Add integration tests

[ereslibre]

• ClusterAdmissionPolicy
  • (T) Without setting a policy server, the policy is set to unscheduled state
  • When setting a policy server
    • (T) The policy is set to pending state if the bound policy server exists
    • (T) The policy is set to scheduled if the bound policy server does not exist
    • (T) The policy transitions from scheduled to pending if the policy was bound to a nonexistant policy server initially, but the policy server was created afterwards
    • (T) The policy transitions eventually to active if the policy server exists
  • Modifying the bound policy server ConfigMap alters the status of the policy (observed state of the world)
    • Mode of the policy: monitor, protect is set to what is observed on the ConfigMap
    • Conditions transition:
    • (T) PolicyServerConfigurationUpToDate goes through False (with ConfigurationVersionMismatch reason) to True (with ConfigurationVersionMatch reason).
    • (T) PolicyUniquelyReachable goes through False (with LatestReplicaSetIsNotUniquelyReachable reason) to True (with LatestReplicaSetIsUniquelyReachable reason)
  • (T) If the policy server cannot be found, delete the policy if it's undeleted and its status is active or pending -- this means that the policy server had to exist, but does not anymore.
  • (T) If the policy server can be found, it's deleted and the policy status is active: the policy is deleted
• AdmissionPolicy
  • (T) Without setting a policy server, the policy is set to unscheduled state
  • When setting a policy server
    • (T) The policy is set to pending state if the bound policy server exists
    • (T) The policy is set to scheduled if the bound policy server does not exist
    • (T) The policy transitions from scheduled to pending if the policy was bound to a nonexistant policy server initially, but the policy server was created afterwards
    • (T) The policy transitions eventually to active if the policy server exists
  • Modifying the bound policy server ConfigMap alters the status of the policy (observed state of the world)
    • Mode of the policy: monitor, protect is set to what is observed on the ConfigMap
    • Conditions transition:
    • (T) PolicyServerConfigurationUpToDate goes through False (with ConfigurationVersionMismatch reason) to True (with ConfigurationVersionMatch reason).
    • (T) PolicyUniquelyReachable goes through False (with LatestReplicaSetIsNotUniquelyReachable reason) to True (with LatestReplicaSetIsUniquelyReachable reason)
  • (T) If the policy server cannot be found, delete the policy if it's undeleted and its status is active or pending -- this means that the policy server had to exist, but does not anymore.
  • (T) If the policy server can be found, it's deleted and the policy status is active: the policy is deleted
• PolicyServer
  • Remove policy server
  • (T) Deleted policy server with no assigned policies -> finalizer is removed
  • With assigned policies
    • All assigned policies are deleted
    • (T) ClusterAdmissionPolicy and (T) AdmissionPolicy
    • (T) Eventually, no policies are bound to it -> removal (the finalizer is removed)

[ereslibre]

(T) The policy transitions eventually to active if the policy server exists

These tests will be an end to end test, given that integration tests don't have the controller-manager.

[ereslibre]

Modifying the bound policy server ConfigMap alters the status of the policy (observed state of the world)

We have agreed that modifying the ConfigMap is not a big deal, given that we will be overriding it over and over with our own controller, so no need to watch for manual changes on the ConfigMap during regular operation.

[ereslibre]

Implemented by https://github.com/kubewarden/kubewarden-controller/pull/175