mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

chore: use more chainsaw step templates (#11303)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2024-10-03 11:57:40 +02:00 committed by GitHub
parent 6870d8fdf8
commit 12d5223d56
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
43 changed files with 361 additions and 402 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/chainsaw-test.yaml
View file

@ -10,14 +10,20 @@ spec:
file: ns.yaml
- assert:
file: ns.yaml
- name: step-02
try:
- apply:
file: policy.yaml
- assert:
file: policy-assert.yaml
- sleep:
duration: 3s
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy.yaml
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: cpol-fine-grained-match-conditions-disallow-latest-image-tag
- name: step-03
try:
- command:

9
test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/policy-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: cpol-fine-grained-match-conditions-disallow-latest-image-tag
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

1
test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/policy.yaml
View file

@ -1,4 +1,3 @@
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:

22
test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/chainsaw-test.yaml
View file

@ -10,14 +10,20 @@ spec:
file: ns.yaml
- assert:
file: ns.yaml
- name: step-02
try:
- apply:
file: policy.yaml
- assert:
file: policy-assert.yaml
- sleep:
duration: 3s
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy.yaml
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: cpol-fine-grained-match-conditions-pass
- name: step-03
try:
- command:

9
test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/policy-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: cpol-fine-grained-match-conditions-pass
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

1
test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/policy.yaml
View file

@ -1,4 +1,3 @@
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:

20
test/conformance/chainsaw/webhook-configurations/match-conditions-standard/chainsaw-test.yaml
View file

@ -16,12 +16,20 @@ spec:
file: pod.yaml
- assert:
file: pod.yaml
- name: step-02
try:
- apply:
file: policy.yaml
- assert:
file: policy-assert.yaml
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy.yaml
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: cpol-match-conditions-standard
- name: step-03
try:
- assert:

9
test/conformance/chainsaw/webhook-configurations/match-conditions-standard/policy-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: cpol-match-conditions-standard
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

20
test/conformance/chainsaw/webhook-configurations/match-conditions-userinfo/chainsaw-test.yaml
View file

@ -16,12 +16,20 @@ spec:
file: pod.yaml
- assert:
file: pod.yaml
- name: step-02
try:
- apply:
file: policy.yaml
- assert:
file: policy-assert.yaml
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy.yaml
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: cpol-match-conditions-userinfo
- name: step-03
try:
- error:

9
test/conformance/chainsaw/webhook-configurations/match-conditions-userinfo/policy-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: cpol-match-conditions-userinfo
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

20
test/conformance/chainsaw/webhook-configurations/webhook-registeration/chainsaw-test.yaml
View file

@ -4,12 +4,20 @@ metadata:
name: webhook-registeration
spec:
steps:
- name: step-01
try:
- apply:
file: policy.yaml
- assert:
file: policy-assert.yaml
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy.yaml
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: cpol-fine-grained-match-conditions-disallow-latest-image-tag-1
- name: step-02
try:
- assert:

9
test/conformance/chainsaw/webhook-configurations/webhook-registeration/policy-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: cpol-fine-grained-match-conditions-disallow-latest-image-tag-1
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

40
test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/chainsaw-test.yaml
View file

@ -5,22 +5,38 @@ metadata:
name: dyn-op-validate-and-mutate
spec:
steps:
- name: step-01
try:
- apply:
file: policy-01.yaml
- assert:
file: policy-assert1.yaml
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy-01.yaml
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: require-labels
- name: step-02
try:
- assert:
file: webhooks-02.yaml
- name: step-03
try:
- apply:
file: policy-03.yaml
- assert:
file: policy-assert2.yaml
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy-03.yaml
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: add-apparmor-annotations
- name: step-04
try:
- assert:

9
test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/policy-assert1.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-labels
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

9
test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/policy-assert2.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: add-apparmor-annotations
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

27
test/conformance/chainsaw/webhooks/dyn-op-validate-multiple/chainsaw-test.yaml
View file

