kyverno/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-pod-security-rule/chainsaw-test.yaml

apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  creationTimestamp: null
  name: invalid-pod-security-rule
spec:
  steps:
  - name: Apply the first policy
    try:
    - script:
        content: kubectl apply -f policy-1.yaml
        check:
          ($error != null): true
          # This check ensures the contents of stderr are exactly as shown.  
          ($stderr): |-
            Error from server: error when creating "policy-1.yaml": admission webhook "validate-policy.kyverno.svc" denied the request: spec.rules[0].podSecurity.exclude[0].values: Forbidden: values is required
  - name: Apply the second policy
    try:
    - script:
        content: kubectl apply -f policy-2.yaml
        check:
          ($error != null): true
          # This check ensures the contents of stderr are exactly as shown.  
          ($stderr): |-
            Error from server: error when creating "policy-2.yaml": admission webhook "validate-policy.kyverno.svc" denied the request: spec.rules[0].podSecurity.exclude[0].restrictedField: Forbidden: restrictedField is required
fix: add validation check for podSecurity subrule (#9770) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-02-23 09:16:53 +02:00			`apiVersion: chainsaw.kyverno.io/v1alpha1`
			`kind: Test`
			`metadata:`
			`creationTimestamp: null`
			`name: invalid-pod-security-rule`
			`spec:`
			`steps:`
			`- name: Apply the first policy`
			`try:`
			`- script:`
			`content: kubectl apply -f policy-1.yaml`
			`check:`
fix: add podSecurity validation checks for exceptions (#9817) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-02-28 10:21:10 +02:00			`($error != null): true`
			`# This check ensures the contents of stderr are exactly as shown.`
			`($stderr): \|-`
			`Error from server: error when creating "policy-1.yaml": admission webhook "validate-policy.kyverno.svc" denied the request: spec.rules[0].podSecurity.exclude[0].values: Forbidden: values is required`
fix: add validation check for podSecurity subrule (#9770) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-02-23 09:16:53 +02:00			`- name: Apply the second policy`
			`try:`
			`- script:`
			`content: kubectl apply -f policy-2.yaml`
			`check:`
fix: add podSecurity validation checks for exceptions (#9817) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-02-28 10:21:10 +02:00			`($error != null): true`
			`# This check ensures the contents of stderr are exactly as shown.`
			`($stderr): \|-`
			`Error from server: error when creating "policy-2.yaml": admission webhook "validate-policy.kyverno.svc" denied the request: spec.rules[0].podSecurity.exclude[0].restrictedField: Forbidden: restrictedField is required`