diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-all-match-resource/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-all-match-resource/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-all-match-resource/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-all-match-resource/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-all-match-resource/02-validatingadmissionpolicy.yaml deleted file mode 100644 index 9ff674cfd7..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-all-match-resource/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - assert: - file: validatingadmissionpolicy.yaml - - assert: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-all-match-resource/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-all-match-resource/chainsaw-test.yaml new file mode 100755 index 0000000000..009d2bfea4 --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-all-match-resource/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-all-match-resource +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - assert: + file: validatingadmissionpolicy.yaml + - assert: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-multiple-resources/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-multiple-resources/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-multiple-resources/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-multiple-resources/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-multiple-resources/02-validatingadmissionpolicy.yaml deleted file mode 100644 index 9ff674cfd7..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-multiple-resources/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - assert: - file: validatingadmissionpolicy.yaml - - assert: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-multiple-resources/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-multiple-resources/chainsaw-test.yaml new file mode 100755 index 0000000000..e0065acc96 --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-multiple-resources/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-any-match-multiple-resources +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - assert: + file: validatingadmissionpolicy.yaml + - assert: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-resource/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-resource/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-resource/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-resource/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-resource/02-validatingadmissionpolicy.yaml deleted file mode 100644 index 9ff674cfd7..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-resource/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - assert: - file: validatingadmissionpolicy.yaml - - assert: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-resource/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-resource/chainsaw-test.yaml new file mode 100755 index 0000000000..7b1843d08a --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/generate/cpol-any-match-resource/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-any-match-resource +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - assert: + file: validatingadmissionpolicy.yaml + - assert: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-namespace-selectors/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-namespace-selectors/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-namespace-selectors/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-namespace-selectors/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-namespace-selectors/02-validatingadmissionpolicy.yaml deleted file mode 100644 index dcf7fff4ac..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-namespace-selectors/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - error: - file: validatingadmissionpolicy.yaml - - error: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-namespace-selectors/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-namespace-selectors/chainsaw-test.yaml new file mode 100755 index 0000000000..49c70033d6 --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-namespace-selectors/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-any-match-resources-with-different-namespace-selectors +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - error: + file: validatingadmissionpolicy.yaml + - error: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-object-selectors/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-object-selectors/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-object-selectors/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-object-selectors/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-object-selectors/02-validatingadmissionpolicy.yaml deleted file mode 100644 index dcf7fff4ac..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-object-selectors/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - error: - file: validatingadmissionpolicy.yaml - - error: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-object-selectors/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-object-selectors/chainsaw-test.yaml new file mode 100755 index 0000000000..bde54540a7 --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-any-match-resources-with-different-object-selectors/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-any-match-resources-with-different-object-selectors +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - error: + file: validatingadmissionpolicy.yaml + - error: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/02-validatingadmissionpolicy.yaml deleted file mode 100644 index dcf7fff4ac..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - error: - file: validatingadmissionpolicy.yaml - - error: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/chainsaw-test.yaml new file mode 100755 index 0000000000..4f0057848f --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-exclude/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-exclude +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - error: + file: validatingadmissionpolicy.yaml + - error: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-created-by-user/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-created-by-user/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-created-by-user/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-created-by-user/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-created-by-user/02-validatingadmissionpolicy.yaml deleted file mode 100644 index dcf7fff4ac..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-created-by-user/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - error: - file: validatingadmissionpolicy.yaml - - error: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-created-by-user/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-created-by-user/chainsaw-test.yaml new file mode 100755 index 0000000000..e6e8fa878a --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-created-by-user/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-match-resource-created-by-user +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - error: + file: validatingadmissionpolicy.yaml + - error: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-in-specific-namespace/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-in-specific-namespace/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-in-specific-namespace/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-in-specific-namespace/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-in-specific-namespace/02-validatingadmissionpolicy.yaml deleted file mode 100644 index dcf7fff4ac..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-in-specific-namespace/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - error: - file: validatingadmissionpolicy.yaml - - error: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-in-specific-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-in-specific-namespace/chainsaw-test.yaml new file mode 100755 index 0000000000..35bd7366a3 --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-in-specific-namespace/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-match-resource-in-specific-namespace +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - error: + file: validatingadmissionpolicy.yaml + - error: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-using-annotations/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-using-annotations/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-using-annotations/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-using-annotations/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-using-annotations/02-validatingadmissionpolicy.yaml deleted file mode 100644 index dcf7fff4ac..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-using-annotations/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - error: - file: validatingadmissionpolicy.yaml - - error: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-using-annotations/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-using-annotations/chainsaw-test.yaml new file mode 100755 index 0000000000..e8b77e9673 --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-match-resource-using-annotations/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-match-resource-using-annotations +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - error: + file: validatingadmissionpolicy.yaml + - error: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-all-match-resources/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-all-match-resources/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-all-match-resources/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-all-match-resources/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-all-match-resources/02-validatingadmissionpolicy.yaml deleted file mode 100644 index dcf7fff4ac..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-all-match-resources/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - error: - file: validatingadmissionpolicy.yaml - - error: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-all-match-resources/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-all-match-resources/chainsaw-test.yaml new file mode 100755 index 0000000000..98d31c9b9f --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-all-match-resources/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-multiple-all-match-resources +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - error: + file: validatingadmissionpolicy.yaml + - error: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-rules/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-rules/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-rules/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-rules/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-rules/02-validatingadmissionpolicy.yaml deleted file mode 100644 index dcf7fff4ac..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-rules/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - error: - file: validatingadmissionpolicy.yaml - - error: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-rules/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-rules/chainsaw-test.yaml new file mode 100755 index 0000000000..011f26429d --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-rules/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-multiple-rules +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - error: + file: validatingadmissionpolicy.yaml + - error: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-validation-failure-action-overrides/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-validation-failure-action-overrides/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-validation-failure-action-overrides/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-validation-failure-action-overrides/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-validation-failure-action-overrides/02-validatingadmissionpolicy.yaml deleted file mode 100644 index dcf7fff4ac..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-validation-failure-action-overrides/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - error: - file: validatingadmissionpolicy.yaml - - error: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-validation-failure-action-overrides/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-validation-failure-action-overrides/chainsaw-test.yaml new file mode 100755 index 0000000000..4632947f4e --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-multiple-validation-failure-action-overrides/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-multiple-validation-failure-action-overrides +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - error: + file: validatingadmissionpolicy.yaml + - error: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-non-cel-rule/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-non-cel-rule/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-non-cel-rule/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-non-cel-rule/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-non-cel-rule/02-validatingadmissionpolicy.yaml deleted file mode 100644 index dcf7fff4ac..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-non-cel-rule/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - error: - file: validatingadmissionpolicy.yaml - - error: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-non-cel-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-non-cel-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..8fe458e540 --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-non-cel-rule/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-non-cel-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - error: + file: validatingadmissionpolicy.yaml + - error: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-validation-failure-action-overrides-with-namespace/01-policy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-validation-failure-action-overrides-with-namespace/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-validation-failure-action-overrides-with-namespace/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-validation-failure-action-overrides-with-namespace/02-validatingadmissionpolicy.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-validation-failure-action-overrides-with-namespace/02-validatingadmissionpolicy.yaml deleted file mode 100644 index dcf7fff4ac..0000000000 --- a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-validation-failure-action-overrides-with-namespace/02-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: validatingadmissionpolicy -spec: - timeouts: {} - try: - - error: - file: validatingadmissionpolicy.yaml - - error: - file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-validation-failure-action-overrides-with-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-validation-failure-action-overrides-with-namespace/chainsaw-test.yaml new file mode 100755 index 0000000000..641f09a8d7 --- /dev/null +++ b/test/conformance/chainsaw/generate-validating-admission-policy/clusterpolicy/standard/skip-generate/cpol-validation-failure-action-overrides-with-namespace/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-validation-failure-action-overrides-with-namespace +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - error: + file: validatingadmissionpolicy.yaml + - error: + file: validatingadmissionpolicybinding.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/02-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/02-check.yaml deleted file mode 100644 index e787edb697..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/02-check.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - apply: - file: trigger.yaml - - assert: - file: target.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/03-delete.yaml deleted file mode 100644 index 02cc9b3e39..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: Secret - name: mysecret - namespace: clone-list-sync-same-trigger-source-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/04-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/05-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/05-check.yaml deleted file mode 100644 index d11bf0188f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/05-check.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - error: - file: target.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..342eeecdf0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: clone-list-sync-same-trigger-source-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..f05b63ebee --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: clone-list-sync-same-trigger-source-target-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 57% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-3.yaml index e314968e2b..abeb10027c --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-3.yaml @@ -1,36 +1,27 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: clone-list-sync-same-trigger-source-trigger-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - name: clone-list-sync-same-trigger-source-target-ns ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: clone-list-sync-same-trigger-source-cpol spec: rules: - - name: sync-secret + - generate: + cloneList: + kinds: + - v1/Secret + namespace: clone-list-sync-same-trigger-source-trigger-ns + selector: + matchLabels: + allowedToBeCloned: "true" + namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace" + }}' + synchronize: true match: all: - resources: annotations: - myProj/cluster.addon.sync.targetNamespace: "?*" + myProj/cluster.addon.sync.targetNamespace: ?* kinds: - Secret namespaces: - clone-list-sync-same-trigger-source-trigger-ns - generate: - namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace" }}' - synchronize: true - cloneList: - namespace: clone-list-sync-same-trigger-source-trigger-ns - kinds: - - v1/Secret - selector: - matchLabels: - allowedToBeCloned: "true" \ No newline at end of file + name: sync-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-test.yaml new file mode 100755 index 0000000000..7869202284 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: clone-list-sync-same-trigger-source-delete-source +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: trigger.yaml + - assert: + file: target.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: Secret + name: mysecret + namespace: clone-list-sync-same-trigger-source-trigger-ns + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - error: + file: target.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/02-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/02-check.yaml deleted file mode 100644 index e787edb697..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/02-check.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - apply: - file: trigger.yaml - - assert: - file: target.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/04-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/05-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/05-check.yaml deleted file mode 100644 index 72d051707f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/05-check.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - assert: - file: target-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..0651e3cf72 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: clone-list-sync-same-trigger-source-update-source-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..171433fc8a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: clone-list-sync-same-trigger-source-update-source-target-ns-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..f581b647ce --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: clone-list-sync-same-trigger-source-update-source-target-ns-2 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-4.yaml old mode 100644 new mode 100755 similarity index 51% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-4.yaml index c4b18253b9..358eac3fea --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-4.yaml @@ -1,41 +1,27 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: clone-list-sync-same-trigger-source-update-source-trigger-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - name: clone-list-sync-same-trigger-source-update-source-target-ns-1 ---- -apiVersion: v1 -kind: Namespace -metadata: - name: clone-list-sync-same-trigger-source-update-source-target-ns-2 ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: clone-list-sync-same-trigger-source-update-source-cpol spec: rules: - - name: sync-secret + - generate: + cloneList: + kinds: + - v1/Secret + namespace: clone-list-sync-same-trigger-source-update-source-trigger-ns + selector: + matchLabels: + allowedToBeCloned: "true" + namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace" + }}' + synchronize: true match: all: - resources: annotations: - myProj/cluster.addon.sync.targetNamespace: "?*" + myProj/cluster.addon.sync.targetNamespace: ?* kinds: - Secret namespaces: - clone-list-sync-same-trigger-source-update-source-trigger-ns - generate: - namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace" }}' - synchronize: true - cloneList: - namespace: clone-list-sync-same-trigger-source-update-source-trigger-ns - kinds: - - v1/Secret - selector: - matchLabels: - allowedToBeCloned: "true" \ No newline at end of file + name: sync-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/03-update-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 96% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/03-update-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-03-apply-1-1.yaml index 891f851ff7..6093160971 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/03-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-step-03-apply-1-1.yaml @@ -1,13 +1,13 @@ apiVersion: v1 +data: + foo: YmFy kind: Secret metadata: - labels: - location: europe - allowedToBeCloned: "true" annotations: myProj/cluster.addon.sync.targetNamespace: clone-list-sync-same-trigger-source-update-source-target-ns-2 + labels: + allowedToBeCloned: "true" + location: europe name: mysecret namespace: clone-list-sync-same-trigger-source-update-source-trigger-ns type: Opaque -data: - foo: YmFy \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-test.yaml new file mode 100755 index 0000000000..6a0eb4cef0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-update-source/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: clone-list-sync-same-trigger-source-update-source +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: trigger.yaml + - assert: + file: target.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: target-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/01-manifests.yaml deleted file mode 100644 index fd7e27fc14..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/01-manifests.yaml +++ /dev/null @@ -1,61 +0,0 @@ -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: default - name: ns-role -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "watch", "list", "delete", "create"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ns-role-binding - namespace: default -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: User - name: minikube-userclone -roleRef: - kind: Role - name: ns-role - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: gen-clone-role-policy -spec: - background: false - rules: - - name: gen-role - match: - any: - - resources: - kinds: - - Namespace - generate: - kind: Role - name: ns-role - apiVersion: rbac.authorization.k8s.io/v1 - namespace: "{{request.object.metadata.name}}" - synchronize: true - clone: - name: ns-role - namespace: default - - name: gen-role-binding - match: - any: - - resources: - kinds: - - Namespace - generate: - kind: RoleBinding - name: ns-role-binding - apiVersion: rbac.authorization.k8s.io/v1 - namespace: "{{request.object.metadata.name}}" - synchronize: true - clone: - name: ns-role-binding - namespace: default \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..84148f78d2 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ns-role + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list + - delete + - create diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..f010a67e25 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ns-role-binding + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ns-role +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: User + name: minikube-userclone diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..0b9f1fb205 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,37 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: gen-clone-role-policy +spec: + background: false + rules: + - generate: + apiVersion: rbac.authorization.k8s.io/v1 + clone: + name: ns-role + namespace: default + kind: Role + name: ns-role + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: gen-role + - generate: + apiVersion: rbac.authorization.k8s.io/v1 + clone: + name: ns-role-binding + namespace: default + kind: RoleBinding + name: ns-role-binding + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: gen-role-binding diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 54% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/02-ns.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-02-apply-1-1.yaml index 1b9e079489..3048a82bfb --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/02-ns.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-02-apply-1-1.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: cpol-clone-sync-create-ns \ No newline at end of file + name: generate-clone-role-tests diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-03-assert-1-1.yaml new file mode 100755 index 0000000000..f9fe8315fa --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-03-assert-1-1.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ns-role + namespace: generate-clone-role-tests +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list + - delete + - create diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/03-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-03-assert-1-2.yaml old mode 100644 new mode 100755 similarity index 50% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/03-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-03-assert-1-2.yaml index 8ae6267cb2..0fdcec5c8a --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/03-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-step-03-assert-1-2.yaml @@ -1,21 +1,4 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: ns-role - namespace: generate-clone-role-tests -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list - - delete - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: ns-role-binding @@ -27,4 +10,4 @@ roleRef: subjects: - apiGroup: rbac.authorization.k8s.io kind: User - name: minikube-userclone \ No newline at end of file + name: minikube-userclone diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-test.yaml new file mode 100755 index 0000000000..08e8243740 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/chainsaw-test.yaml @@ -0,0 +1,27 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: clone-role-and-rolebinding +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - assert: + file: chainsaw-step-03-assert-1-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/03-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/04-delete-source.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/04-delete-source.yaml deleted file mode 100644 index 3c20473c46..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/04-delete-source.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete-source -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: Secret - name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred - namespace: default diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..df3c760930 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred + namespace: default +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 58% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-01-apply-1-2.yaml index 0368e40c23..e487a4ff65 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-01-apply-1-2.yaml @@ -1,30 +1,21 @@ -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred - namespace: default -type: Opaque ---- apiVersion: kyverno.io/v2beta1 kind: ClusterPolicy metadata: name: generate-secret spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred + namespace: default + kind: Secret + name: regcred + namespace: '{{request.object.metadata.name}}' + synchronize: true match: any: - resources: kinds: - Namespace - generate: - apiVersion: v1 - kind: Secret - name: regcred - namespace: "{{request.object.metadata.name}}" - synchronize: true - clone: - namespace: default - name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred + name: clone-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 60% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/02-ns.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-02-apply-1-1.yaml index 82164ae27a..67d15e1214 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/02-ns.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-02-apply-1-1.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: generate-role-tests \ No newline at end of file + name: production diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/06-error.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-06-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/06-error.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-step-06-apply-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-test.yaml new file mode 100755 index 0000000000..284a4ec633 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/chainsaw-test.yaml @@ -0,0 +1,41 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: clone-source-name-exceeds-63-characters +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - delete: + ref: + apiVersion: v1 + kind: Secret + name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred + namespace: default + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - apply: + file: chainsaw-step-06-apply-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/02-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/02-check.yaml deleted file mode 100644 index e787edb697..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/02-check.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - apply: - file: trigger.yaml - - assert: - file: target.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/03-delete.yaml deleted file mode 100644 index 6e157c1a92..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: Secret - name: mysecret - namespace: clone-sync-same-trigger-source-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/04-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/05-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/05-check.yaml deleted file mode 100644 index d11bf0188f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/05-check.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - error: - file: target.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..c30b4d8ffa --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: clone-sync-same-trigger-source-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..72f06172b3 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: clone-sync-same-trigger-source-target-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 61% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-3.yaml index 95a361e3e6..3767abfe79 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-step-01-apply-1-3.yaml @@ -1,36 +1,26 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: clone-sync-same-trigger-source-trigger-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - name: clone-sync-same-trigger-source-target-ns ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: clone-sync-same-trigger-source-cpol spec: rules: - - name: sync-secret + - generate: + apiVersion: v1 + clone: + name: mysecret + namespace: clone-sync-same-trigger-source-trigger-ns + kind: Secret + name: mysecret + namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace" + }}' + synchronize: true match: all: - resources: annotations: - myProj/cluster.addon.sync.targetNamespace: "?*" + myProj/cluster.addon.sync.targetNamespace: ?* kinds: - Secret namespaces: - clone-sync-same-trigger-source-trigger-ns - generate: - kind: Secret - apiVersion: v1 - namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace" }}' - name: mysecret - synchronize: true - clone: - namespace: clone-sync-same-trigger-source-trigger-ns - name: mysecret - \ No newline at end of file + name: sync-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-test.yaml new file mode 100755 index 0000000000..36f290fca6 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: clone-sync-same-trigger-source-delete-source +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: trigger.yaml + - assert: + file: target.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: Secret + name: mysecret + namespace: clone-sync-same-trigger-source-trigger-ns + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - error: + file: target.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/02-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/02-check.yaml deleted file mode 100644 index e787edb697..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/02-check.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - apply: - file: trigger.yaml - - assert: - file: target.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/04-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/05-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/05-check.yaml deleted file mode 100644 index 72d051707f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/05-check.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - assert: - file: target-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..bbc1527a8f --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: clone-sync-same-trigger-source-update-source-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..65ea6353aa --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: clone-sync-same-trigger-source-update-source-target-ns-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..557b8d22cb --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: clone-sync-same-trigger-source-update-source-target-ns-2 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-4.yaml old mode 100644 new mode 100755 similarity index 53% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-4.yaml index 0470a0e183..513bcfef75 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-apply-1-4.yaml @@ -1,40 +1,26 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: clone-sync-same-trigger-source-update-source-trigger-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - name: clone-sync-same-trigger-source-update-source-target-ns-1 ---- -apiVersion: v1 -kind: Namespace -metadata: - name: clone-sync-same-trigger-source-update-source-target-ns-2 ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: clone-sync-same-trigger-source-update-source-cpol spec: rules: - - name: sync-secret + - generate: + apiVersion: v1 + clone: + name: mysecret + namespace: clone-sync-same-trigger-source-update-source-trigger-ns + kind: Secret + name: mysecret + namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace" + }}' + synchronize: true match: all: - resources: annotations: - myProj/cluster.addon.sync.targetNamespace: "?*" + myProj/cluster.addon.sync.targetNamespace: ?* kinds: - Secret namespaces: - clone-sync-same-trigger-source-update-source-trigger-ns - generate: - namespace: '{{ request.object.metadata.annotations."myProj/cluster.addon.sync.targetNamespace" }}' - kind: Secret - apiVersion: v1 - name: mysecret - synchronize: true - clone: - namespace: clone-sync-same-trigger-source-update-source-trigger-ns - name: mysecret \ No newline at end of file + name: sync-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/03-update-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 96% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/03-update-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-03-apply-1-1.yaml index cb0f75368a..61cefecf0b --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/03-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-step-03-apply-1-1.yaml @@ -1,13 +1,13 @@ apiVersion: v1 +data: + foo: YmFy kind: Secret metadata: - labels: - location: europe - allowedToBeCloned: "true" annotations: myProj/cluster.addon.sync.targetNamespace: clone-sync-same-trigger-source-update-source-target-ns-2 + labels: + allowedToBeCloned: "true" + location: europe name: mysecret namespace: clone-sync-same-trigger-source-update-source-trigger-ns type: Opaque -data: - foo: YmFy \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-test.yaml new file mode 100755 index 0000000000..8570fe7697 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-update-source/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: clone-sync-same-trigger-source-update-source +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: trigger.yaml + - assert: + file: target.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: target-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/01-manifests.yaml deleted file mode 100644 index d6566ce156..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/01-manifests.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - downstream: "cpol-clone-create-on-trigger-deletion-manifest-ns" - name: cpol-clone-create-on-trigger-deletion-trigger-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-create-on-trigger-deletion-manifest-ns ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcred - namespace: cpol-clone-create-on-trigger-deletion-manifest-ns -type: Opaque ---- -apiVersion: kyverno.io/v2beta1 -kind: ClusterPolicy -metadata: - name: cpol-clone-create-on-trigger-deletion -spec: - rules: - - name: clone-secret - match: - any: - - resources: - kinds: - - Namespace - operations: - - DELETE - generate: - apiVersion: v1 - kind: Secret - name: cpol-clone-create-on-trigger-deletion-secret - namespace: "{{request.object.metadata.labels.downstream}}" - synchronize: true - clone: - namespace: cpol-clone-create-on-trigger-deletion-manifest-ns - name: regcred \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/02-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/02-delete.yaml deleted file mode 100644 index bc82c95a02..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/02-delete.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: Namespace - name: cpol-clone-create-on-trigger-deletion-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/03-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..79285e1079 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + downstream: cpol-clone-create-on-trigger-deletion-manifest-ns + name: cpol-clone-create-on-trigger-deletion-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..61ff8f7595 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-create-on-trigger-deletion-manifest-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..64e333e756 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-create-on-trigger-deletion-manifest-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-4.yaml new file mode 100755 index 0000000000..4f948d157b --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-4.yaml @@ -0,0 +1,23 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-create-on-trigger-deletion +spec: + rules: + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: cpol-clone-create-on-trigger-deletion-manifest-ns + kind: Secret + name: cpol-clone-create-on-trigger-deletion-secret + namespace: '{{request.object.metadata.labels.downstream}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + operations: + - DELETE + name: clone-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/04-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-04-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 59% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/04-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-04-assert-1-1.yaml index 847ebedb28..5e11071599 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/04-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-step-04-assert-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: Secret metadata: name: cpol-clone-create-on-trigger-deletion-secret - namespace: cpol-clone-create-on-trigger-deletion-manifest-ns \ No newline at end of file + namespace: cpol-clone-create-on-trigger-deletion-manifest-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-test.yaml new file mode 100755 index 0000000000..bf5b9bb388 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/chainsaw-test.yaml @@ -0,0 +1,34 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-create-on-trigger-deletion +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - delete: + ref: + apiVersion: v1 + kind: Namespace + name: cpol-clone-create-on-trigger-deletion-trigger-ns + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: chainsaw-step-04-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/02-set-ownerreference.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/02-set-ownerreference.yaml deleted file mode 100644 index 172ebb0e53..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/02-set-ownerreference.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: set-ownerreference -spec: - timeouts: {} - try: - - script: - content: | - kubectl -n cpol-clone-delete-ownerreferences-across-namespaces-source-ns get configmap owner -o json | jq '{ - "metadata": { - "ownerReferences": [{ - "apiVersion": "v1", - "kind": "ConfigMap", - "name": "owner", - "uid": .metadata.uid - }] - } - }' | kubectl patch -n cpol-clone-delete-ownerreferences-across-namespaces-source-ns secret cpol-clone-delete-ownerreferences-across-namespaces --patch-file=/dev/stdin diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/03-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/03-trigger.yaml deleted file mode 100644 index abda8804b6..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/03-trigger.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: trigger -spec: - timeouts: {} - try: - - apply: - file: trigger.yaml - - assert: - file: created-secret.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/04-check-no-ownerreference.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/04-check-no-ownerreference.yaml deleted file mode 100644 index 0aad00b6ed..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/04-check-no-ownerreference.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check-no-ownerreference -spec: - timeouts: {} - try: - - script: - content: | - kubectl --namespace cpol-clone-delete-ownerreferences-across-namespaces-target-ns get secret cpol-clone-delete-ownerreferences-across-namespaces -o json | jq -e '.metadata.ownerReferences == null' diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/chainsaw-test.yaml new file mode 100755 index 0000000000..03b1501ce3 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-delete-ownerreferences-across-namespaces/chainsaw-test.yaml @@ -0,0 +1,38 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-delete-ownerreferences-across-namespaces +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - script: + content: | + kubectl -n cpol-clone-delete-ownerreferences-across-namespaces-source-ns get configmap owner -o json | jq '{ + "metadata": { + "ownerReferences": [{ + "apiVersion": "v1", + "kind": "ConfigMap", + "name": "owner", + "uid": .metadata.uid + }] + } + }' | kubectl patch -n cpol-clone-delete-ownerreferences-across-namespaces-source-ns secret cpol-clone-delete-ownerreferences-across-namespaces --patch-file=/dev/stdin + - name: step-03 + try: + - apply: + file: trigger.yaml + - assert: + file: created-secret.yaml + - name: step-04 + try: + - script: + content: | + kubectl --namespace cpol-clone-delete-ownerreferences-across-namespaces-target-ns get secret cpol-clone-delete-ownerreferences-across-namespaces -o json | jq -e '.metadata.ownerReferences == null' diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/02-assert.yaml deleted file mode 100644 index 7cc4b1fa3b..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/02-assert.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: regcred - namespace: cpol-clone-sync-create-source-after-policy-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/02-ns.yaml deleted file mode 100644 index cbb32084c6..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/02-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-create-source-after-policy-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 63% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-1.yaml index aca73c7197..7a283588f7 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-1.yaml @@ -4,27 +4,18 @@ metadata: name: cpol-clone-sync-create-source-after-policy spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: default + kind: Secret + name: regcred + namespace: '{{request.object.metadata.name}}' + synchronize: true match: any: - resources: kinds: - Namespace - generate: - apiVersion: v1 - kind: Secret - name: regcred - namespace: "{{request.object.metadata.name}}" - synchronize: true - clone: - namespace: default - name: regcred ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcred - namespace: default -type: Opaque + name: clone-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..8e534a8890 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..b05b054a8e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-create-source-after-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..165b495a09 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-create-source-after-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..0d345023ff --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-create-source-after-policy/chainsaw-test.yaml @@ -0,0 +1,21 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-create-source-after-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/01-manifests.yaml deleted file mode 100644 index d06f1b63ff..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/01-manifests.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-single-source-multiple-targets-ns ---- -apiVersion: v1 -kind: Secret -metadata: - name: regcred - namespace: cpol-clone-sync-single-source-multiple-targets-ns -type: Opaque -data: - foo: Zm9v ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-clone-sync-reinstall-policy -spec: - rules: - - name: sync-image-pull-secret - match: - any: - - resources: - kinds: - - Namespace - generate: - apiVersion: v1 - kind: Secret - name: regcred - namespace: "{{request.object.metadata.name}}" - synchronize: true - clone: - namespace: cpol-clone-sync-single-source-multiple-targets-ns - name: regcred \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/02-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/02-trigger.yaml deleted file mode 100644 index bc52ac1d89..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/02-trigger.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 ---- -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/03-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/03-assert.yaml deleted file mode 100644 index 247bfcf0cc..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/03-assert.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: regcred - namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 -type: Opaque -data: - foo: Zm9v ---- -apiVersion: v1 -kind: Secret -metadata: - name: regcred - namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 -type: Opaque -data: - foo: Zm9v diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/04-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/04-delete.yaml deleted file mode 100644 index 530665fb24..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/04-delete.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: cpol-clone-sync-reinstall-policy diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/07-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/07-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/07-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/08-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/08-assert.yaml deleted file mode 100644 index bf37d75c00..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/08-assert.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: regcred - namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 -type: Opaque -data: - foo: aGVyZWlzY2hhbmdlZGRhdGE= ---- -apiVersion: v1 -kind: Secret -metadata: - name: regcred - namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 -type: Opaque -data: - foo: aGVyZWlzY2hhbmdlZGRhdGE= \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/10-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/10-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/10-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/11-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/11-assert.yaml deleted file mode 100644 index 8f4e990d14..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/11-assert.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: regcred - namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 -type: Opaque -data: - foo: YmFy ---- -apiVersion: v1 -kind: Secret -metadata: - name: regcred - namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 -type: Opaque -data: - foo: YmFy \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..5362f726a8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/09-update-source.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 91% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/09-update-source.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-01-apply-1-2.yaml index 33a49db7a4..f1ead79e1e --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/09-update-source.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-01-apply-1-2.yaml @@ -1,8 +1,8 @@ apiVersion: v1 +data: + foo: Zm9v kind: Secret metadata: name: regcred namespace: cpol-clone-sync-single-source-multiple-targets-ns type: Opaque -data: - foo: YmFy \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..4daff4a301 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,21 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-reinstall-policy +spec: + rules: + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-ns + kind: Secret + name: regcred + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: sync-image-pull-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..8f943622ad --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-02-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-02-apply-1-2.yaml new file mode 100755 index 0000000000..426355750d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-02-apply-1-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-03-assert-1-1.yaml new file mode 100755 index 0000000000..9e3170e120 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-03-assert-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: Zm9v +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-03-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-03-assert-1-2.yaml new file mode 100755 index 0000000000..2a85a11905 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-03-assert-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: Zm9v +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-05-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-05-apply-1-1.yaml new file mode 100755 index 0000000000..8e7a7103b8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-05-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: aGVyZWlzY2hhbmdlZGRhdGE= +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/06-recreate-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-06-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 75% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/06-recreate-policy.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-06-apply-1-1.yaml index c56b01ed44..7b0fa06a2e --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/06-recreate-policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-06-apply-1-1.yaml @@ -5,18 +5,18 @@ metadata: spec: generateExisting: true rules: - - name: sync-image-pull-secret + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-ns + kind: Secret + name: regcred + namespace: '{{request.object.metadata.name}}' + synchronize: true match: any: - resources: kinds: - Namespace - generate: - apiVersion: v1 - kind: Secret - name: regcred - namespace: "{{request.object.metadata.name}}" - synchronize: true - clone: - namespace: cpol-clone-sync-single-source-multiple-targets-ns - name: regcred \ No newline at end of file + name: sync-image-pull-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-08-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-08-assert-1-1.yaml new file mode 100755 index 0000000000..09c5e3946b --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-08-assert-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: aGVyZWlzY2hhbmdlZGRhdGE= +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-08-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-08-assert-1-2.yaml new file mode 100755 index 0000000000..65729904d8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-08-assert-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: aGVyZWlzY2hhbmdlZGRhdGE= +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/05-update-source.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-09-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 81% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/05-update-source.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-09-apply-1-1.yaml index 26c19c10cc..12906c0adb --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/05-update-source.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-09-apply-1-1.yaml @@ -1,8 +1,8 @@ apiVersion: v1 +data: + foo: YmFy kind: Secret metadata: name: regcred namespace: cpol-clone-sync-single-source-multiple-targets-ns type: Opaque -data: - foo: aGVyZWlzY2hhbmdlZGRhdGE= \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-11-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-11-assert-1-1.yaml new file mode 100755 index 0000000000..9eed40bc86 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-11-assert-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-11-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-11-assert-1-2.yaml new file mode 100755 index 0000000000..db3bfca1ea --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-step-11-assert-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..9f026339e6 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/chainsaw-test.yaml @@ -0,0 +1,68 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-reinstall-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - apply: + file: chainsaw-step-02-apply-1-2.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - assert: + file: chainsaw-step-03-assert-1-2.yaml + - name: step-04 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-clone-sync-reinstall-policy + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1-1.yaml + - name: step-06 + try: + - apply: + file: chainsaw-step-06-apply-1-1.yaml + - name: step-07 + try: + - sleep: + duration: 3s + - name: step-08 + try: + - assert: + file: chainsaw-step-08-assert-1-1.yaml + - assert: + file: chainsaw-step-08-assert-1-2.yaml + - name: step-09 + try: + - apply: + file: chainsaw-step-09-apply-1-1.yaml + - name: step-10 + try: + - sleep: + duration: 3s + - name: step-11 + try: + - assert: + file: chainsaw-step-11-assert-1-1.yaml + - assert: + file: chainsaw-step-11-assert-1-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/02-triggers.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/02-triggers.yaml deleted file mode 100644 index bc52ac1d89..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/02-triggers.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 ---- -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/03-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/03-assert.yaml deleted file mode 100644 index 6db90bec71..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/03-assert.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -data: - foo: bar -kind: ConfigMap -metadata: - name: footarget - namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 ---- -apiVersion: v1 -data: - foo: bar -kind: ConfigMap -metadata: - name: footarget - namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/06-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/06-assert.yaml deleted file mode 100644 index 6a3abcb63b..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/06-assert.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -data: - foo: baz -kind: ConfigMap -metadata: - name: footarget - namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 ---- -apiVersion: v1 -data: - foo: baz -kind: ConfigMap -metadata: - name: footarget - namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..5362f726a8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..d2ecb8831d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: foosource + namespace: cpol-clone-sync-single-source-multiple-targets-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 50% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-3.yaml index 20e4df7080..af736c2e3a --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-apply-1-3.yaml @@ -1,16 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-single-source-multiple-targets-ns ---- -apiVersion: v1 -data: - foo: bar -kind: ConfigMap -metadata: - name: foosource - namespace: cpol-clone-sync-single-source-multiple-targets-ns ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: @@ -18,18 +5,18 @@ metadata: spec: generateExisting: false rules: - - name: rule-clone-sync-single-source-multiple-targets + - generate: + apiVersion: v1 + clone: + name: foosource + namespace: cpol-clone-sync-single-source-multiple-targets-ns + kind: ConfigMap + name: footarget + namespace: '{{request.object.metadata.name}}' + synchronize: true match: any: - resources: kinds: - Namespace - generate: - apiVersion: v1 - kind: ConfigMap - name: footarget - namespace: "{{request.object.metadata.name}}" - synchronize: true - clone: - namespace: cpol-clone-sync-single-source-multiple-targets-ns - name: foosource \ No newline at end of file + name: rule-clone-sync-single-source-multiple-targets diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..8f943622ad --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-02-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-02-apply-1-2.yaml new file mode 100755 index 0000000000..426355750d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-02-apply-1-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-03-assert-1-1.yaml new file mode 100755 index 0000000000..cb210f1f2d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-03-assert-1-1.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-03-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-03-assert-1-2.yaml new file mode 100755 index 0000000000..55feaab63a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-03-assert-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/04-update-source.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 54% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/04-update-source.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-04-apply-1-1.yaml index 6db64aace2..53e0fd526f --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/04-update-source.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-04-apply-1-1.yaml @@ -4,4 +4,4 @@ data: kind: ConfigMap metadata: name: foosource - namespace: cpol-clone-sync-single-source-multiple-targets-ns \ No newline at end of file + namespace: cpol-clone-sync-single-source-multiple-targets-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-06-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-06-assert-1-1.yaml new file mode 100755 index 0000000000..aa965bc916 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-06-assert-1-1.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-06-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-06-assert-1-2.yaml new file mode 100755 index 0000000000..dd0baf6c93 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-step-06-assert-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-clone-sync-single-source-multiple-targets-trigger-ns-2 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-test.yaml new file mode 100755 index 0000000000..02cf82aa20 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-source-multiple-triggers-targets/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-single-source-multiple-triggers-targets +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - apply: + file: chainsaw-step-02-apply-1-2.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - assert: + file: chainsaw-step-03-assert-1-2.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: chainsaw-step-06-assert-1-1.yaml + - assert: + file: chainsaw-step-06-assert-1-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/01-assert.yaml deleted file mode 100644 index 82640f38c1..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/01-assert.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: kyverno.io/v2beta1 -kind: ClusterPolicy -metadata: - name: cpol-clone-sync-single-trigger-source-multiple-targets-1 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v2beta1 -kind: ClusterPolicy -metadata: - name: cpol-clone-sync-single-trigger-source-multiple-targets-2 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/01-manifests.yaml deleted file mode 100644 index e08ae4a58b..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/01-manifests.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-single-trigger-source-multiple-targets-ns ---- -apiVersion: v1 -data: - foo: bar -kind: ConfigMap -metadata: - name: foosource - namespace: cpol-clone-sync-single-trigger-source-multiple-targets-ns ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-clone-sync-single-trigger-source-multiple-targets-1 -spec: - rules: - - name: rule-sync-image-pull-secret - match: - any: - - resources: - kinds: - - Namespace - generate: - apiVersion: v1 - kind: ConfigMap - name: footarget - namespace: "{{request.object.metadata.name}}" - synchronize: true - clone: - namespace: cpol-clone-sync-single-trigger-source-multiple-targets-ns - name: foosource ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-clone-sync-single-trigger-source-multiple-targets-2 -spec: - rules: - - name: rule-sync-image-pull-secret - match: - any: - - resources: - kinds: - - Namespace - generate: - apiVersion: v1 - kind: ConfigMap - name: bartarget - namespace: "{{request.object.metadata.name}}" - synchronize: true - clone: - namespace: cpol-clone-sync-single-trigger-source-multiple-targets-ns - name: foosource \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/03-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/03-assert.yaml deleted file mode 100644 index c0b1d5e201..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/03-assert.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -data: - foo: bar -kind: ConfigMap -metadata: - name: footarget - namespace: cpol-single-trigger-source-multiple-targets-trigger-ns ---- -apiVersion: v1 -data: - foo: bar -kind: ConfigMap -metadata: - name: bartarget - namespace: cpol-single-trigger-source-multiple-targets-trigger-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/06-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/06-assert.yaml deleted file mode 100644 index 4124b1cb53..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/06-assert.