From 12d5223d5636575273742631d99a1fb7446d4576 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Thu, 3 Oct 2024 11:57:40 +0200 Subject: [PATCH] chore: use more chainsaw step templates (#11303) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- .../chainsaw-test.yaml | 22 +++++---- .../policy-assert.yaml | 9 ---- .../cpol-match-conditions-block/policy.yaml | 1 - .../chainsaw-test.yaml | 22 +++++---- .../policy-assert.yaml | 9 ---- .../cpol-match-conditions-pass/policy.yaml | 1 - .../chainsaw-test.yaml | 20 ++++++--- .../policy-assert.yaml | 9 ---- .../chainsaw-test.yaml | 20 ++++++--- .../policy-assert.yaml | 9 ---- .../webhook-registeration/chainsaw-test.yaml | 20 ++++++--- .../webhook-registeration/policy-assert.yaml | 9 ---- .../chainsaw-test.yaml | 40 ++++++++++++----- .../policy-assert1.yaml | 9 ---- .../policy-assert2.yaml | 9 ---- .../chainsaw-test.yaml | 27 ++++++++--- .../policy-assert.yaml | 9 ---- .../chainsaw-test.yaml | 33 +++++++++----- .../policy-1-assert.yaml | 9 ---- .../policy-2-assert.yaml | 9 ---- .../policy-2.yaml | 22 --------- .../{policy-1.yaml => policy.yaml} | 23 ++++++++++ .../chainsaw-test.yaml | 31 ++++++++----- .../clusterpolicy-assert.yaml | 9 ---- .../clusterpolicy.yaml | 22 --------- .../policy-assert.yaml | 9 ---- .../policy.yaml | 23 ++++++++++ .../chainsaw-test.yaml | 31 ++++++++----- .../clusterpolicy-assert.yaml | 9 ---- .../clusterpolicy.yaml | 22 --------- .../policy-assert.yaml | 9 ---- .../policy.yaml | 23 ++++++++++ .../chainsaw-test.yaml | 31 ++++++++----- .../clusterpolicy-assert.yaml | 9 ---- .../clusterpolicy.yaml | 22 --------- .../policy-assert.yaml | 9 ---- .../policy.yaml | 23 ++++++++++ .../chainsaw-test.yaml | 33 +++++++++----- .../policy-1-assert.yaml | 9 ---- .../policy-1.yaml | 22 --------- .../policy-2-assert.yaml | 9 ---- .../policy-2.yaml | 22 --------- .../policy.yaml | 45 +++++++++++++++++++ 43 files changed, 361 insertions(+), 402 deletions(-) delete mode 100644 test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/policy-assert.yaml delete mode 100644 test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/policy-assert.yaml delete mode 100644 test/conformance/chainsaw/webhook-configurations/match-conditions-standard/policy-assert.yaml delete mode 100644 test/conformance/chainsaw/webhook-configurations/match-conditions-userinfo/policy-assert.yaml delete mode 100644 test/conformance/chainsaw/webhook-configurations/webhook-registeration/policy-assert.yaml delete mode 100644 test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/policy-assert1.yaml delete mode 100644 test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/policy-assert2.yaml delete mode 100644 test/conformance/chainsaw/webhooks/dyn-op-validate-multiple/policy-assert.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-1-assert.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-2-assert.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-2.yaml rename test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/{policy-1.yaml => policy.yaml} (50%) delete mode 100644 test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/clusterpolicy-assert.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/clusterpolicy.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/policy-assert.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/clusterpolicy-assert.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/clusterpolicy.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/policy-assert.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/clusterpolicy-assert.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/clusterpolicy.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/policy-assert.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-1-assert.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-1.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-2-assert.yaml delete mode 100644 test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-2.yaml create mode 100644 test/conformance/chainsaw/webhooks/policy-different-resource-group/policy.yaml diff --git a/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/chainsaw-test.yaml b/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/chainsaw-test.yaml index c82aa56d0f..c2dc5cb23a 100755 --- a/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/chainsaw-test.yaml +++ b/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/chainsaw-test.yaml @@ -10,14 +10,20 @@ spec: file: ns.yaml - assert: file: ns.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml - - sleep: - duration: 3s + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: cpol-fine-grained-match-conditions-disallow-latest-image-tag - name: step-03 try: - command: diff --git a/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/policy-assert.yaml b/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/policy-assert.yaml deleted file mode 100644 index 8ea8e16ed5..0000000000 --- a/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-fine-grained-match-conditions-disallow-latest-image-tag -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/policy.yaml b/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/policy.yaml index 2575ab10d8..20e292e009 100644 --- a/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/policy.yaml +++ b/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-block/policy.yaml @@ -1,4 +1,3 @@ ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: diff --git a/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/chainsaw-test.yaml b/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/chainsaw-test.yaml index d2e461e083..bb23ba9541 100755 --- a/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/chainsaw-test.yaml +++ b/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/chainsaw-test.yaml @@ -10,14 +10,20 @@ spec: file: ns.yaml - assert: file: ns.