mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-05 07:26:55 +00:00
chore: convert chainsaw tests to Test resource (#9113)
* chore: convert chainsaw tests to Test resource Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
0b59933a82
commit
2ceac72f62
1500 changed files with 10838 additions and 11700 deletions
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- assert:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- assert:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-all-match-resource
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- assert:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- assert:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- assert:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- assert:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-any-match-multiple-resources
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- assert:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- assert:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- assert:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- assert:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-any-match-resource
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- assert:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- assert:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-any-match-resources-with-different-namespace-selectors
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-any-match-resources-with-different-object-selectors
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-exclude
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-match-resource-created-by-user
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-match-resource-in-specific-namespace
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-match-resource-using-annotations
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-multiple-all-match-resources
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-multiple-rules
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-multiple-validation-failure-action-overrides
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-non-cel-rule
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: policy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validatingadmissionpolicy
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cpol-validation-failure-action-overrides-with-namespace
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- error:
|
||||
file: validatingadmissionpolicy.yaml
|
||||
- error:
|
||||
file: validatingadmissionpolicybinding.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: check
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: trigger.yaml
|
||||
- assert:
|
||||
file: target.yaml
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: delete
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- delete:
|
||||
ref:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: mysecret
|
||||
namespace: clone-list-sync-same-trigger-source-trigger-ns
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: sleep
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- sleep:
|
||||
duration: 3s
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: check
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: target.yaml
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-list-sync-same-trigger-source-trigger-ns
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-list-sync-same-trigger-source-target-ns
|
||||
35
test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/01-manifests.yaml → test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-3.yaml
Normal file → Executable file
35
test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/01-manifests.yaml → test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-3.yaml
Normal file → Executable file
|
|
@ -1,36 +1,27 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-list-sync-same-trigger-source-trigger-ns
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-list-sync-same-trigger-source-target-ns
|
||||
---
|
||||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: clone-list-sync-same-trigger-source-cpol
|
||||
spec:
|
||||
rules:
|
||||
- name: sync-secret
|
||||
- generate:
|
||||
cloneList:
|
||||
kinds:
|
||||
- v1/Secret
|
||||
namespace: clone-list-sync-same-trigger-source-trigger-ns
|
||||
selector:
|
||||
matchLabels:
|
||||
allowedToBeCloned: "true"
|
||||
namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace"
|
||||
}}'
|
||||
synchronize: true
|
||||
match:
|
||||
all:
|
||||
- resources:
|
||||
annotations:
|
||||
myProj/cluster.addon.sync.targetNamespace: "?*"
|
||||
myProj/cluster.addon.sync.targetNamespace: ?*
|
||||
kinds:
|
||||
- Secret
|
||||
namespaces:
|
||||
- clone-list-sync-same-trigger-source-trigger-ns
|
||||
generate:
|
||||
namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace" }}'
|
||||
synchronize: true
|
||||
cloneList:
|
||||
namespace: clone-list-sync-same-trigger-source-trigger-ns
|
||||
kinds:
|
||||
- v1/Secret
|
||||
selector:
|
||||
matchLabels:
|
||||
allowedToBeCloned: "true"
|
||||