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -data: - foo: baz -kind: ConfigMap -metadata: - name: footarget - namespace: cpol-single-trigger-source-multiple-targets-trigger-ns ---- -apiVersion: v1 -data: - foo: baz -kind: ConfigMap -metadata: - name: bartarget - namespace: cpol-single-trigger-source-multiple-targets-trigger-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..76ce7e6194 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-single-trigger-source-multiple-targets-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..0330879182 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: foosource + namespace: cpol-clone-sync-single-trigger-source-multiple-targets-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..12602f5fef --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,21 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-single-trigger-source-multiple-targets-1 +spec: + rules: + - generate: + apiVersion: v1 + clone: + name: foosource + namespace: cpol-clone-sync-single-trigger-source-multiple-targets-ns + kind: ConfigMap + name: footarget + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: rule-sync-image-pull-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-apply-1-4.yaml new file mode 100755 index 0000000000..9a12200345 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-apply-1-4.yaml @@ -0,0 +1,21 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-single-trigger-source-multiple-targets-2 +spec: + rules: + - generate: + apiVersion: v1 + clone: + name: foosource + namespace: cpol-clone-sync-single-trigger-source-multiple-targets-ns + kind: ConfigMap + name: bartarget + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: rule-sync-image-pull-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..8f0fac8b8a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-single-trigger-source-multiple-targets-1 +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..2ca2ef3c8b --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-clone-sync-single-trigger-source-multiple-targets-2 +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/02-triggers.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/02-triggers.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-02-apply-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-03-assert-1-1.yaml new file mode 100755 index 0000000000..e1fa71a181 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-03-assert-1-1.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-single-trigger-source-multiple-targets-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-03-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-03-assert-1-2.yaml new file mode 100755 index 0000000000..a449436117 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-03-assert-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: bartarget + namespace: cpol-single-trigger-source-multiple-targets-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/04-update-source.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 95% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/04-update-source.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-04-apply-1-1.yaml index 19705f3b95..ff64728878 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/04-update-source.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-04-apply-1-1.yaml @@ -4,4 +4,4 @@ data: kind: ConfigMap metadata: name: foosource - namespace: cpol-clone-sync-single-trigger-source-multiple-targets-ns \ No newline at end of file + namespace: cpol-clone-sync-single-trigger-source-multiple-targets-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-06-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-06-assert-1-1.yaml new file mode 100755 index 0000000000..5868a0df36 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-06-assert-1-1.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: footarget + namespace: cpol-single-trigger-source-multiple-targets-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-06-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-06-assert-1-2.yaml new file mode 100755 index 0000000000..7cca0b38ee --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-step-06-assert-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: baz +kind: ConfigMap +metadata: + name: bartarget + namespace: cpol-single-trigger-source-multiple-targets-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-test.yaml new file mode 100755 index 0000000000..be85707693 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-single-trigger-source-multiple-targets/chainsaw-test.yaml @@ -0,0 +1,45 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-single-trigger-source-multiple-targets +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - assert: + file: chainsaw-step-03-assert-1-2.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: chainsaw-step-06-assert-1-1.yaml + - assert: + file: chainsaw-step-06-assert-1-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/01-assert.yaml deleted file mode 100644 index a0847f258e..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/01-assert.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kyverno.io/v2beta1 -kind: ClusterPolicy -metadata: - name: cpol-create-on-trigger-deletion -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: test-org - namespace: cpol-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/02-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/02-delete.yaml deleted file mode 100644 index b2ece129cc..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/02-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: cpol-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/03-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..5ad0e15b5a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..2e2d599730 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-org + namespace: cpol-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 58% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-3.yaml index 240c10f327..df4b9158b9 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-3.yaml @@ -1,21 +1,21 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-create-on-trigger-deletion-ns ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: test-org - namespace: cpol-create-on-trigger-deletion-ns ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: cpol-create-on-trigger-deletion spec: rules: - - name: default-deny + - generate: + apiVersion: networking.k8s.io/v1 + data: + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + kind: NetworkPolicy + name: default-deny + namespace: '{{request.object.metadata.namespace}}' + synchronize: false match: any: - resources: @@ -23,15 +23,4 @@ spec: - ConfigMap operations: - DELETE - generate: - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - name: default-deny - namespace: "{{request.object.metadata.namespace}}" - synchronize: false - data: - spec: - podSelector: {} - policyTypes: - - Ingress - - Egress \ No newline at end of file + name: default-deny diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 77% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-assert-1-1.yaml index 91bda28aac..fd5a95efa2 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/01-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-assert-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: kyverno.io/v2beta1 kind: ClusterPolicy metadata: - name: cpol-data-nosync-delete-trigger + name: cpol-create-on-trigger-deletion status: conditions: - reason: Succeeded diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..2e2d599730 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-org + namespace: cpol-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/04-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-04-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 93% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/04-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-04-assert-1-1.yaml index a6ff3586fc..9bbb53f9c5 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/04-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-step-04-assert-1-1.yaml @@ -6,4 +6,4 @@ metadata: spec: policyTypes: - Ingress - - Egress \ No newline at end of file + - Egress diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-test.yaml new file mode 100755 index 0000000000..69b6e17fb7 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-create-on-trigger-deletion +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - name: step-02 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: cpol-create-on-trigger-deletion-ns + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: chainsaw-step-04-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/01-clusterpolicy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/01-clusterpolicy.yaml deleted file mode 100644 index 69291cfc10..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/01-clusterpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: clusterpolicy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/02-ns.yaml deleted file mode 100644 index 15f441a7a2..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/02-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-sync-remove-list-element-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/03-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/03-check.yaml deleted file mode 100644 index 55abc50495..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/03-check.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - assert: - file: netpol.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/04-update-cpol.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/04-update-cpol.yaml deleted file mode 100644 index 02837de67a..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/04-update-cpol.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: update-cpol -spec: - timeouts: {} - try: - - apply: - file: policy-remove-egress.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/06-checks.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/06-checks.yaml deleted file mode 100644 index 33b66eda69..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/06-checks.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: checks -spec: - timeouts: {} - try: - - assert: - file: netpol-new.yaml - - error: - file: netpol.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..b70c81d866 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-remove-list-element-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/chainsaw-test.yaml new file mode 100755 index 0000000000..b504fbe1de --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-remove-list-element/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-remove-list-element +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: netpol.yaml + - name: step-04 + try: + - apply: + file: policy-remove-egress.yaml + - assert: + file: policy-ready.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: netpol-new.yaml + - error: + file: netpol.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/01-clusterpolicy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/01-clusterpolicy.yaml deleted file mode 100644 index 69291cfc10..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/01-clusterpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: clusterpolicy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/02-ns.yaml deleted file mode 100644 index 001a9cb097..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/02-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-sync-to-nosync-delete-rule-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/03-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/03-check.yaml deleted file mode 100644 index dcf0118adc..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/03-check.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - assert: - file: secret.yaml - - assert: - file: configmap.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/05-delete-rule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/05-delete-rule.yaml deleted file mode 100644 index 714d46270c..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/05-delete-rule.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete-rule -spec: - timeouts: {} - try: - - apply: - file: delete-rule.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/06-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/06-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/06-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/07-checks.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/07-checks.yaml deleted file mode 100644 index 5f30a22f21..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/07-checks.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: checks -spec: - timeouts: {} - try: - - assert: - file: secret.yaml - - assert: - file: configmap.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..b52a6e57bd --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-to-nosync-delete-rule-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/04-update-sync.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 72% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/04-update-sync.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-step-04-apply-1-1.yaml index efe056725c..0839987d1c --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/04-update-sync.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-step-04-apply-1-1.yaml @@ -5,13 +5,7 @@ metadata: spec: generateExisting: false rules: - - name: k-kafka-address - match: - any: - - resources: - kinds: - - Namespace - exclude: + - exclude: any: - resources: namespaces: @@ -20,26 +14,26 @@ spec: - kube-public - kyverno generate: - synchronize: false apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: "{{request.object.metadata.name}}" data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: labels: somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" - - name: super-secret + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: false match: any: - resources: kinds: - Namespace - exclude: + name: k-kafka-address + - exclude: any: - resources: namespaces: @@ -48,16 +42,22 @@ spec: - kube-public - kyverno generate: - synchronize: true apiVersion: v1 - kind: Secret - name: supersecret - namespace: "{{request.object.metadata.name}}" data: + data: + mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl kind: Secret - type: Opaque metadata: labels: somekey: somesecretvalue - data: - mysupersecretkey: bXlzdXBlcnNlY3JldHZhbHVl \ No newline at end of file + type: Opaque + kind: Secret + name: supersecret + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: super-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..e524146ca0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-sync-to-nosync-delete-rule/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-to-nosync-delete-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: secret.yaml + - assert: + file: configmap.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - apply: + file: delete-rule.yaml + - assert: + file: policy-ready.yaml + - name: step-06 + try: + - sleep: + duration: 3s + - name: step-07 + try: + - assert: + file: secret.yaml + - assert: + file: configmap.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/01-manifests.yaml deleted file mode 100644 index 63801108fa..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/01-manifests.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: gen-role-policy -spec: - background: false - rules: - - name: gen-role - match: - any: - - resources: - kinds: - - Namespace - generate: - kind: Role - name: ns-role - apiVersion: rbac.authorization.k8s.io/v1 - namespace: "{{request.object.metadata.name}}" - synchronize: true - data: - rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list"] - - name: gen-role-binding - match: - any: - - resources: - kinds: - - Namespace - generate: - kind: RoleBinding - name: ns-role-binding - apiVersion: rbac.authorization.k8s.io/v1 - namespace: "{{request.object.metadata.name}}" - synchronize: true - data: - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: User - name: minikube-user - roleRef: - kind: Role - name: ns-role - namespace: "{{request.object.metadata.name}}" - apiGroup: rbac.authorization.k8s.io diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..f44fddeee7 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,51 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: gen-role-policy +spec: + background: false + rules: + - generate: + apiVersion: rbac.authorization.k8s.io/v1 + data: + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list + kind: Role + name: ns-role + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: gen-role + - generate: + apiVersion: rbac.authorization.k8s.io/v1 + data: + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ns-role + namespace: '{{request.object.metadata.name}}' + subjects: + - apiGroup: rbac.authorization.k8s.io + kind: User + name: minikube-user + kind: RoleBinding + name: ns-role-binding + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: gen-role-binding diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 56% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/02-ns.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-02-apply-1-1.yaml index 06bc648e89..95fb920d5c --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/02-ns.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-02-apply-1-1.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: cpol-data-sync-create-ns \ No newline at end of file + name: generate-role-tests diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-03-assert-1-1.yaml new file mode 100755 index 0000000000..0e36cb3011 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-03-assert-1-1.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ns-role + namespace: generate-role-tests +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/03-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-03-assert-1-2.yaml old mode 100644 new mode 100755 similarity index 54% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/03-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-03-assert-1-2.yaml index c0844f4aca..84ebe1613b --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/03-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-step-03-assert-1-2.yaml @@ -1,19 +1,4 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: ns-role - namespace: generate-role-tests -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: ns-role-binding @@ -25,4 +10,4 @@ roleRef: subjects: - apiGroup: rbac.authorization.k8s.io kind: User - name: minikube-user \ No newline at end of file + name: minikube-user diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-test.yaml new file mode 100755 index 0000000000..97a4971697 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/data-role-and-rolebinding/chainsaw-test.yaml @@ -0,0 +1,23 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: data-role-and-rolebinding +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - assert: + file: chainsaw-step-03-assert-1-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml deleted file mode 100644 index 17e10b0970..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/07-assert.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -involvedObject: - apiVersion: v1 - kind: ConfigMap - name: generate-event-on-edit-configmap - namespace: generate-event-on-edit-ns -kind: Event -metadata: - labels: - app.kubernetes.io/managed-by: kyverno - generate.kyverno.io/policy-name: generate-event-upon-edit - generate.kyverno.io/policy-namespace: "" - generate.kyverno.io/rule-name: generate-event-on-edit - generate.kyverno.io/trigger-version: v1 - generate.kyverno.io/trigger-group: "" - generate.kyverno.io/trigger-kind: ConfigMap - generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns - namespace: generate-event-on-edit-ns -source: - component: kyverno ---- -apiVersion: v1 -involvedObject: - apiVersion: v1 - kind: ConfigMap - name: generate-event-on-edit-configmap - namespace: generate-event-on-edit-ns -kind: Event -metadata: - labels: - app.kubernetes.io/managed-by: kyverno - generate.kyverno.io/policy-name: generate-event-upon-edit - generate.kyverno.io/policy-namespace: "" - generate.kyverno.io/rule-name: generate-event-on-edit - generate.kyverno.io/trigger-version: v1 - generate.kyverno.io/trigger-group: "" - generate.kyverno.io/trigger-kind: ConfigMap - generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns - namespace: generate-event-on-edit-ns -source: - component: kyverno \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 54% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/02-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-01-apply-1-1.yaml index 361982a6c3..08b0e75623 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/02-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-01-apply-1-1.yaml @@ -6,13 +6,14 @@ metadata: app.kubernetes.io/instance: kyverno app.kubernetes.io/name: kyverno name: kyverno:generate-events ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: generate-event-upon-edit -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready +rules: +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - get + - update + - delete diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/01-clusterrole.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 53% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/01-clusterrole.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-01-apply-1-2.yaml index aab9ec784c..831d699939 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/01-clusterrole.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-01-apply-1-2.yaml @@ -1,24 +1,4 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: kyverno - app.kubernetes.io/instance: kyverno - app.kubernetes.io/name: kyverno - name: kyverno:generate-events -rules: -- apiGroups: - - '' - - events.k8s.io - resources: - - events - verbs: - - create - - get - - update - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kyverno:generate-events diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/02-clusterpolicy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 57% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/02-clusterpolicy.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-02-apply-1-1.yaml index e6cd812d5c..d306fbdc5a --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/02-clusterpolicy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-02-apply-1-1.yaml @@ -5,34 +5,34 @@ metadata: spec: background: false rules: - - name: generate-event-on-edit + - generate: + apiVersion: v1 + data: + firstTimestamp: '{{ time_now_utc() }}' + involvedObject: + apiVersion: v1 + kind: ConfigMap + name: '{{ request.name }}' + namespace: '{{ request.namespace }}' + uid: '{{request.object.metadata.uid}}' + lastTimestamp: '{{ time_now_utc() }}' + message: This resource was updated by {{ request.userInfo | to_string(@) }} + reason: Edit + source: + component: kyverno + type: Warning + kind: Event + name: edit.{{ random('[a-z0-9]{12}') }} + namespace: '{{request.object.metadata.namespace}}' + synchronize: false match: any: - resources: kinds: - ConfigMap + name: generate-event-on-edit preconditions: any: - - key: "{{ request.operation }}" + - key: '{{ request.operation }}' operator: Equals value: UPDATE - generate: - apiVersion: v1 - kind: Event - name: "edit.{{ random('[a-z0-9]{12}') }}" - namespace: "{{request.object.metadata.namespace}}" - synchronize: false - data: - firstTimestamp: "{{ time_now_utc() }}" - involvedObject: - apiVersion: v1 - kind: ConfigMap - name: "{{ request.name }}" - namespace: "{{ request.namespace }}" - uid: "{{request.object.metadata.uid}}" - lastTimestamp: "{{ time_now_utc() }}" - message: This resource was updated by {{ request.userInfo | to_string(@) }} - reason: Edit - source: - component: kyverno - type: Warning \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..f2a3414b82 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kyverno + app.kubernetes.io/instance: kyverno + app.kubernetes.io/name: kyverno + name: kyverno:generate-events diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-02-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-02-assert-1-2.yaml new file mode 100755 index 0000000000..032d60dd11 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-02-assert-1-2.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: generate-event-upon-edit +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-03-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-03-apply-1-1.yaml new file mode 100755 index 0000000000..6d3a3f79c4 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-03-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: generate-event-on-edit-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/03-configmap_orig.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-03-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 63% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/03-configmap_orig.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-03-apply-1-2.yaml index 72c6da4f56..7c235456ff --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/03-configmap_orig.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-03-apply-1-2.yaml @@ -1,14 +1,9 @@ apiVersion: v1 -kind: Namespace -metadata: - name: generate-event-on-edit-ns ---- -apiVersion: v1 +data: + color: red + day: monday + food: cheese kind: ConfigMap metadata: name: generate-event-on-edit-configmap namespace: generate-event-on-edit-ns -data: - food: cheese - day: monday - color: red \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/04-configmap_edit_1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 92% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/04-configmap_edit_1.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-04-apply-1-1.yaml index 7a50fc705e..b7f989cd96 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/04-configmap_edit_1.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-04-apply-1-1.yaml @@ -1,9 +1,9 @@ apiVersion: v1 +data: + color: red + day: wednesday + food: cheese kind: ConfigMap metadata: name: generate-event-on-edit-configmap namespace: generate-event-on-edit-ns -data: - food: cheese - day: wednesday - color: red \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-05-assert-1-1.yaml index 916104ef50..ebe82d973e --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/05-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-05-assert-1-1.yaml @@ -11,10 +11,10 @@ metadata: generate.kyverno.io/policy-name: generate-event-upon-edit generate.kyverno.io/policy-namespace: "" generate.kyverno.io/rule-name: generate-event-on-edit - generate.kyverno.io/trigger-version: v1 generate.kyverno.io/trigger-group: "" generate.kyverno.io/trigger-kind: ConfigMap generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns + generate.kyverno.io/trigger-version: v1 namespace: generate-event-on-edit-ns source: component: kyverno diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/06-configmap_edit_2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-06-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 92% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/06-configmap_edit_2.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-06-apply-1-1.yaml index bd45fc5959..72e3b34028 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/06-configmap_edit_2.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-06-apply-1-1.yaml @@ -1,9 +1,9 @@ apiVersion: v1 +data: + color: red + day: friday + food: cheese kind: ConfigMap metadata: name: generate-event-on-edit-configmap namespace: generate-event-on-edit-ns -data: - food: cheese - day: friday - color: red \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-07-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-07-assert-1-1.yaml new file mode 100755 index 0000000000..ebe82d973e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-07-assert-1-1.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +involvedObject: + apiVersion: v1 + kind: ConfigMap + name: generate-event-on-edit-configmap + namespace: generate-event-on-edit-ns +kind: Event +metadata: + labels: + app.kubernetes.io/managed-by: kyverno + generate.kyverno.io/policy-name: generate-event-upon-edit + generate.kyverno.io/policy-namespace: "" + generate.kyverno.io/rule-name: generate-event-on-edit + generate.kyverno.io/trigger-group: "" + generate.kyverno.io/trigger-kind: ConfigMap + generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns + generate.kyverno.io/trigger-version: v1 + namespace: generate-event-on-edit-ns +source: + component: kyverno diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-07-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-07-assert-1-2.yaml new file mode 100755 index 0000000000..ebe82d973e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-step-07-assert-1-2.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +involvedObject: + apiVersion: v1 + kind: ConfigMap + name: generate-event-on-edit-configmap + namespace: generate-event-on-edit-ns +kind: Event +metadata: + labels: + app.kubernetes.io/managed-by: kyverno + generate.kyverno.io/policy-name: generate-event-upon-edit + generate.kyverno.io/policy-namespace: "" + generate.kyverno.io/rule-name: generate-event-on-edit + generate.kyverno.io/trigger-group: "" + generate.kyverno.io/trigger-kind: ConfigMap + generate.kyverno.io/trigger-namespace: generate-event-on-edit-ns + generate.kyverno.io/trigger-version: v1 + namespace: generate-event-on-edit-ns +source: + component: kyverno diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-test.yaml new file mode 100755 index 0000000000..2932a62553 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/generate-event-upon-edit/chainsaw-test.yaml @@ -0,0 +1,45 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: generate-event-upon-edit +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-2.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - apply: + file: chainsaw-step-03-apply-1-2.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml + - name: step-06 + try: + - apply: + file: chainsaw-step-06-apply-1-1.yaml + - name: step-07 + try: + - assert: + file: chainsaw-step-07-assert-1-1.yaml + - assert: + file: chainsaw-step-07-assert-1-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/01-manifests.yaml deleted file mode 100644 index fa286a7dc1..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/01-manifests.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: manifests -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - apply: - file: cluster-role.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/02-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/02-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/03-save-pod-name.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/03-save-pod-name.yaml deleted file mode 100644 index 6396e6aff9..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/03-save-pod-name.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: save-pod-name -spec: - timeouts: {} - try: - - script: - content: kubectl get po -n kube-state-metrics | awk 'NR==2{print $1}' > pod-name.txt diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/06-check-restart.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/06-check-restart.yaml deleted file mode 100644 index 4c39caf445..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/06-check-restart.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check-restart -spec: - timeouts: {} - try: - - script: - content: if [ "$(kubectl get pods -n kyverno | sort --key 5 --numeric | awk - 'NR==2{print $1}')" != "$(cat pod-name.txt)" ];then exit;else (exit 1);fi diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/04-update-sc.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 84% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/04-update-sc.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/chainsaw-step-04-apply-1-1.yaml index 6e7dda9b5a..be3b1cf594 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/04-update-sc.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/chainsaw-step-04-apply-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: v1 +data: + foo: bm90LWJhcg== kind: Secret metadata: name: kube-state-metrics-crds namespace: kube-state-metrics -data: - foo: bm90LWJhcg== \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/chainsaw-test.yaml new file mode 100755 index 0000000000..d7c3f97b79 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/pod-restart-on-cm-update/chainsaw-test.yaml @@ -0,0 +1,36 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pod-restart-on-cm-update +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - apply: + file: cluster-role.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - script: + content: kubectl get po -n kube-state-metrics | awk 'NR==2{print $1}' > pod-name.txt + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - script: + content: if [ "$(kubectl get pods -n kyverno | sort --key 5 --numeric | awk + 'NR==2{print $1}')" != "$(cat pod-name.txt)" ];then exit;else (exit 1);fi diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/02-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/02-trigger.yaml deleted file mode 100644 index b212d08087..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/02-trigger.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: trigger-resource-name-exceeds-63-characters-ns ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap - namespace: trigger-resource-name-exceeds-63-characters-ns -data: - color: blue \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/03-downstream-created.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/03-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/03-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/04-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/04-delete.yaml deleted file mode 100644 index 081781af77..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/04-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap - namespace: trigger-resource-name-exceeds-63-characters-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/06-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/06-check.yaml deleted file mode 100644 index 0beb279f87..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/06-check.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - error: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 76% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-policy.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-step-01-apply-1-1.yaml index 2e14db07b4..55fe6149b7 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-step-01-apply-1-1.yaml @@ -1,10 +1,21 @@ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: - name: generate-network-policy + name: generate-network-policy spec: rules: - - name: default-deny + - generate: + apiVersion: networking.k8s.io/v1 + data: + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + kind: NetworkPolicy + name: default-deny + namespace: '{{request.object.metadata.namespace}}' + synchronize: true match: any: - resources: @@ -12,15 +23,4 @@ spec: - ConfigMap names: - my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap - generate: - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - name: default-deny - namespace: "{{request.object.metadata.namespace}}" - synchronize: true - data: - spec: - podSelector: {} - policyTypes: - - Ingress - - Egress \ No newline at end of file + name: default-deny diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 80% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-step-01-assert-1-1.yaml index 53931268ae..b9ef354129 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/01-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-step-01-assert-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: kyverno.io/v2beta1 kind: ClusterPolicy metadata: - name: generate-network-policy + name: generate-network-policy status: conditions: - reason: Succeeded diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..2320487499 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: trigger-resource-name-exceeds-63-characters-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-step-02-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-step-02-apply-1-2.yaml new file mode 100755 index 0000000000..7d1e60d8a4 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-step-02-apply-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + color: blue +kind: ConfigMap +metadata: + name: my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap + namespace: trigger-resource-name-exceeds-63-characters-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-test.yaml new file mode 100755 index 0000000000..3e51fef521 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: trigger-resource-name-exceeds-63-characters +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - apply: + file: chainsaw-step-02-apply-1-2.yaml + - name: step-03 + try: + - assert: + file: downstream.yaml + - name: step-04 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap + namespace: trigger-resource-name-exceeds-63-characters-ns + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - error: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/multiple/sync/basic-create/01-create.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/multiple/sync/basic-create/01-create.yaml deleted file mode 100644 index 43ac5d788f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/multiple/sync/basic-create/01-create.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - apply: - file: policy.yaml - - assert: - file: cluster-policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/multiple/sync/basic-create/02-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/multiple/sync/basic-create/02-trigger.yaml deleted file mode 100644 index 5b6ebee405..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/multiple/sync/basic-create/02-trigger.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: trigger -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: resource-assert.yaml - - error: - file: fail-resources.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/multiple/sync/basic-create/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/multiple/sync/basic-create/chainsaw-test.yaml new file mode 100755 index 0000000000..335aeaf504 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/multiple/sync/basic-create/chainsaw-test.yaml @@ -0,0 +1,23 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: basic-create +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - apply: + file: policy.yaml + - assert: + file: cluster-policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: resource-assert.yaml + - error: + file: fail-resources.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/02-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/02-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/02-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 62% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-01-apply-1-1.yaml index f3713bb3bb..a3832c8a5d --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-01-apply-1-1.yaml @@ -4,27 +4,18 @@ metadata: name: cpol-nosync-clone spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: default + kind: Secret + name: regcred + namespace: '{{request.object.metadata.name}}' + synchronize: false match: any: - resources: kinds: - Namespace - generate: - apiVersion: v1 - kind: Secret - name: regcred - namespace: "{{request.object.metadata.name}}" - synchronize: false - clone: - namespace: default - name: regcred ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcred - namespace: default -type: Opaque + name: clone-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..8e534a8890 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..e0972e1cba --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-nosync-create-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/03-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 56% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/03-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-03-assert-1-1.yaml index 6fcc5490c3..737a178219 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/03-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-step-03-assert-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: Secret metadata: name: regcred - namespace: cpol-clone-nosync-create-ns \ No newline at end of file + namespace: cpol-clone-nosync-create-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-test.yaml new file mode 100755 index 0000000000..c7caff71eb --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-nosync-create +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - sleep: + duration: 3s + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/02-ns.yaml deleted file mode 100644 index cc8635ea3b..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/02-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-nosync-delete-downstream-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/03-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/03-assert.yaml deleted file mode 100644 index cc8635ea3b..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/03-assert.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-nosync-delete-downstream-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/03-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/04-delete-secret.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/04-delete-secret.yaml deleted file mode 100644 index d2561b85ac..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/04-delete-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete-secret -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: Secret - name: regcred - namespace: cpol-clone-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/06-errors.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/06-errors.yaml deleted file mode 100644 index 8395b9ce7e..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/06-errors.yaml +++ /dev/null @@ -1,6 +0,0 @@ -### If this resource is found, create an error which fails the test. Since there is no timeout for this step, it will adopt the global defined in the TestSuite. -apiVersion: v1 -kind: Secret -metadata: - name: regcred - namespace: cpol-clone-nosync-delete-downstream-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 62% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml index f3713bb3bb..a3832c8a5d --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml @@ -4,27 +4,18 @@ metadata: name: cpol-nosync-clone spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: default + kind: Secret + name: regcred + namespace: '{{request.object.metadata.name}}' + synchronize: false match: any: - resources: kinds: - Namespace - generate: - apiVersion: v1 - kind: Secret - name: regcred - namespace: "{{request.object.metadata.name}}" - synchronize: false - clone: - namespace: default - name: regcred ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcred - namespace: default -type: Opaque + name: clone-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..8e534a8890 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..a189c794d2 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..a684394a17 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-03-assert-1-1.yaml new file mode 100755 index 0000000000..a189c794d2 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-03-assert-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-06-error-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-06-error-1-1.yaml new file mode 100755 index 0000000000..a684394a17 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-step-06-error-1-1.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: cpol-clone-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..585a3b211e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-nosync-delete-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - name: step-04 + try: + - delete: + ref: + apiVersion: v1 + kind: Secret + name: regcred + namespace: cpol-clone-nosync-delete-downstream-ns + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - error: + file: chainsaw-step-06-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/02-resource.yaml deleted file mode 100644 index ddf88f9c39..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: cloned.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/03-removepolicy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/03-removepolicy.yaml deleted file mode 100644 index d20d45f284..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/03-removepolicy.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: removepolicy -spec: - timeouts: {} - try: - - assert: - file: check.yaml - - delete: - ref: - apiVersion: kyverno.io/v2beta1 - kind: ClusterPolicy - name: cpol-nosync-clone-delete-policy diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..8a6273d8b6 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/chainsaw-test.yaml @@ -0,0 +1,28 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-nosync-delete-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: cloned.yaml + - name: step-03 + try: + - assert: + file: check.yaml + - delete: + ref: + apiVersion: kyverno.io/v2beta1 + kind: ClusterPolicy + name: cpol-nosync-clone-delete-policy diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/02-resource.yaml deleted file mode 100644 index ddf88f9c39..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: cloned.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/03-removerule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/03-removerule.yaml deleted file mode 100644 index b79f543e3f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/03-removerule.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: removerule -spec: - timeouts: {} - try: - - apply: - file: singlerule.yaml - - assert: - file: check.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..f11bf80a6d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-rule/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-nosync-delete-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: cloned.yaml + - name: step-03 + try: + - apply: + file: singlerule.yaml + - assert: + file: check.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/02-resource.yaml deleted file mode 100644 index ddf88f9c39..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: cloned.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/03-deletesource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/03-deletesource.yaml deleted file mode 100644 index b982ea9cd5..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/03-deletesource.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: deletesource -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: Secret - name: regcred diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/04-forcesleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/04-forcesleep.yaml deleted file mode 100644 index 76ab120377..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/04-forcesleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: forcesleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/05-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/05-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/chainsaw-step-05-assert-1-1.yaml index 7f5bec03a1..185d28b47a --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/05-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/chainsaw-step-05-assert-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: regcred namespace: cpol-clone-nosync-delete-source -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/chainsaw-test.yaml new file mode 100755 index 0000000000..af8cfbae68 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/chainsaw-test.yaml @@ -0,0 +1,34 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-nosync-delete-source +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: cloned.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: Secret + name: regcred + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/02-create-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/02-create-trigger.yaml deleted file mode 100644 index 3312b2441b..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/02-create-trigger.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-trigger -spec: - timeouts: {} - try: - - apply: - file: trigger.yaml - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/03-delete.yaml deleted file mode 100644 index c6318330de..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: cpol-clone-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/04-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/05-downstream-deleted.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/05-downstream-deleted.yaml deleted file mode 100644 index 70051ec60a..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/05-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..8ecfa73b3e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..7e8f2f6411 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: source-secret + namespace: cpol-clone-nosync-delete-trigger-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 50% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-3.yaml index 0616618830..b762f4ce17 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-3.yaml @@ -1,35 +1,21 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-nosync-delete-trigger-ns ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: source-secret - namespace: cpol-clone-nosync-delete-trigger-ns -type: Opaque ---- apiVersion: kyverno.io/v2beta1 kind: ClusterPolicy metadata: name: cpol-clone-nosync-delete-trigger-policy spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: source-secret + namespace: cpol-clone-nosync-delete-trigger-ns + kind: Secret + name: downstream-secret + namespace: '{{request.object.metadata.namespace}}' + synchronize: false match: any: - resources: kinds: - ConfigMap - generate: - apiVersion: v1 - kind: Secret - name: downstream-secret - namespace: "{{request.object.metadata.namespace}}" - synchronize: false - clone: - namespace: cpol-clone-nosync-delete-trigger-ns - name: source-secret \ No newline at end of file + name: clone-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-test.yaml new file mode 100755 index 0000000000..b49266d25d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-nosync-delete-trigger +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: trigger.yaml + - assert: + file: downstream.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: cpol-clone-nosync-delete-trigger-ns + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/02-resource.yaml deleted file mode 100644 index ddf88f9c39..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: cloned.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/03-modifydownstream.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/03-modifydownstream.yaml deleted file mode 100644 index a257f3db58..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/03-modifydownstream.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: modifydownstream -spec: - timeouts: {} - try: - - apply: - file: changed-secret.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/04-forcesleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/04-forcesleep.yaml deleted file mode 100644 index 76ab120377..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/04-forcesleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: forcesleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/05-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 91% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/05-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/chainsaw-step-05-assert-1-1.yaml index f9a4916e78..7fadd527c2 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/05-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/chainsaw-step-05-assert-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: regcred namespace: cpol-clone-nosync-modify-downstream -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..d5250dc1e1 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-downstream/chainsaw-test.yaml @@ -0,0 +1,31 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-nosync-modify-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: cloned.yaml + - name: step-03 + try: + - apply: + file: changed-secret.yaml + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/02-resource.yaml deleted file mode 100644 index ddf88f9c39..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: cloned.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/03-modifysource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/03-modifysource.yaml deleted file mode 100644 index 802139ec68..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/03-modifysource.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: modifysource -spec: - timeouts: {} - try: - - apply: - file: changed-secret.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/04-forcesleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/04-forcesleep.yaml deleted file mode 100644 index 76ab120377..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/04-forcesleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: forcesleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/05-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/05-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/chainsaw-step-05-assert-1-1.yaml index 049ff2bcc2..414750df5e --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/05-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/chainsaw-step-05-assert-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: regcred namespace: cpol-nosync-clone-modify-source -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/chainsaw-test.yaml new file mode 100755 index 0000000000..663599fea7 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-modify-source/chainsaw-test.yaml @@ -0,0 +1,31 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-nosync-modify-source +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: cloned.yaml + - name: step-03 + try: + - apply: + file: changed-secret.yaml + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/03-downstream-created.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/03-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/03-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/06-downstream-deleted.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/06-downstream-deleted.yaml deleted file mode 100644 index 70051ec60a..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/06-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..596d86d5d2 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-nosync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..976707cc08 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: source-secret + namespace: cpol-clone-nosync-update-trigger-no-match-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 55% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-3.yaml index 5250ee2130..34477ede80 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-3.yaml @@ -1,24 +1,18 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-nosync-update-trigger-no-match-ns ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: source-secret - namespace: cpol-clone-nosync-update-trigger-no-match-ns -type: Opaque ---- apiVersion: kyverno.io/v2beta1 kind: ClusterPolicy metadata: name: cpol-clone-nosync-update-trigger-no-match-policy spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: source-secret + namespace: cpol-clone-nosync-update-trigger-no-match-ns + kind: Secret + name: downstream-secret + namespace: '{{request.object.metadata.namespace}}' + synchronize: false match: any: - resources: @@ -27,12 +21,4 @@ spec: selector: matchLabels: create-secret: "true" - generate: - apiVersion: v1 - kind: Secret - name: downstream-secret - namespace: "{{request.object.metadata.namespace}}" - synchronize: false - clone: - namespace: cpol-clone-nosync-update-trigger-no-match-ns - name: source-secret \ No newline at end of file + name: clone-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/02-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 61% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/02-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml index 7d6ba0b865..cb93175d9d --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/02-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-secret: "true" name: test-org - namespace: cpol-clone-nosync-update-trigger-no-match-ns \ No newline at end of file + namespace: cpol-clone-nosync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/04-update-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 62% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/04-update-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml index 2b7559ed79..ea1f8dd695 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/04-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-secret: "false" name: test-org - namespace: pol-clone-sync-update-trigger-no-match-ns \ No newline at end of file + namespace: cpol-clone-nosync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-test.yaml new file mode 100755 index 0000000000..c8e4486781 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-nosync-update-trigger-no-match +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: downstream.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/01-cluster-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/01-cluster-policy.yaml deleted file mode 100644 index 1fbe30dafb..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/01-cluster-policy.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cluster-policy -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - apply: - file: cluster-policy.yaml - - assert: - file: cluster-policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/02-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/02-trigger.yaml deleted file mode 100644 index 1c5ea6bdb0..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/02-trigger.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: trigger -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: resource-assert.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/chainsaw-test.yaml new file mode 100755 index 0000000000..519798f9e0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-create/chainsaw-test.yaml @@ -0,0 +1,21 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-list-sync-create +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - apply: + file: cluster-policy.yaml + - assert: + file: cluster-policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: resource-assert.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/01-manifests.yaml deleted file mode 100644 index bbdf5a2ac9..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/01-manifests.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-list-sync-delete-source-existing-ns ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - location: europe - allowedToBeCloned: "true" - name: mysecret-1 - namespace: cpol-clone-list-sync-delete-source-existing-ns -type: Opaque -data: - foo: YmFy ---- -apiVersion: v1 -kind: Secret -metadata: - labels: - location: europe - allowedToBeCloned: "true" - name: mysecret-2 - namespace: cpol-clone-list-sync-delete-source-existing-ns -type: Opaque -data: - foo: YmFy ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-clone-list-sync-delete-source-cpol -spec: - rules: - - name: sync-secret - match: - all: - - resources: - kinds: - - Namespace - generate: - namespace: '{{ request.object.metadata.name }}' - synchronize: true - cloneList: - namespace: cpol-clone-list-sync-delete-source-existing-ns - kinds: - - v1/Secret - selector: - matchLabels: - allowedToBeCloned: "true" \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/02-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/02-check.yaml deleted file mode 100644 index 919d62389c..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/02-check.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - apply: - file: triggers.yaml - - assert: - file: target-1.yaml - - assert: - file: target-2.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/03-delete.yaml deleted file mode 100644 index 85f559c2bf..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/03-delete.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: Namespace - name: cpol-clone-list-sync-delete-source-trigger-ns-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/04-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/05-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/05-check.yaml deleted file mode 100644 index 88cad463fe..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/05-check.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - assert: - file: target-2.yaml - - error: - file: target-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..f38122b733 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-list-sync-delete-source-existing-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..2937627b47 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + labels: + allowedToBeCloned: "true" + location: europe + name: mysecret-1 + namespace: cpol-clone-list-sync-delete-source-existing-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..63cc5af759 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + labels: + allowedToBeCloned: "true" + location: europe + name: mysecret-2 + namespace: cpol-clone-list-sync-delete-source-existing-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-apply-1-4.yaml new file mode 100755 index 0000000000..90d0a1834e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-apply-1-4.yaml @@ -0,0 +1,22 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-clone-list-sync-delete-source-cpol +spec: + rules: + - generate: + cloneList: + kinds: + - v1/Secret + namespace: cpol-clone-list-sync-delete-source-existing-ns + selector: + matchLabels: + allowedToBeCloned: "true" + namespace: '{{ request.object.metadata.name }}' + synchronize: true + match: + all: + - resources: + kinds: + - Namespace + name: sync-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 74% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-assert-1-1.yaml index 99600553d5..0c27ab1027 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/01-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-step-01-assert-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: kyverno.io/v2beta1 kind: ClusterPolicy metadata: - name: cpol-clone-list-sync-delete-source-cpol + name: cpol-clone-list-sync-delete-source-cpol status: conditions: - reason: Succeeded diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-test.yaml new file mode 100755 index 0000000000..c9aa7db436 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/chainsaw-test.yaml @@ -0,0 +1,44 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-list-sync-delete-source +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: triggers.yaml + - assert: + file: target-1.yaml + - assert: + file: target-2.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: Namespace + name: cpol-clone-list-sync-delete-source-trigger-ns-1 + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: target-2.yaml + - error: + file: target-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/00-cluster-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/00-cluster-policy.yaml deleted file mode 100644 index 1fbe30dafb..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/00-cluster-policy.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cluster-policy -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - apply: - file: cluster-policy.yaml - - assert: - file: cluster-policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/01-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/01-trigger.yaml deleted file mode 100644 index 1c5ea6bdb0..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/01-trigger.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: trigger -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: resource-assert.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/02-update.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/02-update.yaml deleted file mode 100644 index e2885af86b..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/02-update.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: update -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: resource-assert.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/03-update-source.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/03-update-source.yaml deleted file mode 100644 index 3889410949..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/03-update-source.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: update-source -spec: - timeouts: {} - try: - - apply: - file: update-source.yaml - - assert: - file: synchronized-target.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/chainsaw-test.yaml new file mode 100755 index 0000000000..f5e4b34e68 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-update/chainsaw-test.yaml @@ -0,0 +1,33 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-list-sync-update +spec: + steps: + - name: step-00 + try: + - apply: + file: manifests.yaml + - apply: + file: cluster-policy.yaml + - assert: + file: cluster-policy-ready.yaml + - name: step-01 + try: + - apply: + file: ns.yaml + - assert: + file: resource-assert.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: resource-assert.yaml + - name: step-03 + try: + - apply: + file: update-source.yaml + - assert: + file: synchronized-target.