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml - - sleep: - duration: 3s + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: cpol-fine-grained-match-conditions-pass - name: step-03 try: - command: diff --git a/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/policy-assert.yaml b/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/policy-assert.yaml deleted file mode 100644 index a8ed9a3a29..0000000000 --- a/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-fine-grained-match-conditions-pass -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/policy.yaml b/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/policy.yaml index 31fa9793a8..abf28a5c1d 100644 --- a/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/policy.yaml +++ b/test/conformance/chainsaw/webhook-configurations/cpol-match-conditions-pass/policy.yaml @@ -1,4 +1,3 @@ ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: diff --git a/test/conformance/chainsaw/webhook-configurations/match-conditions-standard/chainsaw-test.yaml b/test/conformance/chainsaw/webhook-configurations/match-conditions-standard/chainsaw-test.yaml index 2c37bb0fbc..8094857e4a 100755 --- a/test/conformance/chainsaw/webhook-configurations/match-conditions-standard/chainsaw-test.yaml +++ b/test/conformance/chainsaw/webhook-configurations/match-conditions-standard/chainsaw-test.yaml @@ -16,12 +16,20 @@ spec: file: pod.yaml - assert: file: pod.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: cpol-match-conditions-standard - name: step-03 try: - assert: diff --git a/test/conformance/chainsaw/webhook-configurations/match-conditions-standard/policy-assert.yaml b/test/conformance/chainsaw/webhook-configurations/match-conditions-standard/policy-assert.yaml deleted file mode 100644 index 6ac985a337..0000000000 --- a/test/conformance/chainsaw/webhook-configurations/match-conditions-standard/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-match-conditions-standard -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhook-configurations/match-conditions-userinfo/chainsaw-test.yaml b/test/conformance/chainsaw/webhook-configurations/match-conditions-userinfo/chainsaw-test.yaml index 4ec34fa241..06c479fa18 100755 --- a/test/conformance/chainsaw/webhook-configurations/match-conditions-userinfo/chainsaw-test.yaml +++ b/test/conformance/chainsaw/webhook-configurations/match-conditions-userinfo/chainsaw-test.yaml @@ -16,12 +16,20 @@ spec: file: pod.yaml - assert: file: pod.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: cpol-match-conditions-userinfo - name: step-03 try: - error: diff --git a/test/conformance/chainsaw/webhook-configurations/match-conditions-userinfo/policy-assert.yaml b/test/conformance/chainsaw/webhook-configurations/match-conditions-userinfo/policy-assert.yaml deleted file mode 100644 index 51dd9a74bf..0000000000 --- a/test/conformance/chainsaw/webhook-configurations/match-conditions-userinfo/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-match-conditions-userinfo -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhook-configurations/webhook-registeration/chainsaw-test.yaml b/test/conformance/chainsaw/webhook-configurations/webhook-registeration/chainsaw-test.yaml index 0547dd9d06..c529549293 100755 --- a/test/conformance/chainsaw/webhook-configurations/webhook-registeration/chainsaw-test.yaml +++ b/test/conformance/chainsaw/webhook-configurations/webhook-registeration/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: webhook-registeration spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: cpol-fine-grained-match-conditions-disallow-latest-image-tag-1 - name: step-02 try: - assert: diff --git a/test/conformance/chainsaw/webhook-configurations/webhook-registeration/policy-assert.yaml b/test/conformance/chainsaw/webhook-configurations/webhook-registeration/policy-assert.yaml deleted file mode 100644 index 3e6f6d6c70..0000000000 --- a/test/conformance/chainsaw/webhook-configurations/webhook-registeration/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-fine-grained-match-conditions-disallow-latest-image-tag-1 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/chainsaw-test.yaml b/test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/chainsaw-test.yaml index 3cae771418..3d387d8a9e 100644 --- a/test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/chainsaw-test.yaml +++ b/test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/chainsaw-test.yaml @@ -5,22 +5,38 @@ metadata: name: dyn-op-validate-and-mutate spec: steps: - - name: step-01 - try: - - apply: - file: policy-01.yaml - - assert: - file: policy-assert1.yaml + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy-01.yaml + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-labels - name: step-02 try: - assert: file: webhooks-02.yaml - - name: step-03 - try: - - apply: - file: policy-03.yaml - - assert: - file: policy-assert2.yaml + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy-03.yaml + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: add-apparmor-annotations - name: step-04 try: - assert: diff --git a/test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/policy-assert1.yaml b/test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/policy-assert1.yaml deleted file mode 100644 index 2993bbaa6e..0000000000 --- a/test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/policy-assert1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/policy-assert2.yaml b/test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/policy-assert2.yaml deleted file mode 100644 index 0585d4d294..0000000000 --- a/test/conformance/chainsaw/webhooks/dyn-op-validate-and-mutate/policy-assert2.