samples: introduce incomplete_init category

Add the new category for tests we want to run genpolicy against,
but not run them in deployments (as the name suggests, we cannot
run those).

Signed-off-by: Manuel Huber <[email protected]>

src/tools/genpolicy/policy_samples.json

@@ -29,9 +29,6 @@
                 "kubernetes/fixtures/replication.yaml",
                 "kubernetes/fixtures2/rc-service.yaml",
                 "kubernetes/fixtures2/valid-pod.yaml",
-                "kubernetes/incomplete-init/cassandra-statefulset.yaml",
-                "kubernetes/incomplete-init/controller.yaml",
-                "kubernetes/incomplete-init/cockroachdb-statefulset.yaml",
                 "pod/pod-exec.yaml",
                 "pod/pod-lifecycle.yaml",
                 "pod/pod-one-container.yaml",
@@ -46,6 +43,11 @@
                 "stateful-set/web.yaml",
                 "stateful-set/web2.yaml"
         ],
+        "incomplete_init": [
+                "kubernetes/incomplete-init/cassandra-statefulset.yaml",
+                "kubernetes/incomplete-init/controller.yaml",
+                "kubernetes/incomplete-init/cockroachdb-statefulset.yaml"
+        ],
         "silently_ignored": [
                 "webhook/webhook-pod1.yaml",
                 "webhook/webhook-pod2.yaml",
@@ -77,4 +79,4 @@
                 "nginx:latest",
                 "ubuntu:latest"
         ]
-}
+}

src/tools/genpolicy/update_policy_samples.py

@@ -14,6 +14,7 @@
     samples = json.load(f)
 
 default_yamls = samples["default"]
+incomplete_init = samples["incomplete_init"]
 silently_ignored = samples["silently_ignored"]
 no_policy = samples["no_policy"]
 needs_containerd_pull = samples["needs_containerd_pull"]
@@ -42,7 +43,7 @@ def timeRunCmd(arg):
         print("\n".join(log))
 
 # check we can access all files we are about to update
-for file in default_yamls + silently_ignored + no_policy:
+for file in default_yamls + incomplete_init + silently_ignored + no_policy:
     filepath = os.path.join(file_base_path, file)
     if not os.path.exists(filepath):
         sys.exit(f"filepath does not exists: {filepath}")
@@ -65,7 +66,7 @@ def timeRunCmd(arg):
 with concurrent.futures.ThreadPoolExecutor(max_workers=os.cpu_count()) as executor:
     futures = []
 
-    for file in default_yamls + no_policy + needs_containerd_pull:
+    for file in default_yamls + incomplete_init + no_policy + needs_containerd_pull:
         rego_file = "/tmp/" + Path(os.path.basename(file)).stem + "-rego.txt"
         cmd = f"{genpolicy_path} -r -d -u -y {os.path.join(file_base_path, file)} > {rego_file}"
         futures.append(executor.submit(timeRunCmd, cmd))