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..8e534a8890 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 62% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-01-apply-1-2.yaml index fefc8b7f37..eda6198df1 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-01-apply-1-2.yaml @@ -1,30 +1,21 @@ -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcred - namespace: default -type: Opaque ---- apiVersion: kyverno.io/v2beta1 kind: ClusterPolicy metadata: name: cpol-sync-clone spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: default + kind: Secret + name: regcred + namespace: '{{request.object.metadata.name}}' + synchronize: true match: any: - resources: kinds: - Namespace - generate: - apiVersion: v1 - kind: Secret - name: regcred - namespace: "{{request.object.metadata.name}}" - synchronize: true - clone: - namespace: default - name: regcred + name: clone-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..49cbe48096 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-create-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 58% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/02-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-02-assert-1-1.yaml index 25f231ce0a..b37ca2fbf3 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/02-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-step-02-assert-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: Secret metadata: name: regcred - namespace: cpol-clone-sync-create-ns \ No newline at end of file + namespace: cpol-clone-sync-create-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-test.yaml new file mode 100755 index 0000000000..4a158101be --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/chainsaw-test.yaml @@ -0,0 +1,21 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-create +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/02-ns.yaml deleted file mode 100644 index 73241aea81..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/02-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-delete-downstream-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/03-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/03-assert.yaml deleted file mode 100644 index 73241aea81..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/03-assert.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-delete-downstream-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/03-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/04-delete-secret.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/04-delete-secret.yaml deleted file mode 100644 index f444010646..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/04-delete-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete-secret -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: Secret - name: regcred - namespace: cpol-clone-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/06-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/06-assert.yaml deleted file mode 100644 index f73238f5bd..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/06-assert.yaml +++ /dev/null @@ -1,6 +0,0 @@ -### If this resource is found, the step should pass. We expect the downstream resource to be recreated. -apiVersion: v1 -kind: Secret -metadata: - name: regcred - namespace: cpol-clone-sync-delete-downstream-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..8e534a8890 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: default +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 58% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-01-apply-1-2.yaml index b546f153a5..eda6198df1 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-create/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-01-apply-1-2.yaml @@ -1,30 +1,21 @@ -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcred - namespace: default -type: Opaque ---- apiVersion: kyverno.io/v2beta1 kind: ClusterPolicy metadata: name: cpol-sync-clone spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: default + kind: Secret + name: regcred + namespace: '{{request.object.metadata.name}}' + synchronize: true match: any: - resources: kinds: - Namespace - generate: - apiVersion: v1 - kind: Secret - name: regcred - namespace: "{{request.object.metadata.name}}" - synchronize: true - clone: - namespace: default - name: regcred \ No newline at end of file + name: clone-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..2bab56e33c --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 51% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/02-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-02-assert-1-1.yaml index a2023835ff..58cf8bb825 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/02-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-02-assert-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: Secret metadata: name: regcred - namespace: cpol-clone-sync-delete-downstream-ns \ No newline at end of file + namespace: cpol-clone-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-03-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-03-assert-1-1.yaml new file mode 100755 index 0000000000..2bab56e33c --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-03-assert-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-06-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 51% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/02-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-06-assert-1-1.yaml index a2725c76c3..58cf8bb825 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/02-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-step-06-assert-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: Secret metadata: name: regcred - namespace: cpol-clone-nosync-delete-downstream-ns \ No newline at end of file + namespace: cpol-clone-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..e8a1c05b9f --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-delete-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - name: step-04 + try: + - delete: + ref: + apiVersion: v1 + kind: Secret + name: regcred + namespace: cpol-clone-sync-delete-downstream-ns + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: chainsaw-step-06-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/00-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/00-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/00-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/02-resource.yaml deleted file mode 100644 index ddf88f9c39..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: cloned.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/03-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/04-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/04-delete.yaml deleted file mode 100644 index 7079d1ee29..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/04-delete.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: kyverno.io/v2beta1 - kind: ClusterPolicy - name: cpol-clone-sync-delete-policy diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/99-cleanup.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/99-cleanup.yaml deleted file mode 100644 index 7e0004c066..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/99-cleanup.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - command: - args: - - delete - - ur - - -A - - --all - entrypoint: kubectl diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/06-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/chainsaw-step-06-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/06-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/chainsaw-step-06-assert-1-1.yaml index 7da21508c7..61ff2f02d2 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/06-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/chainsaw-step-06-assert-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: regcred namespace: myfoons -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..036e069de6 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/chainsaw-test.yaml @@ -0,0 +1,51 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-delete-policy +spec: + steps: + - name: step-00 + try: + - sleep: + duration: 3s + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: cloned.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - delete: + ref: + apiVersion: kyverno.io/v2beta1 + kind: ClusterPolicy + name: cpol-clone-sync-delete-policy + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: chainsaw-step-06-assert-1-1.yaml + - name: step-99 + try: + - command: + args: + - delete + - ur + - -A + - --all + entrypoint: kubectl diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/00-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/00-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/00-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/02-resource.yaml deleted file mode 100644 index ddf88f9c39..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: cloned.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/03-removerule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/03-removerule.yaml deleted file mode 100644 index b79f543e3f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/03-removerule.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: removerule -spec: - timeouts: {} - try: - - apply: - file: singlerule.yaml - - assert: - file: check.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/99-cleanup.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/99-cleanup.yaml deleted file mode 100644 index 7e0004c066..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/99-cleanup.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - command: - args: - - delete - - ur - - -A - - --all - entrypoint: kubectl diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..33168627ae --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-rule/chainsaw-test.yaml @@ -0,0 +1,38 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-delete-rule +spec: + steps: + - name: step-00 + try: + - sleep: + duration: 3s + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: cloned.yaml + - name: step-03 + try: + - apply: + file: singlerule.yaml + - assert: + file: check.yaml + - name: step-99 + try: + - command: + args: + - delete + - ur + - -A + - --all + entrypoint: kubectl diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/00-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/00-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/00-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/02-resource.yaml deleted file mode 100644 index ddf88f9c39..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: cloned.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/03-deletesource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/03-deletesource.yaml deleted file mode 100644 index cb7350b536..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/03-deletesource.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: deletesource -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: Secret - name: regcred - namespace: cpol-clone-sync-delete-source-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/04-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/05-errors.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/chainsaw-step-05-error-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/05-errors.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/chainsaw-step-05-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/chainsaw-test.yaml new file mode 100755 index 0000000000..7e70683c25 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-delete-source +spec: + steps: + - name: step-00 + try: + - sleep: + duration: 3s + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: cloned.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: Secret + name: regcred + namespace: cpol-clone-sync-delete-source-ns + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - error: + file: chainsaw-step-05-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/02-create-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/02-create-trigger.yaml deleted file mode 100644 index 3312b2441b..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/02-create-trigger.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-trigger -spec: - timeouts: {} - try: - - apply: - file: trigger.yaml - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/03-delete.yaml deleted file mode 100644 index 66d65522af..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: cpol-clone-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/04-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/05-downstream-deleted.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/05-downstream-deleted.yaml deleted file mode 100644 index f01c4fabad..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/05-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - error: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..0932aafe3d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/06-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/06-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-2.yaml index e04cd1c7c4..d2417d437e --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/06-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-2.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: source-secret namespace: cpol-clone-sync-delete-trigger-ns -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 53% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-3.yaml index 982bbac9e6..7efb00ec13 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-3.yaml @@ -1,24 +1,18 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-delete-trigger-ns ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: source-secret - namespace: cpol-clone-sync-delete-trigger-ns -type: Opaque ---- apiVersion: kyverno.io/v2beta1 kind: ClusterPolicy metadata: name: cpol-clone-sync-delete-trigger-policy spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: source-secret + namespace: cpol-clone-sync-delete-trigger-ns + kind: Secret + name: downstream-secret + namespace: '{{request.object.metadata.namespace}}' + synchronize: true match: any: - resources: @@ -26,12 +20,4 @@ spec: - ConfigMap names: - test-org - generate: - apiVersion: v1 - kind: Secret - name: downstream-secret - namespace: "{{request.object.metadata.namespace}}" - synchronize: true - clone: - namespace: cpol-clone-sync-delete-trigger-ns - name: source-secret \ No newline at end of file + name: clone-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-06-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-06-assert-1-1.yaml new file mode 100755 index 0000000000..d2417d437e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-step-06-assert-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: source-secret + namespace: cpol-clone-sync-delete-trigger-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-test.yaml new file mode 100755 index 0000000000..013279f45a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-delete-trigger +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: trigger.yaml + - assert: + file: downstream.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: cpol-clone-sync-delete-trigger-ns + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - error: + file: downstream.yaml + - name: step-06 + try: + - assert: + file: chainsaw-step-06-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/03-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/04-downstream-created.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/04-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/04-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/06-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/06-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/06-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/07-downstream-deleted.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/07-downstream-deleted.yaml deleted file mode 100644 index f01c4fabad..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/07-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - error: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..b8f1d42261 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-existing-update-trigger-no-precondition-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/01-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 58% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/01-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-2.yaml index 96f368aad2..7aaae52e70 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/01-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-2.yaml @@ -1,9 +1,4 @@ apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-existing-update-trigger-no-precondition-ns ---- -apiVersion: v1 kind: ConfigMap metadata: labels: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..fdbca3177b --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: source-secret + namespace: cpol-clone-sync-existing-update-trigger-no-precondition-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/02-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 61% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/02-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-2.yaml index e0db6cb30b..35a9cd5c45 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/02-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-2.yaml @@ -1,12 +1,3 @@ -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: source-secret - namespace: cpol-clone-sync-existing-update-trigger-no-precondition-ns -type: Opaque ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: @@ -14,23 +5,23 @@ metadata: spec: generateExisting: true rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: source-secret + namespace: cpol-clone-sync-existing-update-trigger-no-precondition-ns + kind: Secret + name: downstream-secret + namespace: '{{request.object.metadata.namespace}}' + synchronize: true match: any: - resources: kinds: - ConfigMap + name: clone-secret preconditions: any: - - key: "{{ request.object.metadata.labels.create || '' }}" + - key: '{{ request.object.metadata.labels.create || '''' }}' operator: Equals value: "true" - generate: - apiVersion: v1 - kind: Secret - name: downstream-secret - namespace: "{{request.object.metadata.namespace}}" - synchronize: true - clone: - namespace: cpol-clone-sync-existing-update-trigger-no-precondition-ns - name: source-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/02-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/05-update-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-05-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/05-update-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-step-05-apply-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-test.yaml new file mode 100755 index 0000000000..f20146f12c --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-existing-update-trigger-no-precondition/chainsaw-test.yaml @@ -0,0 +1,41 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-existing-update-trigger-no-precondition +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - apply: + file: chainsaw-step-02-apply-1-2.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: downstream.yaml + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1-1.yaml + - name: step-06 + try: + - sleep: + duration: 3s + - name: step-07 + try: + - error: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/00-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/00-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/00-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/02-resource.yaml deleted file mode 100644 index ddf88f9c39..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: cloned.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/03-modifydownstream.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/03-modifydownstream.yaml deleted file mode 100644 index 029b5cfe9b..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/03-modifydownstream.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: modifydownstream -spec: - timeouts: {} - try: - - apply: - file: editeddownstream.yaml - - assert: - file: finalsecret.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/chainsaw-test.yaml new file mode 100755 index 0000000000..e54568df30 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream-apply/chainsaw-test.yaml @@ -0,0 +1,29 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-modify-downstream-apply +spec: + steps: + - name: step-00 + try: + - sleep: + duration: 3s + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: cloned.yaml + - name: step-03 + try: + - apply: + file: editeddownstream.yaml + - assert: + file: finalsecret.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/00-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/00-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/00-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/02-resource.yaml deleted file mode 100644 index ddf88f9c39..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: cloned.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/03-modifydownstream.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/03-modifydownstream.yaml deleted file mode 100644 index 422526b509..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/03-modifydownstream.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: modifydownstream -spec: - timeouts: {} - try: - - apply: - file: editeddownstream.yaml - - assert: - file: origsecret.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/99-cleanup.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/99-cleanup.yaml deleted file mode 100644 index 7e0004c066..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/99-cleanup.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - command: - args: - - delete - - ur - - -A - - --all - entrypoint: kubectl diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..ef8f512b25 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-downstream/chainsaw-test.yaml @@ -0,0 +1,38 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-modify-downstream +spec: + steps: + - name: step-00 + try: + - sleep: + duration: 3s + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: cloned.yaml + - name: step-03 + try: + - apply: + file: editeddownstream.yaml + - assert: + file: origsecret.yaml + - name: step-99 + try: + - command: + args: + - delete + - ur + - -A + - --all + entrypoint: kubectl diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/02-resource.yaml deleted file mode 100644 index ddf88f9c39..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: cloned.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/03-modifysource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/03-modifysource.yaml deleted file mode 100644 index bd4e5a5a7f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/03-modifysource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: modifysource -spec: - timeouts: {} - try: - - apply: - file: editedsource.yaml - - assert: - file: updatedsecret.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/chainsaw-test.yaml new file mode 100755 index 0000000000..588a6c92c9 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-modify-source/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-modify-source +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: cloned.yaml + - name: step-03 + try: + - apply: + file: editedsource.yaml + - assert: + file: updatedsecret.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/03-downstream-created.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/03-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/03-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/06-downstream-deleted.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/06-downstream-deleted.yaml deleted file mode 100644 index f01c4fabad..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/06-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - error: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..78af49f18d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-no-existing-update-trigger-no-precondition-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..1aef91c2b5 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: source-secret + namespace: cpol-clone-sync-no-existing-update-trigger-no-precondition-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 53% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-3.yaml index ceda4d4f83..72cd9f3093 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-3.yaml @@ -1,40 +1,26 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-no-existing-update-trigger-no-precondition-ns ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: source-secret - namespace: cpol-clone-sync-no-existing-update-trigger-no-precondition-ns -type: Opaque ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: cpol-clone-sync-no-existing-update-trigger-no-precondition spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: source-secret + namespace: cpol-clone-sync-no-existing-update-trigger-no-precondition-ns + kind: Secret + name: downstream-secret + namespace: '{{request.object.metadata.namespace}}' + synchronize: true match: any: - resources: kinds: - ConfigMap + name: clone-secret preconditions: any: - - key: "{{ request.object.metadata.labels.create || '' }}" + - key: '{{ request.object.metadata.labels.create || '''' }}' operator: Equals value: "true" - generate: - apiVersion: v1 - kind: Secret - name: downstream-secret - namespace: "{{request.object.metadata.namespace}}" - synchronize: true - clone: - namespace: cpol-clone-sync-no-existing-update-trigger-no-precondition-ns - name: source-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/02-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/02-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/04-update-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/04-update-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-step-04-apply-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-test.yaml new file mode 100755 index 0000000000..62dcf71050 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-no-existing-update-trigger-no-precondition/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-no-existing-update-trigger-no-precondition +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: downstream.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - error: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/03-downstream-created.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/03-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/03-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/06-downstream-deleted.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/06-downstream-deleted.yaml deleted file mode 100644 index f01c4fabad..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/06-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - error: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..550bcb2885 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-clone-sync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..8546e1b097 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: source-secret + namespace: cpol-clone-sync-update-trigger-no-match-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 55% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-3.yaml index d4a4a7a8b0..77e06ac12e --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-3.yaml @@ -1,24 +1,18 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-clone-sync-update-trigger-no-match-ns ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: source-secret - namespace: cpol-clone-sync-update-trigger-no-match-ns -type: Opaque ---- apiVersion: kyverno.io/v2beta1 kind: ClusterPolicy metadata: name: cpol-clone-sync-update-trigger-no-match-policy spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: source-secret + namespace: cpol-clone-sync-update-trigger-no-match-ns + kind: Secret + name: downstream-secret + namespace: '{{request.object.metadata.namespace}}' + synchronize: true match: any: - resources: @@ -27,12 +21,4 @@ spec: selector: matchLabels: create-secret: "true" - generate: - apiVersion: v1 - kind: Secret - name: downstream-secret - namespace: "{{request.object.metadata.namespace}}" - synchronize: true - clone: - namespace: cpol-clone-sync-update-trigger-no-match-ns - name: source-secret \ No newline at end of file + name: clone-secret diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/02-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 62% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/02-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml index ea5b238885..85f1715f5c --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/02-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-secret: "true" name: test-org - namespace: pol-clone-nosync-update-trigger-no-match-ns \ No newline at end of file + namespace: cpol-clone-sync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/04-update-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 62% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/04-update-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml index cc01c9ece8..7587c3db80 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/04-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-secret: "false" name: test-org - namespace: pol-clone-nosync-update-trigger-no-match-ns \ No newline at end of file + namespace: cpol-clone-sync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-test.yaml new file mode 100755 index 0000000000..f8df55731f --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-clone-sync-update-trigger-no-match +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: downstream.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - error: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/02-ns.yaml deleted file mode 100644 index 8ce484e8ff..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/02-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-nosync-delete-downstream-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/03-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/04-downstream-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/04-downstream-delete.yaml deleted file mode 100644 index ac4fa64f36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/04-downstream-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: cpol-data-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 69% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml index 16f96b32f0..54d5a66d06 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-01-apply-1-1.yaml @@ -5,13 +5,7 @@ metadata: spec: generateExisting: true rules: - - name: k-kafka-address - match: - any: - - resources: - kinds: - - Namespace - exclude: + - exclude: any: - resources: namespaces: @@ -20,16 +14,22 @@ spec: - kube-public - kyverno generate: - synchronize: false apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: "{{request.object.metadata.name}}" data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: labels: somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" \ No newline at end of file + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: false + match: + any: + - resources: + kinds: + - Namespace + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..2db0de2d3e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 83% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/02-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-02-assert-1-1.yaml index b8693e22e7..eec69cbde9 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/02-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-02-assert-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: cpol-data-nosync-delete-downstream-ns \ No newline at end of file + namespace: cpol-data-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/05-errors.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-05-error-1-1.yaml old mode 100644 new mode 100755 similarity index 56% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/05-errors.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-05-error-1-1.yaml index c73c35e183..c2b5b39926 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/05-errors.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-step-05-error-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ConfigMap metadata: name: zk-kafka-address - namespace: cpol-data-nosync-delete-downstream-ns \ No newline at end of file + namespace: cpol-data-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..8120e85859 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-nosync-delete-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: cpol-data-nosync-delete-downstream-ns + - name: step-05 + try: + - error: + file: chainsaw-step-05-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/02-resource.yaml deleted file mode 100644 index 16f6688270..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-generated.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/03-delete-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/03-delete-policy.yaml deleted file mode 100644 index 873b00512e..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/03-delete-policy.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete-policy -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: cpol-data-nosync-delete-policy-policy diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/04-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/05-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/05-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/chainsaw-step-05-assert-1-1.yaml index 09eb786efa..a267204a69 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/05-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/chainsaw-step-05-assert-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: wolfram-debug \ No newline at end of file + namespace: wolfram-debug diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..47f840aee4 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/chainsaw-test.yaml @@ -0,0 +1,34 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-nosync-delete-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-generated.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-data-nosync-delete-policy-policy + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/02-resource.yaml deleted file mode 100644 index 16f6688270..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-generated.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/03-remove-rule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/03-remove-rule.yaml deleted file mode 100644 index bfa598f7b9..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/03-remove-rule.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: remove-rule -spec: - timeouts: {} - try: - - apply: - file: policy-with-rule-removed.yaml - - assert: - file: both-resources-exist.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..56f80c437a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-rule/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-nosync-delete-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-generated.yaml + - name: step-03 + try: + - apply: + file: policy-with-rule-removed.yaml + - assert: + file: both-resources-exist.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/02-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/02-trigger.yaml deleted file mode 100644 index bed219508e..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/02-trigger.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-nosync-delete-trigger-ns ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: test-org - namespace: cpol-data-nosync-delete-trigger-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/03-downstream-created.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/03-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/03-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/04-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/04-delete.yaml deleted file mode 100644 index 54c2af45c9..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/04-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: cpol-data-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/06-downstream-remained.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/06-downstream-remained.yaml deleted file mode 100644 index 7f8c209394..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/06-downstream-remained.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-remained -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 70% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/01-policy.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-step-01-apply-1-1.yaml index 6937c46a02..efcc45573c --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/01-policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-step-01-apply-1-1.yaml @@ -1,24 +1,24 @@ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: - name: cpol-data-nosync-delete-trigger + name: cpol-data-nosync-delete-trigger spec: rules: - - name: default-deny - match: - any: - - resources: - kinds: - - ConfigMap - generate: + - generate: apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - name: default-deny - namespace: "{{request.object.metadata.namespace}}" - synchronize: false data: spec: podSelector: {} policyTypes: - Ingress - - Egress \ No newline at end of file + - Egress + kind: NetworkPolicy + name: default-deny + namespace: '{{request.object.metadata.namespace}}' + synchronize: false + match: + any: + - resources: + kinds: + - ConfigMap + name: default-deny diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..d678cd2338 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: cpol-data-nosync-delete-trigger +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..4b9bc5889d --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-step-02-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-step-02-apply-1-2.yaml new file mode 100755 index 0000000000..c176a2609c --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-step-02-apply-1-2.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-org + namespace: cpol-data-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-test.yaml new file mode 100755 index 0000000000..b5968b886b --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-nosync-delete-trigger +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - apply: + file: chainsaw-step-02-apply-1-2.yaml + - name: step-03 + try: + - assert: + file: downstream.yaml + - name: step-04 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: cpol-data-nosync-delete-trigger-ns + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/02-resource.yaml deleted file mode 100644 index 16f6688270..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-generated.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/03-modify-downstream.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/03-modify-downstream.yaml deleted file mode 100644 index 4e3e87d478..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/03-modify-downstream.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: modify-downstream -spec: - timeouts: {} - try: - - apply: - file: downstream-modified.yaml - - assert: - file: downstream-untouched.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..6add43591f --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-downstream/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-nosync-modify-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-generated.yaml + - name: step-03 + try: + - apply: + file: downstream-modified.yaml + - assert: + file: downstream-untouched.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/02-resource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/02-resource.yaml deleted file mode 100644 index 16f6688270..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-generated.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/03-modify-rule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/03-modify-rule.yaml deleted file mode 100644 index 6ee1b8c739..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/03-modify-rule.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: modify-rule -spec: - timeouts: {} - try: - - apply: - file: rule-modified.yaml - - assert: - file: downstream-untouched.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..67e53b0760 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-modify-rule/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-nosync-modify-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-generated.yaml + - name: step-03 + try: + - apply: + file: rule-modified.yaml + - assert: + file: downstream-untouched.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/02-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/02-trigger.yaml deleted file mode 100644 index ada06d201f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/02-trigger.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-nosync-update-trigger-no-match-ns ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - create-netpol: "true" - name: test-org - namespace: cpol-data-nosync-update-trigger-no-match-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/03-downstream-created.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/03-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/03-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/06-downstream-deleted.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/06-downstream-deleted.yaml deleted file mode 100644 index 70051ec60a..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/06-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 81% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml index d5133df470..8cb0ce35f8 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml @@ -4,7 +4,18 @@ metadata: name: cpol-data-nosync-update-trigger-no-match spec: rules: - - name: default-deny + - generate: + apiVersion: networking.k8s.io/v1 + data: + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + kind: NetworkPolicy + name: default-deny + namespace: '{{request.object.metadata.namespace}}' + synchronize: false match: any: - resources: @@ -13,15 +24,4 @@ spec: selector: matchLabels: create-netpol: "true" - generate: - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - name: default-deny - namespace: "{{request.object.metadata.namespace}}" - synchronize: false - data: - spec: - podSelector: {} - policyTypes: - - Ingress - - Egress \ No newline at end of file + name: default-deny diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..25e1f7dbe3 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-nosync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-2.yaml new file mode 100755 index 0000000000..77ff786164 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + create-netpol: "true" + name: test-org + namespace: cpol-data-nosync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/04-update-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 62% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/04-update-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml index d73dcbe834..514c6d3d54 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/04-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-netpol: "false" name: test-org - namespace: cpol-data-nosync-update-trigger-no-match-ns \ No newline at end of file + namespace: cpol-data-nosync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-test.yaml new file mode 100755 index 0000000000..b11f33a06a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-update-trigger-no-match/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-nosync-update-trigger-no-match +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - apply: + file: chainsaw-step-02-apply-1-2.yaml + - name: step-03 + try: + - assert: + file: downstream.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/01-cluster-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/01-cluster-policy.yaml deleted file mode 100644 index 4e2fad741a..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/01-cluster-policy.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cluster-policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - apply: - file: namespace.yaml - - assert: - file: policy-ready.yaml - - assert: - file: namespace-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/02-script.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/02-script.yaml deleted file mode 100644 index 689278bde3..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/02-script.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - command: - args: - - run - - nginx - - --image=nginx - - -n - - test-generate-exec - entrypoint: kubectl - - command: - args: - - wait - - --for=condition=Ready - - pod/nginx - - -n - - test-generate-exec - entrypoint: kubectl - - command: - args: - - exec - - -n - - test-generate-exec - - nginx - - -it - - -- - - ls - entrypoint: kubectl diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/99-cleanup.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/99-cleanup.yaml deleted file mode 100644 index c8fc962688..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/99-cleanup.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - command: - args: - - delete - - cpol - - zk-kafka-address - - --force - - --wait=true - - --ignore-not-found=true - entrypoint: kubectl - timeout: 30s - - command: - args: - - delete - - pod - - nginx - - -n - - test-generate-exec - - --wait=true - - --ignore-not-found=true - entrypoint: kubectl - timeout: 30s - - command: - args: - - delete - - cm - - zk-kafka-address - - -n - - test-generate-exec - - --wait=true - - --ignore-not-found=true - entrypoint: kubectl - timeout: 30s - - command: - args: - - delete - - ns - - test-generate-exec - - --wait=true - - --ignore-not-found=true - entrypoint: kubectl - timeout: 30s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/chainsaw-step-03-assert-1-1.yaml index 8078877234..16db48356d --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/03-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/chainsaw-step-03-assert-1-1.yaml @@ -9,10 +9,10 @@ metadata: generate.kyverno.io/policy-name: zk-kafka-address generate.kyverno.io/policy-namespace: "" generate.kyverno.io/rule-name: k-kafka-address - generate.kyverno.io/trigger-version: v1 generate.kyverno.io/trigger-group: "" generate.kyverno.io/trigger-kind: PodExecOptions generate.kyverno.io/trigger-namespace: test-generate-exec + generate.kyverno.io/trigger-version: v1 somekey: somevalue name: zk-kafka-address namespace: test-generate-exec diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/chainsaw-test.yaml new file mode 100755 index 0000000000..a9663373ae --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/generate-on-subresource-trigger/chainsaw-test.yaml @@ -0,0 +1,92 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: generate-on-subresource-trigger +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - apply: + file: namespace.yaml + - assert: + file: policy-ready.yaml + - assert: + file: namespace-ready.yaml + - name: step-02 + try: + - command: + args: + - run + - nginx + - --image=nginx + - -n + - test-generate-exec + entrypoint: kubectl + - command: + args: + - wait + - --for=condition=Ready + - pod/nginx + - -n + - test-generate-exec + entrypoint: kubectl + - command: + args: + - exec + - -n + - test-generate-exec + - nginx + - -it + - -- + - ls + entrypoint: kubectl + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - name: step-99 + try: + - command: + args: + - delete + - cpol + - zk-kafka-address + - --force + - --wait=true + - --ignore-not-found=true + entrypoint: kubectl + timeout: 30s + - command: + args: + - delete + - pod + - nginx + - -n + - test-generate-exec + - --wait=true + - --ignore-not-found=true + entrypoint: kubectl + timeout: 30s + - command: + args: + - delete + - cm + - zk-kafka-address + - -n + - test-generate-exec + - --wait=true + - --ignore-not-found=true + entrypoint: kubectl + timeout: 30s + - command: + args: + - delete + - ns + - test-generate-exec + - --wait=true + - --ignore-not-found=true + entrypoint: kubectl + timeout: 30s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 68% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-01-apply-1-1.yaml index 5b4506df9e..f3400e8caa --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-01-apply-1-1.yaml @@ -5,13 +5,7 @@ metadata: spec: generateExisting: false rules: - - name: k-kafka-address - match: - any: - - resources: - kinds: - - Namespace - exclude: + - exclude: any: - resources: namespaces: @@ -20,16 +14,22 @@ spec: - kube-public - kyverno generate: - synchronize: true apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: "{{request.object.metadata.name}}" data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: labels: somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 55% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/02-ns.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-02-apply-1-1.yaml index f09957352b..39e58da1c6 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-role-and-rolebinding/02-ns.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-02-apply-1-1.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: generate-clone-role-tests \ No newline at end of file + name: cpol-data-sync-create-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 86% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/02-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-02-assert-1-1.yaml index 81e6d561a0..9101423820 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/02-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-step-02-assert-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: cpol-data-sync-create-ns \ No newline at end of file + namespace: cpol-data-sync-create-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-test.yaml new file mode 100755 index 0000000000..5ffd23bd25 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-create/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-create +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/02-ns.yaml deleted file mode 100644 index e38924d1d0..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/02-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-sync-delete-downstream-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/03-delete.yaml deleted file mode 100644 index e82b946274..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: cpol-data-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/04-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 68% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml index b7d54f7f32..823e4d47a8 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml @@ -5,13 +5,7 @@ metadata: spec: generateExisting: false rules: - - name: cpol-data-sync-delete-downstream-rule - match: - any: - - resources: - kinds: - - Namespace - exclude: + - exclude: any: - resources: namespaces: @@ -20,16 +14,22 @@ spec: - kube-public - kyverno generate: - synchronize: true apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: "{{request.object.metadata.name}}" data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: labels: somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: cpol-data-sync-delete-downstream-rule diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..0547fe104f --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..5163971fb0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-05-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-05-assert-1-1.yaml new file mode 100755 index 0000000000..5163971fb0 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-step-05-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..ae24d10bba --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-delete-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: cpol-data-sync-delete-downstream-ns + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/02-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/02-check.yaml deleted file mode 100644 index 9f3276d72b..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/02-check.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - apply: - file: trigger-1.yaml - - apply: - file: trigger-others.yaml - - assert: - file: target-1.yaml - - assert: - file: target-others.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/03-delete.yaml deleted file mode 100644 index 9785141488..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: foosource-1 - namespace: cpol-data-sync-delete-one-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/04-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/05-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/05-check.yaml deleted file mode 100644 index e5ea36a034..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/05-check.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - error: - file: target-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..8c07ef417f --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-delete-one-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 60% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/chainsaw-step-01-apply-1-2.yaml index 0ab119f67f..bff69eed11 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/chainsaw-step-01-apply-1-2.yaml @@ -1,18 +1,19 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-sync-delete-one-trigger-ns ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: cpol-data-sync-delete-one-trigger spec: - failurePolicy: Fail - validationFailureAction: Enforce background: false + failurePolicy: Fail rules: - - name: replicate + - generate: + apiVersion: v1 + data: + data: '{{ request.object.data }}' + kind: ConfigMap + name: '{{ request.object.metadata.name }}-replicated' + namespace: '{{ request.object.metadata.namespace }}' + synchronize: true match: all: - resources: @@ -21,11 +22,5 @@ spec: selector: matchLabels: replicate: "true" - generate: - apiVersion: v1 - kind: ConfigMap - name: "{{ request.object.metadata.name }}-replicated" - namespace: "{{ request.object.metadata.namespace }}" - synchronize: true - data: - data: "{{ request.object.data }}" + name: replicate + validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/chainsaw-test.yaml new file mode 100755 index 0000000000..5387b35b99 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/chainsaw-test.yaml @@ -0,0 +1,41 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-delete-one-trigger +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: trigger-1.yaml + - apply: + file: trigger-others.yaml + - assert: + file: target-1.yaml + - assert: + file: target-others.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: foosource-1 + namespace: cpol-data-sync-delete-one-trigger-ns + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - error: + file: target-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/02-ns.yaml deleted file mode 100644 index 3410a2282f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/02-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-sync-delete-policy-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/04-policy-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/04-policy-delete.yaml deleted file mode 100644 index 703e38f14f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/04-policy-delete.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy-delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: cpol-data-sync-delete-policy diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 68% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-01-apply-1-1.yaml index 9b199934d6..1bfd91e834 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-01-apply-1-1.yaml @@ -5,13 +5,7 @@ metadata: spec: generateExisting: false rules: - - name: cpol-data-sync-delete-rule - match: - any: - - resources: - kinds: - - Namespace - exclude: + - exclude: any: - resources: namespaces: @@ -20,16 +14,22 @@ spec: - kube-public - kyverno generate: - synchronize: true apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: "{{request.object.metadata.name}}" data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: labels: somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: cpol-data-sync-delete-rule diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..8236730116 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-delete-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 84% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/02-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-02-assert-1-1.yaml index 6dcd9775cb..ffa72b5034 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/02-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-02-assert-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: cpol-data-sync-delete-policy-ns \ No newline at end of file + namespace: cpol-data-sync-delete-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/03-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 84% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/03-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-03-assert-1-1.yaml index 6dcd9775cb..ffa72b5034 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/03-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-03-assert-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: cpol-data-sync-delete-policy-ns \ No newline at end of file + namespace: cpol-data-sync-delete-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/04-errors.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-04-error-1-1.yaml old mode 100644 new mode 100755 similarity index 59% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/04-errors.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-04-error-1-1.yaml index c2c9de8721..9dcf695191 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/04-errors.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-step-04-error-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ConfigMap metadata: name: zk-kafka-address - namespace: cpol-data-sync-delete-policy-ns \ No newline at end of file + namespace: cpol-data-sync-delete-policy-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..d7bb1335ed --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/chainsaw-test.yaml @@ -0,0 +1,32 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-delete-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - name: step-04 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-data-sync-delete-policy + - error: + file: chainsaw-step-04-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/01-clusterpolicy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/01-clusterpolicy.yaml deleted file mode 100644 index 69291cfc10..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/01-clusterpolicy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: clusterpolicy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/02-ns.yaml deleted file mode 100644 index 0a93002b9a..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/02-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-sync-delete-rule \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/03-check.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/03-check.yaml deleted file mode 100644 index dcf0118adc..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/03-check.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - assert: - file: secret.yaml - - assert: - file: configmap.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/04-delete-rule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/04-delete-rule.yaml deleted file mode 100644 index 714d46270c..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/04-delete-rule.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete-rule -spec: - timeouts: {} - try: - - apply: - file: delete-rule.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/06-checks.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/06-checks.yaml deleted file mode 100644 index 3c423fa10a..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/06-checks.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: checks -spec: - timeouts: {} - try: - - assert: - file: secret.yaml - - error: - file: configmap.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 53% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/02-ns.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/chainsaw-step-02-apply-1-1.yaml index 6825f39a12..c3a4e19ead --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-create/02-ns.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/chainsaw-step-02-apply-1-1.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: cpol-clone-nosync-create-ns \ No newline at end of file + name: cpol-data-sync-delete-rule diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..911052ec42 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-rule/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-delete-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: secret.yaml + - assert: + file: configmap.yaml + - name: step-04 + try: + - apply: + file: delete-rule.yaml + - assert: + file: policy-ready.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: secret.yaml + - error: + file: configmap.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/01-manifests.yaml deleted file mode 100644 index f602fab56a..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/01-manifests.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-sync-delete-trigger-ns ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: test-org - namespace: cpol-data-sync-delete-trigger-ns ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-data-sync-delete-trigger -spec: - rules: - - name: default-deny - match: - any: - - resources: - kinds: - - ConfigMap - generate: - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - name: default-deny - namespace: "{{request.object.metadata.namespace}}" - synchronize: true - data: - spec: - podSelector: {} - policyTypes: - - Ingress - - Egress \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/02-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/02-delete.yaml deleted file mode 100644 index c72265e18e..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/02-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: cpol-data-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/03-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..b571ec0734 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/02-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 55% rename from test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/02-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-apply-1-2.yaml index 821288b5ff..c468931571 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/02-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-apply-1-2.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ConfigMap metadata: name: test-org - namespace: pol-data-nosync-delete-trigger-ns \ No newline at end of file + namespace: cpol-data-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..a4d47115a5 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,24 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-data-sync-delete-trigger +spec: + rules: + - generate: + apiVersion: networking.k8s.io/v1 + data: + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + kind: NetworkPolicy + name: default-deny + namespace: '{{request.object.metadata.namespace}}' + synchronize: true + match: + any: + - resources: + kinds: + - ConfigMap + name: default-deny diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 62% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-assert-1-1.yaml index a99c1c7125..06ba462a7a --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/01-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-assert-1-1.yaml @@ -7,9 +7,3 @@ status: - reason: Succeeded status: "True" type: Ready ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: test-org - namespace: cpol-data-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..c468931571 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-org + namespace: cpol-data-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/04-errors.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-04-error-1-1.yaml old mode 100644 new mode 100755 similarity index 93% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/04-errors.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-04-error-1-1.yaml index 57641d174e..e688b4dfdb --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/04-errors.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-step-04-error-1-1.yaml @@ -6,4 +6,4 @@ metadata: spec: policyTypes: - Ingress - - Egress \ No newline at end of file + - Egress diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-test.yaml new file mode 100755 index 0000000000..a60b0592b7 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-delete-trigger +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - name: step-02 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: cpol-data-sync-delete-trigger-ns + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - error: + file: chainsaw-step-04-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/04-downstream-created.