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: add-apparmor-annotations -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/dyn-op-validate-multiple/chainsaw-test.yaml b/test/conformance/chainsaw/webhooks/dyn-op-validate-multiple/chainsaw-test.yaml index b23a3ef2ae..b438c456eb 100644 --- a/test/conformance/chainsaw/webhooks/dyn-op-validate-multiple/chainsaw-test.yaml +++ b/test/conformance/chainsaw/webhooks/dyn-op-validate-multiple/chainsaw-test.yaml @@ -5,12 +5,27 @@ metadata: name: dyn-op-validate-multiple spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-labels + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-match - name: step-02 try: - assert: diff --git a/test/conformance/chainsaw/webhooks/dyn-op-validate-multiple/policy-assert.yaml b/test/conformance/chainsaw/webhooks/dyn-op-validate-multiple/policy-assert.yaml deleted file mode 100644 index 2993bbaa6e..0000000000 --- a/test/conformance/chainsaw/webhooks/dyn-op-validate-multiple/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/chainsaw-test.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/chainsaw-test.yaml index 08d5594c02..bdd6c6f26f 100755 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/chainsaw-test.yaml +++ b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/chainsaw-test.yaml @@ -4,18 +4,27 @@ metadata: name: policy-clusterpolicy-different-resource-group spec: steps: - - name: step-01 - try: - - apply: - file: policy-1.yaml - - assert: - file: policy-1-assert.yaml - - name: step-2 - try: - - apply: - file: policy-2.yaml - - assert: - file: policy-2-assert.yaml + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: policy-1 + - name: wait policy ready + use: + template: ../../_step-templates/policy-ready.yaml + with: + bindings: + - name: name + value: policy-2 - name: step-3 try: - assert: diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-1-assert.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-1-assert.yaml deleted file mode 100644 index 98aa12fc39..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-1-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: policy-1 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-2-assert.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-2-assert.yaml deleted file mode 100644 index 56e180daeb..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-2-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: policy-2 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-2.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-2.yaml deleted file mode 100644 index c2450df56a..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-2.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: policy-2 - annotations: - pod-policies.kyverno.io/autogen-controllers: none -spec: - background: false - rules: - - name: require-team - match: - any: - - resources: - kinds: - - 'ConfigMap' - validate: - failureAction: Audit - message: 'The label `team` is required.' - pattern: - metadata: - labels: - team: '?*' diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-1.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy.yaml similarity index 50% rename from test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-1.yaml rename to test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy.yaml index 437b85f889..95fcd47fae 100644 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy-1.yaml +++ b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-different-resource-group/policy.yaml @@ -20,3 +20,26 @@ spec: metadata: labels: team: '?*' +--- +apiVersion: kyverno.io/v1 +kind: Policy +metadata: + name: policy-2 + annotations: + pod-policies.kyverno.io/autogen-controllers: none +spec: + background: false + rules: + - name: require-team + match: + any: + - resources: + kinds: + - 'ConfigMap' + validate: + failureAction: Audit + message: 'The label `team` is required.' + pattern: + metadata: + labels: + team: '?*' diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/chainsaw-test.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/chainsaw-test.yaml index 91e86797a7..76b37bfe1c 100755 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/chainsaw-test.yaml +++ b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/chainsaw-test.yaml @@ -4,16 +4,27 @@ metadata: name: policy-clusterpolicy-namespaced-resources spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - apply: - file: clusterpolicy.yaml - - assert: - file: policy-assert.yaml - - assert: - file: clusterpolicy-assert.yaml + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-labels + - name: wait policy ready + use: + template: ../../_step-templates/policy-ready.yaml + with: + bindings: + - name: name + value: require-labels - name: step-02 try: - assert: diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/clusterpolicy-assert.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/clusterpolicy-assert.yaml deleted file mode 100644 index 2993bbaa6e..