kyverno/test/conformance/chainsaw/validate/e2e/yaml-signing/policy.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: validate-resources
spec:
  validationFailureAction: Enforce
  background: false
  rules:
    - name: validate-resources
      match:
        any:
        - resources:
            kinds:
              - Deployment
              - Pod
            name: test*
      exclude:
        any:
        - resources:
            kinds:
              - Pod
          subjects:
          - kind: ServiceAccount
            namespace: kube-system
            name: replicaset-controller
        - resources:
            kinds:
              - ReplicaSet
          subjects:
          - kind: ServiceAccount
            namespace: kube-system
            name: deployment-controller
      validate:
        manifests:
          attestors:
          - entries:
            - keys: 
                publicKeys:  |-
                  -----BEGIN PUBLIC KEY-----
                  MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyQfmL5YwHbn9xrrgG3vgbU0KJxMY
                  BibYLJ5L4VSMvGxeMLnBGdM48w5IE//6idUPj3rscigFdHs7GDMH4LLAng==
                  -----END PUBLIC KEY-----
                rekor:
                  url: https://rekor.sigstore.dev
                  ignoreTlog: true
                ctlog:
                  ignoreSCT: true
  webhookConfiguration:
    timeoutSeconds: 30
    failurePolicy: Fail
chore: all chainsaw tests (#9011) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> 2023-11-24 11:17:58 +01:00			`apiVersion: kyverno.io/v1`
			`kind: ClusterPolicy`
			`metadata:`
			`name: validate-resources`
			`spec:`
			`validationFailureAction: Enforce`
			`background: false`
			`rules:`
			`- name: validate-resources`
			`match:`
			`any:`
			`- resources:`
			`kinds:`
			`- Deployment`
			`- Pod`
			`name: test*`
			`exclude:`
			`any:`
			`- resources:`
			`kinds:`
			`- Pod`
			`subjects:`
			`- kind: ServiceAccount`
			`namespace: kube-system`
			`name: replicaset-controller`
			`- resources:`
			`kinds:`
			`- ReplicaSet`
			`subjects:`
			`- kind: ServiceAccount`
			`namespace: kube-system`
			`name: deployment-controller`
			`validate:`
			`manifests:`
			`attestors:`
			`- entries:`
			`- keys:`
			`publicKeys: \|-`
			`-----BEGIN PUBLIC KEY-----`
			`MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyQfmL5YwHbn9xrrgG3vgbU0KJxMY`
			`BibYLJ5L4VSMvGxeMLnBGdM48w5IE//6idUPj3rscigFdHs7GDMH4LLAng==`
			`-----END PUBLIC KEY-----`
			`rekor:`
			`url: https://rekor.sigstore.dev`
			`ignoreTlog: true`
			`ctlog:`
			`ignoreSCT: true`
chore: add tests that use spec.webhookConfiguration (#10526) * chore: add tests that use spec.webhookConfiguration Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> 2024-06-24 20:40:50 +07:00			`webhookConfiguration:`
			`timeoutSeconds: 30`
			`failurePolicy: Fail`