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/04-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/04-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/06-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/06-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/06-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/07-downstream-deleted.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/07-downstream-deleted.yaml deleted file mode 100644 index f01c4fabad..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/07-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - error: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/01-rbac.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/01-rbac.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-2-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-2-1.yaml new file mode 100755 index 0000000000..5985035e71 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-2-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-existing-update-trigger-no-precondition-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/05-update-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-2-2.yaml old mode 100644 new mode 100755 similarity index 89% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/05-update-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-2-2.yaml index 0b4264ff54..35f2b85c8e --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/05-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-01-apply-2-2.yaml @@ -1,15 +1,14 @@ ---- apiVersion: apps/v1 kind: Deployment metadata: name: test namespace: cpol-data-sync-existing-update-trigger-no-precondition-ns spec: + replicas: 1 selector: matchLabels: app.kubernetes.io/instance: test app.kubernetes.io/name: nginx - replicas: 1 template: metadata: labels: @@ -17,7 +16,7 @@ spec: app.kubernetes.io/name: nginx spec: containers: - - name: nginx - image: nginx:1.14.2 + - image: nginx:1.14.2 + name: nginx ports: - containerPort: 80 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/02-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 58% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/02-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml index ff7a18afc0..4e0127dbe0 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/02-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml @@ -5,27 +5,27 @@ metadata: spec: generateExisting: true rules: - - name: create-default-pdb + - generate: + apiVersion: policy/v1 + data: + spec: + minAvailable: 50% + selector: + matchLabels: '{{ not_null(request.object.spec.selector.matchLabels, request.object.spec.template.metadata.labels) + }}' + kind: PodDisruptionBudget + name: '{{request.object.metadata.name}}-default' + namespace: '{{request.object.metadata.namespace}}' + synchronize: true match: all: - resources: kinds: - Deployment - StatefulSet + name: create-default-pdb preconditions: all: - - key: "{{ request.object.spec.replicas }}" + - key: '{{ request.object.spec.replicas }}' operator: GreaterThan value: 1 - generate: - synchronize: true - apiVersion: policy/v1 - kind: PodDisruptionBudget - name: "{{request.object.metadata.name}}-default" - namespace: "{{request.object.metadata.namespace}}" - data: - spec: - minAvailable: 50% - selector: - matchLabels: >- - {{ not_null(request.object.spec.selector.matchLabels, request.object.spec.template.metadata.labels) }} diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/02-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/03-update-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 89% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/03-update-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-03-apply-1-1.yaml index 596df3a432..0a148b31f0 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/03-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-03-apply-1-1.yaml @@ -1,15 +1,14 @@ ---- apiVersion: apps/v1 kind: Deployment metadata: name: test namespace: cpol-data-sync-existing-update-trigger-no-precondition-ns spec: + replicas: 2 selector: matchLabels: app.kubernetes.io/instance: test app.kubernetes.io/name: nginx - replicas: 2 template: metadata: labels: @@ -17,7 +16,7 @@ spec: app.kubernetes.io/name: nginx spec: containers: - - name: nginx - image: nginx:1.14.2 + - image: nginx:1.14.2 + name: nginx ports: - containerPort: 80 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/01-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-05-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 73% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/01-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-05-apply-1-1.yaml index b23c3d117a..35f2b85c8e --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/01-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-step-05-apply-1-1.yaml @@ -1,19 +1,14 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-sync-existing-update-trigger-no-precondition-ns ---- apiVersion: apps/v1 kind: Deployment metadata: name: test namespace: cpol-data-sync-existing-update-trigger-no-precondition-ns spec: + replicas: 1 selector: matchLabels: app.kubernetes.io/instance: test app.kubernetes.io/name: nginx - replicas: 1 template: metadata: labels: @@ -21,7 +16,7 @@ spec: app.kubernetes.io/name: nginx spec: containers: - - name: nginx - image: nginx:1.14.2 + - image: nginx:1.14.2 + name: nginx ports: - containerPort: 80 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-test.yaml new file mode 100755 index 0000000000..bdca6f811a --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-existing-update-trigger-no-precondition/chainsaw-test.yaml @@ -0,0 +1,41 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-existing-update-trigger-no-precondition +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-2-1.yaml + - apply: + file: chainsaw-step-01-apply-2-2.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - assert: + file: downstream.yaml + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1-1.yaml + - name: step-06 + try: + - sleep: + duration: 3s + - name: step-07 + try: + - error: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/04-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 68% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml index 01c7819971..01090a3186 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml @@ -5,13 +5,7 @@ metadata: spec: generateExisting: false rules: - - name: cpol-data-sync-modify-downstream-rule - match: - any: - - resources: - kinds: - - Namespace - exclude: + - exclude: any: - resources: namespaces: @@ -20,16 +14,22 @@ spec: - kube-public - kyverno generate: - synchronize: true apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: "{{request.object.metadata.name}}" data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: labels: somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: cpol-data-sync-modify-downstream-rule diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 69% rename from test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-ns.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-02-apply-1-1.yaml index 9b8854c142..f6ebf5ad9f --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/02-ns.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-02-apply-1-1.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: production \ No newline at end of file + name: trainer diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 92% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/02-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-02-assert-1-1.yaml index 7cc37c9100..2d4279c9fb --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/02-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-02-assert-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: trainer \ No newline at end of file + namespace: trainer diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/03-modify.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/03-modify.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-03-apply-1-1.yaml index ba4ccf2b64..f6d022901e --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/03-modify.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-03-apply-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: trainer \ No newline at end of file + namespace: trainer diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/05-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 92% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/05-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-05-assert-1-1.yaml index 7cc37c9100..2d4279c9fb --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/05-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-step-05-assert-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: trainer \ No newline at end of file + namespace: trainer diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..76a5898cf8 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/chainsaw-test.yaml @@ -0,0 +1,31 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-modify-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 99% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-policy.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-01-apply-1-1.yaml index 5ce53b979a..08bebacf53 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-01-apply-1-1.yaml @@ -1,4 +1,3 @@ ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/02-ns.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-02-apply-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/03-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 54% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/03-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-03-assert-1-1.yaml index da6cadb6d1..b0900ac6ac --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/03-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-03-assert-1-1.yaml @@ -5,7 +5,7 @@ metadata: namespace: gemini-ape spec: hard: - requests.cpu: '4' - requests.memory: '16Gi' - limits.cpu: '8' - limits.memory: '16Gi' \ No newline at end of file + limits.cpu: "8" + limits.memory: 16Gi + requests.cpu: "4" + requests.memory: 16Gi diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-modify-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 99% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-modify-policy.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-04-apply-1-1.yaml index e8624a4927..694e7310be --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-modify-policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-04-apply-1-1.yaml @@ -1,4 +1,3 @@ ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-04-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 69% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-04-assert-1-1.yaml index 564bdc4436..9e893189be --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/04-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-04-assert-1-1.yaml @@ -4,14 +4,14 @@ metadata: name: cpol-data-sync-modify-policy spec: rules: - - name: cpol-data-sync-modify-rule - generate: + - generate: data: spec: hard: - limits.cpu: '9' + limits.cpu: "9" + name: cpol-data-sync-modify-rule status: conditions: - reason: Succeeded status: "True" - type: Ready \ No newline at end of file + type: Ready diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/06-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-06-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 84% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/06-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-06-assert-1-1.yaml index 48c62ecc95..d92f1eb846 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/06-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-step-06-assert-1-1.yaml @@ -5,4 +5,4 @@ metadata: namespace: gemini-ape spec: hard: - limits.cpu: "9" \ No newline at end of file + limits.cpu: "9" diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..53eeee5bc2 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-policy/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-modify-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - assert: + file: chainsaw-step-04-assert-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: chainsaw-step-06-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/02-assert.yaml deleted file mode 100644 index 911f9a96e5..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/02-assert.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -data: - KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 - ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 -kind: ConfigMap -metadata: - labels: - somekey: somevalue - name: zk-kafka-address - namespace: cpol-data-sync-modify-rule-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/02-ns.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/02-ns.yaml deleted file mode 100644 index 6f10523849..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/02-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-sync-modify-rule-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 69% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml index 3b64251bed..689cb83536 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml @@ -5,13 +5,7 @@ metadata: spec: generateExisting: true rules: - - name: k-kafka-address - match: - any: - - resources: - kinds: - - Namespace - exclude: + - exclude: any: - resources: namespaces: @@ -20,16 +14,22 @@ spec: - kube-public - kyverno generate: - synchronize: true apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: "{{request.object.metadata.name}}" data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: labels: somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" \ No newline at end of file + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..af01f91c0e --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-modify-rule-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..ab0662b3a5 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + labels: + somekey: somevalue + name: zk-kafka-address + namespace: cpol-data-sync-modify-rule-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/03-policy-update.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 69% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/03-policy-update.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml index 66e42381a8..07c3c664e2 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/03-policy-update.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml @@ -5,13 +5,7 @@ metadata: spec: generateExisting: true rules: - - name: k-kafka-address - match: - any: - - resources: - kinds: - - Namespace - exclude: + - exclude: any: - resources: namespaces: @@ -20,16 +14,22 @@ spec: - kube-public - kyverno generate: - synchronize: true apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: "{{request.object.metadata.name}}" data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9999 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: labels: somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9999" \ No newline at end of file + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/03-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 85% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/03-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-03-assert-1-1.yaml index aac32e43f7..59eba16d92 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/03-assert.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-step-03-assert-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: cpol-data-sync-modify-rule-ns \ No newline at end of file + namespace: cpol-data-sync-modify-rule-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..15b2cfa647 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-rule/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-modify-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - assert: + file: chainsaw-step-03-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/04-downstream-created.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/04-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/04-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/06-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/06-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/06-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/07-downstream-deleted.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/07-downstream-deleted.yaml deleted file mode 100644 index f01c4fabad..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/07-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - error: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/01-rbac.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/01-rbac.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-01-apply-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/02-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 57% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/02-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml index df95a14deb..b4c854dd6a --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/02-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-02-apply-1-1.yaml @@ -4,27 +4,27 @@ metadata: name: cpol-data-sync-no-existing-update-trigger-no-precondition spec: rules: - - name: create-default-pdb + - generate: + apiVersion: policy/v1 + data: + spec: + minAvailable: 50% + selector: + matchLabels: '{{ not_null(request.object.spec.selector.matchLabels, request.object.spec.template.metadata.labels) + }}' + kind: PodDisruptionBudget + name: '{{request.object.metadata.name}}-default' + namespace: '{{request.object.metadata.namespace}}' + synchronize: true match: all: - resources: kinds: - Deployment - StatefulSet + name: create-default-pdb preconditions: all: - - key: "{{ request.object.spec.replicas }}" + - key: '{{ request.object.spec.replicas }}' operator: GreaterThan value: 1 - generate: - synchronize: true - apiVersion: policy/v1 - kind: PodDisruptionBudget - name: "{{request.object.metadata.name}}-default" - namespace: "{{request.object.metadata.namespace}}" - data: - spec: - minAvailable: 50% - selector: - matchLabels: >- - {{ not_null(request.object.spec.selector.matchLabels, request.object.spec.template.metadata.labels) }} diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/02-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/02-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-03-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-03-apply-1-1.yaml new file mode 100755 index 0000000000..92506b1d25 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-03-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-no-existing-update-trigger-no-precondition-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/03-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-03-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 73% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/03-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-03-apply-1-2.yaml index 475f98e920..d802905018 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/03-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-03-apply-1-2.yaml @@ -1,19 +1,14 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-sync-no-existing-update-trigger-no-precondition-ns ---- apiVersion: apps/v1 kind: Deployment metadata: name: test namespace: cpol-data-sync-no-existing-update-trigger-no-precondition-ns spec: + replicas: 2 selector: matchLabels: app.kubernetes.io/instance: test app.kubernetes.io/name: nginx - replicas: 2 template: metadata: labels: @@ -21,7 +16,7 @@ spec: app.kubernetes.io/name: nginx spec: containers: - - name: nginx - image: nginx:1.14.2 + - image: nginx:1.14.2 + name: nginx ports: - containerPort: 80 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/05-update-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-05-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 89% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/05-update-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-05-apply-1-1.yaml index 6273247d87..3ab39ebec8 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/05-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-step-05-apply-1-1.yaml @@ -1,15 +1,14 @@ ---- apiVersion: apps/v1 kind: Deployment metadata: name: test namespace: cpol-data-sync-no-existing-update-trigger-no-precondition-ns spec: + replicas: 1 selector: matchLabels: app.kubernetes.io/instance: test app.kubernetes.io/name: nginx - replicas: 1 template: metadata: labels: @@ -17,7 +16,7 @@ spec: app.kubernetes.io/name: nginx spec: containers: - - name: nginx - image: nginx:1.14.2 + - image: nginx:1.14.2 + name: nginx ports: - containerPort: 80 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-test.yaml new file mode 100755 index 0000000000..0a051e3973 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-no-existing-update-trigger-no-precondition/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-no-existing-update-trigger-no-precondition +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - apply: + file: chainsaw-step-03-apply-1-2.yaml + - name: step-04 + try: + - assert: + file: downstream.yaml + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1-1.yaml + - name: step-06 + try: + - sleep: + duration: 3s + - name: step-07 + try: + - error: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/02-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/02-trigger.yaml deleted file mode 100644 index 67fc4f5b60..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/02-trigger.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cpol-data-sync-update-trigger-no-match-ns ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - create-netpol: "true" - name: test-org - namespace: cpol-data-sync-update-trigger-no-match-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/03-downstream-created.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/03-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/03-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/05-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/06-downstream-deleted.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/06-downstream-deleted.yaml deleted file mode 100644 index f01c4fabad..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/06-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - error: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/01-manifests.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 81% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/01-manifests.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml index d8b04b35d3..134786307e --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml @@ -4,7 +4,18 @@ metadata: name: cpol-data-sync-update-trigger-no-match spec: rules: - - name: default-deny + - generate: + apiVersion: networking.k8s.io/v1 + data: + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + kind: NetworkPolicy + name: default-deny + namespace: '{{request.object.metadata.namespace}}' + synchronize: true match: any: - resources: @@ -13,15 +24,4 @@ spec: selector: matchLabels: create-netpol: "true" - generate: - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - name: default-deny - namespace: "{{request.object.metadata.namespace}}" - synchronize: true - data: - spec: - podSelector: {} - policyTypes: - - Ingress - - Egress \ No newline at end of file + name: default-deny diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/01-assert.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/01-assert.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..88875cf3b4 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cpol-data-sync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/02-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-02-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 63% rename from test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/02-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-02-apply-1-2.yaml index d6cc463866..9d935ba0c4 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/02-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-02-apply-1-2.yaml @@ -4,4 +4,4 @@ metadata: labels: create-netpol: "true" name: test-org - namespace: pol-data-nosync-update-trigger-no-match-ns \ No newline at end of file + namespace: cpol-data-sync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/04-update-trigger.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 63% rename from test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/04-update-trigger.yaml rename to test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml index e072feb77c..782aeae893 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/04-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-netpol: "false" name: test-org - namespace: pol-data-nosync-update-trigger-no-match-ns \ No newline at end of file + namespace: cpol-data-sync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-test.yaml new file mode 100755 index 0000000000..2074994716 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-data-sync-update-trigger-no-match +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - apply: + file: chainsaw-step-02-apply-1-2.yaml + - name: step-03 + try: + - assert: + file: downstream.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - error: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/01-existing.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/01-existing.yaml deleted file mode 100644 index 744628914f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/01-existing.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: existing -spec: - timeouts: {} - try: - - apply: - file: existing-resources.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/02-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/02-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/03-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/04-checks.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/04-checks.yaml deleted file mode 100644 index 98b5d7061e..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/04-checks.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: checks -spec: - timeouts: {} - try: - - assert: - file: netpol-blue.yaml - - error: - file: netpol-yellow.yaml - - error: - file: netpol-summer.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/05-add-rule.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/05-add-rule.yaml deleted file mode 100644 index 1598cbec40..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/05-add-rule.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: add-rule -spec: - timeouts: {} - try: - - apply: - file: add-rule.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/06-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/06-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/06-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/07-checks.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/07-checks.yaml deleted file mode 100644 index 03d47dcd66..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/07-checks.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: checks -spec: - timeouts: {} - try: - - assert: - file: netpol-blue.yaml - - assert: - file: netpol-yellow.yaml - - error: - file: netpol-summer.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/chainsaw-test.yaml new file mode 100755 index 0000000000..ff49eaad7b --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-add-rule-data/chainsaw-test.yaml @@ -0,0 +1,47 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: existing-basic-add-rule-data +spec: + steps: + - name: step-01 + try: + - apply: + file: existing-resources.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: netpol-blue.yaml + - error: + file: netpol-yellow.yaml + - error: + file: netpol-summer.yaml + - name: step-05 + try: + - apply: + file: add-rule.yaml + - assert: + file: policy-ready.yaml + - name: step-06 + try: + - sleep: + duration: 3s + - name: step-07 + try: + - assert: + file: netpol-blue.yaml + - assert: + file: netpol-yellow.yaml + - error: + file: netpol-summer.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/01-existing.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/01-existing.yaml deleted file mode 100644 index 744628914f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/01-existing.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: existing -spec: - timeouts: {} - try: - - apply: - file: existing-resources.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/02-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/02-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/03-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/04-checks.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/04-checks.yaml deleted file mode 100644 index 77c1a0bad1..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/04-checks.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: checks -spec: - timeouts: {} - try: - - assert: - file: generated-resources.yaml - - error: - file: fail-generated-resources.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/chainsaw-test.yaml new file mode 100755 index 0000000000..5e621db296 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-data/chainsaw-test.yaml @@ -0,0 +1,27 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: existing-basic-create-policy-data +spec: + steps: + - name: step-01 + try: + - apply: + file: existing-resources.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: generated-resources.yaml + - error: + file: fail-generated-resources.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/01-existing.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/01-existing.yaml deleted file mode 100644 index 744628914f..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/01-existing.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: existing -spec: - timeouts: {} - try: - - apply: - file: existing-resources.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/02-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/02-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/03-sleep.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/04-checks.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/04-checks.yaml deleted file mode 100644 index 77c1a0bad1..0000000000 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/04-checks.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: checks -spec: - timeouts: {} - try: - - assert: - file: generated-resources.yaml - - error: - file: fail-generated-resources.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/chainsaw-test.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/chainsaw-test.yaml new file mode 100755 index 0000000000..e87045c715 --- /dev/null +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/existing/existing-basic-create-policy-preconditions-data/chainsaw-test.yaml @@ -0,0 +1,27 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: existing-basic-create-policy-preconditions-data +spec: + steps: + - name: step-01 + try: + - apply: + file: existing-resources.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: generated-resources.yaml + - error: + file: fail-generated-resources.yaml diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/02-delete.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/02-delete.yaml deleted file mode 100644 index d225687bca..0000000000 --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/02-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: pol-clone-create-on-trigger-deletion-configmap - namespace: pol-clone-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/03-sleep.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..6670d925ba --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-clone-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..382d9046af --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: pol-clone-create-on-trigger-deletion-configmap + namespace: pol-clone-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..035b75697a --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,10 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: pol-clone-create-on-trigger-deletion-source-netowrkpolicy + namespace: pol-clone-create-on-trigger-deletion-ns +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-4.yaml old mode 100644 new mode 100755 similarity index 53% rename from test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-4.yaml index 03d443fd09..b4b1c803ff --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-apply-1-4.yaml @@ -1,27 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-clone-create-on-trigger-deletion-ns ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: pol-clone-create-on-trigger-deletion-configmap - namespace: pol-clone-create-on-trigger-deletion-ns -data: - foo: bar ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: pol-clone-create-on-trigger-deletion-source-netowrkpolicy - namespace: pol-clone-create-on-trigger-deletion-ns -spec: - podSelector: {} - policyTypes: - - Ingress - - Egress ---- apiVersion: kyverno.io/v1 kind: Policy metadata: @@ -29,7 +5,15 @@ metadata: namespace: pol-clone-create-on-trigger-deletion-ns spec: rules: - - name: default-deny + - generate: + apiVersion: networking.k8s.io/v1 + clone: + name: pol-clone-create-on-trigger-deletion-source-netowrkpolicy + namespace: pol-clone-create-on-trigger-deletion-ns + kind: NetworkPolicy + name: pol-clone-create-on-trigger-deletion-target-netowrkpolicy + namespace: pol-clone-create-on-trigger-deletion-ns + synchronize: true match: any: - resources: @@ -37,12 +21,4 @@ spec: - ConfigMap operations: - DELETE - generate: - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - name: pol-clone-create-on-trigger-deletion-target-netowrkpolicy - namespace: pol-clone-create-on-trigger-deletion-ns - synchronize: true - clone: - namespace: pol-clone-create-on-trigger-deletion-ns - name: pol-clone-create-on-trigger-deletion-source-netowrkpolicy \ No newline at end of file + name: default-deny diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/01-assert.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 60% rename from test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-assert-1-1.yaml index 9e7800b54f..a4b39b7d1f --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/01-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-assert-1-1.yaml @@ -8,9 +8,3 @@ status: - reason: Succeeded status: "True" type: Ready ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: pol-clone-create-on-trigger-deletion-configmap - namespace: pol-clone-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..29d44067cc --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: pol-clone-create-on-trigger-deletion-configmap + namespace: pol-clone-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/04-assert.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-04-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 95% rename from test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/04-assert.yaml rename to test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-04-assert-1-1.yaml index 372c42e449..6b2a99277e --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/04-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-step-04-assert-1-1.yaml @@ -6,4 +6,4 @@ metadata: spec: policyTypes: - Ingress - - Egress \ No newline at end of file + - Egress diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-test.yaml new file mode 100755 index 0000000000..fe042830bc --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-create-on-trigger-deletion +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - name: step-02 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: pol-clone-create-on-trigger-deletion-configmap + namespace: pol-clone-create-on-trigger-deletion-ns + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: chainsaw-step-04-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..f9491d4237 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-clone-sync-create-source-after-policy-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 64% rename from test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-2.yaml index 5ae065d89e..ff5df801fb --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-2.yaml @@ -1,8 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-clone-sync-create-source-after-policy-ns ---- apiVersion: kyverno.io/v2beta1 kind: Policy metadata: @@ -10,27 +5,18 @@ metadata: namespace: pol-clone-sync-create-source-after-policy-ns spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: pol-clone-sync-create-source-after-policy-ns + kind: Secret + name: mynewsecret + namespace: pol-clone-sync-create-source-after-policy-ns + synchronize: true match: any: - resources: kinds: - ConfigMap - generate: - apiVersion: v1 - kind: Secret - name: mynewsecret - namespace: pol-clone-sync-create-source-after-policy-ns - synchronize: true - clone: - namespace: pol-clone-sync-create-source-after-policy-ns - name: regcred ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcred - namespace: pol-clone-sync-create-source-after-policy-ns -type: Opaque \ No newline at end of file + name: clone-secret diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..5c1d846c1c --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: pol-clone-sync-create-source-after-policy-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/01-assert.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/02-configmap.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 91% rename from test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/02-configmap.yaml rename to test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-02-apply-1-1.yaml index 387481152a..40457b4fcb --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/02-configmap.yaml +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-02-apply-1-1.yaml @@ -1,9 +1,9 @@ apiVersion: v1 +data: + color: red + day: monday + food: cheese kind: ConfigMap metadata: name: mycm namespace: pol-clone-sync-create-source-after-policy-ns -data: - food: cheese - day: monday - color: red \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/02-assert.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 50% rename from test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/02-assert.yaml rename to test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-02-assert-1-1.yaml index c6722dee3e..4bf29f7b6d --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/02-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-step-02-assert-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: Secret metadata: name: mynewsecret - namespace: pol-clone-sync-create-source-after-policy-ns \ No newline at end of file + namespace: pol-clone-sync-create-source-after-policy-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..a75b7709ea --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-sync-create-source-after-policy/chainsaw-test.yaml @@ -0,0 +1,23 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-sync-create-source-after-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/02-delete.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/02-delete.yaml deleted file mode 100644 index a3412238e0..0000000000 --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/02-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: pol-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/03-sleep.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..672b3182b0 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..a614eabe7e --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: test-org + namespace: pol-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 66% rename from test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-3.yaml index 6f6de250a3..b8df94034c --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-apply-1-3.yaml @@ -1,16 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-create-on-trigger-deletion-ns ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: test-org - namespace: pol-create-on-trigger-deletion-ns -data: - foo: bar ---- apiVersion: kyverno.io/v1 kind: Policy metadata: @@ -18,7 +5,18 @@ metadata: namespace: pol-create-on-trigger-deletion-ns spec: rules: - - name: default-deny + - generate: + apiVersion: networking.k8s.io/v1 + data: + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + kind: NetworkPolicy + name: default-deny + namespace: pol-create-on-trigger-deletion-ns + synchronize: true match: any: - resources: @@ -26,15 +24,4 @@ spec: - ConfigMap operations: - DELETE - generate: - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - name: default-deny - namespace: pol-create-on-trigger-deletion-ns - synchronize: true - data: - spec: - podSelector: {} - policyTypes: - - Ingress - - Egress \ No newline at end of file + name: default-deny diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/01-assert.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 66% rename from test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-assert-1-1.yaml index 8c927b10b3..98e3036c1c --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/01-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-assert-1-1.yaml @@ -8,9 +8,3 @@ status: - reason: Succeeded status: "True" type: Ready ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: test-org - namespace: pol-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..f7ac75fb2e --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-org + namespace: pol-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/04-assert.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-04-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 93% rename from test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/04-assert.yaml rename to test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-04-assert-1-1.yaml index 6f49ddf828..c6cd267142 --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/04-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-step-04-assert-1-1.yaml @@ -6,4 +6,4 @@ metadata: spec: policyTypes: - Ingress - - Egress \ No newline at end of file + - Egress diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-test.yaml new file mode 100755 index 0000000000..de2ff829ff --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-create-on-trigger-deletion +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - name: step-02 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: pol-create-on-trigger-deletion-ns + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: chainsaw-step-04-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-create/01-create.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-create/01-create.yaml deleted file mode 100644 index 1790d8c759..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-create/01-create.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-create/02-resource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-create/02-resource.yaml deleted file mode 100644 index 41ca0c2ab8..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-create/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: create-cm.yaml - - assert: - file: cloned-secret.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-create/99-cleanup.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-create/99-cleanup.yaml deleted file mode 100644 index d1de729516..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-create/99-cleanup.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - script: - content: | - kubectl delete ur -A --all - kubectl delete -f cloned-secret.yaml --ignore-not-found=true diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-create/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-create/chainsaw-test.yaml new file mode 100755 index 0000000000..aff2501215 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-create/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-nosync-create +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: create-cm.yaml + - assert: + file: cloned-secret.yaml + - name: step-99 + try: + - script: + content: | + kubectl delete ur -A --all + kubectl delete -f cloned-secret.yaml --ignore-not-found=true diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/01-create.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/01-create.yaml deleted file mode 100644 index 1790d8c759..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/01-create.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/02-resource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/02-resource.yaml deleted file mode 100644 index 41ca0c2ab8..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: create-cm.yaml - - assert: - file: cloned-secret.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/03-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/04-delete-downstream.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/04-delete-downstream.yaml deleted file mode 100644 index 3c87ec3d67..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/04-delete-downstream.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete-downstream -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: Secret - name: newsecret - namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/05-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/99-cleanup.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/99-cleanup.yaml deleted file mode 100644 index d1de729516..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/99-cleanup.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - script: - content: | - kubectl delete ur -A --all - kubectl delete -f cloned-secret.yaml --ignore-not-found=true diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/chainsaw-step-06-error-1-1.yaml old mode 100644 new mode 100755 similarity index 72% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/05-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/chainsaw-step-06-error-1-1.yaml index 1a47c4a978..b63a24578e --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/05-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/chainsaw-step-06-error-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: Secret metadata: name: newsecret - namespace: default \ No newline at end of file + namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..c9b688bfdd --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/chainsaw-test.yaml @@ -0,0 +1,45 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-nosync-delete-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: create-cm.yaml + - assert: + file: cloned-secret.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - delete: + ref: + apiVersion: v1 + kind: Secret + name: newsecret + namespace: default + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - error: + file: chainsaw-step-06-error-1-1.yaml + - name: step-99 + try: + - script: + content: | + kubectl delete ur -A --all + kubectl delete -f cloned-secret.yaml --ignore-not-found=true diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/01-create.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/01-create.yaml deleted file mode 100644 index 1790d8c759..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/01-create.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/02-resource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/02-resource.yaml deleted file mode 100644 index 41ca0c2ab8..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: create-cm.yaml - - assert: - file: cloned-secret.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/03-delete-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/03-delete-policy.yaml deleted file mode 100644 index d8968d0f1c..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/03-delete-policy.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete-policy -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: kyverno.io/v2beta1 - kind: Policy - name: pol-clone-nosync-delete-policy - namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/99-cleanup.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/99-cleanup.yaml deleted file mode 100644 index d1de729516..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/99-cleanup.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - script: - content: | - kubectl delete ur -A --all - kubectl delete -f cloned-secret.yaml --ignore-not-found=true diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/06-errors.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 72% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/06-errors.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/chainsaw-step-05-assert-1-1.yaml index 1a47c4a978..b63a24578e --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/06-errors.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/chainsaw-step-05-assert-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: Secret metadata: name: newsecret - namespace: default \ No newline at end of file + namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..4e2bdca7d9 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/chainsaw-test.yaml @@ -0,0 +1,41 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-nosync-delete-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: create-cm.yaml + - assert: + file: cloned-secret.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: kyverno.io/v2beta1 + kind: Policy + name: pol-clone-nosync-delete-policy + namespace: default + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml + - name: step-99 + try: + - script: + content: | + kubectl delete ur -A --all + kubectl delete -f cloned-secret.yaml --ignore-not-found=true diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/01-create.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/01-create.yaml deleted file mode 100644 index 1790d8c759..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/01-create.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/02-resource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/02-resource.yaml deleted file mode 100644 index edaf96dcbe..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/02-resource.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: create-cm.yaml - - assert: - file: cloned-secret.yaml - - assert: - file: cloned-limitrange.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/05-assert.yaml deleted file mode 100644 index ca3309e3e1..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/05-assert.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: newsecret - namespace: default ---- -apiVersion: v1 -kind: LimitRange -metadata: - name: genlr - namespace: default \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/99-cleanup.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/99-cleanup.yaml deleted file mode 100644 index 3796fd90b1..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/99-cleanup.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - script: - content: | - kubectl delete ur -A --all - kubectl delete -f cloned-secret.yaml,cloned-limitrange.yaml --ignore-not-found=true diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/03-delete-rule.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/03-delete-rule.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/chainsaw-step-03-apply-1-1.yaml index 316634fe88..ee93889b9a --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/03-delete-rule.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/chainsaw-step-03-apply-1-1.yaml @@ -5,18 +5,18 @@ metadata: namespace: default spec: rules: - - name: pol-clone-nosync-delete-rule-lr + - generate: + apiVersion: v1 + clone: + name: sourcelr + namespace: default + kind: LimitRange + name: genlr + namespace: default + synchronize: false match: any: - resources: kinds: - ConfigMap - generate: - apiVersion: v1 - kind: LimitRange - name: genlr - namespace: default - synchronize: false - clone: - name: sourcelr - namespace: default + name: pol-clone-nosync-delete-rule-lr diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/06-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 72% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/06-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/chainsaw-step-05-assert-1-1.yaml index 1a47c4a978..b63a24578e --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/06-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/chainsaw-step-05-assert-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: Secret metadata: name: newsecret - namespace: default \ No newline at end of file + namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/chainsaw-step-05-assert-1-2.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/chainsaw-step-05-assert-1-2.yaml new file mode 100755 index 0000000000..1394f905d0 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/chainsaw-step-05-assert-1-2.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: LimitRange +metadata: + name: genlr + namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..07f42ee9ba --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-rule/chainsaw-test.yaml @@ -0,0 +1,41 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-nosync-delete-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: create-cm.yaml + - assert: + file: cloned-secret.yaml + - assert: + file: cloned-limitrange.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml + - assert: + file: chainsaw-step-05-assert-1-2.yaml + - name: step-99 + try: + - script: + content: | + kubectl delete ur -A --all + kubectl delete -f cloned-secret.yaml,cloned-limitrange.yaml --ignore-not-found=true diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/01-create.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/01-create.yaml deleted file mode 100644 index 1790d8c759..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/01-create.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/02-resource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/02-resource.yaml deleted file mode 100644 index 41ca0c2ab8..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: create-cm.yaml - - assert: - file: cloned-secret.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/03-delete-source.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/03-delete-source.yaml deleted file mode 100644 index e38f59f9ca..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/03-delete-source.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete-source -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: Secret - name: regcred - namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/99-cleanup.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/99-cleanup.yaml deleted file mode 100644 index d1de729516..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/99-cleanup.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - script: - content: | - kubectl delete ur -A --all - kubectl delete -f cloned-secret.yaml --ignore-not-found=true diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 72% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/05-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/chainsaw-step-05-assert-1-1.yaml index 1a47c4a978..b63a24578e --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/05-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/chainsaw-step-05-assert-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: Secret metadata: name: newsecret - namespace: default \ No newline at end of file + namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/chainsaw-test.yaml new file mode 100755 index 0000000000..eb2894d819 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/chainsaw-test.yaml @@ -0,0 +1,41 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-nosync-delete-source +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: create-cm.yaml + - assert: + file: cloned-secret.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: Secret + name: regcred + namespace: default + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml + - name: step-99 + try: + - script: + content: | + kubectl delete ur -A --all + kubectl delete -f cloned-secret.yaml --ignore-not-found=true diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/02-create-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/02-create-trigger.yaml deleted file mode 100644 index 3312b2441b..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/02-create-trigger.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-trigger -spec: - timeouts: {} - try: - - apply: - file: trigger.yaml - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/03-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/03-delete.yaml deleted file mode 100644 index dd5a480833..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: pol-clone-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/05-downstream-deleted.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/05-downstream-deleted.yaml deleted file mode 100644 index 70051ec60a..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/05-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..97ca6a38db --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-clone-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..4a8f59fb49 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: source-secret + namespace: pol-clone-nosync-delete-trigger-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 60% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-3.yaml index 1a2e687e60..d8d6ec2426 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-step-01-apply-1-3.yaml @@ -1,17 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-clone-nosync-delete-trigger-ns ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: source-secret - namespace: pol-clone-nosync-delete-trigger-ns -type: Opaque ---- apiVersion: kyverno.io/v2beta1 kind: Policy metadata: @@ -19,18 +5,18 @@ metadata: namespace: pol-clone-nosync-delete-trigger-ns spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: source-secret + namespace: pol-clone-nosync-delete-trigger-ns + kind: Secret + name: downstream-secret + namespace: pol-clone-nosync-delete-trigger-ns + synchronize: false match: any: - resources: kinds: - ConfigMap - generate: - apiVersion: v1 - kind: Secret - name: downstream-secret - namespace: pol-clone-nosync-delete-trigger-ns - synchronize: false - clone: - namespace: pol-clone-nosync-delete-trigger-ns - name: source-secret \ No newline at end of file + name: clone-secret diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-test.yaml new file mode 100755 index 0000000000..3da2652c52 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-nosync-delete-trigger +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: trigger.yaml + - assert: + file: downstream.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: pol-clone-nosync-delete-trigger-ns + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/01-script-try-create1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/01-script-try-create1.yaml deleted file mode 100644 index 221abcdb7f..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/01-script-try-create1.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script-try-create1 -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f policy1.yaml\nthen \n echo \"Tested failed. Policy - was created when it shouldn't have been.\"\n exit 1 \nelse \n echo \"Test - succeeded. Policy was not created as intended.\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/02-script-try-create2.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/02-script-try-create2.yaml deleted file mode 100644 index 0b857bb098..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/02-script-try-create2.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script-try-create2 -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f policy2.yaml\nthen \n echo \"Tested failed. Policy - was created when it shouldn't have been.\"\n exit 1 \nelse \n echo \"Test - succeeded. Policy was not created as intended.\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/chainsaw-test.yaml new file mode 100755 index 0000000000..edf0f56054 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-invalid/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-nosync-invalid +spec: + steps: + - name: step-01 + try: + - script: + content: "if kubectl apply -f policy1.yaml\nthen \n echo \"Tested failed. + Policy was created when it shouldn't have been.\"\n exit 1 \nelse \n echo + \"Test succeeded. Policy was not created as intended.\"\n exit 0\nfi\n" + - name: step-02 + try: + - script: + content: "if kubectl apply -f policy2.yaml\nthen \n echo \"Tested failed. + Policy was created when it shouldn't have been.\"\n exit 1 \nelse \n echo + \"Test succeeded. Policy was not created as intended.\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/01-create.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/01-create.yaml deleted file mode 100644 index 1790d8c759..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/01-create.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/02-resource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/02-resource.yaml deleted file mode 100644 index 41ca0c2ab8..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: create-cm.yaml - - assert: - file: cloned-secret.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/03-modify-downstream.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 91% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/03-modify-downstream.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/chainsaw-step-03-apply-1-1.yaml index ab643bbdab..18be54f47e --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/03-modify-downstream.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/chainsaw-step-03-apply-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: newsecret namespace: pol-clone-nosync-modify-downstream-ns -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 91% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/05-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/chainsaw-step-05-assert-1-1.yaml index ab643bbdab..18be54f47e --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/05-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/chainsaw-step-05-assert-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: newsecret namespace: pol-clone-nosync-modify-downstream-ns -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..60ab800051 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-downstream/chainsaw-test.yaml @@ -0,0 +1,31 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-nosync-modify-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: create-cm.yaml + - assert: + file: cloned-secret.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/01-create.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/01-create.yaml deleted file mode 100644 index 1790d8c759..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/01-create.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/02-resource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/02-resource.yaml deleted file mode 100644 index 41ca0c2ab8..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: create-cm.yaml - - assert: - file: cloned-secret.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/99-cleanup.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/99-cleanup.yaml deleted file mode 100644 index d1de729516..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/99-cleanup.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - script: - content: | - kubectl delete ur -A --all - kubectl delete -f cloned-secret.yaml --ignore-not-found=true diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/03-modify-source.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/03-modify-source.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/chainsaw-step-03-apply-1-1.yaml index 05b1bd94dc..45615c0338 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/03-modify-source.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/chainsaw-step-03-apply-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: regcred namespace: default -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/05-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/chainsaw-step-05-assert-1-1.yaml index 9dd6e1fb31..9fb619a3a4 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/05-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/chainsaw-step-05-assert-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: pol-clone-nosync-modify-source-newsecret namespace: default -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/chainsaw-test.yaml new file mode 100755 index 0000000000..cea078dd9e --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-modify-source/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-nosync-modify-source +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: create-cm.yaml + - assert: + file: cloned-secret.