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/clusterpolicy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/clusterpolicy.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/clusterpolicy.yaml deleted file mode 100644 index 6692140693..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/clusterpolicy.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-labels - annotations: - pod-policies.kyverno.io/autogen-controllers: none -spec: - background: false - rules: - - name: require-team - match: - any: - - resources: - kinds: - - 'ConfigMap' - validate: - failureAction: Audit - message: 'The label `team` is required.' - pattern: - metadata: - labels: - team: '?*' diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/policy-assert.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/policy-assert.yaml deleted file mode 100644 index bc25d0fdf8..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: require-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/policy.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/policy.yaml index c690299f98..2249fe1678 100644 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/policy.yaml +++ b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-namespaced-resources/policy.yaml @@ -1,4 +1,27 @@ apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: require-labels + annotations: + pod-policies.kyverno.io/autogen-controllers: none +spec: + background: false + rules: + - name: require-team + match: + any: + - resources: + kinds: + - 'ConfigMap' + validate: + failureAction: Audit + message: 'The label `team` is required.' + pattern: + metadata: + labels: + team: '?*' +--- +apiVersion: kyverno.io/v1 kind: Policy metadata: name: require-labels diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/chainsaw-test.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/chainsaw-test.yaml index c958ba284f..96e92ac9bb 100755 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/chainsaw-test.yaml +++ b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/chainsaw-test.yaml @@ -4,16 +4,27 @@ metadata: name: policy-clusterpolicy-same-resource spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - apply: - file: clusterpolicy.yaml - - assert: - file: policy-assert.yaml - - assert: - file: clusterpolicy-assert.yaml + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-labels + - name: wait policy ready + use: + template: ../../_step-templates/policy-ready.yaml + with: + bindings: + - name: name + value: require-labels - name: step-02 try: - assert: diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/clusterpolicy-assert.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/clusterpolicy-assert.yaml deleted file mode 100644 index 2993bbaa6e..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/clusterpolicy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/clusterpolicy.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/clusterpolicy.yaml deleted file mode 100644 index 6692140693..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/clusterpolicy.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-labels - annotations: - pod-policies.kyverno.io/autogen-controllers: none -spec: - background: false - rules: - - name: require-team - match: - any: - - resources: - kinds: - - 'ConfigMap' - validate: - failureAction: Audit - message: 'The label `team` is required.' - pattern: - metadata: - labels: - team: '?*' diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/policy-assert.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/policy-assert.yaml deleted file mode 100644 index bc25d0fdf8..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: require-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/policy.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/policy.yaml index ae0020aad5..96257cbd9c 100644 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/policy.yaml +++ b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-same-resource/policy.yaml @@ -20,3 +20,26 @@ spec: metadata: labels: team: '?*' +--- +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: require-labels + annotations: + pod-policies.kyverno.io/autogen-controllers: none +spec: + background: false + rules: + - name: require-team + match: + any: + - resources: + kinds: + - 'ConfigMap' + validate: + failureAction: Audit + message: 'The label `team` is required.' + pattern: + metadata: + labels: + team: '?*' diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/chainsaw-test.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/chainsaw-test.yaml index faf8f5a611..ed4a84cb55 100755 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/chainsaw-test.yaml +++ b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/chainsaw-test.yaml @@ -4,16 +4,27 @@ metadata: name: policy-clusterpolicy-wildcard-resource spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - apply: - file: clusterpolicy.yaml - - assert: - file: policy-assert.yaml - - assert: - file: clusterpolicy-assert.yaml + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-labels + - name: wait policy ready + use: + template: ../../_step-templates/policy-ready.yaml + with: + bindings: + - name: name + value: require-labels - name: step-02 try: - assert: diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/clusterpolicy-assert.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/clusterpolicy-assert.yaml deleted file mode 100644 index 2993bbaa6e..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/clusterpolicy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/clusterpolicy.