mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 17:37:12 +00:00
Code Activity
kyverno/test/conformance/chainsaw/exceptions/multiple-exceptions/README.md

19 lines
823 B
Markdown
Raw Normal View History

fix: return all the exceptions that match the incoming resource (#10722) * fix: return all the exceptions that match the incoming resource Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: modify log messages Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2024-07-25 20:36:19 +03:00
## Description
This test creates two policy exceptions that match the same policy. It is expected that the pod that satisfies both exceptions will be created successfully.
## Expected Behavior
1. Create a policy that applies the baseline profile.
2. Create two exceptions as follows:
- The first exception `exception-baseline` that exempts the whole pod from the baseline profile.
- The second exception `init-exception-baseline` allows the values of `SYS_TIME` capabilities in the init containers.
3. Create a pod with two init containers. The first init container should have the `NET_ADMIN` and `NET_RAW` capabilities, and the second init container should have the `SYS_TIME` capability. It is expected that the pod will be created successfully as it matches both exceptions.
## Reference Issue(s)
#10580
Copy permalink