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml + - name: step-99 + try: + - script: + content: | + kubectl delete ur -A --all + kubectl delete -f cloned-secret.yaml --ignore-not-found=true diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/03-downstream-created.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/03-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/03-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/05-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/06-downstream-deleted.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/06-downstream-deleted.yaml deleted file mode 100644 index 70051ec60a..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/06-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..d926674ec3 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-clone-nosync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..0086c75113 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: source-secret + namespace: pol-clone-nosync-update-trigger-no-match-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 64% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-3.yaml index a7c3e6fed8..34bedce153 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-3.yaml @@ -1,17 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-clone-nosync-update-trigger-no-match-ns ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: source-secret - namespace: pol-clone-nosync-update-trigger-no-match-ns -type: Opaque ---- apiVersion: kyverno.io/v2beta1 kind: Policy metadata: @@ -19,7 +5,15 @@ metadata: namespace: pol-clone-nosync-update-trigger-no-match-ns spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: source-secret + namespace: pol-clone-nosync-update-trigger-no-match-ns + kind: Secret + name: downstream-secret + namespace: pol-clone-nosync-update-trigger-no-match-ns + synchronize: false match: any: - resources: @@ -28,12 +22,4 @@ spec: selector: matchLabels: create-secret: "true" - generate: - apiVersion: v1 - kind: Secret - name: downstream-secret - namespace: pol-clone-nosync-update-trigger-no-match-ns - synchronize: false - clone: - namespace: pol-clone-nosync-update-trigger-no-match-ns - name: source-secret \ No newline at end of file + name: clone-secret diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/02-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 62% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/02-trigger.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml index 80e5a0f561..c328e84188 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/02-trigger.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-secret: "true" name: test-org - namespace: pol-clone-sync-update-trigger-no-match-ns \ No newline at end of file + namespace: pol-clone-nosync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/04-update-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 62% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/04-update-trigger.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml index 05fac66d24..dfcee41f42 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-update-trigger-no-match/04-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-secret: "false" name: test-org - namespace: cpol-clone-nosync-update-trigger-no-match-ns \ No newline at end of file + namespace: pol-clone-nosync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-test.yaml new file mode 100755 index 0000000000..15cae060a7 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-update-trigger-no-match/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-nosync-update-trigger-no-match +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: downstream.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/01-assert.yaml deleted file mode 100644 index deabee81cc..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/01-assert.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-sync-clone-delete-downstream ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcred - namespace: pol-sync-clone-delete-downstream -type: Opaque \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/01-manifests.yaml deleted file mode 100644 index deabee81cc..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/01-manifests.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-sync-clone-delete-downstream ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcred - namespace: pol-sync-clone-delete-downstream -type: Opaque \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/04-downstream.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/04-downstream.yaml deleted file mode 100644 index 773de86ff2..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/04-downstream.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/06-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/06-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/06-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/07-downstream.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/07-downstream.yaml deleted file mode 100644 index 773de86ff2..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/07-downstream.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..b83f671119 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-sync-clone-delete-downstream diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..a66f53fbd8 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: pol-sync-clone-delete-downstream +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..b83f671119 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-sync-clone-delete-downstream diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..a66f53fbd8 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: pol-sync-clone-delete-downstream +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/02-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 89% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/02-policy.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-02-apply-1-1.yaml index c901aaddfb..1c1017013b --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/02-policy.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-02-apply-1-1.yaml @@ -5,18 +5,18 @@ metadata: namespace: pol-sync-clone-delete-downstream spec: rules: - - name: gen-zk + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: pol-sync-clone-delete-downstream + kind: Secret + name: myclonedsecret + namespace: pol-sync-clone-delete-downstream + synchronize: true match: any: - resources: kinds: - ConfigMap - generate: - apiVersion: v1 - kind: Secret - name: myclonedsecret - namespace: pol-sync-clone-delete-downstream - synchronize: true - clone: - namespace: pol-sync-clone-delete-downstream - name: regcred \ No newline at end of file + name: gen-zk diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/02-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/02-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/03-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 60% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/03-trigger.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-03-apply-1-1.yaml index 218574ff7b..933626d712 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/03-trigger.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-03-apply-1-1.yaml @@ -4,4 +4,4 @@ data: kind: ConfigMap metadata: name: foo - namespace: pol-sync-clone-delete-downstream \ No newline at end of file + namespace: pol-sync-clone-delete-downstream diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/05-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-05-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/05-delete.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-05-apply-1-1.yaml index e79dba2b2f..09b4adb8b1 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/05-delete.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-step-05-apply-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: myclonedsecret namespace: pol-sync-clone-delete-downstream -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..16a4f72543 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-downstream/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-sync-delete-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - assert: + file: downstream.yaml + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1-1.yaml + - name: step-06 + try: + - sleep: + duration: 3s + - name: step-07 + try: + - assert: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/01-create.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/01-create.yaml deleted file mode 100644 index 1790d8c759..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/01-create.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/02-resource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/02-resource.yaml deleted file mode 100644 index 41ca0c2ab8..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: create-cm.yaml - - assert: - file: cloned-secret.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/03-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/04-delete-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/04-delete-policy.yaml deleted file mode 100644 index 82283ec76a..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/04-delete-policy.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete-policy -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: kyverno.io/v2beta1 - kind: Policy - name: pol-clone-sync-delete-policy - namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/05-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/99-cleanup.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/99-cleanup.yaml deleted file mode 100644 index 7e0004c066..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/99-cleanup.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - command: - args: - - delete - - ur - - -A - - --all - entrypoint: kubectl diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/chainsaw-step-06-assert-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/chainsaw-step-06-assert-1-1.yaml new file mode 100755 index 0000000000..b63a24578e --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/chainsaw-step-06-assert-1-1.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Secret +metadata: + name: newsecret + namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..5ddcc23ee0 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/chainsaw-test.yaml @@ -0,0 +1,48 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-sync-delete-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: create-cm.yaml + - assert: + file: cloned-secret.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - delete: + ref: + apiVersion: kyverno.io/v2beta1 + kind: Policy + name: pol-clone-sync-delete-policy + namespace: default + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: chainsaw-step-06-assert-1-1.yaml + - name: step-99 + try: + - command: + args: + - delete + - ur + - -A + - --all + entrypoint: kubectl diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/01-create.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/01-create.yaml deleted file mode 100644 index 1790d8c759..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/01-create.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/02-resource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/02-resource.yaml deleted file mode 100644 index edaf96dcbe..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/02-resource.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: create-cm.yaml - - assert: - file: cloned-secret.yaml - - assert: - file: cloned-limitrange.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/05-assert.yaml deleted file mode 100644 index ca3309e3e1..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/05-assert.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: newsecret - namespace: default ---- -apiVersion: v1 -kind: LimitRange -metadata: - name: genlr - namespace: default \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/99-cleanup.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/99-cleanup.yaml deleted file mode 100644 index 7e0004c066..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/99-cleanup.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - command: - args: - - delete - - ur - - -A - - --all - entrypoint: kubectl diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/03-delete-rule.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/03-delete-rule.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/chainsaw-step-03-apply-1-1.yaml index 92892e5e23..4d3dd221e1 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/03-delete-rule.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/chainsaw-step-03-apply-1-1.yaml @@ -5,18 +5,18 @@ metadata: namespace: default spec: rules: - - name: pol-clone-sync-delete-rule-lr + - generate: + apiVersion: v1 + clone: + name: sourcelr + namespace: default + kind: LimitRange + name: genlr + namespace: default + synchronize: true match: any: - resources: kinds: - ConfigMap - generate: - apiVersion: v1 - kind: LimitRange - name: genlr - namespace: default - synchronize: true - clone: - name: sourcelr - namespace: default + name: pol-clone-sync-delete-rule-lr diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/chainsaw-step-05-assert-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/chainsaw-step-05-assert-1-1.yaml new file mode 100755 index 0000000000..b63a24578e --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/chainsaw-step-05-assert-1-1.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Secret +metadata: + name: newsecret + namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/chainsaw-step-05-assert-1-2.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/chainsaw-step-05-assert-1-2.yaml new file mode 100755 index 0000000000..1394f905d0 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/chainsaw-step-05-assert-1-2.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: LimitRange +metadata: + name: genlr + namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..349f192b5e --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-rule/chainsaw-test.yaml @@ -0,0 +1,44 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-sync-delete-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: create-cm.yaml + - assert: + file: cloned-secret.yaml + - assert: + file: cloned-limitrange.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml + - assert: + file: chainsaw-step-05-assert-1-2.yaml + - name: step-99 + try: + - command: + args: + - delete + - ur + - -A + - --all + entrypoint: kubectl diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/01-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/02-resource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/02-resource.yaml deleted file mode 100644 index 41ca0c2ab8..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: create-cm.yaml - - assert: - file: cloned-secret.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/03-deletesource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/03-deletesource.yaml deleted file mode 100644 index 746df42ee6..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/03-deletesource.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: deletesource -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: Secret - name: regcred - namespace: pol-clone-sync-delete-source diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/05-errors.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/chainsaw-step-05-error-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/05-errors.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/chainsaw-step-05-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/chainsaw-test.yaml new file mode 100755 index 0000000000..077bad6913 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-sync-delete-source +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: create-cm.yaml + - assert: + file: cloned-secret.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: Secret + name: regcred + namespace: pol-clone-sync-delete-source + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - error: + file: chainsaw-step-05-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/02-create-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/02-create-trigger.yaml deleted file mode 100644 index 3312b2441b..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/02-create-trigger.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-trigger -spec: - timeouts: {} - try: - - apply: - file: trigger.yaml - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/03-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/03-delete.yaml deleted file mode 100644 index a7d85b13de..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: pol-clone-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/05-downstream-deleted.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/05-downstream-deleted.yaml deleted file mode 100644 index f01c4fabad..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/05-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - error: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..293a52f648 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-clone-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/06-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/06-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-2.yaml index 57495d829f..b80a12b9a9 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/06-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-2.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: source-secret namespace: pol-clone-sync-delete-trigger-ns -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 60% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-3.yaml index 0dbaaf6bd4..29eda60a49 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-01-apply-1-3.yaml @@ -1,17 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-clone-sync-delete-trigger-ns ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: source-secret - namespace: pol-clone-sync-delete-trigger-ns -type: Opaque ---- apiVersion: kyverno.io/v2beta1 kind: Policy metadata: @@ -19,18 +5,18 @@ metadata: namespace: pol-clone-sync-delete-trigger-ns spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: source-secret + namespace: pol-clone-sync-delete-trigger-ns + kind: Secret + name: downstream-secret + namespace: pol-clone-sync-delete-trigger-ns + synchronize: true match: any: - resources: kinds: - ConfigMap - generate: - apiVersion: v1 - kind: Secret - name: downstream-secret - namespace: pol-clone-sync-delete-trigger-ns - synchronize: true - clone: - namespace: pol-clone-sync-delete-trigger-ns - name: source-secret \ No newline at end of file + name: clone-secret diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-06-assert-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-06-assert-1-1.yaml new file mode 100755 index 0000000000..b80a12b9a9 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-step-06-assert-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: source-secret + namespace: pol-clone-sync-delete-trigger-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-test.yaml new file mode 100755 index 0000000000..0a4779b129 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-sync-delete-trigger +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: trigger.yaml + - assert: + file: downstream.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: pol-clone-sync-delete-trigger-ns + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - error: + file: downstream.yaml + - name: step-06 + try: + - assert: + file: chainsaw-step-06-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-invalid/01-script-try-create1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-invalid/01-script-try-create1.yaml deleted file mode 100644 index 221abcdb7f..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-invalid/01-script-try-create1.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script-try-create1 -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f policy1.yaml\nthen \n echo \"Tested failed. Policy - was created when it shouldn't have been.\"\n exit 1 \nelse \n echo \"Test - succeeded. Policy was not created as intended.\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-invalid/02-script-try-create2.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-invalid/02-script-try-create2.yaml deleted file mode 100644 index 0b857bb098..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-invalid/02-script-try-create2.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script-try-create2 -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f policy2.yaml\nthen \n echo \"Tested failed. Policy - was created when it shouldn't have been.\"\n exit 1 \nelse \n echo \"Test - succeeded. Policy was not created as intended.\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-invalid/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-invalid/chainsaw-test.yaml new file mode 100755 index 0000000000..d08f8e6960 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-invalid/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-sync-invalid +spec: + steps: + - name: step-01 + try: + - script: + content: "if kubectl apply -f policy1.yaml\nthen \n echo \"Tested failed. + Policy was created when it shouldn't have been.\"\n exit 1 \nelse \n echo + \"Test succeeded. Policy was not created as intended.\"\n exit 0\nfi\n" + - name: step-02 + try: + - script: + content: "if kubectl apply -f policy2.yaml\nthen \n echo \"Tested failed. + Policy was created when it shouldn't have been.\"\n exit 1 \nelse \n echo + \"Test succeeded. Policy was not created as intended.\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/01-manifests.yaml deleted file mode 100644 index 581eb5a11b..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/01-manifests.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-clone-sync-modify-downstream-ns ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcred - namespace: pol-clone-sync-modify-downstream-ns -type: Opaque \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/06-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/06-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/06-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..790aaf7d5a --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-clone-sync-modify-downstream-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 54% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-01-apply-1-2.yaml index 581eb5a11b..5f7b48e839 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/01-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-01-apply-1-2.yaml @@ -1,13 +1,8 @@ apiVersion: v1 -kind: Namespace -metadata: - name: pol-clone-sync-modify-downstream-ns ---- -apiVersion: v1 data: foo: YmFy kind: Secret metadata: name: regcred namespace: pol-clone-sync-modify-downstream-ns -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..790aaf7d5a --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-clone-sync-modify-downstream-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..5f7b48e839 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: pol-clone-sync-modify-downstream-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/02-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 89% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/02-policy.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-02-apply-1-1.yaml index 59e4c752a5..37d0820983 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/02-policy.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-02-apply-1-1.yaml @@ -5,18 +5,18 @@ metadata: namespace: pol-clone-sync-modify-downstream-ns spec: rules: - - name: gen-zk + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: pol-clone-sync-modify-downstream-ns + kind: Secret + name: myclonedsecret + namespace: pol-clone-sync-modify-downstream-ns + synchronize: true match: any: - resources: kinds: - ConfigMap - generate: - apiVersion: v1 - kind: Secret - name: myclonedsecret - namespace: pol-clone-sync-modify-downstream-ns - synchronize: true - clone: - namespace: pol-clone-sync-modify-downstream-ns - name: regcred \ No newline at end of file + name: gen-zk diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/02-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/02-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/03-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 58% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/03-trigger.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-03-apply-1-1.yaml index 6e927d56d1..fcfe880274 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/03-trigger.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-03-apply-1-1.yaml @@ -4,4 +4,4 @@ data: kind: ConfigMap metadata: name: foo - namespace: pol-clone-sync-modify-downstream-ns \ No newline at end of file + namespace: pol-clone-sync-modify-downstream-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/07-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-04-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/07-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-04-assert-1-1.yaml index 6761f13eaa..d5e08da8db --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/07-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-04-assert-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: myclonedsecret namespace: pol-clone-sync-modify-downstream-ns -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/05-modify.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-05-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 91% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/05-modify.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-05-apply-1-1.yaml index 90f06d6e91..d5e0dd5bd5 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/05-modify.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-05-apply-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: myclonedsecret namespace: pol-clone-sync-modify-downstream-ns -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/04-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-07-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/04-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-07-assert-1-1.yaml index 6761f13eaa..d5e08da8db --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/04-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-step-07-assert-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: myclonedsecret namespace: pol-clone-sync-modify-downstream-ns -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..7019d73eb9 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-downstream/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-sync-modify-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - assert: + file: chainsaw-step-04-assert-1-1.yaml + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1-1.yaml + - name: step-06 + try: + - sleep: + duration: 3s + - name: step-07 + try: + - assert: + file: chainsaw-step-07-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..22b7c0bf5f --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: poltest diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..ffae46623e --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: regcred + namespace: poltest +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 64% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-01-apply-1-3.yaml index 8adbdd7837..25cca0c56f --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-01-apply-1-3.yaml @@ -1,17 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: poltest ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: regcred - namespace: poltest -type: Opaque ---- apiVersion: kyverno.io/v2beta1 kind: Policy metadata: @@ -19,18 +5,18 @@ metadata: namespace: poltest spec: rules: - - name: gen-zk + - generate: + apiVersion: v1 + clone: + name: regcred + namespace: poltest + kind: Secret + name: myclonedsecret + namespace: poltest + synchronize: true match: any: - resources: kinds: - ConfigMap - generate: - apiVersion: v1 - kind: Secret - name: myclonedsecret - namespace: poltest - synchronize: true - clone: - namespace: poltest - name: regcred + name: gen-zk diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-01-assert-1-1.yaml index ca94aab071..83f6f4bc62 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/01-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-01-assert-1-1.yaml @@ -7,4 +7,4 @@ status: conditions: - reason: Succeeded status: "True" - type: Ready \ No newline at end of file + type: Ready diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/02-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 76% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/02-trigger.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-02-apply-1-1.yaml index 4a6457c1cb..3644981699 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/02-trigger.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-02-apply-1-1.yaml @@ -4,4 +4,4 @@ data: kind: ConfigMap metadata: name: cm-2 - namespace: poltest \ No newline at end of file + namespace: poltest diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/03-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/03-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-03-assert-1-1.yaml index b609a3311d..d999bda90e --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/03-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-03-assert-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: myclonedsecret namespace: poltest -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/04-modifysource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 89% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/04-modifysource.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-04-apply-1-1.yaml index c9bb004521..634e26037a --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/04-modifysource.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-04-apply-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: regcred namespace: poltest -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/05-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-05-assert-1-1.yaml index 3eb44f8ed1..05d63beb0b --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/05-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-step-05-assert-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: myclonedsecret namespace: poltest -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-test.yaml new file mode 100755 index 0000000000..6ebda2c1b6 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-modify-source/chainsaw-test.yaml @@ -0,0 +1,33 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-sync-modify-source +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/03-downstream-created.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/03-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/03-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/05-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/06-downstream-deleted.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/06-downstream-deleted.yaml deleted file mode 100644 index f01c4fabad..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/06-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - error: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..75817f5570 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-clone-sync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..e7fcd8ee78 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: source-secret + namespace: pol-clone-sync-update-trigger-no-match-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-3.yaml old mode 100644 new mode 100755 similarity index 64% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-3.yaml index 2d037cd39a..b964a640b8 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-01-apply-1-3.yaml @@ -1,17 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-clone-sync-update-trigger-no-match-ns ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: source-secret - namespace: pol-clone-sync-update-trigger-no-match-ns -type: Opaque ---- apiVersion: kyverno.io/v2beta1 kind: Policy metadata: @@ -19,7 +5,15 @@ metadata: namespace: pol-clone-sync-update-trigger-no-match-ns spec: rules: - - name: clone-secret + - generate: + apiVersion: v1 + clone: + name: source-secret + namespace: pol-clone-sync-update-trigger-no-match-ns + kind: Secret + name: downstream-secret + namespace: pol-clone-sync-update-trigger-no-match-ns + synchronize: true match: any: - resources: @@ -28,12 +22,4 @@ spec: selector: matchLabels: create-secret: "true" - generate: - apiVersion: v1 - kind: Secret - name: downstream-secret - namespace: pol-clone-sync-update-trigger-no-match-ns - synchronize: true - clone: - namespace: pol-clone-sync-update-trigger-no-match-ns - name: source-secret \ No newline at end of file + name: clone-secret diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/02-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 63% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/02-trigger.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml index 5cf922ae4e..21e42b70c5 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/02-trigger.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-secret: "true" name: test-org - namespace: cpol-clone-sync-update-trigger-no-match-ns \ No newline at end of file + namespace: pol-clone-sync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/04-update-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 63% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/04-update-trigger.yaml rename to test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml index ee020f82ba..1be0602371 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-update-trigger-no-match/04-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-secret: "false" name: test-org - namespace: cpol-clone-sync-update-trigger-no-match-ns \ No newline at end of file + namespace: pol-clone-sync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-test.yaml new file mode 100755 index 0000000000..c894d5ec4c --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-update-trigger-no-match/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-clone-sync-update-trigger-no-match +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: downstream.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - error: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-create-policy-invalid/01-create.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-create-policy-invalid/01-create.yaml deleted file mode 100644 index 94305ebd1d..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-create-policy-invalid/01-create.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-create-policy-invalid/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-create-policy-invalid/chainsaw-test.yaml new file mode 100755 index 0000000000..eba0598cc9 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-create-policy-invalid/chainsaw-test.yaml @@ -0,0 +1,16 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-nosync-create-policy-invalid +spec: + steps: + - name: step-01 + try: + - apply: + file: ns.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/01-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/02-create-secret.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/02-create-secret.yaml deleted file mode 100644 index a832bf5a48..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/02-create-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-secret -spec: - timeouts: {} - try: - - apply: - file: secret.yaml - - assert: - file: generated-configmap.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/03-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/03-delete.yaml deleted file mode 100644 index 16281c3681..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: hammer diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/chainsaw-step-05-error-1-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/05-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/chainsaw-step-05-error-1-1.yaml index 7be0bd9fd9..00cb89cbae --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/05-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/chainsaw-step-05-error-1-1.yaml @@ -1,8 +1,8 @@ apiVersion: v1 data: KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 - ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: name: zk-kafka-address - namespace: manta \ No newline at end of file + namespace: hammer diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..95811ac491 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-nosync-delete-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: secret.yaml + - assert: + file: generated-configmap.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: hammer + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - error: + file: chainsaw-step-05-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/01-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/02-create-secret.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/02-create-secret.yaml deleted file mode 100644 index a832bf5a48..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/02-create-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-secret -spec: - timeouts: {} - try: - - apply: - file: secret.yaml - - assert: - file: generated-configmap.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/03-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/03-delete.yaml deleted file mode 100644 index 19963cab45..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: kyverno.io/v1 - kind: Policy - name: pol-data-nosync-delete-policy-policy - namespace: manta diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/05-errors.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/05-errors.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/chainsaw-step-05-assert-1-1.yaml index 0519f6792c..59775fb2c8 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/05-errors.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/chainsaw-step-05-assert-1-1.yaml @@ -1,8 +1,8 @@ apiVersion: v1 data: KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 - ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: name: zk-kafka-address - namespace: hammer \ No newline at end of file + namespace: manta diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..215fc303b8 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-nosync-delete-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: secret.yaml + - assert: + file: generated-configmap.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: Policy + name: pol-data-nosync-delete-policy-policy + namespace: manta + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/01-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/02-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/02-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/02-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/03-resource.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/03-resource.yaml deleted file mode 100644 index 16f6688270..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/03-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-generated.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/04-remove-rule.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/04-remove-rule.yaml deleted file mode 100644 index bfa598f7b9..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/04-remove-rule.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: remove-rule -spec: - timeouts: {} - try: - - apply: - file: policy-with-rule-removed.yaml - - assert: - file: both-resources-exist.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..bd5c0b3a98 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-rule/chainsaw-test.yaml @@ -0,0 +1,29 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-nosync-delete-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - sleep: + duration: 3s + - name: step-03 + try: + - apply: + file: resource.yaml + - assert: + file: resource-generated.yaml + - name: step-04 + try: + - apply: + file: policy-with-rule-removed.yaml + - assert: + file: both-resources-exist.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/03-downstream-created.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/03-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/03-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/04-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/04-delete.yaml deleted file mode 100644 index bf1e22bf01..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/04-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: pol-data-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/05-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/06-downstream-remained.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/06-downstream-remained.yaml deleted file mode 100644 index 7f8c209394..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/06-downstream-remained.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-remained -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..2a6c6c9692 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-data-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 71% rename from test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-step-01-apply-1-2.yaml index 144c2838fb..3eeb1a2c9d --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-step-01-apply-1-2.yaml @@ -1,30 +1,25 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-data-nosync-delete-trigger-ns ---- apiVersion: kyverno.io/v1 kind: Policy metadata: - name: pol-data-nosync-delete-trigger + name: pol-data-nosync-delete-trigger namespace: pol-data-nosync-delete-trigger-ns spec: rules: - - name: default-deny - match: - any: - - resources: - kinds: - - ConfigMap - generate: + - generate: apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - name: default-deny - namespace: pol-data-nosync-delete-trigger-ns - synchronize: false data: spec: podSelector: {} policyTypes: - Ingress - - Egress \ No newline at end of file + - Egress + kind: NetworkPolicy + name: default-deny + namespace: pol-data-nosync-delete-trigger-ns + synchronize: false + match: + any: + - resources: + kinds: + - ConfigMap + name: default-deny diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 81% rename from test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-step-01-assert-1-1.yaml index 632273004f..3fa370f022 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/01-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-step-01-assert-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: kyverno.io/v2beta1 kind: Policy metadata: - name: pol-data-nosync-delete-trigger + name: pol-data-nosync-delete-trigger namespace: pol-data-nosync-delete-trigger-ns status: conditions: diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..ffddbe2f38 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-org + namespace: pol-data-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-test.yaml new file mode 100755 index 0000000000..408d22b605 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-nosync-delete-trigger +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: downstream.yaml + - name: step-04 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: pol-data-nosync-delete-trigger-ns + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/01-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/02-create-secret.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/02-create-secret.yaml deleted file mode 100644 index a832bf5a48..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/02-create-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-secret -spec: - timeouts: {} - try: - - apply: - file: secret.yaml - - assert: - file: generated-configmap.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/03-modify.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/03-modify.yaml deleted file mode 100644 index ff6ac70814..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/03-modify.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: modify -spec: - timeouts: {} - try: - - apply: - file: modified-downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 67% rename from test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/05-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/chainsaw-step-05-assert-1-1.yaml index 2f9c6f63eb..49dcde0a94 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/05-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/chainsaw-step-05-assert-1-1.yaml @@ -1,8 +1,8 @@ apiVersion: v1 data: KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 - ZK_ADDRESS: iamfixingsomedatainthiskey:2181 + ZK_ADDRESS: iamfixingsomedatainthiskey:2181 kind: ConfigMap metadata: name: zk-kafka-address - namespace: lionfish \ No newline at end of file + namespace: lionfish diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..7ae2f3909e --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-downstream/chainsaw-test.yaml @@ -0,0 +1,31 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-nosync-modify-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: secret.yaml + - assert: + file: generated-configmap.yaml + - name: step-03 + try: + - apply: + file: modified-downstream.yaml + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/01-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/02-create-secret.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/02-create-secret.yaml deleted file mode 100644 index a832bf5a48..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/02-create-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-secret -spec: - timeouts: {} - try: - - apply: - file: secret.yaml - - assert: - file: generated-configmap.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/03-modify.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/03-modify.yaml deleted file mode 100644 index d08c87d3ac..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/03-modify.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: modify -spec: - timeouts: {} - try: - - apply: - file: modified-rule.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/05-assert.yaml deleted file mode 100644 index a87cbc51a1..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/05-assert.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 - ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 -kind: ConfigMap -metadata: - name: zk-kafka-address - namespace: hawksbill \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/05-errors.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/05-errors.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/chainsaw-step-05-assert-1-1.yaml index a96cd1bc76..dbbfc9463a --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/05-errors.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/chainsaw-step-05-assert-1-1.yaml @@ -1,8 +1,8 @@ apiVersion: v1 data: KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 - ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: name: zk-kafka-address - namespace: manasis \ No newline at end of file + namespace: hawksbill diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..3e12e83fef --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-modify-rule/chainsaw-test.yaml @@ -0,0 +1,31 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-nosync-modify-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: secret.yaml + - assert: + file: generated-configmap.yaml + - name: step-03 + try: + - apply: + file: modified-rule.yaml + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/03-downstream-created.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/03-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/03-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/05-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/06-downstream-deleted.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/06-downstream-deleted.yaml deleted file mode 100644 index 70051ec60a..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/06-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..cf24458883 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-data-nosync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 79% rename from test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml index 06651e3030..4acbe53458 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml @@ -1,8 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-data-nosync-update-trigger-no-match-ns ---- apiVersion: kyverno.io/v1 kind: Policy metadata: @@ -10,7 +5,18 @@ metadata: namespace: pol-data-nosync-update-trigger-no-match-ns spec: rules: - - name: default-deny + - generate: + apiVersion: networking.k8s.io/v1 + data: + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + kind: NetworkPolicy + name: default-deny + namespace: pol-data-nosync-update-trigger-no-match-ns + synchronize: false match: any: - resources: @@ -19,15 +25,4 @@ spec: selector: matchLabels: create-netpol: "true" - generate: - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - name: default-deny - namespace: pol-data-nosync-update-trigger-no-match-ns - synchronize: false - data: - spec: - podSelector: {} - policyTypes: - - Ingress - - Egress \ No newline at end of file + name: default-deny diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..7a52a58101 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + create-netpol: "true" + name: test-org + namespace: pol-data-nosync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/04-update-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 62% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/04-update-trigger.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml index ac0fe9f998..7cfca19cb1 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-update-trigger-no-match/04-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-netpol: "false" name: test-org - namespace: cpol-data-sync-update-trigger-no-match-ns \ No newline at end of file + namespace: pol-data-nosync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-test.yaml new file mode 100755 index 0000000000..5d3a9d851d --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-update-trigger-no-match/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-nosync-update-trigger-no-match +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: downstream.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-create-policy-invalid/01-script-try-create.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-create-policy-invalid/01-script-try-create.yaml deleted file mode 100644 index 24bc7f0720..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-create-policy-invalid/01-script-try-create.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script-try-create -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f policy.yaml\nthen \n echo \"Tested failed. Policy - was created when it shouldn't have been.\"\n exit 1 \nelse \n echo \"Test - succeeded. Policy was not created as intended.\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-create-policy-invalid/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-create-policy-invalid/chainsaw-test.yaml new file mode 100755 index 0000000000..6d989263a5 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-create-policy-invalid/chainsaw-test.yaml @@ -0,0 +1,13 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-sync-create-policy-invalid +spec: + steps: + - name: step-01 + try: + - script: + content: "if kubectl apply -f policy.yaml\nthen \n echo \"Tested failed. + Policy was created when it shouldn't have been.\"\n exit 1 \nelse \n echo + \"Test succeeded. Policy was not created as intended.\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-create-policy-valid/01-script-try-create.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-create-policy-valid/01-script-try-create.yaml deleted file mode 100644 index 27fcd29d25..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-create-policy-valid/01-script-try-create.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script-try-create -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f policy.yaml\nthen\n echo \"Test succeeded. Policy - was created as intended.\"\n exit 0 \nelse \n echo \"Tested failed. Policy - was not created when it should have been.\"\n exit 1\nfi\n" diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-create-policy-valid/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-create-policy-valid/chainsaw-test.yaml new file mode 100755 index 0000000000..c655994d56 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-create-policy-valid/chainsaw-test.yaml @@ -0,0 +1,13 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-sync-create-policy-valid +spec: + steps: + - name: step-01 + try: + - script: + content: "if kubectl apply -f policy.yaml\nthen\n echo \"Test succeeded. + Policy was created as intended.\"\n exit 0 \nelse \n echo \"Tested failed. + Policy was not created when it should have been.\"\n exit 1\nfi\n" diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/01-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/02-create-secret.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/02-create-secret.yaml deleted file mode 100644 index a832bf5a48..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/02-create-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-secret -spec: - timeouts: {} - try: - - apply: - file: secret.yaml - - assert: - file: generated-configmap.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/03-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/03-delete.yaml deleted file mode 100644 index 65dff2c9e5..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: exeter diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/04-sleep.yaml deleted file mode 100644 index da181e30a3..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/04-sleep.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - script: - content: sleep 6 - timeout: 10s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/05-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/chainsaw-step-05-assert-1-1.yaml index 4cbb4be8c9..d94ddc2f63 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/05-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/chainsaw-step-05-assert-1-1.yaml @@ -1,8 +1,8 @@ apiVersion: v1 data: KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 - ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: name: zk-kafka-address - namespace: exeter \ No newline at end of file + namespace: exeter diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..a9df3af4af --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/chainsaw-test.yaml @@ -0,0 +1,36 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-sync-delete-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: secret.yaml + - assert: + file: generated-configmap.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: exeter + - name: step-04 + try: + - script: + content: sleep 6 + timeout: 10s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/01-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/02-create-secret.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/02-create-secret.yaml deleted file mode 100644 index a832bf5a48..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/02-create-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-secret -spec: - timeouts: {} - try: - - apply: - file: secret.yaml - - assert: - file: generated-configmap.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/03-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/03-delete.yaml deleted file mode 100644 index 7de8335b2a..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: kyverno.io/v1 - kind: Policy - name: pol-data-sync-delete-policy-policy - namespace: manasis diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/chainsaw-step-05-error-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/chainsaw-step-05-error-1-1.yaml new file mode 100755 index 0000000000..0869de5e2d --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/chainsaw-step-05-error-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 +kind: ConfigMap +metadata: + name: zk-kafka-address + namespace: manasis diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..98b1c4a1dc --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-sync-delete-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: secret.yaml + - assert: + file: generated-configmap.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: Policy + name: pol-data-sync-delete-policy-policy + namespace: manasis + - name: step-04 + try: + - sleep: + duration: 3s + - name: step-05 + try: + - error: + file: chainsaw-step-05-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/03-check.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/03-check.yaml deleted file mode 100644 index 636f896e15..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/03-check.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - assert: - file: configmap.yaml - - assert: - file: configmap-remain.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/05-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/06-checks.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/06-checks.yaml deleted file mode 100644 index efc053fc7e..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/06-checks.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: checks -spec: - timeouts: {} - try: - - assert: - file: configmap-remain.yaml - - error: - file: configmap.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..a9a50e159b --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-data-sync-delete-rule diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 71% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-01-apply-1-2.yaml index 4e9da6fc27..a834061e7e --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-01-apply-1-2.yaml @@ -1,8 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-data-sync-delete-rule ---- apiVersion: kyverno.io/v1 kind: Policy metadata: @@ -11,29 +6,20 @@ metadata: spec: generateExisting: false rules: - - name: k-kafka-address - match: - any: - - resources: - kinds: - - Secret - names: - - trigger-secret - generate: - synchronize: true + - generate: apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue kind: ConfigMap name: zk-kafka-address namespace: pol-data-sync-delete-rule - data: - kind: ConfigMap - metadata: - labels: - somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" - - name: super-configmap + synchronize: true match: any: - resources: @@ -41,16 +27,25 @@ spec: - Secret names: - trigger-secret - generate: - synchronize: true + name: k-kafka-address + - generate: apiVersion: v1 - kind: ConfigMap - name: superconfigmap - namespace: pol-data-sync-delete-rule data: + data: + key: superconfigmap kind: ConfigMap metadata: labels: somekey: somevalue - data: - key: superconfigmap \ No newline at end of file + kind: ConfigMap + name: superconfigmap + namespace: pol-data-sync-delete-rule + synchronize: true + match: + any: + - resources: + kinds: + - Secret + names: + - trigger-secret + name: super-configmap diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/02-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 91% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/02-trigger.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-02-apply-1-1.yaml index d34c5e509a..aad8c13b26 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/02-trigger.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-02-apply-1-1.yaml @@ -7,4 +7,4 @@ metadata: org: kyverno name: trigger-secret namespace: pol-data-sync-delete-rule -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/04-delete-rule.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 93% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/04-delete-rule.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-04-apply-1-1.yaml index fd97ab5bec..13da262dfc --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/04-delete-rule.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-04-apply-1-1.yaml @@ -6,7 +6,19 @@ metadata: spec: generateExisting: false rules: - - name: super-configmap + - generate: + apiVersion: v1 + data: + data: + key: superconfigmap + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: superconfigmap + namespace: pol-data-sync-delete-rule + synchronize: true match: any: - resources: @@ -14,16 +26,4 @@ spec: - Secret names: - trigger-secret - generate: - synchronize: true - apiVersion: v1 - kind: ConfigMap - name: superconfigmap - namespace: pol-data-sync-delete-rule - data: - kind: ConfigMap - metadata: - labels: - somekey: somevalue - data: - key: superconfigmap + name: super-configmap diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/04-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-04-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/04-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-step-04-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..c62d4f3c28 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-rule/chainsaw-test.yaml @@ -0,0 +1,41 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-sync-delete-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: configmap.yaml + - assert: + file: configmap-remain.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - assert: + file: chainsaw-step-04-assert-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - assert: + file: configmap-remain.yaml + - error: + file: configmap.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/03-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/05-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/05-delete.yaml deleted file mode 100644 index 855619bfbf..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/05-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: pol-data-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/06-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/06-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/06-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..31835940f9 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-data-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 73% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-01-apply-1-2.yaml index 7ea047b97b..6c2ee88c26 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-01-apply-1-2.yaml @@ -1,30 +1,25 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-data-sync-delete-trigger-ns ---- apiVersion: kyverno.io/v1 kind: Policy metadata: name: pol-data-sync-delete-trigger - namespace: pol-data-sync-delete-trigger-ns + namespace: pol-data-sync-delete-trigger-ns spec: rules: - - name: default-deny - match: - any: - - resources: - kinds: - - ConfigMap - generate: + - generate: apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - name: default-deny - namespace: pol-data-sync-delete-trigger-ns - synchronize: true data: spec: podSelector: {} policyTypes: - Ingress - Egress + kind: NetworkPolicy + name: default-deny + namespace: pol-data-sync-delete-trigger-ns + synchronize: true + match: + any: + - resources: + kinds: + - ConfigMap + name: default-deny diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 92% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-01-assert-1-1.yaml index 1715d402b3..3a9e094477 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/01-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-01-assert-1-1.yaml @@ -7,4 +7,4 @@ status: conditions: - reason: Succeeded status: "True" - type: Ready \ No newline at end of file + type: Ready diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/02-configmap.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 56% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/02-configmap.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-02-apply-1-1.yaml index 4a3d303ee8..823b290183 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/02-configmap.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-02-apply-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ConfigMap metadata: name: test-org - namespace: pol-data-sync-delete-trigger-ns \ No newline at end of file + namespace: pol-data-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-04-assert-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-04-assert-1-1.yaml new file mode 100755 index 0000000000..823b290183 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-04-assert-1-1.