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/clusterpolicy.yaml deleted file mode 100644 index 8f97fc1ba2..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/clusterpolicy.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-labels - annotations: - pod-policies.kyverno.io/autogen-controllers: none -spec: - background: false - rules: - - name: require-team - match: - any: - - resources: - kinds: - - '*' - validate: - failureAction: Audit - message: 'The label `team` is required.' - pattern: - metadata: - labels: - team: '?*' diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/policy-assert.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/policy-assert.yaml deleted file mode 100644 index bc25d0fdf8..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: require-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/policy.yaml b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/policy.yaml index 9c51e01f64..8c0fcb4c46 100644 --- a/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/policy.yaml +++ b/test/conformance/chainsaw/webhooks/policy-clusterpolicy-wildcard-resource/policy.yaml @@ -20,3 +20,26 @@ spec: metadata: labels: team: '?*' +--- +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: require-labels + annotations: + pod-policies.kyverno.io/autogen-controllers: none +spec: + background: false + rules: + - name: require-team + match: + any: + - resources: + kinds: + - '*' + validate: + failureAction: Audit + message: 'The label `team` is required.' + pattern: + metadata: + labels: + team: '?*' diff --git a/test/conformance/chainsaw/webhooks/policy-different-resource-group/chainsaw-test.yaml b/test/conformance/chainsaw/webhooks/policy-different-resource-group/chainsaw-test.yaml index e6d97d6dfa..65578eb2e8 100755 --- a/test/conformance/chainsaw/webhooks/policy-different-resource-group/chainsaw-test.yaml +++ b/test/conformance/chainsaw/webhooks/policy-different-resource-group/chainsaw-test.yaml @@ -4,18 +4,27 @@ metadata: name: policy-different-resource-group spec: steps: - - name: step-01 - try: - - apply: - file: policy-1.yaml - - assert: - file: policy-1-assert.yaml - - name: step-2 - try: - - apply: - file: policy-2.yaml - - assert: - file: policy-2-assert.yaml + - name: create policy + use: + template: ../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../_step-templates/policy-ready.yaml + with: + bindings: + - name: name + value: policy-1 + - name: wait policy ready + use: + template: ../../_step-templates/policy-ready.yaml + with: + bindings: + - name: name + value: policy-2 - name: step-3 try: - assert: diff --git a/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-1-assert.yaml b/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-1-assert.yaml deleted file mode 100644 index fec91ba384..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-1-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: policy-1 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-1.yaml b/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-1.yaml deleted file mode 100644 index 3345cc4636..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-1.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: policy-1 - annotations: - pod-policies.kyverno.io/autogen-controllers: none -spec: - background: false - rules: - - name: require-team - match: - any: - - resources: - kinds: - - 'Deployment' - validate: - failureAction: Audit - message: 'The label `team` is required.' - pattern: - metadata: - labels: - team: '?*' diff --git a/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-2-assert.yaml b/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-2-assert.yaml deleted file mode 100644 index 56e180daeb..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-2-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: policy-2 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-2.yaml b/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-2.yaml deleted file mode 100644 index c2450df56a..0000000000 --- a/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy-2.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: policy-2 - annotations: - pod-policies.kyverno.io/autogen-controllers: none -spec: - background: false - rules: - - name: require-team - match: - any: - - resources: - kinds: - - 'ConfigMap' - validate: - failureAction: Audit - message: 'The label `team` is required.' - pattern: - metadata: - labels: - team: '?*' diff --git a/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy.yaml b/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy.yaml new file mode 100644 index 0000000000..06e5369c03 --- /dev/null +++ b/test/conformance/chainsaw/webhooks/policy-different-resource-group/policy.yaml @@ -0,0 +1,45 @@ +apiVersion: kyverno.io/v1 +kind: Policy +metadata: + name: policy-1 + annotations: + pod-policies.kyverno.io/autogen-controllers: none +spec: + background: false + rules: + - name: require-team + match: + any: + - resources: + kinds: + - 'Deployment' + validate: + failureAction: Audit + message: 'The label `team` is required.' + pattern: + metadata: + labels: + team: '?*' +--- +apiVersion: kyverno.io/v1 +kind: Policy +metadata: + name: policy-2 + annotations: + pod-policies.kyverno.io/autogen-controllers: none +spec: + background: false + rules: + - name: require-team + match: + any: + - resources: + kinds: + - 'ConfigMap' + validate: + failureAction: Audit + message: 'The label `team` is required.' + pattern: + metadata: + labels: + team: '?*'