kyverno/test/conformance/chainsaw/exceptions/psa-run-as-non-root/chainsaw-test.yaml

apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  name: psa-run-as-non-root
spec:
  steps:
  - name: create policy
    use:
      template: ../../_step-templates/create-policy.yaml
      with:
        bindings:
        - name: file
          value: policy.yaml
  - name: wait policy ready
    use:
      template: ../../_step-templates/cluster-policy-ready.yaml
      with:
        bindings:
        - name: name
          value: psp-restricted-limited
  - name: step-02
    try:
    - apply:
        file: exception.yaml
  - name: step-03
    try:
    - script:
        content: kubectl apply -f bad-pod-01.yaml
        check:
          ($error != null): true
          (contains($stderr, 'spec.containers[0].securityContext.runAsNonRoot')): true
  - name: step-04
    try:
    - script:
        content: kubectl apply -f bad-pod-02.yaml
        check:
          ($error != null): true
          (contains($stderr, 'spec.containers[0].securityContext.runAsNonRoot')): true
  - name: step-05
    try:
    - apply:
        file: good-pod.yaml
feat add chainsaw tests for pod security and exceptions (#10664) * feat add chainsaw tests for pod security and exceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: enable ProcMountType in the kind config Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-07-16 15:14:47 +03:00			`apiVersion: chainsaw.kyverno.io/v1alpha1`
			`kind: Test`
			`metadata:`
			`name: psa-run-as-non-root`
			`spec:`
			`steps:`
chore: use more chainsaw step templates (#11311) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2024-10-03 13:56:30 +02:00			`- name: create policy`
			`use:`
			`template: ../../_step-templates/create-policy.yaml`
			`with:`
			`bindings:`
			`- name: file`
			`value: policy.yaml`
			`- name: wait policy ready`
			`use:`
			`template: ../../_step-templates/cluster-policy-ready.yaml`
			`with:`
			`bindings:`
			`- name: name`
			`value: psp-restricted-limited`
feat add chainsaw tests for pod security and exceptions (#10664) * feat add chainsaw tests for pod security and exceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: enable ProcMountType in the kind config Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-07-16 15:14:47 +03:00			`- name: step-02`
			`try:`
			`- apply:`
			`file: exception.yaml`
			`- name: step-03`
			`try:`
			`- script:`
			`content: kubectl apply -f bad-pod-01.yaml`
			`check:`
			`($error != null): true`
			`(contains($stderr, 'spec.containers[0].securityContext.runAsNonRoot')): true`
			`- name: step-04`
			`try:`
			`- script:`
			`content: kubectl apply -f bad-pod-02.yaml`
			`check:`
			`($error != null): true`
			`(contains($stderr, 'spec.containers[0].securityContext.runAsNonRoot')): true`
			`- name: step-05`
			`try:`
			`- apply:`
			`file: good-pod.yaml`