From dde1047a7c6b47db2b9938c1178d2adc0ef1cc32 Mon Sep 17 00:00:00 2001 From: David Hadley Date: Fri, 7 Nov 2025 15:45:19 +0000 Subject: [PATCH] fix(charts): fix kyverno empty namespace error when syncronizing copy-host-secret-artifact-s3 policy --- charts/workflows/Chart.yaml | 2 +- .../templates/sessionspace-clusterpolicy.yaml | 2 +- .../artifact-s3-clone/chainsaw-test.yaml | 68 ++++++++++++++++++- 3 files changed, 67 insertions(+), 5 deletions(-) diff --git a/charts/workflows/Chart.yaml b/charts/workflows/Chart.yaml index cc71819ab..f6ffc339e 100644 --- a/charts/workflows/Chart.yaml +++ b/charts/workflows/Chart.yaml @@ -3,7 +3,7 @@ name: workflows description: Data Analysis workflow orchestration type: application -version: 0.13.25 +version: 0.13.26 dependencies: - name: argo-workflows diff --git a/charts/workflows/templates/sessionspace-clusterpolicy.yaml b/charts/workflows/templates/sessionspace-clusterpolicy.yaml index f5816f416..563a4eaf2 100644 --- a/charts/workflows/templates/sessionspace-clusterpolicy.yaml +++ b/charts/workflows/templates/sessionspace-clusterpolicy.yaml @@ -127,7 +127,7 @@ spec: apiVersions: ["v1"] operations: ["CREATE"] resources: ["namespaces"] - namespaceSelector: + objectSelector: matchLabels: app.kubernetes.io/managed-by: sessionspaces variables: diff --git a/charts/workflows/test-policy/artifact-s3-clone/chainsaw-test.yaml b/charts/workflows/test-policy/artifact-s3-clone/chainsaw-test.yaml index dba6ee460..03a42f661 100644 --- a/charts/workflows/test-policy/artifact-s3-clone/chainsaw-test.yaml +++ b/charts/workflows/test-policy/artifact-s3-clone/chainsaw-test.yaml @@ -1,8 +1,9 @@ apiVersion: chainsaw.kyverno.io/v1alpha1 kind: Test metadata: - name: artifact-s3-clone + name: artifact-s3-clone-on-namespace-creation spec: + concurrent: false steps: - try: - apply: @@ -29,8 +30,6 @@ spec: name: session labels: app.kubernetes.io/managed-by: sessionspaces - - sleep: - duration: 10s - assert: resource: apiVersion: v1 @@ -38,3 +37,66 @@ spec: metadata: name: artifact-s3 namespace: session +--- +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + name: artifact-s3-clone-on-secret-update +spec: + concurrent: false + steps: + - try: + - apply: + resource: + apiVersion: v1 + kind: Namespace + metadata: + name: workflows + - apply: + resource: + apiVersion: v1 + kind: Secret + metadata: + name: artifact-s3 + namespace: workflows + data: + access-key: aWQ= + secret-key: c2VjcmV0 + - apply: + resource: + apiVersion: v1 + kind: Namespace + metadata: + name: session + labels: + app.kubernetes.io/managed-by: sessionspaces + - assert: + resource: + apiVersion: v1 + kind: Secret + metadata: + name: artifact-s3 + namespace: session + data: + access-key: aWQ= + secret-key: c2VjcmV0 + - apply: + resource: + apiVersion: v1 + kind: Secret + metadata: + name: artifact-s3 + namespace: workflows + data: + access-key: aWQ= + secret-key: dXBkYXRlZC1zZWNyZXQK + - assert: + resource: + apiVersion: v1 + kind: Secret + metadata: + name: artifact-s3 + namespace: session + data: + access-key: aWQ= + secret-key: dXBkYXRlZC1zZWNyZXQK