name: sync-secret
|
||||
0
test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/01-assert.yaml → test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-assert-1-1.yaml
Normal file → Executable file
0
test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/01-assert.yaml → test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-assert-1-1.yaml
Normal file → Executable file
|
|
@ -0,0 +1,39 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: clone-list-sync-same-trigger-source-delete-source
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-1.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-2.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-3.yaml
|
||||
- assert:
|
||||
file: chainsaw-step-01-assert-1-1.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- apply:
|
||||
file: trigger.yaml
|
||||
- assert:
|
||||
file: target.yaml
|
||||
- name: step-03
|
||||
try:
|
||||
- delete:
|
||||
ref:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: mysecret
|
||||
namespace: clone-list-sync-same-trigger-source-trigger-ns
|
||||
- name: step-04
|
||||
try:
|
||||
- sleep:
|
||||
duration: 3s
|
||||
- name: step-05
|
||||
try:
|
||||
- error:
|
||||
file: target.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: check
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: trigger.yaml
|
||||
- assert:
|
||||
file: target.yaml
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: sleep
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- sleep:
|
||||
duration: 3s
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: check
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- assert:
|
||||
file: target-2.yaml
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-list-sync-same-trigger-source-update-source-trigger-ns
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-list-sync-same-trigger-source-update-source-target-ns-1
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-list-sync-same-trigger-source-update-source-target-ns-2
|
||||
40
test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/01-manifests.yaml → test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-4.yaml
Normal file → Executable file
40
test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/01-manifests.yaml → test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-4.yaml
Normal file → Executable file
|
|
@ -1,41 +1,27 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-list-sync-same-trigger-source-update-source-trigger-ns
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-list-sync-same-trigger-source-update-source-target-ns-1
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-list-sync-same-trigger-source-update-source-target-ns-2
|
||||
---
|
||||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: clone-list-sync-same-trigger-source-update-source-cpol
|
||||
spec:
|
||||
rules:
|
||||
- name: sync-secret
|
||||
- generate:
|
||||
cloneList:
|
||||
kinds:
|
||||
- v1/Secret
|
||||
namespace: clone-list-sync-same-trigger-source-update-source-trigger-ns
|
||||
selector:
|
||||
matchLabels:
|
||||
allowedToBeCloned: "true"
|
||||
namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace"
|
||||
}}'
|
||||
synchronize: true
|
||||
match:
|
||||
all:
|
||||
- resources:
|
||||
annotations:
|
||||
myProj/cluster.addon.sync.targetNamespace: "?*"
|
||||
myProj/cluster.addon.sync.targetNamespace: ?*
|
||||
kinds:
|
||||
- Secret
|
||||
namespaces:
|
||||
- clone-list-sync-same-trigger-source-update-source-trigger-ns
|
||||
generate:
|
||||
namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace" }}'
|
||||
synchronize: true
|
||||
cloneList:
|
||||
namespace: clone-list-sync-same-trigger-source-update-source-trigger-ns
|
||||
kinds:
|
||||
- v1/Secret
|
||||
selector:
|
||||
matchLabels:
|
||||
allowedToBeCloned: "true"
|
||||
name: sync-secret
|
||||
0
test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/01-assert.yaml → test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-assert-1-1.yaml
Normal file → Executable file
0
test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/01-assert.yaml → test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-assert-1-1.yaml
Normal file → Executable file
10
test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/03-update-trigger.yaml → test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-03-apply-1-1.yaml
Normal file → Executable file
10
test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/03-update-trigger.yaml → test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-03-apply-1-1.yaml
Normal file → Executable file
|
|
@ -1,13 +1,13 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
foo: YmFy
|
||||
kind: Secret
|
||||
metadata:
|
||||
labels:
|
||||
location: europe
|
||||
allowedToBeCloned: "true"
|
||||
annotations:
|
||||
myProj/cluster.addon.sync.targetNamespace: clone-list-sync-same-trigger-source-update-source-target-ns-2
|
||||
labels:
|
||||
allowedToBeCloned: "true"
|
||||
location: europe
|
||||
name: mysecret
|
||||
namespace: clone-list-sync-same-trigger-source-update-source-trigger-ns
|