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-org + namespace: pol-data-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/04-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-04-assert-1-2.yaml old mode 100644 new mode 100755 similarity index 54% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/04-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-04-assert-1-2.yaml index 44b5e19659..ffb99079d5 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/04-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-04-assert-1-2.yaml @@ -1,11 +1,5 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: test-org - namespace: pol-data-sync-delete-trigger-ns ---- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny - namespace: pol-data-sync-delete-trigger-ns \ No newline at end of file + namespace: pol-data-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/07-errors.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-07-error-1-1.yaml old mode 100644 new mode 100755 similarity index 93% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/07-errors.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-07-error-1-1.yaml index 4982697bc0..4c6d55b262 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/07-errors.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-step-07-error-1-1.yaml @@ -6,4 +6,4 @@ metadata: spec: policyTypes: - Ingress - - Egress \ No newline at end of file + - Egress diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-test.yaml new file mode 100755 index 0000000000..f4eae9e4e0 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/chainsaw-test.yaml @@ -0,0 +1,45 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-sync-delete-trigger +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: chainsaw-step-04-assert-1-1.yaml + - assert: + file: chainsaw-step-04-assert-1-2.yaml + - name: step-05 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: pol-data-sync-delete-trigger-ns + - name: step-06 + try: + - sleep: + duration: 3s + - name: step-07 + try: + - error: + file: chainsaw-step-07-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/03-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/03-assert.yaml deleted file mode 100644 index e74a642483..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/03-assert.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -data: - KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 - ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 -kind: ConfigMap -metadata: - labels: - somekey: somevalue - name: zk-kafka-address - namespace: pol-data-sync-modify-downstream-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/04-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/05-assert.yaml deleted file mode 100644 index e74a642483..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/05-assert.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -data: - KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 - ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 -kind: ConfigMap -metadata: - labels: - somekey: somevalue - name: zk-kafka-address - namespace: pol-data-sync-modify-downstream-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..6c9aa06ecc --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-data-sync-modify-downstream-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/01-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 62% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/01-policy.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-01-apply-1-2.yaml index 0062deb79c..3e624e438c --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/01-policy.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-01-apply-1-2.yaml @@ -1,9 +1,3 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: pol-data-sync-modify-downstream-ns ---- apiVersion: kyverno.io/v1 kind: Policy metadata: @@ -11,23 +5,23 @@ metadata: namespace: pol-data-sync-modify-downstream-ns spec: rules: - - name: gen-zk + - generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: pol-data-sync-modify-downstream-ns + synchronize: true match: any: - resources: kinds: - Secret - generate: - synchronize: true - apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: pol-data-sync-modify-downstream-ns - data: - kind: ConfigMap - metadata: - labels: - somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + name: gen-zk diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/02-secret.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/02-secret.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-02-apply-1-1.yaml index 464dcb75a6..0577d77b30 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/02-secret.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-02-apply-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: test namespace: pol-data-sync-modify-downstream-ns -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/05-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 83% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/05-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-03-assert-1-1.yaml index 514c3314f8..fba1c33d9b --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/05-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-03-assert-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: cpol-data-sync-delete-downstream-ns \ No newline at end of file + namespace: pol-data-sync-modify-downstream-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/04-modify.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 80% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/04-modify.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-04-apply-1-1.yaml index c09fe4dd91..8c1c12e64d --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/04-modify.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-04-apply-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: pol-data-sync-modify-downstream-ns \ No newline at end of file + namespace: pol-data-sync-modify-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/02-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 83% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/02-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-05-assert-1-1.yaml index 514c3314f8..fba1c33d9b --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/02-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-step-05-assert-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: cpol-data-sync-delete-downstream-ns \ No newline at end of file + namespace: pol-data-sync-modify-downstream-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..28a9b8799a --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-downstream/chainsaw-test.yaml @@ -0,0 +1,31 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-sync-modify-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - sleep: + duration: 3s + - name: step-05 + try: + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..e0fe6bbceb --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-data-sync-modify-rule diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/03-policy-update.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 70% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/03-policy-update.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-01-apply-1-2.yaml index e8a412a3db..5ac20c811f --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/03-policy-update.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-01-apply-1-2.yaml @@ -6,23 +6,23 @@ metadata: spec: generateExisting: true rules: - - name: k-kafka-address + - generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: pol-data-sync-modify-rule + synchronize: true match: any: - resources: kinds: - Secret - generate: - synchronize: true - apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: pol-data-sync-modify-rule - data: - kind: ConfigMap - metadata: - labels: - somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9999" \ No newline at end of file + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/02-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 91% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/02-trigger.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-02-apply-1-1.yaml index 81ba840078..64f7efa0aa --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/02-trigger.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-02-apply-1-1.yaml @@ -7,4 +7,4 @@ metadata: org: kyverno name: trigger-secret namespace: pol-data-sync-modify-rule -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 63% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml index f6274fa6a0..05ae2854c0 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-03-apply-1-1.yaml @@ -1,8 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-data-sync-modify-rule ---- apiVersion: kyverno.io/v2beta1 kind: Policy metadata: @@ -11,23 +6,23 @@ metadata: spec: generateExisting: true rules: - - name: k-kafka-address + - generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9999 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: pol-data-sync-modify-rule + synchronize: true match: any: - resources: kinds: - Secret - generate: - synchronize: true - apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: pol-data-sync-modify-rule - data: - kind: ConfigMap - metadata: - labels: - somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" \ No newline at end of file + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/03-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 86% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/03-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-03-assert-1-1.yaml index 4f48cf29a5..e79015e9cb --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/03-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-03-assert-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: pol-data-sync-modify-rule \ No newline at end of file + namespace: pol-data-sync-modify-rule diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/04-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-04-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 86% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/04-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-04-assert-1-1.yaml index 4f48cf29a5..e79015e9cb --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/04-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-step-04-assert-1-1.yaml @@ -7,4 +7,4 @@ metadata: labels: somekey: somevalue name: zk-kafka-address - namespace: pol-data-sync-modify-rule \ No newline at end of file + namespace: pol-data-sync-modify-rule diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-test.yaml new file mode 100755 index 0000000000..da8d6a2bc3 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-modify-rule/chainsaw-test.yaml @@ -0,0 +1,29 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-sync-modify-rule +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - assert: + file: chainsaw-step-03-assert-1-1.yaml + - name: step-04 + try: + - assert: + file: chainsaw-step-04-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/03-downstream-created.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/03-downstream-created.yaml deleted file mode 100644 index e515801d11..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/03-downstream-created.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-created -spec: - timeouts: {} - try: - - assert: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/05-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/05-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/05-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/06-downstream-deleted.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/06-downstream-deleted.yaml deleted file mode 100644 index f01c4fabad..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/06-downstream-deleted.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: downstream-deleted -spec: - timeouts: {} - try: - - error: - file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..6ea49281d8 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-data-sync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 72% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/01-manifests.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml index 10486d63c3..ced713922b --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/01-manifests.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-01-apply-1-2.yaml @@ -1,16 +1,22 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-data-sync-update-trigger-no-match-ns ---- apiVersion: kyverno.io/v1 kind: Policy metadata: name: pol-data-sync-update-trigger-no-match - namespace: pol-data-sync-update-trigger-no-match-ns + namespace: pol-data-sync-update-trigger-no-match-ns spec: rules: - - name: default-deny + - generate: + apiVersion: networking.k8s.io/v1 + data: + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + kind: NetworkPolicy + name: default-deny + namespace: pol-data-sync-update-trigger-no-match-ns + synchronize: true match: any: - resources: @@ -19,15 +25,4 @@ spec: selector: matchLabels: create-netpol: "true" - generate: - apiVersion: networking.k8s.io/v1 - kind: NetworkPolicy - name: default-deny - namespace: pol-data-sync-update-trigger-no-match-ns - synchronize: true - data: - spec: - podSelector: {} - policyTypes: - - Ingress - - Egress \ No newline at end of file + name: default-deny diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/02-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 63% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/02-trigger.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml index 1fa481d9b1..ffad72d889 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/02-trigger.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-02-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-netpol: "true" name: test-org - namespace: pol-data-sync-update-trigger-no-match-ns \ No newline at end of file + namespace: pol-data-sync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/04-update-trigger.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 63% rename from test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/04-update-trigger.yaml rename to test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml index 543902ad74..a64e3b35a0 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/04-update-trigger.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-step-04-apply-1-1.yaml @@ -4,4 +4,4 @@ metadata: labels: create-netpol: "false" name: test-org - namespace: pol-data-sync-update-trigger-no-match-ns \ No newline at end of file + namespace: pol-data-sync-update-trigger-no-match-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-test.yaml new file mode 100755 index 0000000000..592db44c59 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-update-trigger-no-match/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: pol-data-sync-update-trigger-no-match +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: downstream.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - sleep: + duration: 3s + - name: step-06 + try: + - error: + file: downstream.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/01-manifests.yaml deleted file mode 100644 index a6365916f8..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/01-manifests.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: match-trigger-namespace-ns ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - labels: - example.com/sm-sync: "true" - name: regcred - namespace: match-trigger-namespace-ns -type: Opaque ---- -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: match-trigger-namespace - namespace: match-trigger-namespace-ns -spec: - generateExisting: true - rules: - - name: get-synced-secrets - match: - resources: - kinds: - - Secret - selector: - matchLabels: - example.com/sm-sync: "true" - generate: - apiVersion: v1 - kind: ConfigMap - name: "{{request.object.metadata.name}}-modify" - namespace: match-trigger-namespace-ns - synchronize: true - data: - data: - modify: Zm9v \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/02-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/02-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/02-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..4490a3ed45 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: match-trigger-namespace-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..fc9135f507 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + labels: + example.com/sm-sync: "true" + name: regcred + namespace: match-trigger-namespace-ns +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..18085b3d6d --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,25 @@ +apiVersion: kyverno.io/v1 +kind: Policy +metadata: + name: match-trigger-namespace + namespace: match-trigger-namespace-ns +spec: + generateExisting: true + rules: + - generate: + apiVersion: v1 + data: + data: + modify: Zm9v + kind: ConfigMap + name: '{{request.object.metadata.name}}-modify' + namespace: match-trigger-namespace-ns + synchronize: true + match: + resources: + kinds: + - Secret + selector: + matchLabels: + example.com/sm-sync: "true" + name: get-synced-secrets diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/03-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 68% rename from test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/03-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-03-assert-1-1.yaml index fd6051f3d3..5e83213e89 --- a/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/03-assert.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-step-03-assert-1-1.yaml @@ -4,4 +4,4 @@ data: kind: ConfigMap metadata: name: regcred-modify - namespace: match-trigger-namespace-ns \ No newline at end of file + namespace: match-trigger-namespace-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-test.yaml new file mode 100755 index 0000000000..3816ff9cab --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/existing/match-trigger-namespace/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: match-trigger-namespace +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - sleep: + duration: 3s + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/01-manifests.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/01-manifests.yaml deleted file mode 100644 index ee3ff8a54c..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/01-manifests.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: non-match-trigger-namespace-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - name: non-match-trigger-namespace-ns-2 ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - labels: - example.com/sm-sync: "true" - name: regcred - namespace: non-match-trigger-namespace-ns-2 -type: Opaque ---- -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: non-match-trigger-namespace - namespace: non-match-trigger-namespace-ns -spec: - generateExisting: true - rules: - - name: get-synced-secrets - match: - resources: - kinds: - - Secret - selector: - matchLabels: - example.com/sm-sync: "true" - generate: - apiVersion: v1 - kind: ConfigMap - name: "{{request.object.metadata.name}}-modify" - namespace: non-match-trigger-namespace-ns - synchronize: true - data: - data: - modify: Zm9v \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/02-sleep.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/02-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/02-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..e779d4aa06 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: non-match-trigger-namespace-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..5271f5ca74 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: non-match-trigger-namespace-ns-2 diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..ae20908840 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + labels: + example.com/sm-sync: "true" + name: regcred + namespace: non-match-trigger-namespace-ns-2 +type: Opaque diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-apply-1-4.yaml new file mode 100755 index 0000000000..01678848d6 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-apply-1-4.yaml @@ -0,0 +1,25 @@ +apiVersion: kyverno.io/v1 +kind: Policy +metadata: + name: non-match-trigger-namespace + namespace: non-match-trigger-namespace-ns +spec: + generateExisting: true + rules: + - generate: + apiVersion: v1 + data: + data: + modify: Zm9v + kind: ConfigMap + name: '{{request.object.metadata.name}}-modify' + namespace: non-match-trigger-namespace-ns + synchronize: true + match: + resources: + kinds: + - Secret + selector: + matchLabels: + example.com/sm-sync: "true" + name: get-synced-secrets diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/01-assert.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/01-assert.yaml rename to test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/03-errors.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-03-error-1-1.yaml old mode 100644 new mode 100755 similarity index 65% rename from test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/03-errors.yaml rename to test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-03-error-1-1.yaml index a4a3008633..b4d9b2fb12 --- a/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/03-errors.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-step-03-error-1-1.yaml @@ -4,4 +4,4 @@ data: kind: ConfigMap metadata: name: regcred-modify - namespace: non-match-trigger-namespace-ns \ No newline at end of file + namespace: non-match-trigger-namespace-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-test.yaml new file mode 100755 index 0000000000..ab9557ce91 --- /dev/null +++ b/test/conformance/chainsaw/generate/policy/standard/existing/non-match-trigger-namespace/chainsaw-test.yaml @@ -0,0 +1,27 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: non-match-trigger-namespace +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - sleep: + duration: 3s + - name: step-03 + try: + - error: + file: chainsaw-step-03-error-1-1.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/02-check.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/02-check.yaml deleted file mode 100644 index 5bc57a38b3..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/02-check.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - apply: - file: policy-pass.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-fail-1.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-fail-2.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-fail-3.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/01-clusterrole.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 98% rename from test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/01-clusterrole.yaml rename to test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/chainsaw-step-01-apply-1-1.yaml index 15a18f4f8d..4238290c15 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/01-clusterrole.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/chainsaw-step-01-apply-1-1.yaml @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kyverno:background-controller:manage-clusterrole labels: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:manage-clusterrole rules: - apiGroups: - rbac.authorization.k8s.io @@ -15,4 +15,4 @@ rules: - create - update - delete - - get \ No newline at end of file + - get diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/chainsaw-test.yaml new file mode 100755 index 0000000000..58eeb8b7c0 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/chainsaw-test.yaml @@ -0,0 +1,30 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: clonelist +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - name: step-02 + try: + - apply: + file: policy-pass.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-fail-1.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-fail-2.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-fail-3.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/01-cluster-policy.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/01-cluster-policy.yaml deleted file mode 100644 index 93bea49ced..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/01-cluster-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cluster-policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/02-update.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/02-update.yaml deleted file mode 100644 index cec54d9fc6..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/02-update.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: update -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: update-name.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-namespace.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/chainsaw-test.yaml new file mode 100755 index 0000000000..678d66fd63 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: immutable-clone +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: update-name.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-namespace.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/01-cluster-policy.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/01-cluster-policy.yaml deleted file mode 100644 index e8e70ecd4a..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/01-cluster-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cluster-policy -spec: - timeouts: {} - try: - - apply: - file: cluster-policy.yaml - - assert: - file: cluster-policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/02-update.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/02-update.yaml deleted file mode 100644 index 3de733d074..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/02-update.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: update -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: update-ns.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-kinds.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-selector.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/chainsaw-test.yaml new file mode 100755 index 0000000000..f6840d46b3 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/chainsaw-test.yaml @@ -0,0 +1,30 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: immutable-clonelist +spec: + steps: + - name: step-01 + try: + - apply: + file: cluster-policy.yaml + - assert: + file: cluster-policy-ready.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: update-ns.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-kinds.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-selector.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/02-update.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/02-update.yaml deleted file mode 100644 index 8ee15a01f1..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/02-update.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: update -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: update-name.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-apiversion.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-namespace.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-kind.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/01-policy.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 69% rename from test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/01-policy.yaml rename to test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/chainsaw-step-01-apply-1-1.yaml index 903a133914..b327e6993b --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/01-policy.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/chainsaw-step-01-apply-1-1.yaml @@ -5,13 +5,7 @@ metadata: spec: generateExisting: false rules: - - name: k-kafka-address - match: - any: - - resources: - kinds: - - Namespace - exclude: + - exclude: any: - resources: namespaces: @@ -20,16 +14,22 @@ spec: - kube-public - kyverno generate: - synchronize: true apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: "{{request.object.metadata.name}}" data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: labels: somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + kind: ConfigMap + name: zk-kafka-address + namespace: '{{request.object.metadata.name}}' + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/01-assert.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/01-assert.yaml rename to test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..538a53884f --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: immutable-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: update-name.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-apiversion.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-namespace.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-kind.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/02-update.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/02-update.yaml deleted file mode 100644 index c9b14c461f..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/02-update.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: update -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: update-rule-name.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-rule-match.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-rule-exclude.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-rule-preconditions.yaml - - apply: - file: update-rule-generate-synchronize.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/01-policy.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 74% rename from test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/01-policy.yaml rename to test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/chainsaw-step-01-apply-1-1.yaml index b6a127a3df..3369f4f839 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/01-policy.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/chainsaw-step-01-apply-1-1.yaml @@ -5,13 +5,7 @@ metadata: spec: generateExisting: false rules: - - name: k-kafka-address - match: - any: - - resources: - kinds: - - Namespace - exclude: + - exclude: any: - resources: namespaces: @@ -20,16 +14,22 @@ spec: - kube-public - kyverno generate: - synchronize: true apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: default data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: labels: somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + kind: ConfigMap + name: zk-kafka-address + namespace: default + synchronize: true + match: + any: + - resources: + kinds: + - Namespace + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/01-assert.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/01-assert.yaml rename to test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/chainsaw-test.yaml new file mode 100755 index 0000000000..c37c6d9f35 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: immutable-rule-spec +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: update-rule-name.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-rule-match.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-rule-exclude.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-rule-preconditions.yaml + - apply: + file: update-rule-generate-synchronize.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/01-fail-no-permission.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/01-fail-no-permission.yaml deleted file mode 100644 index bb09f49d44..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/01-fail-no-permission.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: fail-no-permission -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: policy.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/03-pass.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/03-pass.yaml deleted file mode 100644 index a6fe7e06e5..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/03-pass.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pass -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/04-delete.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/04-delete.yaml deleted file mode 100644 index 37e3953846..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/04-delete.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: cpol-validate-create-sa-permission diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/05-pass.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/05-pass.yaml deleted file mode 100644 index 783ad0db47..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/05-pass.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pass -spec: - timeouts: {} - try: - - apply: - file: policy-with-var.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/03-clusterrole.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 97% rename from test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/03-clusterrole.yaml rename to test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/chainsaw-step-02-apply-1-1.yaml index b7cc486047..bdce3eef24 --- a/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/03-clusterrole.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/chainsaw-step-02-apply-1-1.yaml @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kyverno:background-controller:temp labels: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:temp rules: - apiGroups: - '*' @@ -17,4 +17,4 @@ rules: - patch - delete - get - - list \ No newline at end of file + - list diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/chainsaw-test.yaml new file mode 100755 index 0000000000..2220eaf2f7 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: no-permission +spec: + steps: + - name: step-01 + try: + - apply: + expect: + - check: + ($error != null): true + file: policy.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-04 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-validate-create-sa-permission + - name: step-05 + try: + - apply: + file: policy-with-var.yaml + - assert: + file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/03-check.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/03-check.yaml deleted file mode 100644 index fbc1d53c51..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/03-check.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - apply: - file: policy-1.yaml - - apply: - file: policy-1-subresource.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-2.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-2-subresource.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/01-clusterrole.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 97% rename from test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/01-clusterrole.yaml rename to test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/chainsaw-step-01-apply-1-1.yaml index a7bfdac24d..0da51e824a --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/01-clusterrole.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/chainsaw-step-01-apply-1-1.yaml @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kyverno:background-controller:manage-policy labels: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:manage-policy rules: - apiGroups: - kyverno.io @@ -15,4 +15,4 @@ rules: - create - update - delete - - get \ No newline at end of file + - get diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/01-crd.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/chainsaw-step-01-apply-2-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/01-crd.yaml rename to test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/chainsaw-step-01-apply-2-1.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/02-assert.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/02-assert.yaml rename to test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/chainsaw-step-02-assert-1-1.yaml index e610d86806..8163262fa4 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/02-assert.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/chainsaw-step-02-assert-1-1.yaml @@ -8,4 +8,4 @@ status: kind: Policy listKind: PolicyList plural: policies - singular: policy \ No newline at end of file + singular: policy diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/chainsaw-test.yaml new file mode 100755 index 0000000000..a738fb2402 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/chainsaw-test.yaml @@ -0,0 +1,33 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: same-kind +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-2-1.yaml + - name: step-02 + try: + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - apply: + file: policy-1.yaml + - apply: + file: policy-1-subresource.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-2.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-2-subresource.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/prevent-loop/01-pass.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/prevent-loop/01-pass.yaml deleted file mode 100644 index 4d18430c4e..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/prevent-loop/01-pass.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pass -spec: - timeouts: {} - try: - - apply: - file: policy.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/prevent-loop/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/prevent-loop/chainsaw-test.yaml new file mode 100755 index 0000000000..331beec686 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/prevent-loop/chainsaw-test.yaml @@ -0,0 +1,11 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: prevent-loop +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/02-check.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/02-check.yaml deleted file mode 100644 index ff1bfc925a..0000000000 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/02-check.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: policy-fail-1-no-ns-namespaced-target.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-fail-2-ns-cluster-target.yaml - - apply: - file: policy-pass-1-ns-namespaced-target.yaml - - apply: - file: policy-pass-2-no-ns-cluster-target.yaml - - apply: - file: policy-pass-3.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/01-clusterrole.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 91% rename from test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/01-clusterrole.yaml rename to test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-step-01-apply-1-1.yaml index 2d6cd750d3..da013ecf07 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/01-clusterrole.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-step-01-apply-1-1.yaml @@ -1,15 +1,15 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kyverno:background-controller:manage-ns-crossplane-role labels: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:manage-ns-crossplane-role rules: - apiGroups: - "" - - "iam.aws.crossplane.io" + - iam.aws.crossplane.io resources: - namespaces - roles @@ -19,7 +19,7 @@ rules: - delete - get - apiGroups: - - "kyverno.io" + - kyverno.io resources: - clustercleanuppolicies verbs: diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/01-crd.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-step-01-apply-2-1.yaml old mode 100644 new mode 100755 similarity index 99% rename from test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/01-crd.yaml rename to test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-step-01-apply-2-1.yaml index 7b4fcae4f4..c2a379e3d0 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/01-crd.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-step-01-apply-2-1.yaml @@ -231,4 +231,4 @@ status: plural: "" conditions: [] storedVersions: - - v1beta1 \ No newline at end of file + - v1beta1 diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-test.yaml new file mode 100755 index 0000000000..fa1a11d8bd --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/chainsaw-test.yaml @@ -0,0 +1,31 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: target-namespace-scope +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-2-1.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: policy-fail-1-no-ns-namespaced-target.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-fail-2-ns-cluster-target.yaml + - apply: + file: policy-pass-1-ns-namespaced-target.yaml + - apply: + file: policy-pass-2-no-ns-cluster-target.yaml + - apply: + file: policy-pass-3.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/cloneList/01-ns.yaml b/test/conformance/chainsaw/generate/validation/policy/cloneList/01-ns.yaml deleted file mode 100644 index 37fe3d1121..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/cloneList/01-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: target-scope-validation-fail-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/validation/policy/cloneList/02-check.yaml b/test/conformance/chainsaw/generate/validation/policy/cloneList/02-check.yaml deleted file mode 100644 index 5bc57a38b3..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/cloneList/02-check.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - apply: - file: policy-pass.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-fail-1.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-fail-2.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-fail-3.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/cloneList/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/validation/policy/cloneList/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..08d6fcac0b --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/policy/cloneList/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: target-scope-validation-fail-ns diff --git a/test/conformance/chainsaw/generate/validation/policy/cloneList/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/policy/cloneList/chainsaw-test.yaml new file mode 100755 index 0000000000..58eeb8b7c0 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/policy/cloneList/chainsaw-test.yaml @@ -0,0 +1,30 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: clonelist +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - name: step-02 + try: + - apply: + file: policy-pass.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-fail-1.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-fail-2.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-fail-3.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-clone/01-policy.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-clone/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/immutable-clone/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-clone/02-update.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-clone/02-update.yaml deleted file mode 100644 index 2410548dac..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/immutable-clone/02-update.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: update -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: update-namespace.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-name.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-clone/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-clone/chainsaw-test.yaml new file mode 100755 index 0000000000..0c70a86997 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/policy/immutable-clone/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: immutable-clone +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: update-namespace.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-name.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/01-policy.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/02-update.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/02-update.yaml deleted file mode 100644 index 3de733d074..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/02-update.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: update -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: update-ns.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-kinds.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-selector.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/chainsaw-test.yaml new file mode 100755 index 0000000000..a0f6f359f7 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/chainsaw-test.yaml @@ -0,0 +1,30 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: immutable-clonelist +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: update-ns.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-kinds.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-selector.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/02-update.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/02-update.yaml deleted file mode 100644 index 8ee15a01f1..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/02-update.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: update -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: update-name.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-apiversion.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-namespace.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-kind.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/01-policy.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 69% rename from test/conformance/chainsaw/generate/validation/policy/immutable-downstream/01-policy.yaml rename to test/conformance/chainsaw/generate/validation/policy/immutable-downstream/chainsaw-step-01-apply-1-1.yaml index 6bc7f61054..9e97b4463e --- a/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/01-policy.yaml +++ b/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/chainsaw-step-01-apply-1-1.yaml @@ -6,23 +6,23 @@ metadata: spec: generateExisting: false rules: - - name: k-kafka-address + - generate: + apiVersion: v1 + data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 + kind: ConfigMap + metadata: + labels: + somekey: somevalue + kind: ConfigMap + name: zk-kafka-address + namespace: default + synchronize: true match: any: - resources: kinds: - Secret - generate: - synchronize: true - apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: default - data: - kind: ConfigMap - metadata: - labels: - somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/01-assert.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/validation/policy/immutable-downstream/01-assert.yaml rename to test/conformance/chainsaw/generate/validation/policy/immutable-downstream/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/chainsaw-test.yaml new file mode 100755 index 0000000000..538a53884f --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: immutable-downstream +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: update-name.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-apiversion.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-namespace.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-kind.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/02-update.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/02-update.yaml deleted file mode 100644 index c9b14c461f..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/02-update.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: update -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: update-rule-name.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-rule-match.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-rule-exclude.yaml - - apply: - expect: - - check: - ($error != null): true - file: update-rule-preconditions.yaml - - apply: - file: update-rule-generate-synchronize.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/01-policy.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 72% rename from test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/01-policy.yaml rename to test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/chainsaw-step-01-apply-1-1.yaml index 4edac1d0e7..c9aabbfd10 --- a/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/01-policy.yaml +++ b/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/chainsaw-step-01-apply-1-1.yaml @@ -6,28 +6,28 @@ metadata: spec: generateExisting: false rules: - - name: k-kafka-address - match: - any: - - resources: - kinds: - - Secret - exclude: + - exclude: any: - resources: kinds: - NetworkPolicy generate: - synchronize: true apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: default data: + data: + KAFKA_ADDRESS: 192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092 + ZK_ADDRESS: 192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181 kind: ConfigMap metadata: labels: somekey: somevalue - data: - ZK_ADDRESS: "192.168.10.10:2181,192.168.10.11:2181,192.168.10.12:2181" - KAFKA_ADDRESS: "192.168.10.13:9092,192.168.10.14:9092,192.168.10.15:9092" + kind: ConfigMap + name: zk-kafka-address + namespace: default + synchronize: true + match: + any: + - resources: + kinds: + - Secret + name: k-kafka-address diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/01-assert.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/01-assert.yaml rename to test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/chainsaw-test.yaml new file mode 100755 index 0000000000..c37c6d9f35 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: immutable-rule-spec +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: update-rule-name.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-rule-match.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-rule-exclude.yaml + - apply: + expect: + - check: + ($error != null): true + file: update-rule-preconditions.yaml + - apply: + file: update-rule-generate-synchronize.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/permissions/01-ns.yaml b/test/conformance/chainsaw/generate/validation/policy/permissions/01-ns.yaml deleted file mode 100644 index 1b823288de..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/permissions/01-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-validate-create-sa-permission-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/validation/policy/permissions/02-fail-no-permission.yaml b/test/conformance/chainsaw/generate/validation/policy/permissions/02-fail-no-permission.yaml deleted file mode 100644 index bb09f49d44..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/permissions/02-fail-no-permission.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: fail-no-permission -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: policy.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/permissions/04-pass.yaml b/test/conformance/chainsaw/generate/validation/policy/permissions/04-pass.yaml deleted file mode 100644 index a6fe7e06e5..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/permissions/04-pass.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pass -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/permissions/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/validation/policy/permissions/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..eca3a1def1 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/policy/permissions/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-validate-create-sa-permission-ns diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/02-clusterrole.yaml b/test/conformance/chainsaw/generate/validation/policy/permissions/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 97% rename from test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/02-clusterrole.yaml rename to test/conformance/chainsaw/generate/validation/policy/permissions/chainsaw-step-03-apply-1-1.yaml index b7cc486047..bdce3eef24 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/02-clusterrole.yaml +++ b/test/conformance/chainsaw/generate/validation/policy/permissions/chainsaw-step-03-apply-1-1.yaml @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kyverno:background-controller:temp labels: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:temp rules: - apiGroups: - '*' @@ -17,4 +17,4 @@ rules: - patch - delete - get - - list \ No newline at end of file + - list diff --git a/test/conformance/chainsaw/generate/validation/policy/permissions/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/policy/permissions/chainsaw-test.yaml new file mode 100755 index 0000000000..698d7e4d21 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/policy/permissions/chainsaw-test.yaml @@ -0,0 +1,28 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: permissions +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: policy.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/prevent-loop/01-ns.yaml b/test/conformance/chainsaw/generate/validation/policy/prevent-loop/01-ns.yaml deleted file mode 100644 index d30f4dab16..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/prevent-loop/01-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-generate-prevent-loop-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/generate/validation/policy/prevent-loop/02-pass.yaml b/test/conformance/chainsaw/generate/validation/policy/prevent-loop/02-pass.yaml deleted file mode 100644 index 4d18430c4e..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/prevent-loop/02-pass.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pass -spec: - timeouts: {} - try: - - apply: - file: policy.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/prevent-loop/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/generate/validation/policy/prevent-loop/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..0cb86ce6ca --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/policy/prevent-loop/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-generate-prevent-loop-ns diff --git a/test/conformance/chainsaw/generate/validation/policy/prevent-loop/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/policy/prevent-loop/chainsaw-test.yaml new file mode 100755 index 0000000000..002164cb05 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/policy/prevent-loop/chainsaw-test.yaml @@ -0,0 +1,15 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: prevent-loop +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - name: step-02 + try: + - apply: + file: policy.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/02-check.yaml b/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/02-check.yaml deleted file mode 100644 index 65560bd1fc..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/02-check.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - apply: - file: policy-pass.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-fail-0.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-fail-1.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-fail-2.yaml - - apply: - expect: - - check: - ($error != null): true - file: policy-fail-3.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/03-delete.yaml b/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/03-delete.yaml deleted file mode 100644 index fb52bfe46b..0000000000 --- a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/03-delete.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: roles.iam.aws.crossplane.io diff --git a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/01-crd.yaml b/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 99% rename from test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/01-crd.yaml rename to test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/chainsaw-step-01-apply-1-1.yaml index 7b4fcae4f4..c2a379e3d0 --- a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/01-crd.yaml +++ b/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/chainsaw-step-01-apply-1-1.yaml @@ -231,4 +231,4 @@ status: plural: "" conditions: [] storedVersions: - - v1beta1 \ No newline at end of file + - v1beta1 diff --git a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/chainsaw-test.yaml b/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/chainsaw-test.yaml new file mode 100755 index 0000000000..75b9ca0345 --- /dev/null +++ b/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/chainsaw-test.yaml @@ -0,0 +1,42 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: target-namespace-scope +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - name: step-02 + try: + - apply: + file: policy-pass.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-fail-0.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-fail-1.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-fail-2.yaml + - apply: + expect: + - check: + ($error != null): true + file: policy-fail-3.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: roles.iam.aws.crossplane.io diff --git a/test/conformance/chainsaw/mutate/cascading/first-rule-is-foreach/01-policy.yaml b/test/conformance/chainsaw/mutate/cascading/first-rule-is-foreach/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/cascading/first-rule-is-foreach/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/cascading/first-rule-is-foreach/02-configmap.yaml b/test/conformance/chainsaw/mutate/cascading/first-rule-is-foreach/02-configmap.yaml deleted file mode 100644 index 20376f5967..0000000000 --- a/test/conformance/chainsaw/mutate/cascading/first-rule-is-foreach/02-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: configmap -spec: - timeouts: {} - try: - - apply: - file: configmap.yaml - - assert: - file: configmap-assert.yaml diff --git a/test/conformance/chainsaw/mutate/cascading/first-rule-is-foreach/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/cascading/first-rule-is-foreach/chainsaw-test.yaml new file mode 100755 index 0000000000..90ae105b74 --- /dev/null +++ b/test/conformance/chainsaw/mutate/cascading/first-rule-is-foreach/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: first-rule-is-foreach +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: configmap.yaml + - assert: + file: configmap-assert.yaml diff --git a/test/conformance/chainsaw/mutate/cascading/no-foreach/01-policy.yaml b/test/conformance/chainsaw/mutate/cascading/no-foreach/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/cascading/no-foreach/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/cascading/no-foreach/02-configmap.yaml b/test/conformance/chainsaw/mutate/cascading/no-foreach/02-configmap.yaml deleted file mode 100644 index 20376f5967..0000000000 --- a/test/conformance/chainsaw/mutate/cascading/no-foreach/02-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: configmap -spec: - timeouts: {} - try: - - apply: - file: configmap.yaml - - assert: - file: configmap-assert.yaml diff --git a/test/conformance/chainsaw/mutate/cascading/no-foreach/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/cascading/no-foreach/chainsaw-test.yaml new file mode 100755 index 0000000000..0269414e5d --- /dev/null +++ b/test/conformance/chainsaw/mutate/cascading/no-foreach/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: no-foreach +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: configmap.yaml + - assert: + file: configmap-assert.yaml diff --git a/test/conformance/chainsaw/mutate/cascading/two-foreach-rules/01-policy.yaml b/test/conformance/chainsaw/mutate/cascading/two-foreach-rules/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/cascading/two-foreach-rules/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/cascading/two-foreach-rules/02-configmap.yaml b/test/conformance/chainsaw/mutate/cascading/two-foreach-rules/02-configmap.yaml deleted file mode 100644 index 20376f5967..0000000000 --- a/test/conformance/chainsaw/mutate/cascading/two-foreach-rules/02-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: configmap -spec: - timeouts: {} - try: - - apply: - file: configmap.yaml - - assert: - file: configmap-assert.yaml diff --git a/test/conformance/chainsaw/mutate/cascading/two-foreach-rules/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/cascading/two-foreach-rules/chainsaw-test.yaml new file mode 100755 index 0000000000..872f7c5c73 --- /dev/null +++ b/test/conformance/chainsaw/mutate/cascading/two-foreach-rules/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: two-foreach-rules +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: configmap.yaml + - assert: + file: configmap-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/cascading-mutation/01-policy.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/cascading-mutation/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/cascading-mutation/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/cascading-mutation/02-resource.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/cascading-mutation/02-resource.yaml deleted file mode 100644 index b0ba0d3b42..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/cascading-mutation/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/cascading-mutation/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/cascading-mutation/chainsaw-test.yaml new file mode 100755 index 0000000000..1d05068687 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/cascading-mutation/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cascading-mutation +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/02-script.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/02-script.yaml deleted file mode 100644 index a80449c757..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/02-script.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f resource.yaml\nthen \n echo \"Tested failed. - Resource was allowed.\"\n exit 1 \nelse \n echo \"Test succeeded. Resource - was blocked.\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/04-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/04-manifests.yaml deleted file mode 100644 index 11013d6d91..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/04-manifests.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: propagate-cost-labels-from-namespace -spec: - failurePolicy: Fail - rules: - - name: add-cost-labels - context: - - name: namespaceLabels - apiCall: - urlPath: "/api/v1/namespaces/{{request.namespace}}" - jmesPath: metadata.labels - match: - any: - - resources: - kinds: - - Pod - - Deployment - - StatefulSet - - DaemonSet - - Job - - CronJob - mutate: - patchStrategicMerge: - metadata: - labels: - cost.starfleet.evtech/project: "{{namespaceLabels.\"cost.starfleet.evtech/project\" || 'empty'}}" - cost.starfleet.evtech/application: "{{request.object.metadata.labels.\"cost.starfleet.evtech/application\" || namespaceLabels.\"cost.starfleet.evtech/application\" || 'empty'}}" diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/05-pod.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/05-pod.yaml deleted file mode 100644 index e3c498af49..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/05-pod.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: webserver -spec: - containers: - - name: webserver - image: nginx:latest - ports: - - containerPort: 80 diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 50% rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/01-manifests.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-01-apply-1-1.yaml index 01f9296295..ae1c611bea --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/01-manifests.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-01-apply-1-1.yaml @@ -5,12 +5,11 @@ metadata: spec: failurePolicy: Fail rules: - - name: add-cost-labels - context: - - name: namespaceLabels - apiCall: - urlPath: "/api/v1/namespaces/{{request.namespace}}" + - context: + - apiCall: jmesPath: metadata.labels + urlPath: /api/v1/namespaces/{{request.namespace}} + name: namespaceLabels match: any: - resources: @@ -25,5 +24,7 @@ spec: patchStrategicMerge: metadata: labels: - cost.starfleet.evtech/project: "{{namespaceLabels.\"cost.starfleet.evtech/project\"}}" - cost.starfleet.evtech/application: "{{request.object.metadata.labels.\"cost.starfleet.evtech/application\" || namespaceLabels.\"cost.starfleet.evtech/application\"}}" + cost.starfleet.evtech/application: '{{request.object.metadata.labels."cost.starfleet.evtech/application" + || namespaceLabels."cost.starfleet.evtech/application"}}' + cost.starfleet.evtech/project: '{{namespaceLabels."cost.starfleet.evtech/project"}}' + name: add-cost-labels diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/01-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/03-errors.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-03-error-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/03-errors.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-03-error-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-04-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-04-apply-1-1.yaml new file mode 100755 index 0000000000..2a624ab77b --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-04-apply-1-1.yaml @@ -0,0 +1,31 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: propagate-cost-labels-from-namespace +spec: + failurePolicy: Fail + rules: + - context: + - apiCall: + jmesPath: metadata.labels + urlPath: /api/v1/namespaces/{{request.namespace}} + name: namespaceLabels + match: + any: + - resources: + kinds: + - Pod + - Deployment + - StatefulSet + - DaemonSet + - Job + - CronJob + mutate: + patchStrategicMerge: + metadata: + labels: + cost.starfleet.evtech/application: '{{request.object.metadata.labels."cost.starfleet.evtech/application" + || namespaceLabels."cost.starfleet.evtech/application" || ''empty''}}' + cost.starfleet.evtech/project: '{{namespaceLabels."cost.starfleet.evtech/project" + || ''empty''}}' + name: add-cost-labels diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-05-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-05-apply-1-1.yaml new file mode 100755 index 0000000000..09c11e25ce --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-05-apply-1-1.