@ -5,12 +5,27 @@ metadata:
name: dyn-op-validate-multiple
spec:
steps:
- name: step-01
try:
- apply:
file: policy.yaml
- assert:
file: policy-assert.yaml
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy.yaml
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: require-labels
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: require-match
- name: step-02
try:
- assert:

9
test/conformance/chainsaw/webhooks/dyn-op-validate-multiple/policy-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-labels
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

33
test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/chainsaw-test.yaml
View file

@ -4,18 +4,27 @@ metadata:
name: policy-clusterpolicy-different-resource-group
spec:
steps:
- name: step-01
try:
- apply:
file: policy-1.yaml
- assert:
file: policy-1-assert.yaml
- name: step-2
try:
- apply:
file: policy-2.yaml
- assert:
file: policy-2-assert.yaml
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy.yaml
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: policy-1
- name: wait policy ready
use:
template: ../../_step-templates/policy-ready.yaml
with:
bindings:
- name: name
value: policy-2
- name: step-3
try:
- assert:

9
test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-1-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: policy-1
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

9
test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-2-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: policy-2
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

22
test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-2.yaml
View file

@ -1,22 +0,0 @@
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: policy-2
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: require-team
match:
any:
- resources:
kinds:
- 'ConfigMap'
validate:
failureAction: Audit
message: 'The label `team` is required.'
pattern:
metadata:
labels:
team: '?*'

23
test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-1.yaml → test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy.yaml
View file

@ -20,3 +20,26 @@ spec:
metadata:
labels:
team: '?*'
---
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: policy-2
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: require-team
match:
any:
- resources:
kinds:
- 'ConfigMap'
validate:
failureAction: Audit
message: 'The label `team` is required.'
pattern:
metadata:
labels:
team: '?*'

31
test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/chainsaw-test.yaml
View file

@ -4,16 +4,27 @@ metadata:
name: policy-clusterpolicy-namespaced-resources
spec:
steps:
- name: step-01
try:
- apply:
file: policy.yaml
- apply:
file: clusterpolicy.yaml
- assert:
file: policy-assert.yaml
- assert:
file: clusterpolicy-assert.yaml
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy.yaml
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: require-labels
- name: wait policy ready
use:
template: ../../_step-templates/policy-ready.yaml
with:
bindings:
- name: name
value: require-labels
- name: step-02
try:
- assert:

9
test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/clusterpolicy-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-labels
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

22
test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/clusterpolicy.yaml
View file

@ -1,22 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-labels
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: require-team
match:
any:
- resources:
kinds:
- 'ConfigMap'
validate:
failureAction: Audit
message: 'The label `team` is required.'
pattern:
metadata:
labels:
team: '?*'

9
test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/policy-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: require-labels
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

23
test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/policy.yaml
View file

@ -1,4 +1,27 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-labels
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: require-team
match:
any:
- resources:
kinds:
- 'ConfigMap'
validate:
failureAction: Audit
message: 'The label `team` is required.'
pattern:
metadata:
labels:
team: '?*'
---
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: require-labels

31
test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/chainsaw-test.yaml
View file

@ -4,16 +4,27 @@ metadata:
name: policy-clusterpolicy-same-resource
spec:
steps:
- name: step-01
try:
- apply:
file: policy.yaml
- apply:
file: clusterpolicy.yaml
- assert:
file: policy-assert.yaml
- assert:
file: clusterpolicy-assert.yaml
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy.yaml
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: require-labels
- name: wait policy ready
use:
template: ../../_step-templates/policy-ready.yaml
with:
bindings:
- name: name
value: require-labels
- name: step-02
try:
- assert:

9
test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/clusterpolicy-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-labels
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

22
test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/clusterpolicy.yaml
View file

@ -1,22 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-labels
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: require-team
match:
any:
- resources:
kinds:
- 'ConfigMap'
validate:
failureAction: Audit
message: 'The label `team` is required.'
pattern:
metadata:
labels:
team: '?*'

9
test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/policy-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: require-labels
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

23
test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/policy.yaml
View file