||||
type: Opaque
|
||||
data:
|
||||
foo: YmFy
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: clone-list-sync-same-trigger-source-update-source
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-1.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-2.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-3.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-4.yaml
|
||||
- assert:
|
||||
file: chainsaw-step-01-assert-1-1.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- apply:
|
||||
file: trigger.yaml
|
||||
- assert:
|
||||
file: target.yaml
|
||||
- name: step-03
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-03-apply-1-1.yaml
|
||||
- name: step-04
|
||||
try:
|
||||
- sleep:
|
||||
duration: 3s
|
||||
- name: step-05
|
||||
try:
|
||||
- assert:
|
||||
file: target-2.yaml
|
||||
|
|
@ -1,61 +0,0 @@
|
|||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
namespace: default
|
||||
name: ns-role
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["configmaps"]
|
||||
verbs: ["get", "watch", "list", "delete", "create"]
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ns-role-binding
|
||||
namespace: default
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: minikube-userclone
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: ns-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: gen-clone-role-policy
|
||||
spec:
|
||||
background: false
|
||||
rules:
|
||||
- name: gen-role
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- Namespace
|
||||
generate:
|
||||
kind: Role
|
||||
name: ns-role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
namespace: "{{request.object.metadata.name}}"
|
||||
synchronize: true
|
||||
clone:
|
||||
name: ns-role
|
||||
namespace: default
|
||||
- name: gen-role-binding
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- Namespace
|
||||
generate:
|
||||
kind: RoleBinding
|
||||
name: ns-role-binding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
namespace: "{{request.object.metadata.name}}"
|
||||
synchronize: true
|
||||
clone:
|
||||
name: ns-role-binding
|
||||
namespace: default
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: ns-role
|
||||
namespace: default
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- delete
|
||||
- create
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: ns-role-binding
|
||||
namespace: default
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: ns-role
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: minikube-userclone
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: gen-clone-role-policy
|
||||
spec:
|
||||
background: false
|
||||
rules:
|
||||
- generate:
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
clone:
|
||||
name: ns-role
|
||||
namespace: default
|
||||
kind: Role
|
||||
name: ns-role
|
||||
namespace: '{{request.object.metadata.name}}'
|
||||
synchronize: true
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- Namespace
|
||||
name: gen-role
|
||||
- generate:
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
clone:
|
||||
name: ns-role-binding
|
||||
namespace: default
|
||||
kind: RoleBinding
|
||||
name: ns-role-binding
|
||||
namespace: '{{request.object.metadata.name}}'
|
||||
synchronize: true
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- Namespace
|
||||
name: gen-role-binding
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: cpol-clone-sync-create-ns
|
||||
name: generate-clone-role-tests
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: ns-role
|
||||
namespace: generate-clone-role-tests
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- delete
|
||||
- create
|
||||
|
|
@ -1,21 +1,4 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: ns-role
|
||||
namespace: generate-clone-role-tests
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- delete
|
||||
- create
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: ns-role-binding
|
||||
|
|
@ -27,4 +10,4 @@ roleRef:
|
|||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: minikube-userclone
|
||||
name: minikube-userclone
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: clone-role-and-rolebinding
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-1.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-2.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-3.yaml
|
||||
- assert:
|
||||
file: chainsaw-step-01-assert-1-1.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-02-apply-1-1.yaml
|
||||
- name: step-03
|
||||
try:
|
||||
- assert:
|
||||
file: chainsaw-step-03-assert-1-1.yaml
|
||||
- assert:
|
||||
file: chainsaw-step-03-assert-1-2.yaml
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: sleep
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- sleep:
|
||||
duration: 3s
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: delete-source
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- delete:
|
||||
ref:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
|
||||
namespace: default
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: sleep
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- sleep:
