From 884c3a4873ebabce6d3c4995788c7e82a0c898ed Mon Sep 17 00:00:00 2001
From: Indrranil Pawar <indrranil7@gmail.com>
Date: Tue, 17 Dec 2024 16:10:50 +0530
Subject: [PATCH] [Feature] Add tests for Karpenter Do Not Disrupt policy

Added chainsaw and kyverno test files to verify policy behavior for:
- Label mutation from do-not-evict to do-not-disrupt
- Proper handling of pods with and without the original label
- Policy readiness verification

Signed-off-by: Indrranil Pawar <indrranil7@gmail.com>
---
 .../.chainsaw-test/chainsaw-test.yaml         | 28 +++++++++++++++++++
 .../.chainsaw-test/patched03.yaml             | 11 ++++++++
 .../.chainsaw-test/patched04.yaml             | 10 +++++++
 .../.chainsaw-test/policy-ready.yaml          |  9 ++++++
 .../.chainsaw-test/resource-others.yaml       | 21 ++++++++++++++
 .../.kyverno-test/kyverno-test.yaml           | 23 +++++++++++++++
 .../.kyverno-test/patched01.yaml              | 11 ++++++++
 .../.kyverno-test/patched02.yaml              |  8 ++++++
 .../.kyverno-test/resource.yaml               | 19 +++++++++++++
 9 files changed, 140 insertions(+)
 create mode 100644 karpenter/add-karpenter-donot-disrupt/.chainsaw-test/chainsaw-test.yaml
 create mode 100644 karpenter/add-karpenter-donot-disrupt/.chainsaw-test/patched03.yaml
 create mode 100644 karpenter/add-karpenter-donot-disrupt/.chainsaw-test/patched04.yaml
 create mode 100644 karpenter/add-karpenter-donot-disrupt/.chainsaw-test/policy-ready.yaml
 create mode 100644 karpenter/add-karpenter-donot-disrupt/.chainsaw-test/resource-others.yaml
 create mode 100644 karpenter/add-karpenter-donot-disrupt/.kyverno-test/kyverno-test.yaml
 create mode 100644 karpenter/add-karpenter-donot-disrupt/.kyverno-test/patched01.yaml
 create mode 100644 karpenter/add-karpenter-donot-disrupt/.kyverno-test/patched02.yaml
 create mode 100644 karpenter/add-karpenter-donot-disrupt/.kyverno-test/resource.yaml

diff --git a/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/chainsaw-test.yaml b/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/chainsaw-test.yaml
new file mode 100644
index 000000000..a3a77be87
--- /dev/null
+++ b/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/chainsaw-test.yaml
@@ -0,0 +1,28 @@
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: add-karpenter-donot-disrupt
+spec:
+  steps:
+    - name: step-01
+      try:
+        - apply:
+            file: ../add-karpenter-donot-disrupt.yaml
+        - assert:
+            file: policy-ready.yaml
+    - name: step-02
+      try:
+        - apply:
+            file: ../.kyverno-test/resource.yaml
+        - apply:
+            file: resource-others.yaml
+    - name: step-03
+      try:
+        - assert:
+            file: ../.kyverno-test/patched01.yaml
+        - assert:
+            file: ../.kyverno-test/patched02.yaml
+        - assert:
+            file: patched03.yaml
+        - assert:
+            file: patched04.yaml
diff --git a/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/patched03.yaml b/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/patched03.yaml
new file mode 100644
index 000000000..1f235c4e5
--- /dev/null
+++ b/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/patched03.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-1
+  labels:
+    karpenter.sh/do-not-evict: "true"
+    karpenter.sh/do-not-disrupt: "true"
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2
diff --git a/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/patched04.yaml b/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/patched04.yaml
new file mode 100644
index 000000000..990e7ebf5
--- /dev/null
+++ b/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/patched04.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-2
+  labels:
+    karpenter.sh/do-not-evict: "false"
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2
diff --git a/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/policy-ready.yaml b/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/policy-ready.yaml
new file mode 100644
index 000000000..de050740d
--- /dev/null
+++ b/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/policy-ready.yaml
@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: add-karpenter-donot-disrupt
+status:
+  conditions:
+    - reason: Succeeded
+      status: "True"
+      type: Ready
diff --git a/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/resource-others.yaml b/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/resource-others.yaml
new file mode 100644
index 000000000..e37481128
--- /dev/null
+++ b/karpenter/add-karpenter-donot-disrupt/.chainsaw-test/resource-others.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-1
+  labels:
+    karpenter.sh/do-not-evict: "true"
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-2
+  labels:
+    karpenter.sh/do-not-evict: "false"
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2
diff --git a/karpenter/add-karpenter-donot-disrupt/.kyverno-test/kyverno-test.yaml b/karpenter/add-karpenter-donot-disrupt/.kyverno-test/kyverno-test.yaml
new file mode 100644
index 000000000..ab4db8c9f
--- /dev/null
+++ b/karpenter/add-karpenter-donot-disrupt/.kyverno-test/kyverno-test.yaml
@@ -0,0 +1,23 @@
+apiVersion: cli.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: add-karpenter-donot-disrupt
+policies:
+  - ../add-karpenter-donot-disrupt.yaml
+resources:
+  - resource.yaml
+results:
+  - kind: Pod
+    patchedResource: patched01.yaml
+    policy: add-karpenter-donot-disrupt
+    resources:
+      - test-pod-with-evict
+    result: pass
+    rule: add-donot-disrupt-label
+  - kind: Pod
+    patchedResource: patched02.yaml
+    policy: add-karpenter-donot-disrupt
+    resources:
+      - test-pod-without-evict
+    result: skip
+    rule: add-donot-disrupt-label
diff --git a/karpenter/add-karpenter-donot-disrupt/.kyverno-test/patched01.yaml b/karpenter/add-karpenter-donot-disrupt/.kyverno-test/patched01.yaml
new file mode 100644
index 000000000..ea4f6970e
--- /dev/null
+++ b/karpenter/add-karpenter-donot-disrupt/.kyverno-test/patched01.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-with-evict
+  labels:
+    karpenter.sh/do-not-evict: "true"
+    karpenter.sh/do-not-disrupt: "true"
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2
diff --git a/karpenter/add-karpenter-donot-disrupt/.kyverno-test/patched02.yaml b/karpenter/add-karpenter-donot-disrupt/.kyverno-test/patched02.yaml
new file mode 100644
index 000000000..836891034
--- /dev/null
+++ b/karpenter/add-karpenter-donot-disrupt/.kyverno-test/patched02.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-without-evict
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2
diff --git a/karpenter/add-karpenter-donot-disrupt/.kyverno-test/resource.yaml b/karpenter/add-karpenter-donot-disrupt/.kyverno-test/resource.yaml
new file mode 100644
index 000000000..8c501f713
--- /dev/null
+++ b/karpenter/add-karpenter-donot-disrupt/.kyverno-test/resource.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-with-evict
+  labels:
+    karpenter.sh/do-not-evict: "true"
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod-without-evict
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.14.2