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Pod +metadata: + name: webserver +spec: + containers: + - image: nginx:latest + name: webserver + ports: + - containerPort: 80 diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/05-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-05-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/05-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-05-assert-1-1.yaml index 067b6d0ef6..acb0f899d5 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/05-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-step-05-assert-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: - name: webserver labels: - cost.starfleet.evtech/project: empty cost.starfleet.evtech/application: empty + cost.starfleet.evtech/project: empty + name: webserver diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-test.yaml new file mode 100755 index 0000000000..23ae101599 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/defaulting-namespace-labels/chainsaw-test.yaml @@ -0,0 +1,33 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: defaulting-namespace-labels +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - script: + content: "if kubectl apply -f resource.yaml\nthen \n echo \"Tested failed. + Resource was allowed.\"\n exit 1 \nelse \n echo \"Test succeeded. Resource + was blocked.\"\n exit 0\nfi\n" + - name: step-03 + try: + - error: + file: chainsaw-step-03-error-1-1.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1-1.yaml + - assert: + file: chainsaw-step-05-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/jmespath-with-special-chars/00-policy.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/jmespath-with-special-chars/00-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/jmespath-with-special-chars/00-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/jmespath-with-special-chars/01-deployment.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/jmespath-with-special-chars/01-deployment.yaml deleted file mode 100644 index b834867a41..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/jmespath-with-special-chars/01-deployment.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: deployment -spec: - timeouts: {} - try: - - apply: - file: resources.yaml - - assert: - file: resources-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/jmespath-with-special-chars/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/jmespath-with-special-chars/chainsaw-test.yaml new file mode 100755 index 0000000000..07460965bf --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/jmespath-with-special-chars/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: jmespath-with-special-chars +spec: + steps: + - name: step-00 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-01 + try: + - apply: + file: resources.yaml + - assert: + file: resources-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-using-default-context/00-policy.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-using-default-context/00-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-using-default-context/00-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-using-default-context/01-pod.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-using-default-context/01-pod.yaml deleted file mode 100644 index b6172499fe..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-using-default-context/01-pod.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - apply: - file: pod.yaml - - assert: - file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-using-default-context/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-using-default-context/chainsaw-test.yaml new file mode 100755 index 0000000000..40252e4213 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-using-default-context/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: mutate-using-default-context +spec: + steps: + - name: step-00 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-01 + try: + - apply: + file: pod.yaml + - assert: + file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-with-404-api-call/01-policy.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-with-404-api-call/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-with-404-api-call/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-with-404-api-call/02-pod.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-with-404-api-call/02-pod.yaml deleted file mode 100644 index b6172499fe..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-with-404-api-call/02-pod.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - apply: - file: pod.yaml - - assert: - file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-with-404-api-call/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-with-404-api-call/chainsaw-test.yaml new file mode 100755 index 0000000000..2874a4d0c9 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/mutate-with-404-api-call/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: mutate-with-404-api-call +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod.yaml + - assert: + file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/02-resources.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/02-resources.yaml deleted file mode 100644 index 3209e361b9..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/02-resources.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: foo ---- -apiVersion: v1 -data: - fookey: fakeval -kind: ConfigMap -metadata: - name: mycm - namespace: foo - labels: - kyverno.io/watch: "true" ---- -apiVersion: v1 -kind: Pod -metadata: - name: mypod - namespace: foo -spec: - containers: - - name: busybox - image: busybox:1.35 - command: ["sleep", "1d"] - volumeMounts: - - name: mycm - mountPath: /etc/mycm - volumes: - - name: mycm - configMap: - name: mycm ---- -apiVersion: v1 -kind: Pod -metadata: - name: unwatched - namespace: foo -spec: - containers: - - name: busybox - image: busybox:1.35 - command: ["sleep", "1d"] - volumeMounts: - - name: othercm - mountPath: /etc/fooconfig - volumes: - - name: othercm - configMap: - name: othercm ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: othercm - namespace: foo -data: - foo: bar \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/03-update-cm.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/03-update-cm.yaml deleted file mode 100644 index a865dbf43c..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/03-update-cm.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: update-cm -spec: - timeouts: {} - try: - - apply: - file: update-mycm.yaml - - assert: - file: update-mycm.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/01-policy.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 64% rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/01-policy.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-01-apply-1-1.yaml index cea8c6bb60..6b61d80063 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/01-policy.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-01-apply-1-1.yaml @@ -5,8 +5,7 @@ metadata: spec: mutateExistingOnPolicyUpdate: false rules: - - name: trigger - match: + - match: any: - resources: kinds: @@ -14,21 +13,22 @@ spec: selector: matchLabels: kyverno.io/watch: "true" - preconditions: - all: - - key: "{{ request.operation }}" - operator: Equals - value: UPDATE mutate: - targets: - - apiVersion: v1 - kind: Pod - namespace: "{{ request.namespace }}" patchStrategicMerge: metadata: annotations: - corp.org/random: "{{ request.object.data.fookey }}" + corp.org/random: '{{ request.object.data.fookey }}' spec: volumes: - configMap: - <(name): "{{ request.object.metadata.name }}" \ No newline at end of file + <(name): '{{ request.object.metadata.name }}' + targets: + - apiVersion: v1 + kind: Pod + namespace: '{{ request.namespace }}' + name: trigger + preconditions: + all: + - key: '{{ request.operation }}' + operator: Equals + value: UPDATE diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/01-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/02-ns.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 73% rename from test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/02-ns.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-1.yaml index 6e40cd509b..be0f4fd117 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-modify-downstream/02-ns.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-1.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: trainer \ No newline at end of file + name: foo diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/02-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-2.yaml old mode 100644 new mode 100755 similarity index 66% rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/02-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-2.yaml index f7559ecae3..5aceb62435 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/02-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-2.yaml @@ -3,13 +3,7 @@ data: fookey: fakeval kind: ConfigMap metadata: - name: mycm - namespace: foo labels: kyverno.io/watch: "true" ---- -apiVersion: v1 -kind: Pod -metadata: - name: mypod - namespace: foo \ No newline at end of file + name: mycm + namespace: foo diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-3.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-3.yaml new file mode 100755 index 0000000000..2c745e624d --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-3.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Pod +metadata: + name: mypod + namespace: foo +spec: + containers: + - command: + - sleep + - 1d + image: busybox:1.35 + name: busybox + volumeMounts: + - mountPath: /etc/mycm + name: mycm + volumes: + - configMap: + name: mycm + name: mycm diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-4.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-4.yaml new file mode 100755 index 0000000000..45c5f54ed7 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-4.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Pod +metadata: + name: unwatched + namespace: foo +spec: + containers: + - command: + - sleep + - 1d + image: busybox:1.35 + name: busybox + volumeMounts: + - mountPath: /etc/fooconfig + name: othercm + volumes: + - configMap: + name: othercm + name: othercm diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-5.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-5.yaml new file mode 100755 index 0000000000..f99be86b2d --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-apply-1-5.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: othercm + namespace: foo diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-assert-1-1.yaml new file mode 100755 index 0000000000..5aceb62435 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + fookey: fakeval +kind: ConfigMap +metadata: + labels: + kyverno.io/watch: "true" + name: mycm + namespace: foo diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-assert-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-assert-1-2.yaml new file mode 100755 index 0000000000..965441203b --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-02-assert-1-2.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Pod +metadata: + name: mypod + namespace: foo diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/04-cm-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 81% rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/04-cm-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-04-apply-1-1.yaml index 0e7ab156a2..6794916fd6 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/04-cm-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-04-apply-1-1.yaml @@ -4,4 +4,4 @@ data: kind: ConfigMap metadata: name: mycm - namespace: foo \ No newline at end of file + namespace: foo diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/05-pod-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-05-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 76% rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/05-pod-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-05-apply-1-1.yaml index 312b9d05fe..eb3ef223e4 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/05-pod-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-05-apply-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: + annotations: + corp.org/random: bar name: mypod namespace: foo - annotations: - corp.org/random: bar \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/06-errors.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-06-error-1-1.yaml old mode 100644 new mode 100755 similarity index 77% rename from test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/06-errors.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-06-error-1-1.yaml index 88fa64f828..66733ff1c4 --- a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/06-errors.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-step-06-error-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Pod metadata: + annotations: + corp.org/random: bar name: unwatched namespace: foo - annotations: - corp.org/random: bar \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-test.yaml new file mode 100755 index 0000000000..46e0ffe6b1 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/cornercases/variables-mutate-existing/chainsaw-test.yaml @@ -0,0 +1,47 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: variables-mutate-existing +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - apply: + file: chainsaw-step-02-apply-1-2.yaml + - apply: + file: chainsaw-step-02-apply-1-3.yaml + - apply: + file: chainsaw-step-02-apply-1-4.yaml + - apply: + file: chainsaw-step-02-apply-1-5.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-2.yaml + - name: step-03 + try: + - apply: + file: update-mycm.yaml + - assert: + file: update-mycm.yaml + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1-1.yaml + - name: step-06 + try: + - error: + file: chainsaw-step-06-error-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 99% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/01-manifests.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-step-01-apply-1-1.yaml index 5fdf48af86..fc8832cc83 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/01-manifests.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-step-01-apply-1-1.yaml @@ -1,4 +1,3 @@ ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/01-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/02-secret.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/02-secret.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-step-02-apply-1-1.yaml index cfafb7c22b..bfa44e63e4 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/02-secret.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-step-02-apply-1-1.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: name: testingsecret namespace: default -type: Opaque \ No newline at end of file +type: Opaque diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/02-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/02-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-step-02-assert-1-1.yaml index dcb47a5770..2ef555600a --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/02-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-step-02-assert-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: + labels: + foo: bar name: testingsecret namespace: default - labels: - foo: bar \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-test.yaml new file mode 100755 index 0000000000..af654f72b7 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/basic-check-output/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: basic-check-output +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 52% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/01-manifests.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-step-01-apply-1-1.yaml index dc2a5732fe..56692b4152 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/01-manifests.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-step-01-apply-1-1.yaml @@ -1,36 +1,36 @@ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: - name: add-privileged-existing-namespaces annotations: - policies.kyverno.io/title: Add Privileged Label to Existing Namespaces + kyverno.io/kubernetes-version: "1.24" + kyverno.io/kyverno-version: 1.8.0 policies.kyverno.io/category: Pod Security Admission + policies.kyverno.io/description: 'When Pod Security Admission is configured with + a cluster-wide AdmissionConfiguration file which sets either baseline or restricted, + for example in many PaaS CIS profiles, it may be necessary to relax this to + privileged on a per-Namespace basis so that more granular control can be provided. + This policy labels new and existing Namespaces, except that of kube-system, + with the `pod-security.kubernetes.io/enforce: privileged` label. ' + policies.kyverno.io/minversion: 1.7.0 policies.kyverno.io/severity: medium policies.kyverno.io/subject: Namespace - kyverno.io/kyverno-version: 1.8.0 - policies.kyverno.io/minversion: 1.7.0 - kyverno.io/kubernetes-version: "1.24" - policies.kyverno.io/description: >- - When Pod Security Admission is configured with a cluster-wide AdmissionConfiguration file - which sets either baseline or restricted, for example in many PaaS CIS profiles, it may - be necessary to relax this to privileged on a per-Namespace basis so that more - granular control can be provided. This policy labels new and existing Namespaces, except - that of kube-system, with the `pod-security.kubernetes.io/enforce: privileged` label. + policies.kyverno.io/title: Add Privileged Label to Existing Namespaces + name: add-privileged-existing-namespaces spec: - mutateExistingOnPolicyUpdate: true background: false + mutateExistingOnPolicyUpdate: true rules: - - name: label-privileged-namespaces - match: + - match: any: - resources: kinds: - Namespace mutate: - targets: - - apiVersion: v1 - kind: Namespace patchStrategicMerge: metadata: labels: - foo: bar \ No newline at end of file + foo: bar + targets: + - apiVersion: v1 + kind: Namespace + name: label-privileged-namespaces diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/01-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/03-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 83% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/03-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-step-03-assert-1-1.yaml index a4a2785149..859d41b13a --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/03-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-step-03-assert-1-1.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: Namespace metadata: - name: default labels: - foo: bar \ No newline at end of file + foo: bar + name: default diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-test.yaml new file mode 100755 index 0000000000..5f3964b98e --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-test.yaml @@ -0,0 +1,17 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: background-false +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/01-manifests.yaml deleted file mode 100644 index 80cf0e4b05..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/01-manifests.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: staging-4 - labels: - app-type: corp - annotations: - cloud.platformzero.com/serviceClass: "xl2" ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: test-secret-4 - namespace: staging-4 -type: Opaque ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-post-mutation -spec: - mutateExistingOnPolicyUpdate: false - rules: - - name: mutate-secret-on-configmap-update - match: - any: - - resources: - kinds: - - ConfigMap - names: - - dictionary-4 - namespaces: - - staging-4 - mutate: - targets: - - apiVersion: v1 - kind: Secret - name: test-secret-4 - namespace: "{{ request.object.metadata.namespace }}" - patchesJson6902: |- - - op: add - path: "/metadata/labels/env" - value: "{{ request.object.metadata.namespace }}" \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..46aef2866b --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cloud.platformzero.com/serviceClass: xl2 + labels: + app-type: corp + name: staging-4 diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..3206e5d469 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: test-secret-4 + namespace: staging-4 +type: Opaque diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..1d4f4f07d9 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,25 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: test-post-mutation +spec: + mutateExistingOnPolicyUpdate: false + rules: + - match: + any: + - resources: + kinds: + - ConfigMap + names: + - dictionary-4 + namespaces: + - staging-4 + mutate: + patchesJson6902: "- op: add\n path: \"/metadata/labels/env\"\n value: \"{{ + request.object.metadata.namespace }}\" " + targets: + - apiVersion: v1 + kind: Secret + name: test-secret-4 + namespace: '{{ request.object.metadata.namespace }}' + name: mutate-secret-on-configmap-update diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/01-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/02-create-cm.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/02-create-cm.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-02-apply-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/03-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 83% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/03-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-03-assert-1-1.yaml index 3bfa536220..e323c945f1 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/03-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-step-03-assert-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: + labels: + env: staging-4 name: test-secret-4 namespace: staging-4 - labels: - env: staging-4 \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-test.yaml new file mode 100755 index 0000000000..846d807dd1 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create-patchesJson6902/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: basic-create-patchesjson6902 +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/01-manifests.yaml deleted file mode 100644 index dfe8dfbaf1..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/01-manifests.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: staging - labels: - app-type: corp - annotations: - cloud.platformzero.com/serviceClass: "xl2" ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: secret-1 - namespace: staging -type: Opaque ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: mutate-existing-secret -spec: - mutateExistingOnPolicyUpdate: false - rules: - - name: mutate-secret-on-configmap-create - match: - any: - - resources: - kinds: - - ConfigMap - names: - - dictionary-1 - namespaces: - - staging - mutate: - targets: - - apiVersion: v1 - kind: Secret - name: secret-1 - namespace: "{{ request.object.metadata.namespace }}" - patchStrategicMerge: - metadata: - labels: - foo: bar \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..446e1ac0e2 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cloud.platformzero.com/serviceClass: xl2 + labels: + app-type: corp + name: staging diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..a7d73395d3 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: secret-1 + namespace: staging +type: Opaque diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..32e79377bf --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,27 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: mutate-existing-secret +spec: + mutateExistingOnPolicyUpdate: false + rules: + - match: + any: + - resources: + kinds: + - ConfigMap + names: + - dictionary-1 + namespaces: + - staging + mutate: + patchStrategicMerge: + metadata: + labels: + foo: bar + targets: + - apiVersion: v1 + kind: Secret + name: secret-1 + namespace: '{{ request.object.metadata.namespace }}' + name: mutate-secret-on-configmap-create diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/01-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/02-create-cm.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/02-create-cm.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-02-apply-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/03-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 86% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/03-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-03-assert-1-1.yaml index 5e7a224346..e6eff71e9f --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/03-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-step-03-assert-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: + labels: + foo: bar name: secret-1 namespace: staging - labels: - foo: bar \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-test.yaml new file mode 100755 index 0000000000..fd77b673cb --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-create/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: basic-create +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/01-manifests.yaml deleted file mode 100644 index 706fb39f53..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/01-manifests.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: staging-2 - labels: - app-type: corp - annotations: - cloud.platformzero.com/serviceClass: "xl2" ---- -apiVersion: v1 -data: - foo: bar -kind: ConfigMap -metadata: - name: dictionary-2 - namespace: staging-2 ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: test-secret-2 - namespace: staging-2 -type: Opaque ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-post-mutation-delete-trigger -spec: - mutateExistingOnPolicyUpdate: false - rules: - - name: mutate-secret-on-configmap-delete - match: - any: - - resources: - kinds: - - ConfigMap - names: - - dictionary-2 - namespaces: - - staging-2 - preconditions: - any: - - key: "{{ request.operation }}" - operator: Equals - value: DELETE - mutate: - targets: - - apiVersion: v1 - kind: Secret - name: test-secret-2 - namespace: "{{ request.object.metadata.namespace }}" - patchStrategicMerge: - metadata: - labels: - foo: "{{ request.object.metadata.name }}" \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/02-delete-cm.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/02-delete-cm.yaml deleted file mode 100644 index e8b6b38e38..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/02-delete-cm.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete-cm -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: v1 - kind: ConfigMap - name: dictionary-2 - namespace: staging-2 diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..f0d570ae1a --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cloud.platformzero.com/serviceClass: xl2 + labels: + app-type: corp + name: staging-2 diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..001716f5be --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: dictionary-2 + namespace: staging-2 diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..e9219f5a84 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: test-secret-2 + namespace: staging-2 +type: Opaque diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-apply-1-4.yaml new file mode 100755 index 0000000000..2449c44fdb --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-apply-1-4.yaml @@ -0,0 +1,32 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: test-post-mutation-delete-trigger +spec: + mutateExistingOnPolicyUpdate: false + rules: + - match: + any: + - resources: + kinds: + - ConfigMap + names: + - dictionary-2 + namespaces: + - staging-2 + mutate: + patchStrategicMerge: + metadata: + labels: + foo: '{{ request.object.metadata.name }}' + targets: + - apiVersion: v1 + kind: Secret + name: test-secret-2 + namespace: '{{ request.object.metadata.namespace }}' + name: mutate-secret-on-configmap-delete + preconditions: + any: + - key: '{{ request.operation }}' + operator: Equals + value: DELETE diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/01-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/03-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 80% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/03-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-03-assert-1-1.yaml index fc44140bd6..6ad79a82de --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/03-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-step-03-assert-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: + labels: + foo: dictionary-2 name: test-secret-2 namespace: staging-2 - labels: - foo: dictionary-2 \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-test.yaml new file mode 100755 index 0000000000..6c50c68db5 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/chainsaw-test.yaml @@ -0,0 +1,31 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: basic-delete +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - delete: + ref: + apiVersion: v1 + kind: ConfigMap + name: dictionary-2 + namespace: staging-2 + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/01-manifests.yaml deleted file mode 100644 index ac233b57d3..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/01-manifests.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: staging - labels: - app-type: corp - annotations: - cloud.platformzero.com/serviceClass: "xl2" ---- -apiVersion: v1 -data: - foo: bar -kind: ConfigMap -metadata: - name: dictionary-1 - namespace: staging ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: secret-1 - namespace: staging -type: Opaque ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: mutate-existing-secret -spec: - mutateExistingOnPolicyUpdate: false - rules: - - name: mutate-secret-on-configmap-event - match: - any: - - resources: - kinds: - - ConfigMap - names: - - dictionary-1 - namespaces: - - staging - mutate: - targets: - - apiVersion: v1 - kind: Secret - name: secret-1 - namespace: "{{ request.object.metadata.namespace }}" - patchStrategicMerge: - metadata: - labels: - foo: bar \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..446e1ac0e2 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cloud.platformzero.com/serviceClass: xl2 + labels: + app-type: corp + name: staging diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..b458868bc4 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: dictionary-1 + namespace: staging diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..a7d73395d3 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: secret-1 + namespace: staging +type: Opaque diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-apply-1-4.yaml new file mode 100755 index 0000000000..838cc2c6c5 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-apply-1-4.yaml @@ -0,0 +1,27 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: mutate-existing-secret +spec: + mutateExistingOnPolicyUpdate: false + rules: + - match: + any: + - resources: + kinds: + - ConfigMap + names: + - dictionary-1 + namespaces: + - staging + mutate: + patchStrategicMerge: + metadata: + labels: + foo: bar + targets: + - apiVersion: v1 + kind: Secret + name: secret-1 + namespace: '{{ request.object.metadata.namespace }}' + name: mutate-secret-on-configmap-event diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/01-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/02-edit-cm.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 81% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/02-edit-cm.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-02-apply-1-1.yaml index ca18559545..824374aeba --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/02-edit-cm.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-02-apply-1-1.yaml @@ -1,8 +1,8 @@ apiVersion: v1 data: - foo: bar dog: dory + foo: bar kind: ConfigMap metadata: name: dictionary-1 - namespace: staging \ No newline at end of file + namespace: staging diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/03-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 86% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/03-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-03-assert-1-1.yaml index 5e7a224346..e6eff71e9f --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/03-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-step-03-assert-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: + labels: + foo: bar name: secret-1 namespace: staging - labels: - foo: bar \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-test.yaml new file mode 100755 index 0000000000..0390083114 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-update/chainsaw-test.yaml @@ -0,0 +1,27 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: basic-update +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/01-manifests.yaml deleted file mode 100644 index 8570a4e8cd..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/01-manifests.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: background-controller - app.kubernetes.io/instance: kyverno - app.kubernetes.io/part-of: kyverno - name: kyverno:update-pods -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - update ---- -apiVersion: v1 -kind: Namespace -metadata: - name: ns-multiple-rules-match-exclude - labels: - policy.lan/flag: 'true' ---- -apiVersion: v1 -kind: Pod -metadata: - name: nginx-a - namespace: ns-multiple-rules-match-exclude -spec: - containers: - - name: nginx - image: nginx ---- -apiVersion: v1 -kind: Pod -metadata: - name: nginx-b - namespace: ns-multiple-rules-match-exclude -spec: - containers: - - name: nginx - image: nginx ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-multiple-rules-match-exclude -spec: - mutateExistingOnPolicyUpdate: false - rules: - - name: apply-flag - match: - any: - - resources: - kinds: - - Namespace - selector: - matchLabels: - policy.lan/flag: 'true' - mutate: - targets: - - kind: Pod - apiVersion: v1 - namespace: "{{ request.object.metadata.name }}" - patchStrategicMerge: - metadata: - labels: - policy.lan/apply-flag: 'true' - - name: remove-flag - match: - any: - - resources: - kinds: - - Namespace - exclude: - any: - - resources: - kinds: - - Namespace - selector: - matchLabels: - policy.lan/flag: 'true' - mutate: - targets: - - kind: Pod - apiVersion: v1 - namespace: "{{ request.object.metadata.name }}" - patchStrategicMerge: - metadata: - labels: - policy.lan/remove-flag: 'true' diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/02-script.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/02-script.yaml deleted file mode 100644 index 9a708f2ebc..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/02-script.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - command: - args: - - label - - ns - - ns-multiple-rules-match-exclude - - policy.lan/flag- - entrypoint: kubectl diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/03-check.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/03-check.yaml deleted file mode 100644 index 8cee3f77ff..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/03-check.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: check -spec: - timeouts: {} - try: - - assert: - file: pod-good.yaml - - error: - file: pod-bad.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..d18f5cef86 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: background-controller + app.kubernetes.io/instance: kyverno + app.kubernetes.io/part-of: kyverno + name: kyverno:update-pods +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - update diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..65375b66fd --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + policy.lan/flag: "true" + name: ns-multiple-rules-match-exclude diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..689a47a6fd --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Pod +metadata: + name: nginx-a + namespace: ns-multiple-rules-match-exclude +spec: + containers: + - image: nginx + name: nginx diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-4.yaml new file mode 100755 index 0000000000..cb0d6347dc --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-4.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Pod +metadata: + name: nginx-b + namespace: ns-multiple-rules-match-exclude +spec: + containers: + - image: nginx + name: nginx diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-5.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-5.yaml new file mode 100755 index 0000000000..e9bb48fe55 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-apply-1-5.yaml @@ -0,0 +1,48 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: cpol-multiple-rules-match-exclude +spec: + mutateExistingOnPolicyUpdate: false + rules: + - match: + any: + - resources: + kinds: + - Namespace + selector: + matchLabels: + policy.lan/flag: "true" + mutate: + patchStrategicMerge: + metadata: + labels: + policy.lan/apply-flag: "true" + targets: + - apiVersion: v1 + kind: Pod + namespace: '{{ request.object.metadata.name }}' + name: apply-flag + - exclude: + any: + - resources: + kinds: + - Namespace + selector: + matchLabels: + policy.lan/flag: "true" + match: + any: + - resources: + kinds: + - Namespace + mutate: + patchStrategicMerge: + metadata: + labels: + policy.lan/remove-flag: "true" + targets: + - apiVersion: v1 + kind: Pod + namespace: '{{ request.object.metadata.name }}' + name: remove-flag diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/01-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-test.yaml new file mode 100755 index 0000000000..5319b8f4e0 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/multiple-rules-match-exclude/chainsaw-test.yaml @@ -0,0 +1,36 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: multiple-rules-match-exclude +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - apply: + file: chainsaw-step-01-apply-1-5.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - command: + args: + - label + - ns + - ns-multiple-rules-match-exclude + - policy.lan/flag- + entrypoint: kubectl + - name: step-03 + try: + - assert: + file: pod-good.yaml + - error: + file: pod-bad.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/01-manifests.yaml deleted file mode 100644 index 839740038a..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/01-manifests.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: advertise-resource -spec: - background: false - rules: - - name: advertise-resource - match: - resources: - kinds: - - Node - mutate: - targets: - - apiVersion: v1 - kind: Node/status - name: kind-control-plane - namespace: "" - patchStrategicMerge: - status: - capacity: - example.com/dongle: "41" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-controller - app.kubernetes.io/instance: kyverno - app.kubernetes.io/part-of: kyverno - name: kyverno:modify-nodes -rules: - - apiGroups: - - "" - resources: - - nodes - - nodes/status - verbs: - - create - - update - - patch - - delete \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/02-script.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/02-script.yaml deleted file mode 100644 index ff3d729473..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/02-script.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - script: - content: ./modify-resource-filters.sh removeNode - timeout: 30s - - command: - args: - - label - - nodes - - kind-control-plane - - abc=xyz - entrypoint: kubectl diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/99-cleanup.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/99-cleanup.yaml deleted file mode 100644 index 0c41d78166..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/99-cleanup.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - command: - args: - - delete - - cpol - - advertise-resource - - --force - - --wait=true - - --ignore-not-found=true - entrypoint: kubectl - - script: - content: ./modify-resource-filters.sh addNode - - script: - content: ./clear-modified-node-status.sh - timeout: 20s - - command: - args: - - label - - nodes - - kind-control-plane - - abc- - entrypoint: kubectl diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..7f68d244f3 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,22 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: advertise-resource +spec: + background: false + rules: + - match: + resources: + kinds: + - Node + mutate: + patchStrategicMerge: + status: + capacity: + example.com/dongle: "41" + targets: + - apiVersion: v1 + kind: Node/status + name: kind-control-plane + namespace: "" + name: advertise-resource diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..736bc9d435 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-controller + app.kubernetes.io/instance: kyverno + app.kubernetes.io/part-of: kyverno + name: kyverno:modify-nodes +rules: +- apiGroups: + - "" + resources: + - nodes + - nodes/status + verbs: + - create + - update + - patch + - delete diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/01-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/02-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/02-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-test.yaml new file mode 100755 index 0000000000..db5fbcbe41 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-existing-node-status/chainsaw-test.yaml @@ -0,0 +1,52 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: mutate-existing-node-status +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - script: + content: ./modify-resource-filters.sh removeNode + timeout: 30s + - command: + args: + - label + - nodes + - kind-control-plane + - abc=xyz + entrypoint: kubectl + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-99 + try: + - command: + args: + - delete + - cpol + - advertise-resource + - --force + - --wait=true + - --ignore-not-found=true + entrypoint: kubectl + - script: + content: ./modify-resource-filters.sh addNode + - script: + content: ./clear-modified-node-status.sh + timeout: 20s + - command: + args: + - label + - nodes + - kind-control-plane + - abc- + entrypoint: kubectl diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/01-manifests.yaml deleted file mode 100644 index 69d7889431..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/01-manifests.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: test-ns ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: mutate-pod-on-binding-request -spec: - background: false - rules: - - name: mutate-pod-on-binding-request - match: - any: - - resources: - kinds: - - Pod/binding - names: - - nginx-pod - preconditions: - all: - - key: "{{node}}" - operator: NotEquals - value: "" - - key: "{{ request.operation }}" - operator: AnyIn - value: - - CREATE - - UPDATE - context: - - name: node - variable: - jmesPath: request.object.target.name - default: '' - - name: foolabel - apiCall: - urlPath: "/api/v1/nodes/{{node}}" - jmesPath: metadata.labels.foo || 'empty' - mutate: - targets: - - apiVersion: v1 - kind: Pod - name: "{{ request.name }}" - namespace: "{{ request.namespace}}" - patchStrategicMerge: - metadata: - labels: - foo: "{{ foolabel }}" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-controller - app.kubernetes.io/instance: kyverno - app.kubernetes.io/part-of: kyverno - name: kyverno:modify-pods -rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - update - - patch diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/02-script.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/02-script.yaml deleted file mode 100644 index a386ef43de..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/02-script.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - script: - content: ./modify-resource-filters.sh removeBinding - - command: - args: - - run - - nginx-pod - - --image=nginx - - -n - - test-ns - entrypoint: kubectl diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/99-cleanup.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/99-cleanup.yaml deleted file mode 100644 index c633a5792d..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/99-cleanup.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - command: - args: - - delete - - pod - - nginx-pod - - -n - - test-ns - - --force - - --wait=true - entrypoint: kubectl - timeout: 30s - - command: - args: - - delete - - -f - - 01-manifests.yaml - - --force - - --wait=true - entrypoint: kubectl - timeout: 30s - - script: - content: ./modify-resource-filters.sh addBinding diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..bdf2ddb764 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-ns diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..bd54af1d40 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,44 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: mutate-pod-on-binding-request +spec: + background: false + rules: + - context: + - name: node + variable: + default: "" + jmesPath: request.object.target.name + - apiCall: + jmesPath: metadata.labels.foo || 'empty' + urlPath: /api/v1/nodes/{{node}} + name: foolabel + match: + any: + - resources: + kinds: + - Pod/binding + names: + - nginx-pod + mutate: + patchStrategicMerge: + metadata: + labels: + foo: '{{ foolabel }}' + targets: + - apiVersion: v1 + kind: Pod + name: '{{ request.name }}' + namespace: '{{ request.namespace}}' + name: mutate-pod-on-binding-request + preconditions: + all: + - key: '{{node}}' + operator: NotEquals + value: "" + - key: '{{ request.operation }}' + operator: AnyIn + value: + - CREATE + - UPDATE diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..1dacc5b93e --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-controller + app.kubernetes.io/instance: kyverno + app.kubernetes.io/part-of: kyverno + name: kyverno:modify-pods +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - update + - patch diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 67% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/01-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-assert-1-1.yaml index 32127417a5..ff992ad5ad --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/01-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-assert-1-1.yaml @@ -7,10 +7,3 @@ status: - reason: Succeeded status: "True" type: Ready ---- -apiVersion: v1 -kind: Namespace -metadata: - name: test-ns -status: - phase: Active diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..6064809a5b --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-ns +status: + phase: Active diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/02-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/02-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-test.yaml new file mode 100755 index 0000000000..212746b26b --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/mutate-pod-on-binding-request/chainsaw-test.yaml @@ -0,0 +1,48 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: mutate-pod-on-binding-request +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - name: step-02 + try: + - script: + content: ./modify-resource-filters.sh removeBinding + - command: + args: + - run + - nginx-pod + - --image=nginx + - -n + - test-ns + entrypoint: kubectl + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-99 + try: + - command: + args: + - delete + - pod + - nginx-pod + - -n + - test-ns + - --force + - --wait=true + entrypoint: kubectl + timeout: 30s + - script: + content: ./modify-resource-filters.sh addBinding diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/01-policy.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/02-pod.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/02-pod.yaml deleted file mode 100644 index 15561a69db..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/02-pod.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - apply: - file: pod.yaml - - assert: - file: pod.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/03-configmap.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/03-configmap.yaml deleted file mode 100644 index 574255eeea..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/03-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: configmap -spec: - timeouts: {} - try: - - apply: - file: configmap.yaml - - assert: - file: configmap.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/04-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/chainsaw-step-04-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/04-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/chainsaw-step-04-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/chainsaw-test.yaml new file mode 100755 index 0000000000..4fac523c61 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/namespaceselector/chainsaw-test.yaml @@ -0,0 +1,29 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: namespaceselector +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod.yaml + - assert: + file: pod.yaml + - name: step-03 + try: + - apply: + file: configmap.yaml + - assert: + file: configmap.yaml + - name: step-04 + try: + - assert: + file: chainsaw-step-04-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/01-manifests.yaml deleted file mode 100644 index cb4d8995f2..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/01-manifests.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: staging-3 - labels: - app-type: corp - annotations: - cloud.platformzero.com/serviceClass: "xl2" ---- -apiVersion: v1 -data: - foo: YmFy -kind: Secret -metadata: - name: test-secret-3 - namespace: staging-3 -type: Opaque ---- -apiVersion: v1 -data: - foo: bar -kind: ConfigMap -metadata: - name: dictionary-3 - namespace: staging-3 diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/02-create-clusterpolicy.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/02-create-clusterpolicy.yaml deleted file mode 100644 index 567c245479..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/02-create-clusterpolicy.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-post-mutation-create-policy -spec: - mutateExistingOnPolicyUpdate: true - rules: - - name: mutate-secret-on-policy-create - match: - any: - - resources: - kinds: - - ConfigMap - names: - - dictionary-3 - namespaces: - - staging-3 - mutate: - targets: - - apiVersion: v1 - kind: Secret - name: test-secret-3 - namespace: "{{ request.object.metadata.namespace }}" - patchStrategicMerge: - metadata: - labels: - foo: "{{ request.object.metadata.name }}" \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..6dd9bf0a42 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cloud.platformzero.com/serviceClass: xl2 + labels: + app-type: corp + name: staging-3 diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..6ba1fda0b9 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + foo: YmFy +kind: Secret +metadata: + name: test-secret-3 + namespace: staging-3 +type: Opaque diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..ace3f10826 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: dictionary-3 + namespace: staging-3 diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..5a88c43892 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,27 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: test-post-mutation-create-policy +spec: + mutateExistingOnPolicyUpdate: true + rules: + - match: + any: + - resources: + kinds: + - ConfigMap + names: + - dictionary-3 + namespaces: + - staging-3 + mutate: + patchStrategicMerge: + metadata: + labels: + foo: '{{ request.object.metadata.name }}' + targets: + - apiVersion: v1 + kind: Secret + name: test-secret-3 + namespace: '{{ request.object.metadata.namespace }}' + name: mutate-secret-on-policy-create diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/02-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/02-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/03-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 80% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/03-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-03-assert-1-1.yaml index 75ab23d4d5..9a97e2d31a --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/03-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-step-03-assert-1-1.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Secret metadata: + labels: + foo: dictionary-3 name: test-secret-3 namespace: staging-3 - labels: - foo: dictionary-3 \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-test.yaml new file mode 100755 index 0000000000..e4aff9d175 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/basic-create-policy/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: basic-create-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/01-assert.yaml deleted file mode 100644 index b13165d73d..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/01-assert.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - org: kyverno-test - name: org-label-inheritance-existing-ns ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: test-org - namespace: org-label-inheritance-existing-ns ---- -apiVersion: v1 -kind: Pod -metadata: - name: test-org - namespace: org-label-inheritance-existing-ns -spec: - containers: - - image: nginx:latest - name: test-org \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/01-manifests.yaml deleted file mode 100644 index b13165d73d..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/01-manifests.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - org: kyverno-test - name: org-label-inheritance-existing-ns ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: test-org - namespace: org-label-inheritance-existing-ns ---- -apiVersion: v1 -kind: Pod -metadata: - name: test-org - namespace: org-label-inheritance-existing-ns -spec: - containers: - - image: nginx:latest - name: test-org \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/02-policy.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/02-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/03-sleep.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/03-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/03-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..c1f34bf1a7 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + org: kyverno-test + name: org-label-inheritance-existing-ns diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..902b0d83b3 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-org + namespace: org-label-inheritance-existing-ns diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..4e4bd7f25b --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Pod +metadata: + name: test-org + namespace: org-label-inheritance-existing-ns +spec: + containers: + - image: nginx:latest + name: test-org diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..c1f34bf1a7 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + org: kyverno-test + name: org-label-inheritance-existing-ns diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..902b0d83b3 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-org + namespace: org-label-inheritance-existing-ns diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-assert-1-3.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-assert-1-3.yaml new file mode 100755 index 0000000000..4e4bd7f25b --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-01-assert-1-3.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Pod +metadata: + name: test-org + namespace: org-label-inheritance-existing-ns +spec: + containers: + - image: nginx:latest + name: test-org diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/04-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-04-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/04-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-step-04-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-test.yaml new file mode 100755 index 0000000000..1e58195ef6 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/onpolicyupdate/namespaceselector/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: namespaceselector +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-3.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-03 + try: + - sleep: + duration: 3s + - name: step-04 + try: + - assert: + file: chainsaw-step-04-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/01-resources.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/01-resources.yaml deleted file mode 100644 index 6433c34d01..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/01-resources.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: resources.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/02-policy.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/02-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/03-trigger.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/03-trigger.yaml deleted file mode 100644 index 4e0e87a77f..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/03-trigger.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: trigger -spec: - timeouts: {} - try: - - apply: - file: trigger.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/04-verify.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/04-verify.yaml deleted file mode 100644 index 94ec6cfa09..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/04-verify.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: verify -spec: - timeouts: {} - try: - - assert: - file: resources-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/chainsaw-test.yaml new file mode 100755 index 0000000000..d2a7bba01d --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-context/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: target-context +spec: + steps: + - name: step-01 + try: + - apply: + file: resources.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-03 + try: + - apply: + file: trigger.yaml + - name: step-04 + try: + - assert: + file: resources-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/01-resources.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/01-resources.yaml deleted file mode 100644 index 6433c34d01..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/01-resources.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: resources.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/02-policy.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/02-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/03-trigger.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/03-trigger.yaml deleted file mode 100644 index 4e0e87a77f..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/03-trigger.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: trigger -spec: - timeouts: {} - try: - - apply: - file: trigger.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/04-verify.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/04-verify.yaml deleted file mode 100644 index 94ec6cfa09..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/04-verify.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: verify -spec: - timeouts: {} - try: - - assert: - file: resources-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/chainsaw-test.yaml new file mode 100755 index 0000000000..b60b8d66d8 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/target-preconditions/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: target-preconditions +spec: + steps: + - name: step-01 + try: + - apply: + file: resources.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-03 + try: + - apply: + file: trigger.yaml + - name: step-04 + try: + - assert: + file: resources-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-namespace-variable/01-fail-no-permission.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-namespace-variable/01-fail-no-permission.yaml deleted file mode 100644 index bb09f49d44..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-namespace-variable/01-fail-no-permission.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: fail-no-permission -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: policy.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-namespace-variable/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-namespace-variable/chainsaw-test.yaml new file mode 100755 index 0000000000..fce4ca0162 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-namespace-variable/chainsaw-test.yaml @@ -0,0 +1,14 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-namespace-variable +spec: + steps: + - name: step-01 + try: + - apply: + expect: + - check: + ($error != null): true + file: policy.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/01-fail-no-permission.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/01-fail-no-permission.yaml deleted file mode 100644 index bb09f49d44..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/01-fail-no-permission.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: fail-no-permission -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: policy.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/03-pass.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/03-pass.yaml deleted file mode 100644 index a6fe7e06e5..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/03-pass.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pass -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/permissions/03-clusterrole.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 97% rename from test/conformance/chainsaw/generate/validation/policy/permissions/03-clusterrole.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/chainsaw-step-02-apply-1-1.yaml index b7cc486047..bdce3eef24 --- a/test/conformance/chainsaw/generate/validation/policy/permissions/03-clusterrole.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/chainsaw-step-02-apply-1-1.yaml @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kyverno:background-controller:temp labels: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:temp rules: - apiGroups: - '*' @@ -17,4 +17,4 @@ rules: - patch - delete - get - - list \ No newline at end of file + - list diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/chainsaw-test.yaml new file mode 100755 index 0000000000..d535783d88 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/chainsaw-test.yaml @@ -0,0 +1,24 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cpol-standard-auth-check +spec: + steps: + - name: step-01 + try: + - apply: + expect: + - check: + ($error != null): true + file: policy.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/01-no-targets-fail.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/01-no-targets-fail.yaml deleted file mode 100644 index 2b3b5ee54f..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/01-no-targets-fail.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: no-targets-fail -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: policy-no-targets.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/02-targets-pass.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/02-targets-pass.yaml deleted file mode 100644 index e45756fcc7..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/02-targets-pass.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: targets-pass -spec: - timeouts: {} - try: - - apply: - file: policy-targets.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/chainsaw-test.yaml new file mode 100755 index 0000000000..8846c637fd --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/chainsaw-test.yaml @@ -0,0 +1,18 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: mutate-existing-require-targets +spec: + steps: + - name: step-01 + try: + - apply: + expect: + - check: + ($error != null): true + file: policy-no-targets.yaml + - name: step-02 + try: + - apply: + file: policy-targets.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/target-variable-validation/01-policy.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/target-variable-validation/01-policy.yaml deleted file mode 100644 index b86d18523d..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/target-variable-validation/01-policy.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: policy-bad.yaml - - apply: - file: policy-good.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/target-variable-validation/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/target-variable-validation/chainsaw-test.yaml new file mode 100755 index 0000000000..8925d1a4b6 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/target-variable-validation/chainsaw-test.yaml @@ -0,0 +1,16 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: target-variable-validation +spec: + steps: + - name: step-01 + try: + - apply: + expect: + - check: + ($error != null): true + file: policy-bad.yaml + - apply: + file: policy-good.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/02-script.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/02-script.yaml deleted file mode 100644 index 3f01e5919f..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/02-script.