|
||||
duration: 3s
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
foo: YmFy
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
|
||||
namespace: default
|
||||
type: Opaque
|
||||
|
|
@ -1,30 +1,21 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
foo: YmFy
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
|
||||
namespace: default
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: kyverno.io/v2beta1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: generate-secret
|
||||
spec:
|
||||
rules:
|
||||
- name: clone-secret
|
||||
- generate:
|
||||
apiVersion: v1
|
||||
clone:
|
||||
name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
|
||||
namespace: default
|
||||
kind: Secret
|
||||
name: regcred
|
||||
namespace: '{{request.object.metadata.name}}'
|
||||
synchronize: true
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- Namespace
|
||||
generate:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: regcred
|
||||
namespace: "{{request.object.metadata.name}}"
|
||||
synchronize: true
|
||||
clone:
|
||||
namespace: default
|
||||
name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
|
||||
name: clone-secret
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: generate-role-tests
|
||||
name: production
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: clone-source-name-exceeds-63-characters
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-1.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-2.yaml
|
||||
- assert:
|
||||
file: chainsaw-step-01-assert-1-1.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-02-apply-1-1.yaml
|
||||
- assert:
|
||||
file: chainsaw-step-02-assert-1-1.yaml
|
||||
- name: step-03
|
||||
try:
|
||||
- sleep:
|
||||
duration: 3s
|
||||
- name: step-04
|
||||
try:
|
||||
- delete:
|
||||
ref:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred
|
||||
namespace: default
|
||||
- name: step-05
|
||||
try:
|
||||
- sleep:
|
||||
duration: 3s
|
||||
- name: step-06
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-06-apply-1-1.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: check
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: trigger.yaml
|
||||
- assert:
|
||||
file: target.yaml
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: delete
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- delete:
|
||||
ref:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: mysecret
|
||||
namespace: clone-sync-same-trigger-source-trigger-ns
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: sleep
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- sleep:
|
||||
duration: 3s
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: check
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- error:
|
||||
file: target.yaml
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-sync-same-trigger-source-trigger-ns
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-sync-same-trigger-source-target-ns
|
||||
|
|
@ -1,36 +1,26 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-sync-same-trigger-source-trigger-ns
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-sync-same-trigger-source-target-ns
|
||||
---
|
||||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: clone-sync-same-trigger-source-cpol
|
||||
spec:
|
||||
rules:
|
||||
- name: sync-secret
|
||||
- generate:
|
||||
apiVersion: v1
|
||||
clone:
|
||||
name: mysecret
|
||||
namespace: clone-sync-same-trigger-source-trigger-ns
|
||||
kind: Secret
|
||||
name: mysecret
|
||||
namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace"
|
||||
}}'
|
||||
synchronize: true
|
||||
match:
|
||||
all:
|
||||
- resources:
|
||||
annotations:
|
||||
myProj/cluster.addon.sync.targetNamespace: "?*"
|
||||
myProj/cluster.addon.sync.targetNamespace: ?*
|
||||
kinds:
|
||||
- Secret
|
||||
namespaces:
|
||||
- clone-sync-same-trigger-source-trigger-ns
|
||||
generate:
|
||||
kind: Secret
|
||||
apiVersion: v1
|
||||
namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace" }}'
|
||||
name: mysecret
|
||||
synchronize: true
|
||||
clone:
|
||||
namespace: clone-sync-same-trigger-source-trigger-ns
|
||||
name: mysecret
|
||||
|
||||
name: sync-secret
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: clone-sync-same-trigger-source-delete-source
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-1.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-2.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-3.yaml
|
||||
- assert:
|
||||
file: chainsaw-step-01-assert-1-1.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- apply:
|
||||
file: trigger.yaml
|
||||
- assert:
|
||||
file: target.yaml
|
||||
- name: step-03
|
||||
try:
|
||||
- delete:
|
||||
ref:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: mysecret
|
||||
namespace: clone-sync-same-trigger-source-trigger-ns
|
||||
- name: step-04
|
||||
try:
|
||||
- sleep:
|
||||
duration: 3s
|
||||
- name: step-05
|
||||
try:
|
||||
- error:
|
||||
file: target.yaml
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: check
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- apply:
