",
+	}
+
+	policyTemplates, err := getPolicyTemplates(&policyConf)
+	if err != nil {
+		t.Fatalf("Failed to get the policy templates: %v ", err)
+	}
+	assertEqual(t, len(policyTemplates), 1)
+
+	policyTemplate := policyTemplates[0]
+	objdef := policyTemplate["objectDefinition"]
+	assertEqual(t, objdef["metadata"].(map[string]string)["name"], "policy-app-config")
+	spec, ok := objdef["spec"].(map[string]interface{})
+	if !ok {
+		t.Fatal("The spec field is an invalid format")
+	}
+
+	objTemplates, ok := spec["object-templates"].([]map[string]interface{})
+	if !ok {
+		t.Fatal("The object-templates field is an invalid format")
+	}
+	assertEqual(t, len(objTemplates), 1)
+
+	objDef, ok := objTemplates[0]["objectDefinition"].(map[string]interface{})
+	if !ok {
+		t.Fatal("The objectDefinition field is an invalid format")
+	}
+
+	metadata, ok := objDef["metadata"].(map[string]interface{})
+	if !ok {
+		t.Fatal("The metadata field is an invalid format")
+	}
+
+	name, ok := metadata["name"].(string)
+	if !ok {
+		t.Fatal("The metadata.name field is an invalid format")
+	}
+	assertEqual(t, name, "patch-configmap")
+
+	namespace, ok := metadata["namespace"].(string)
+	if !ok {
+		t.Fatal("The metadata.namespace field is an invalid format")
+	}
+	assertEqual(t, namespace, "patch-namespace")
+
+	data, ok := objDef["data"].(map[string]interface{})
+	if !ok {
+		t.Fatal("The data field is an invalid format")
+	}
+
+	image, ok := data["image"].(string)
+	if !ok {
+		t.Fatal("The data.image field is an invalid format")
+	}
+	assertEqual(t, image, "quay.io/potatos2")
+}
+
+func TestGetPolicyTemplateMetadataPatchesFail(t *testing.T) {
+	t.Parallel()
+	tmpDir := t.TempDir()
+	manifestPath := path.Join(tmpDir, "multi-configmaps.yaml")
+	manifestYAML := `
+---
+apiVersion: v1
+kind: configmap
+metadata:
+  name: test-configmap
+  namespace: test-namespace
+data:
+  image: "quay.io/potatos1"
+---
+apiVersion: v1
+kind: configmap
+metadata:
+  name: test2-configmap
+  namespace: test2-namespace
+data:
+  image: "quay.io/potatos1"
+`
+	err := ioutil.WriteFile(manifestPath, []byte(manifestYAML), 0o666)
+	if err != nil {
+		t.Fatalf("Failed to write %s", manifestPath)
+	}
+
+	patches := []map[string]interface{}{
+		{
+			"metadata": map[string]interface{}{
+				"name":      "patch-configmap",
+				"namespace": "patch-namespace",
+			},
+			"data": map[string]interface{}{
+				"image": "quay.io/potatos2",
+			},
+		},
+	}
+
+	manifests := []types.Manifest{
+		{Path: manifestPath, Patches: patches},
+	}
+	policyConf := types.PolicyConfig{
+		Manifests: manifests,
+		Name:      "policy-app-config",
+	}
+
+	_, err = getPolicyTemplates(&policyConf)
+	assertEqual(t, err != nil, true)
+}
+
 func TestGetPolicyTemplateKyverno(t *testing.T) {
 	t.Parallel()
 	tmpDir := t.TempDir()

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ type manifestPatcher struct {`
`20`	`20`	`patches []map[string]interface{}`
`21`	`21`	`}`
`22`	`22`
`23`		`-// validateManifestInfo verifes that the apiVersion, kind, metadata.name fields from a manifest`
	`23`	`+// validateManifestInfo verifies that the apiVersion, kind, metadata.name fields from a manifest`
`24`	`24`	`// are set. If at least one is not present, an error is returned based on the input error template`
`25`	`25`	`// which accepts the field name.`
`26`	`26`	`func validateManifestInfo(manifest map[string]interface{}, errTemplate string) error {`