@ -20,3 +20,26 @@ spec:
metadata:
labels:
team: '?*'
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-labels
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: require-team
match:
any:
- resources:
kinds:
- 'ConfigMap'
validate:
failureAction: Audit
message: 'The label `team` is required.'
pattern:
metadata:
labels:
team: '?*'

31
test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/chainsaw-test.yaml
View file

@ -4,16 +4,27 @@ metadata:
name: policy-clusterpolicy-wildcard-resource
spec:
steps:
- name: step-01
try:
- apply:
file: policy.yaml
- apply:
file: clusterpolicy.yaml
- assert:
file: policy-assert.yaml
- assert:
file: clusterpolicy-assert.yaml
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy.yaml
- name: wait policy ready
use:
template: ../../_step-templates/cluster-policy-ready.yaml
with:
bindings:
- name: name
value: require-labels
- name: wait policy ready
use:
template: ../../_step-templates/policy-ready.yaml
with:
bindings:
- name: name
value: require-labels
- name: step-02
try:
- assert:

9
test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/clusterpolicy-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-labels
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

22
test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/clusterpolicy.yaml
View file

@ -1,22 +0,0 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-labels
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: require-team
match:
any:
- resources:
kinds:
- '*'
validate:
failureAction: Audit
message: 'The label `team` is required.'
pattern:
metadata:
labels:
team: '?*'

9
test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/policy-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: require-labels
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

23
test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/policy.yaml
View file

@ -20,3 +20,26 @@ spec:
metadata:
labels:
team: '?*'
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-labels
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: require-team
match:
any:
- resources:
kinds:
- '*'
validate:
failureAction: Audit
message: 'The label `team` is required.'
pattern:
metadata:
labels:
team: '?*'

33
test/conformance/chainsaw/webhooks/policy-different-resource-group/chainsaw-test.yaml
View file

@ -4,18 +4,27 @@ metadata:
name: policy-different-resource-group
spec:
steps:
- name: step-01
try:
- apply:
file: policy-1.yaml
- assert:
file: policy-1-assert.yaml
- name: step-2
try:
- apply:
file: policy-2.yaml
- assert:
file: policy-2-assert.yaml
- name: create policy
use:
template: ../../_step-templates/create-policy.yaml
with:
bindings:
- name: file
value: policy.yaml
- name: wait policy ready
use:
template: ../../_step-templates/policy-ready.yaml
with:
bindings:
- name: name
value: policy-1
- name: wait policy ready
use:
template: ../../_step-templates/policy-ready.yaml
with:
bindings:
- name: name
value: policy-2
- name: step-3
try:
- assert:

9
test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-1-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: policy-1
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

22
test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-1.yaml
View file

@ -1,22 +0,0 @@
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: policy-1
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: require-team
match:
any:
- resources:
kinds:
- 'Deployment'
validate:
failureAction: Audit
message: 'The label `team` is required.'
pattern:
metadata:
labels:
team: '?*'

9
test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-2-assert.yaml
View file

@ -1,9 +0,0 @@
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: policy-2
status:
conditions:
- reason: Succeeded
status: "True"
type: Ready

22
test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-2.yaml
View file

@ -1,22 +0,0 @@
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: policy-2
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: require-team
match:
any:
- resources:
kinds:
- 'ConfigMap'
validate:
failureAction: Audit
message: 'The label `team` is required.'
pattern:
metadata:
labels:
team: '?*'

45
test/conformance/chainsaw/webhooks/policy-different-resource-group/policy.yaml Normal file
View file

@ -0,0 +1,45 @@
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: policy-1
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: require-team
match:
any:
- resources:
kinds:
- 'Deployment'
validate:
failureAction: Audit
message: 'The label `team` is required.'
pattern:
metadata:
labels:
team: '?*'
---
apiVersion: kyverno.io/v1
kind: Policy
metadata:
name: policy-2
annotations:
pod-policies.kyverno.io/autogen-controllers: none
spec:
background: false
rules:
- name: require-team
match:
any:
- resources:
kinds:
- 'ConfigMap'
validate:
failureAction: Audit
message: 'The label `team` is required.'
pattern:
metadata:
labels:
team: '?*'