|
||||
file: trigger.yaml
|
||||
- assert:
|
||||
file: target.yaml
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: sleep
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- sleep:
|
||||
duration: 3s
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: TestStep
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: check
|
||||
spec:
|
||||
timeouts: {}
|
||||
try:
|
||||
- assert:
|
||||
file: target-2.yaml
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-sync-same-trigger-source-update-source-trigger-ns
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-sync-same-trigger-source-update-source-target-ns-1
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-sync-same-trigger-source-update-source-target-ns-2
|
||||
|
|
@ -1,40 +1,26 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-sync-same-trigger-source-update-source-trigger-ns
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-sync-same-trigger-source-update-source-target-ns-1
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: clone-sync-same-trigger-source-update-source-target-ns-2
|
||||
---
|
||||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: clone-sync-same-trigger-source-update-source-cpol
|
||||
spec:
|
||||
rules:
|
||||
- name: sync-secret
|
||||
- generate:
|
||||
apiVersion: v1
|
||||
clone:
|
||||
name: mysecret
|
||||
namespace: clone-sync-same-trigger-source-update-source-trigger-ns
|
||||
kind: Secret
|
||||
name: mysecret
|
||||
namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace"
|
||||
}}'
|
||||
synchronize: true
|
||||
match:
|
||||
all:
|
||||
- resources:
|
||||
annotations:
|
||||
myProj/cluster.addon.sync.targetNamespace: "?*"
|
||||
myProj/cluster.addon.sync.targetNamespace: ?*
|
||||
kinds:
|
||||
- Secret
|
||||
namespaces:
|
||||
- clone-sync-same-trigger-source-update-source-trigger-ns
|
||||
generate:
|
||||
namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace" }}'
|
||||
kind: Secret
|
||||
apiVersion: v1
|
||||
name: mysecret
|
||||
synchronize: true
|
||||
clone:
|
||||
namespace: clone-sync-same-trigger-source-update-source-trigger-ns
|
||||
name: mysecret
|
||||
name: sync-secret
|
||||
10
test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/03-update-trigger.yaml → test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-03-apply-1-1.yaml
Normal file → Executable file
10
test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/03-update-trigger.yaml → test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-03-apply-1-1.yaml
Normal file → Executable file
|
|
@ -1,13 +1,13 @@
|
|||
apiVersion: v1
|
||||
data:
|
||||
foo: YmFy
|
||||
kind: Secret
|
||||
metadata:
|
||||
labels:
|
||||
location: europe
|
||||
allowedToBeCloned: "true"
|
||||
annotations:
|
||||
myProj/cluster.addon.sync.targetNamespace: clone-sync-same-trigger-source-update-source-target-ns-2
|
||||
labels:
|
||||
allowedToBeCloned: "true"
|
||||
location: europe
|
||||
name: mysecret
|
||||
namespace: clone-sync-same-trigger-source-update-source-trigger-ns
|
||||
type: Opaque
|
||||
data:
|
||||
foo: YmFy
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: clone-sync-same-trigger-source-update-source
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-1.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-2.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-3.yaml
|
||||
- apply:
|
||||
file: chainsaw-step-01-apply-1-4.yaml
|
||||
- assert:
|
||||
file: chainsaw-step-01-assert-1-1.yaml
|
||||
- name: step-02
|
||||
try:
|
||||
- apply:
|
||||
file: trigger.yaml
|
||||
- assert:
|
||||
file: target.yaml
|
||||
- name: step-03
|
||||
try:
|
||||
- apply:
|
||||
file: chainsaw-step-03-apply-1-1.yaml
|
||||
- name: step-04
|
||||
try:
|
||||
- sleep:
|
||||
duration: 3s
|
||||
- name: step-05
|
||||
try:
|
||||
- assert:
|
||||
file: target-2.yaml
|
||||
|
|
@ -1,44 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
labels:
|
||||
downstream: "cpol-clone-create-on-trigger-deletion-manifest-ns"
|
||||
name: cpol-clone-create-on-trigger-deletion-trigger-ns
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: cpol-clone-create-on-trigger-deletion-manifest-ns
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
foo: YmFy
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: regcred
|
||||
namespace: cpol-clone-create-on-trigger-deletion-manifest-ns
|
||||
type: Opaque
|
||||
---
|
||||
apiVersion: kyverno.io/v2beta1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: cpol-clone-create-on-trigger-deletion
|
||||
spec:
|
||||
rules:
|
||||
- name: clone-secret
|
||||
match:
|
||||
any:
|
||||
- resources:
|
||||
kinds:
|
||||
- Namespace
|
||||
operations:
|
||||
- DELETE
|
||||
generate:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: cpol-clone-create-on-trigger-deletion-secret
|
||||
namespace: "{{request.object.metadata.labels.downstream}}"
|
||||
synchronize: true
|
||||
clone:
|
||||
namespace: cpol-clone-create-on-trigger-deletion-manifest-ns
|
||||
name: regcred
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Reference in a new issue