fix: add tests from #6463 (#8250)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

test/cli/test/restrict-something/kyverno-test.yaml

@@ -0,0 +1,19 @@
+# Taken from https://github.com/kyverno/kyverno/issues/6463
+name: repro-dups-bug
+policies:
+  - policy.yaml
+resources:
+  - resources.yaml
+results:
+  - policy: restrict-something
+    rule: validate-some-foo
+    resources:
+    - nginx-foo
+    kind: Pod
+    result: pass
+  - policy: restrict-something
+    rule: validate-some-non-foo
+    resources:
+    - nginx-too
+    kind: Pod
+    result: fail

test/cli/test/restrict-something/policy.yaml

@@ -0,0 +1,42 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: restrict-something
+spec:
+  validationFailureAction: audit
+  background: true
+  rules:
+  - name: validate-some-foo
+    match:
+      resources:
+        kinds:
+        - Pod
+        namespaces:
+        - foo
+    validate:
+      message: "Unknown image registry."
+      deny:
+        conditions:
+        - key: "{{ images.containers.*.registry }}"
+          operator: NotIn
+          value:
+          - "foo.io"
+  - name: validate-some-non-foo
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - foo
+    validate:
+      message: "Unknown image registry."
+      deny:
+        conditions:
+        - key: "{{ images.containers.*.registry }}"
+          operator: NotIn
+          value:
+          - "bar.io"

test/cli/test/restrict-something/resources.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-foo
+  namespace: foo
+spec:
+  containers:
+  - name: nginx
+    image: foo.io/nginx:1.7.9
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-too
+  namespace: bar
+spec:
+  containers:
+  - name: nginx
+    image: foo.io/nginx:1.7.9