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - script: - content: ./modify-resource-filters.sh removeNode - timeout: 30s - - script: - content: ./send-request-to-status-subresource.sh - timeout: 30s diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/99-cleanup.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/99-cleanup.yaml deleted file mode 100644 index 196a5afaec..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/99-cleanup.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cleanup -spec: - timeouts: {} - try: - - command: - args: - - delete - - cpol - - advertise-resource - - --force - - --wait=true - - --ignore-not-found=true - entrypoint: kubectl - - script: - content: ./modify-resource-filters.sh addNode - - script: - content: ./clear-modified-node-status.sh - timeout: 20s diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 99% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/01-manifests.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/chainsaw-step-01-apply-1-1.yaml index 6863da19eb..c60bcb80ba --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/01-manifests.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/chainsaw-step-01-apply-1-1.yaml @@ -1,4 +1,3 @@ ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/01-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/01-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/02-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/02-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/chainsaw-test.yaml new file mode 100755 index 0000000000..ff3da18f1b --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/mutate-node-status/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: mutate-node-status +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - script: + content: ./modify-resource-filters.sh removeNode + timeout: 30s + - script: + content: ./send-request-to-status-subresource.sh + timeout: 30s + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-99 + try: + - command: + args: + - delete + - cpol + - advertise-resource + - --force + - --wait=true + - --ignore-not-found=true + entrypoint: kubectl + - script: + content: ./modify-resource-filters.sh addNode + - script: + content: ./clear-modified-node-status.sh + timeout: 20s diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/01-manifests.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/01-manifests.yaml deleted file mode 100644 index db1e70c8b3..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/01-manifests.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: qa ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: chip -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: chip-qa-rolebinding - namespace: qa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: chip -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: chip ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: chip-special-role - namespace: qa -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - create - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: chip-qa-specialrb - namespace: qa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: chip-special-role -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: chip ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: record-creation-details -spec: - background: false - rules: - - name: add-userinfo - match: - any: - - resources: - kinds: - - ConfigMap - preconditions: - any: - - key: "{{request.operation || 'BACKGROUND'}}" - operator: Equals - value: CREATE - mutate: - patchStrategicMerge: - metadata: - annotations: - kyverno.io/created-by: "{{ request.userInfo | to_string(@) }}" - kyverno.io/roles: "{{ request.roles | sort(@) | to_string(@) }}" - kyverno.io/clusterroles: "{{ request.clusterRoles | sort(@) | to_string(@) }}" \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/02-script.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/02-script.yaml deleted file mode 100644 index ba017d587f..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/02-script.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - script: - content: | - #!/bin/bash - set -eu - - export USERNAME=chip - export NAMESPACE=qa - export CA=ca.crt - #### - #### Get CA certificate from kubeconfig assuming it's the first in the list. - kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' | base64 --decode > ca.crt - #### Set CLUSTER_SERVER from kubeconfig assuming it's the first in the list. - CLUSTER_SERVER=$(kubectl config view --raw -o jsonpath='{.clusters[0].cluster.server}') - #### Set CLUSTER from kubeconfig assuming it's the first in the list. - CLUSTER=$(kubectl config view --raw -o jsonpath='{.clusters[0].name}') - #### Generate private key - openssl genrsa -out $USERNAME.key 2048 - #### Create CSR - openssl req -new -key $USERNAME.key -out $USERNAME.csr -subj "/O=mygroup/CN=$USERNAME" - #### Send CSR to kube-apiserver for approval - cat < $USERNAME.crt - #### - #### Create the credential object and output the new kubeconfig file - kubectl --kubeconfig=$USERNAME-kubeconfig config set-credentials $USERNAME --client-certificate=$USERNAME.crt --client-key=$USERNAME.key --embed-certs - #### Set the cluster info - kubectl --kubeconfig=$USERNAME-kubeconfig config set-cluster $CLUSTER --server=$CLUSTER_SERVER --certificate-authority=$CA --embed-certs - #### Set the context - kubectl --kubeconfig=$USERNAME-kubeconfig config set-context $USERNAME-$NAMESPACE-$CLUSTER --user=$USERNAME --cluster=$CLUSTER --namespace=$NAMESPACE - #### Use the context - kubectl --kubeconfig=$USERNAME-kubeconfig config use-context $USERNAME-$NAMESPACE-$CLUSTER - ### Clean up the approved CSR - kubectl delete certificatesigningrequest chip diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/03-create-as-chip.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/03-create-as-chip.yaml deleted file mode 100644 index ee6cdf0305..0000000000 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/03-create-as-chip.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-as-chip -spec: - timeouts: {} - try: - - command: - args: - - -n - - qa - - create - - cm - - foo - - --from-literal=foo=bar - - --kubeconfig - - chip-kubeconfig - entrypoint: kubectl diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..aba33945f8 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: qa diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..b3ca721f84 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: chip +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..8f6692f479 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: chip-qa-rolebinding + namespace: qa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chip +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: User + name: chip diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-4.yaml new file mode 100755 index 0000000000..4e146efbff --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-4.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: chip-special-role + namespace: qa +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - create + - list + - watch diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-5.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-5.yaml new file mode 100755 index 0000000000..b698a9cda5 --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-5.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: chip-qa-specialrb + namespace: qa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chip-special-role +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: User + name: chip diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-6.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-6.yaml new file mode 100755 index 0000000000..2f2658c1ac --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-01-apply-1-6.yaml @@ -0,0 +1,26 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: record-creation-details +spec: + background: false + rules: + - match: + any: + - resources: + kinds: + - ConfigMap + mutate: + patchStrategicMerge: + metadata: + annotations: + kyverno.io/clusterroles: '{{ request.clusterRoles | sort(@) | to_string(@) + }}' + kyverno.io/created-by: '{{ request.userInfo | to_string(@) }}' + kyverno.io/roles: '{{ request.roles | sort(@) | to_string(@) }}' + name: add-userinfo + preconditions: + any: + - key: '{{request.operation || ''BACKGROUND''}}' + operator: Equals + value: CREATE diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/04-assert.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-04-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 95% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/04-assert.yaml rename to test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-04-assert-1-1.yaml index 180e861149..88a650af27 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/04-assert.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-step-04-assert-1-1.yaml @@ -8,4 +8,4 @@ metadata: kyverno.io/created-by: '{"groups":["mygroup","system:authenticated"],"username":"chip"}' kyverno.io/roles: '["qa:chip-special-role"]' name: foo - namespace: qa \ No newline at end of file + namespace: qa diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-test.yaml new file mode 100755 index 0000000000..c9920f58ec --- /dev/null +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/userInfo-roles-clusterRoles/chainsaw-test.yaml @@ -0,0 +1,86 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: userinfo-roles-clusterroles +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - apply: + file: chainsaw-step-01-apply-1-5.yaml + - apply: + file: chainsaw-step-01-apply-1-6.yaml + - name: step-02 + try: + - script: + content: | + #!/bin/bash + set -eu + + export USERNAME=chip + export NAMESPACE=qa + export CA=ca.crt + #### + #### Get CA certificate from kubeconfig assuming it's the first in the list. + kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' | base64 --decode > ca.crt + #### Set CLUSTER_SERVER from kubeconfig assuming it's the first in the list. + CLUSTER_SERVER=$(kubectl config view --raw -o jsonpath='{.clusters[0].cluster.server}') + #### Set CLUSTER from kubeconfig assuming it's the first in the list. + CLUSTER=$(kubectl config view --raw -o jsonpath='{.clusters[0].name}') + #### Generate private key + openssl genrsa -out $USERNAME.key 2048 + #### Create CSR + openssl req -new -key $USERNAME.key -out $USERNAME.csr -subj "/O=mygroup/CN=$USERNAME" + #### Send CSR to kube-apiserver for approval + cat < $USERNAME.crt + #### + #### Create the credential object and output the new kubeconfig file + kubectl --kubeconfig=$USERNAME-kubeconfig config set-credentials $USERNAME --client-certificate=$USERNAME.crt --client-key=$USERNAME.key --embed-certs + #### Set the cluster info + kubectl --kubeconfig=$USERNAME-kubeconfig config set-cluster $CLUSTER --server=$CLUSTER_SERVER --certificate-authority=$CA --embed-certs + #### Set the context + kubectl --kubeconfig=$USERNAME-kubeconfig config set-context $USERNAME-$NAMESPACE-$CLUSTER --user=$USERNAME --cluster=$CLUSTER --namespace=$NAMESPACE + #### Use the context + kubectl --kubeconfig=$USERNAME-kubeconfig config use-context $USERNAME-$NAMESPACE-$CLUSTER + ### Clean up the approved CSR + kubectl delete certificatesigningrequest chip + - name: step-03 + try: + - command: + args: + - -n + - qa + - create + - cm + - foo + - --from-literal=foo=bar + - --kubeconfig + - chip-kubeconfig + entrypoint: kubectl + - name: step-04 + try: + - assert: + file: chainsaw-step-04-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/01-manifests.yaml b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/01-manifests.yaml deleted file mode 100644 index bd785469fb..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/01-manifests.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: foreach-patchstrategicmerge-context-ns ---- -apiVersion: v1 -data: - image: nginx -kind: ConfigMap -metadata: - name: foreach-patchstrategicmerge-context-configmap - namespace: foreach-patchstrategicmerge-context-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..93bf10a3d6 --- /dev/null +++ b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: foreach-patchstrategicmerge-context-ns diff --git a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..c174891372 --- /dev/null +++ b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + image: nginx +kind: ConfigMap +metadata: + name: foreach-patchstrategicmerge-context-configmap + namespace: foreach-patchstrategicmerge-context-ns diff --git a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/02-policy.yaml b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 99% rename from test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/02-policy.yaml rename to test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-02-apply-1-1.yaml index 03561f6dcd..c3fd83da31 --- a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/02-policy.yaml +++ b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-02-apply-1-1.yaml @@ -1,4 +1,3 @@ ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: diff --git a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/02-assert.yaml b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/02-assert.yaml rename to test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/03-pod.yaml b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 75% rename from test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/03-pod.yaml rename to test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-03-apply-1-1.yaml index e53c9606f1..55c70a1c25 --- a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/03-pod.yaml +++ b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-03-apply-1-1.yaml @@ -6,4 +6,4 @@ metadata: spec: containers: - image: busybox - name: foreach-patchstrategicmerge-context-container \ No newline at end of file + name: foreach-patchstrategicmerge-context-container diff --git a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/03-assert.yaml b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 75% rename from test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/03-assert.yaml rename to test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-03-assert-1-1.yaml index 78031686e9..83cd78648e --- a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/03-assert.yaml +++ b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-step-03-assert-1-1.yaml @@ -6,4 +6,4 @@ metadata: spec: containers: - image: nginx - name: foreach-patchstrategicmerge-context-container \ No newline at end of file + name: foreach-patchstrategicmerge-context-container diff --git a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-test.yaml new file mode 100755 index 0000000000..e21fa53b46 --- /dev/null +++ b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-context/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: foreach-patchstrategicmerge-context +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - assert: + file: chainsaw-step-03-assert-1-1.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-preconditions/01-policy.yaml b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-preconditions/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-preconditions/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-preconditions/02-resource.yaml b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-preconditions/02-resource.yaml deleted file mode 100644 index b0ba0d3b42..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-preconditions/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-preconditions/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-preconditions/chainsaw-test.yaml new file mode 100755 index 0000000000..78d6641175 --- /dev/null +++ b/test/conformance/chainsaw/mutate/e2e/foreach-patchStrategicMerge-preconditions/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: foreach-patchstrategicmerge-preconditions +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/jmespath-logic/01-manifests.yaml b/test/conformance/chainsaw/mutate/e2e/jmespath-logic/01-manifests.yaml deleted file mode 100644 index 09c668d032..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/jmespath-logic/01-manifests.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: manifests -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml - - assert: - file: policy-one-ready.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/jmespath-logic/02-resource-one.yaml b/test/conformance/chainsaw/mutate/e2e/jmespath-logic/02-resource-one.yaml deleted file mode 100644 index dd06be5ccf..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/jmespath-logic/02-resource-one.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource-one -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/jmespath-logic/03-policy-two.yaml b/test/conformance/chainsaw/mutate/e2e/jmespath-logic/03-policy-two.yaml deleted file mode 100644 index dd4f8b3ba2..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/jmespath-logic/03-policy-two.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: mutate-policy -spec: - rules: - - name: gen-role - match: - any: - - resources: - kinds: - - ConfigMap - context: - - name: labelValue - apiCall: - urlPath: "/api/v1/namespaces/{{ request.object.metadata.namespace }}/configmaps" - jmesPath: "items[?metadata.name == 'source'].metadata.labels.\"kyverno.key/copy-me\" | [0]" - mutate: - patchStrategicMerge: - metadata: - labels: - +(kyverno.key/copy-me): "{{ labelValue }}" diff --git a/test/conformance/chainsaw/mutate/e2e/jmespath-logic/04-resource-two.yaml b/test/conformance/chainsaw/mutate/e2e/jmespath-logic/04-resource-two.yaml deleted file mode 100644 index fdf311fd00..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/jmespath-logic/04-resource-two.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource-two -spec: - timeouts: {} - try: - - apply: - file: resource-two.yaml - - assert: - file: resource-two-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/jmespath-logic/chainsaw-step-03-apply-1-1.yaml b/test/conformance/chainsaw/mutate/e2e/jmespath-logic/chainsaw-step-03-apply-1-1.yaml new file mode 100755 index 0000000000..4ab60c3095 --- /dev/null +++ b/test/conformance/chainsaw/mutate/e2e/jmespath-logic/chainsaw-step-03-apply-1-1.yaml @@ -0,0 +1,23 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: mutate-policy +spec: + rules: + - context: + - apiCall: + jmesPath: items[?metadata.name == 'source'].metadata.labels."kyverno.key/copy-me" + | [0] + urlPath: /api/v1/namespaces/{{ request.object.metadata.namespace }}/configmaps + name: labelValue + match: + any: + - resources: + kinds: + - ConfigMap + mutate: + patchStrategicMerge: + metadata: + labels: + +(kyverno.key/copy-me): '{{ labelValue }}' + name: gen-role diff --git a/test/conformance/chainsaw/mutate/e2e/jmespath-logic/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/e2e/jmespath-logic/chainsaw-test.yaml new file mode 100755 index 0000000000..4ada939c2a --- /dev/null +++ b/test/conformance/chainsaw/mutate/e2e/jmespath-logic/chainsaw-test.yaml @@ -0,0 +1,29 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: jmespath-logic +spec: + steps: + - name: step-01 + try: + - apply: + file: manifests.yaml + - assert: + file: policy-one-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-mutated.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - apply: + file: resource-two.yaml + - assert: + file: resource-two-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global-addifnotpresent/01-policy.yaml b/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global-addifnotpresent/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global-addifnotpresent/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global-addifnotpresent/02-resource.yaml b/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global-addifnotpresent/02-resource.yaml deleted file mode 100644 index e734589f8b..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global-addifnotpresent/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource01.yaml - - assert: - file: resource01-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global-addifnotpresent/03-resource.yaml b/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global-addifnotpresent/03-resource.yaml deleted file mode 100644 index a7e1222e95..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global-addifnotpresent/03-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource02.yaml - - assert: - file: resource02-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global-addifnotpresent/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global-addifnotpresent/chainsaw-test.yaml new file mode 100755 index 0000000000..82689f8c7d --- /dev/null +++ b/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global-addifnotpresent/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: patchstrategicmerge-global-addifnotpresent +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource01.yaml + - assert: + file: resource01-mutated.yaml + - name: step-03 + try: + - apply: + file: resource02.yaml + - assert: + file: resource02-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global/01-policy.yaml b/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global/02-resource.yaml b/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global/02-resource.yaml deleted file mode 100644 index b0ba0d3b42..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global/chainsaw-test.yaml new file mode 100755 index 0000000000..a370db73be --- /dev/null +++ b/test/conformance/chainsaw/mutate/e2e/patchStrategicMerge-global/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: patchstrategicmerge-global +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchesJson6902-replace/01-policy.yaml b/test/conformance/chainsaw/mutate/e2e/patchesJson6902-replace/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/patchesJson6902-replace/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchesJson6902-replace/02-resource.yaml b/test/conformance/chainsaw/mutate/e2e/patchesJson6902-replace/02-resource.yaml deleted file mode 100644 index b0ba0d3b42..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/patchesJson6902-replace/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchesJson6902-replace/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/e2e/patchesJson6902-replace/chainsaw-test.yaml new file mode 100755 index 0000000000..3b61df6ad9 --- /dev/null +++ b/test/conformance/chainsaw/mutate/e2e/patchesJson6902-replace/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: patchesjson6902-replace +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchesjson6902-simple/01-policy.yaml b/test/conformance/chainsaw/mutate/e2e/patchesjson6902-simple/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/patchesjson6902-simple/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchesjson6902-simple/02-resource.yaml b/test/conformance/chainsaw/mutate/e2e/patchesjson6902-simple/02-resource.yaml deleted file mode 100644 index b0ba0d3b42..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/patchesjson6902-simple/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/patchesjson6902-simple/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/e2e/patchesjson6902-simple/chainsaw-test.yaml new file mode 100755 index 0000000000..7fe9ccb2d3 --- /dev/null +++ b/test/conformance/chainsaw/mutate/e2e/patchesjson6902-simple/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: patchesjson6902-simple +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/simple-conditional/01-policy.yaml b/test/conformance/chainsaw/mutate/e2e/simple-conditional/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/simple-conditional/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/simple-conditional/02-resource.yaml b/test/conformance/chainsaw/mutate/e2e/simple-conditional/02-resource.yaml deleted file mode 100644 index 5f38c6cd40..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/simple-conditional/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: pod1.yaml - - assert: - file: pod1-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/simple-conditional/03-resource.yaml b/test/conformance/chainsaw/mutate/e2e/simple-conditional/03-resource.yaml deleted file mode 100644 index bdb3e2e61c..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/simple-conditional/03-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: pod2.yaml - - assert: - file: pod2-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/simple-conditional/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/e2e/simple-conditional/chainsaw-test.yaml new file mode 100755 index 0000000000..5f52825811 --- /dev/null +++ b/test/conformance/chainsaw/mutate/e2e/simple-conditional/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: simple-conditional +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: pod1.yaml + - assert: + file: pod1-mutated.yaml + - name: step-03 + try: + - apply: + file: pod2.yaml + - assert: + file: pod2-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/variables-in-keys/01-policy.yaml b/test/conformance/chainsaw/mutate/e2e/variables-in-keys/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/variables-in-keys/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/variables-in-keys/02-resource.yaml b/test/conformance/chainsaw/mutate/e2e/variables-in-keys/02-resource.yaml deleted file mode 100644 index b0ba0d3b42..0000000000 --- a/test/conformance/chainsaw/mutate/e2e/variables-in-keys/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/e2e/variables-in-keys/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/e2e/variables-in-keys/chainsaw-test.yaml new file mode 100755 index 0000000000..c4776c7a3c --- /dev/null +++ b/test/conformance/chainsaw/mutate/e2e/variables-in-keys/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: variables-in-keys +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/existing/preconditions/01-resources.yaml b/test/conformance/chainsaw/mutate/existing/preconditions/01-resources.yaml deleted file mode 100644 index 6433c34d01..0000000000 --- a/test/conformance/chainsaw/mutate/existing/preconditions/01-resources.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: resources.yaml diff --git a/test/conformance/chainsaw/mutate/existing/preconditions/02-policy.yaml b/test/conformance/chainsaw/mutate/existing/preconditions/02-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/mutate/existing/preconditions/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/mutate/existing/preconditions/03-resources-assert.yaml b/test/conformance/chainsaw/mutate/existing/preconditions/03-resources-assert.yaml deleted file mode 100644 index 0ec5d70967..0000000000 --- a/test/conformance/chainsaw/mutate/existing/preconditions/03-resources-assert.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources-assert -spec: - timeouts: {} - try: - - assert: - file: resources-assert.yaml diff --git a/test/conformance/chainsaw/mutate/existing/preconditions/04-resources-error.yaml b/test/conformance/chainsaw/mutate/existing/preconditions/04-resources-error.yaml deleted file mode 100644 index 298816e382..0000000000 --- a/test/conformance/chainsaw/mutate/existing/preconditions/04-resources-error.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources-error -spec: - timeouts: {} - try: - - error: - file: resources-error.yaml diff --git a/test/conformance/chainsaw/mutate/existing/preconditions/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/existing/preconditions/chainsaw-test.yaml new file mode 100755 index 0000000000..905dbec587 --- /dev/null +++ b/test/conformance/chainsaw/mutate/existing/preconditions/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: preconditions +spec: + steps: + - name: step-01 + try: + - apply: + file: resources.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - assert: + file: resources-assert.yaml + - name: step-04 + try: + - error: + file: resources-error.yaml diff --git a/test/conformance/chainsaw/mutate/policy/cornercases/foreach-remove-elements/01-policy.yaml b/test/conformance/chainsaw/mutate/policy/cornercases/foreach-remove-elements/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/policy/cornercases/foreach-remove-elements/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/policy/cornercases/foreach-remove-elements/02-pod.yaml b/test/conformance/chainsaw/mutate/policy/cornercases/foreach-remove-elements/02-pod.yaml deleted file mode 100644 index b6172499fe..0000000000 --- a/test/conformance/chainsaw/mutate/policy/cornercases/foreach-remove-elements/02-pod.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - apply: - file: pod.yaml - - assert: - file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/policy/cornercases/foreach-remove-elements/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/policy/cornercases/foreach-remove-elements/chainsaw-test.yaml new file mode 100755 index 0000000000..62d1e49ffc --- /dev/null +++ b/test/conformance/chainsaw/mutate/policy/cornercases/foreach-remove-elements/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: foreach-remove-elements +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod.yaml + - assert: + file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/01-ns.yaml b/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/01-ns.yaml deleted file mode 100644 index 40e75cbb78..0000000000 --- a/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/01-ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pol-mutate-existing-auth-check-ns \ No newline at end of file diff --git a/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/02-fail-no-permission.yaml b/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/02-fail-no-permission.yaml deleted file mode 100644 index bb09f49d44..0000000000 --- a/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/02-fail-no-permission.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: fail-no-permission -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: policy.yaml diff --git a/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/04-pass.yaml b/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/04-pass.yaml deleted file mode 100644 index a6fe7e06e5..0000000000 --- a/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/04-pass.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pass -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..c0caf65c38 --- /dev/null +++ b/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pol-mutate-existing-auth-check-ns diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/02-clusterrole.yaml b/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 97% rename from test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/02-clusterrole.yaml rename to test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/chainsaw-step-03-apply-1-1.yaml index b7cc486047..bdce3eef24 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/02-clusterrole.yaml +++ b/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/chainsaw-step-03-apply-1-1.yaml @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kyverno:background-controller:temp labels: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:temp rules: - apiGroups: - '*' @@ -17,4 +17,4 @@ rules: - patch - delete - get - - list \ No newline at end of file + - list diff --git a/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/chainsaw-test.yaml new file mode 100755 index 0000000000..9e4a61bdb2 --- /dev/null +++ b/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/chainsaw-test.yaml @@ -0,0 +1,28 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: auth-check +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: policy.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/foreach/add-and-remove/01-policy.yaml b/test/conformance/chainsaw/mutate/refactor/foreach/add-and-remove/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/foreach/add-and-remove/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/foreach/add-and-remove/02-pod.yaml b/test/conformance/chainsaw/mutate/refactor/foreach/add-and-remove/02-pod.yaml deleted file mode 100644 index b6172499fe..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/foreach/add-and-remove/02-pod.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - apply: - file: pod.yaml - - assert: - file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/foreach/add-and-remove/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/refactor/foreach/add-and-remove/chainsaw-test.yaml new file mode 100755 index 0000000000..a15350bbea --- /dev/null +++ b/test/conformance/chainsaw/mutate/refactor/foreach/add-and-remove/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: add-and-remove +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod.yaml + - assert: + file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/foreach/remove-and-add/01-policy.yaml b/test/conformance/chainsaw/mutate/refactor/foreach/remove-and-add/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/foreach/remove-and-add/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/foreach/remove-and-add/02-pod.yaml b/test/conformance/chainsaw/mutate/refactor/foreach/remove-and-add/02-pod.yaml deleted file mode 100644 index b6172499fe..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/foreach/remove-and-add/02-pod.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - apply: - file: pod.yaml - - assert: - file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/foreach/remove-and-add/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/refactor/foreach/remove-and-add/chainsaw-test.yaml new file mode 100755 index 0000000000..fcd845259e --- /dev/null +++ b/test/conformance/chainsaw/mutate/refactor/foreach/remove-and-add/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: remove-and-add +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod.yaml + - assert: + file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-ascending-order/01-policy.yaml b/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-ascending-order/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-ascending-order/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-ascending-order/02-pod.yaml b/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-ascending-order/02-pod.yaml deleted file mode 100644 index b6172499fe..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-ascending-order/02-pod.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - apply: - file: pod.yaml - - assert: - file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-ascending-order/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-ascending-order/chainsaw-test.yaml new file mode 100755 index 0000000000..2850775d1d --- /dev/null +++ b/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-ascending-order/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: remove-multiple-elements-in-ascending-order +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod.yaml + - assert: + file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-descending-order/01-policy.yaml b/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-descending-order/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-descending-order/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-descending-order/02-pod.yaml b/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-descending-order/02-pod.yaml deleted file mode 100644 index 4664caece5..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-descending-order/02-pod.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - apply: - file: pod.yaml - - assert: - file: pod-assert.yaml - - error: - file: pod-error.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-descending-order/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-descending-order/chainsaw-test.yaml new file mode 100755 index 0000000000..d1b96dc332 --- /dev/null +++ b/test/conformance/chainsaw/mutate/refactor/foreach/remove-multiple-elements-in-descending-order/chainsaw-test.yaml @@ -0,0 +1,21 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: remove-multiple-elements-in-descending-order +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod.yaml + - assert: + file: pod-assert.yaml + - error: + file: pod-error.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/k10-minimum-retention/01-crd.yaml b/test/conformance/chainsaw/mutate/refactor/k10-minimum-retention/01-crd.yaml deleted file mode 100644 index 36684ade76..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/k10-minimum-retention/01-crd.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: crd -spec: - timeouts: {} - try: - - apply: - file: crd.yaml - - assert: - file: crd-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/k10-minimum-retention/02-policy.yaml b/test/conformance/chainsaw/mutate/refactor/k10-minimum-retention/02-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/k10-minimum-retention/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/k10-minimum-retention/03-resource.yaml b/test/conformance/chainsaw/mutate/refactor/k10-minimum-retention/03-resource.yaml deleted file mode 100644 index b0ba0d3b42..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/k10-minimum-retention/03-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/k10-minimum-retention/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/refactor/k10-minimum-retention/chainsaw-test.yaml new file mode 100755 index 0000000000..60c3bd88d2 --- /dev/null +++ b/test/conformance/chainsaw/mutate/refactor/k10-minimum-retention/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: k10-minimum-retention +spec: + steps: + - name: step-01 + try: + - apply: + file: crd.yaml + - assert: + file: crd-assert.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - apply: + file: resource.yaml + - assert: + file: resource-mutated.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/nested-foreach/remove-all-env-vars/01-policy.yaml b/test/conformance/chainsaw/mutate/refactor/nested-foreach/remove-all-env-vars/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/nested-foreach/remove-all-env-vars/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/nested-foreach/remove-all-env-vars/02-pod.yaml b/test/conformance/chainsaw/mutate/refactor/nested-foreach/remove-all-env-vars/02-pod.yaml deleted file mode 100644 index 4664caece5..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/nested-foreach/remove-all-env-vars/02-pod.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - apply: - file: pod.yaml - - assert: - file: pod-assert.yaml - - error: - file: pod-error.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/nested-foreach/remove-all-env-vars/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/refactor/nested-foreach/remove-all-env-vars/chainsaw-test.yaml new file mode 100755 index 0000000000..ad1a8e3212 --- /dev/null +++ b/test/conformance/chainsaw/mutate/refactor/nested-foreach/remove-all-env-vars/chainsaw-test.yaml @@ -0,0 +1,21 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: remove-all-env-vars +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod.yaml + - assert: + file: pod-assert.yaml + - error: + file: pod-error.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-ascending-order/01-policy.yaml b/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-ascending-order/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-ascending-order/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-ascending-order/02-pod.yaml b/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-ascending-order/02-pod.yaml deleted file mode 100644 index b6172499fe..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-ascending-order/02-pod.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - apply: - file: pod.yaml - - assert: - file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-ascending-order/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-ascending-order/chainsaw-test.yaml new file mode 100755 index 0000000000..2850775d1d --- /dev/null +++ b/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-ascending-order/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: remove-multiple-elements-in-ascending-order +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod.yaml + - assert: + file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-descending-order/01-policy.yaml b/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-descending-order/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-descending-order/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-descending-order/02-pod.yaml b/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-descending-order/02-pod.yaml deleted file mode 100644 index b6172499fe..0000000000 --- a/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-descending-order/02-pod.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - apply: - file: pod.yaml - - assert: - file: pod-assert.yaml diff --git a/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-descending-order/chainsaw-test.yaml b/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-descending-order/chainsaw-test.yaml new file mode 100755 index 0000000000..f02e05dbc4 --- /dev/null +++ b/test/conformance/chainsaw/mutate/refactor/simple/remove-multiple-elements-in-descending-order/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: remove-multiple-elements-in-descending-order +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod.yaml + - assert: + file: pod-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/01-cluster-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/01-cluster-policy.yaml deleted file mode 100644 index 93bea49ced..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/01-cluster-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cluster-policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/02-manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/02-manifests.yaml deleted file mode 100644 index 81b88514a8..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/02-manifests.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: manifests -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - apply: - file: service.yaml - - assert: - file: service.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/03-path-service.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/03-path-service.yaml deleted file mode 100644 index 2331253a68..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/03-path-service.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: path-service -spec: - timeouts: {} - try: - - script: - content: | - kubectl patch service podinfo -p '{"metadata":{"finalizers":["bburky.com/hax"]}}' -n apply-on-deletion-ns - kubectl delete service podinfo --wait=false -n apply-on-deletion-ns diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/04-script-patch-svc-type.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/04-script-patch-svc-type.yaml deleted file mode 100644 index cd43bd72b6..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/04-script-patch-svc-type.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script-patch-svc-type -spec: - timeouts: {} - try: - - script: - content: "if kubectl patch service podinfo -p '{\"spec\":{\"type\":\"NodePort\",\"ports\":[{\"port\":9898,\"nodePort\":32000}]}}' - -n apply-on-deletion-ns\nthen \n echo \"Tested failed. The service type cannot - be changed to NodePort\"\n exit 1 \nelse \n echo \"Test succeeded. The service - update is blocked\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/06-remove-finalizer.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/06-remove-finalizer.yaml deleted file mode 100644 index 2d992d04cc..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/06-remove-finalizer.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: remove-finalizer -spec: - timeouts: {} - try: - - script: - content: | - kubectl patch service podinfo -p '{"metadata":{"finalizers":null}}' -n apply-on-deletion-ns diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/05-update-svc-label.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/chainsaw-step-05-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 96% rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/05-update-svc-label.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/chainsaw-step-05-apply-1-1.yaml index 120e731226..59c522817e --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/05-update-svc-label.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/chainsaw-step-05-apply-1-1.yaml @@ -1,11 +1,11 @@ apiVersion: v1 kind: Service metadata: - name: podinfo - namespace: apply-on-deletion-ns labels: name: podinfo namespace: apply-on-deletion-ns + name: podinfo + namespace: apply-on-deletion-ns spec: internalTrafficPolicy: Cluster ipFamilies: @@ -23,4 +23,4 @@ spec: selector: app: podinfo sessionAffinity: None - type: ClusterIP \ No newline at end of file + type: ClusterIP diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/chainsaw-test.yaml new file mode 100755 index 0000000000..a4e9759542 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: apply-on-deletion +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - apply: + file: service.yaml + - assert: + file: service.yaml + - name: step-03 + try: + - script: + content: | + kubectl patch service podinfo -p '{"metadata":{"finalizers":["bburky.com/hax"]}}' -n apply-on-deletion-ns + kubectl delete service podinfo --wait=false -n apply-on-deletion-ns + - name: step-04 + try: + - script: + content: "if kubectl patch service podinfo -p '{\"spec\":{\"type\":\"NodePort\",\"ports\":[{\"port\":9898,\"nodePort\":32000}]}}' + -n apply-on-deletion-ns\nthen \n echo \"Tested failed. The service type + cannot be changed to NodePort\"\n exit 1 \nelse \n echo \"Test succeeded. + The service update is blocked\"\n exit 0\nfi\n" + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1-1.yaml + - name: step-06 + try: + - script: + content: | + kubectl patch service podinfo -p '{"metadata":{"finalizers":null}}' -n apply-on-deletion-ns diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/02-resources.yaml deleted file mode 100644 index 0f9e6dfaa2..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/02-resources.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f pod-fail.yaml 2>&1 | grep -q 'host-port-pods: - hostPort must either be unset or set to 0' \nthen \n echo \"Test succeeded. - The message is displayed.\"\n exit 0\nelse \n echo \"Test failed. The - message isn't found.\"\n exit 1\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/chainsaw-test.yaml new file mode 100755 index 0000000000..a6f07d08cf --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/chainsaw-test.yaml @@ -0,0 +1,20 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cel-messages-upon-resource-failure +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - script: + content: "if kubectl apply -f pod-fail.yaml 2>&1 | grep -q 'host-port-pods: + hostPort must either be unset or set to 0' \nthen \n echo \"Test succeeded. + The message is displayed.\"\n exit 0\nelse \n echo \"Test failed. + The message isn't found.\"\n exit 1\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/02-resource.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/02-resource.yaml deleted file mode 100644 index 07a73f22a0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/02-resource.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - file: resource.yaml - - assert: - file: resource-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/03-debug.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/03-debug.yaml deleted file mode 100644 index dc4d6d5054..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/03-debug.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: debug -spec: - timeouts: {} - try: - - command: - args: - - debug - - --image=bar.io/busybox:1.35 - - -c - - debugger - - mypod - - -n - - default - entrypoint: kubectl diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/04-debugassert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/chainsaw-step-04-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 91% rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/04-debugassert.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/chainsaw-step-04-apply-1-1.yaml index ae7d9b4598..dedefa814a --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/04-debugassert.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/chainsaw-step-04-apply-1-1.yaml @@ -9,4 +9,4 @@ spec: name: busybox ephemeralContainers: - image: bar.io/busybox:1.35 - name: debugger \ No newline at end of file + name: debugger diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/chainsaw-test.yaml new file mode 100755 index 0000000000..38fa3aa543 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: ephemeral-containers +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - assert: + file: resource-assert.yaml + - name: step-03 + try: + - command: + args: + - debug + - --image=bar.io/busybox:1.35 + - -c + - debugger + - mypod + - -n + - default + entrypoint: kubectl + - name: step-04 + try: + - apply: + file: chainsaw-step-04-apply-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/00-keda.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/00-keda.yaml deleted file mode 100644 index 13c5d4b2b2..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/00-keda.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: keda -spec: - timeouts: {} - try: - - apply: - file: keda.yaml - - assert: - file: keda-ready.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/01-cluster-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/01-cluster-policy.yaml deleted file mode 100644 index e8e70ecd4a..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/01-cluster-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: cluster-policy -spec: - timeouts: {} - try: - - apply: - file: cluster-policy.yaml - - assert: - file: cluster-policy-ready.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/02-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/02-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/chainsaw-test.yaml new file mode 100755 index 0000000000..fb1b4a5da0 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: external-metrics +spec: + steps: + - name: step-00 + try: + - apply: + file: keda.yaml + - assert: + file: keda-ready.yaml + - name: step-01 + try: + - apply: + file: cluster-policy.yaml + - assert: + file: cluster-policy-ready.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/00-clusterrole.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/chainsaw-step-00-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 97% rename from test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/00-clusterrole.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/chainsaw-step-00-apply-1-1.yaml index b094e55fb2..b1154879ed --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/00-clusterrole.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/chainsaw-step-00-apply-1-1.yaml @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kyverno:background-controller:temp labels: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:temp rules: - apiGroups: - '*' @@ -17,4 +17,4 @@ rules: - patch - delete - get - - list \ No newline at end of file + - list diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/chainsaw-test.yaml new file mode 100755 index 0000000000..9057cf167e --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/chainsaw-test.yaml @@ -0,0 +1,17 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: schema-validation-for-mutateexisting +spec: + steps: + - name: step-00 + try: + - apply: + file: chainsaw-step-00-apply-1-1.yaml + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/01-manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/01-manifests.yaml deleted file mode 100644 index 290c9a4113..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/01-manifests.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: ingress-unique-host -spec: - validationFailureAction: Enforce - failurePolicy: Fail - rules: - - name: unique-ingress-against-other-ingress-class - match: # match any ingress resource - all: - - resources: - kinds: - - Ingress - context: - - name: requestIngressClass - variable: - jmesPath: request.object.metadata.annotations."kubernetes.io/ingress.class" - # Create a list of ingresses, excluding the ingress we are currently reviewing - - name: ingresses - apiCall: - urlPath: '/apis/networking.k8s.io/v1/ingresses' - jmesPath: items[?metadata.name != '{{ request.object.metadata.name }}'] - preconditions: - all: - - key: "{{ request.operation }}" - operator: AnyIn - value: - - CREATE - - UPDATE - validate: - message: > - Ingress must have a unique hostname across different ingress classes - deny: - conditions: - any: - # select ingresses with ingress class that does NOT match the class of the request object - # compare the request object hosts against the selected set of hosts - if they match, deny - - key: '{{ request.object.spec.rules[].host }}' - operator: AnyIn - value: "{{ingresses[?metadata.annotations.\"kubernetes.io/ingress.class\" != '{{ request.object.metadata.annotations.\"kubernetes.io/ingress.class\" }}'].spec.rules[].host }}" ---- -apiVersion: v1 -kind: Namespace -metadata: - name: test-ingress ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - kubernetes.io/ingress.class: nginx - name: my-app-ingress - namespace: test-ingress -spec: - rules: - - host: my-app.myorg.io - http: - paths: - - backend: - service: - name: my-app-deployment - port: - number: 80 - path: / - pathType: ImplementationSpecific \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/02-teststep.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/02-teststep.yaml deleted file mode 100644 index 02acd1a89e..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/02-teststep.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: teststep -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: networking.k8s.io/v1 - kind: Ingress - name: my-app-ingress - namespace: test-ingress diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..01b7c33117 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,40 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: ingress-unique-host +spec: + failurePolicy: Fail + rules: + - context: + - name: requestIngressClass + variable: + jmesPath: request.object.metadata.annotations."kubernetes.io/ingress.class" + - apiCall: + jmesPath: items[?metadata.name != '{{ request.object.metadata.name }}'] + urlPath: /apis/networking.k8s.io/v1/ingresses + name: ingresses + match: + all: + - resources: + kinds: + - Ingress + name: unique-ingress-against-other-ingress-class + preconditions: + all: + - key: '{{ request.operation }}' + operator: AnyIn + value: + - CREATE + - UPDATE + validate: + deny: + conditions: + any: + - key: '{{ request.object.spec.rules[].host }}' + operator: AnyIn + value: '{{ingresses[?metadata.annotations."kubernetes.io/ingress.class" + != ''{{ request.object.metadata.annotations."kubernetes.io/ingress.class" + }}''].spec.rules[].host }}' + message: | + Ingress must have a unique hostname across different ingress classes + validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..bc351174ad --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-ingress diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..0edc306785 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + name: my-app-ingress + namespace: test-ingress +spec: + rules: + - host: my-app.myorg.io + http: + paths: + - backend: + service: + name: my-app-deployment + port: + number: 80 + path: / + pathType: ImplementationSpecific diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/01-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 58% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/01-assert.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-assert-1-1.yaml index 23f97ed230..0c97fb1ab2 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/01-assert.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-assert-1-1.yaml @@ -1,4 +1,3 @@ ---- apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: @@ -8,9 +7,3 @@ status: - reason: Succeeded status: "True" type: Ready ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: my-app-ingress - namespace: test-ingress diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..eba6ba8f30 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,5 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: my-app-ingress + namespace: test-ingress diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-test.yaml new file mode 100755 index 0000000000..511819c76c --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-test.yaml @@ -0,0 +1,27 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: lazyload +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - name: step-02 + try: + - delete: + ref: + apiVersion: networking.k8s.io/v1 + kind: Ingress + name: my-app-ingress + namespace: test-ingress diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-manifests.yaml deleted file mode 100644 index 9251b58028..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-manifests.yaml +++ /dev/null @@ -1,81 +0,0 @@ - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-controller - app.kubernetes.io/instance: kyverno - app.kubernetes.io/part-of: kyverno - name: kyverno:subjectaccessreviews -rules: -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-controller - app.kubernetes.io/instance: kyverno - app.kubernetes.io/part-of: kyverno - name: kyverno:namespace-delete -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - delete - resourceNames: - - test-sar ---- -apiVersion: v1 -kind: Namespace -metadata: - name: test-sar ---- -apiVersion: kyverno.io/v2beta1 -kind: ClusterPolicy -metadata: - name: check-subjectaccessreview -spec: - validationFailureAction: Enforce - background: false - rules: - - name: check-sar - match: - any: - - resources: - kinds: - - ConfigMap - context: - - name: subjectaccessreview - apiCall: - urlPath: /apis/authorization.k8s.io/v1/subjectaccessreviews - method: POST - data: - - key: kind - value: SubjectAccessReview - - key: apiVersion - value: authorization.k8s.io/v1 - - key: spec - value: - resourceAttributes: - resource: namespaces - name: "{{ request.namespace }}" - verb: "delete" - group: "" - #user: "{{ request.userInfo.username }}" - user: "system:serviceaccount:kyverno:kyverno-admission-controller" - validate: - message: "User is not authorized." - deny: - conditions: - any: - - key: "{{ subjectaccessreview.status.allowed }}" - operator: NotEquals - value: true diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/02-teststep.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/02-teststep.yaml deleted file mode 100644 index dda504b8c5..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/02-teststep.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: teststep -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: cm-default-ns.yaml - - apply: - file: cm-test-ns.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..7996413c53 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-controller + app.kubernetes.io/instance: kyverno + app.kubernetes.io/part-of: kyverno + name: kyverno:subjectaccessreviews +rules: +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - '*' diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..c71722f303 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-controller + app.kubernetes.io/instance: kyverno + app.kubernetes.io/part-of: kyverno + name: kyverno:namespace-delete +rules: +- apiGroups: + - "" + resourceNames: + - test-sar + resources: + - namespaces + verbs: + - delete diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..ebe7112152 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-sar diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-4.yaml new file mode 100755 index 0000000000..8b82595629 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-4.yaml @@ -0,0 +1,40 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: check-subjectaccessreview +spec: + background: false + rules: + - context: + - apiCall: + data: + - key: kind + value: SubjectAccessReview + - key: apiVersion + value: authorization.k8s.io/v1 + - key: spec + value: + resourceAttributes: + group: "" + name: '{{ request.namespace }}' + resource: namespaces + verb: delete + user: system:serviceaccount:kyverno:kyverno-admission-controller + method: POST + urlPath: /apis/authorization.k8s.io/v1/subjectaccessreviews + name: subjectaccessreview + match: + any: + - resources: + kinds: + - ConfigMap + name: check-sar + validate: + deny: + conditions: + any: + - key: '{{ subjectaccessreview.status.allowed }}' + operator: NotEquals + value: true + message: User is not authorized. + validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-assert.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-test.yaml new file mode 100755 index 0000000000..d5a51bcc78 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-test.yaml @@ -0,0 +1,28 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: subjectaccessreview +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: cm-default-ns.yaml + - apply: + file: cm-test-ns.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-clusterRoles/01-script-check-for-output.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-clusterRoles/01-script-check-for-output.yaml deleted file mode 100644 index d2a644b51e..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-clusterRoles/01-script-check-for-output.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script-check-for-output -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'invalid variable - used' \nthen \n echo \"Test succeeded. The phrase 'invalid variable used' - is found.\"\n exit 0\nelse \n echo \"Test failed. The phrase 'invalid - variable used' has not been found.\"\n exit 1\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-clusterRoles/02-errors.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-clusterRoles/chainsaw-step-02-error-1-1.yaml old mode 100644 new mode 100755 similarity index 69% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-clusterRoles/02-errors.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-clusterRoles/chainsaw-step-02-error-1-1.yaml index 7a7a97568d..076e6c1e59 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-clusterRoles/02-errors.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-clusterRoles/chainsaw-step-02-error-1-1.yaml @@ -3,20 +3,20 @@ kind: ClusterPolicy metadata: name: background-match-clusterroles spec: - validationFailureAction: Audit background: true rules: - - name: ns-clusterroles - match: + - match: any: - - resources: + - clusterRoles: + - foo-admin + resources: kinds: - - Pod - clusterRoles: - - foo-admin + - Pod + name: ns-clusterroles validate: message: The `owner` label is required for all Namespaces. pattern: metadata: labels: - owner: "?*" \ No newline at end of file + owner: ?* + validationFailureAction: Audit diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-clusterRoles/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-clusterRoles/chainsaw-test.yaml new file mode 100755 index 0000000000..45026fec30 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-clusterRoles/chainsaw-test.yaml @@ -0,0 +1,18 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: background-match-clusterroles +spec: + steps: + - name: step-01 + try: + - script: + content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'invalid variable + used' \nthen \n echo \"Test succeeded. The phrase 'invalid variable used' + is found.\"\n exit 0\nelse \n echo \"Test failed. The phrase 'invalid + variable used' has not been found.\"\n exit 1\nfi\n" + - name: step-02 + try: + - error: + file: chainsaw-step-02-error-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-roles/01-script-check-for-output.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-roles/01-script-check-for-output.yaml deleted file mode 100644 index d2a644b51e..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-roles/01-script-check-for-output.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script-check-for-output -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'invalid variable - used' \nthen \n echo \"Test succeeded. The phrase 'invalid variable used' - is found.\"\n exit 0\nelse \n echo \"Test failed. The phrase 'invalid - variable used' has not been found.\"\n exit 1\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-roles/02-errors.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-roles/chainsaw-step-02-error-1-1.yaml old mode 100644 new mode 100755 similarity index 78% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-roles/02-errors.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-roles/chainsaw-step-02-error-1-1.yaml index 28f5299a20..334e46d5f2 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-roles/02-errors.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-roles/chainsaw-step-02-error-1-1.yaml @@ -3,20 +3,20 @@ kind: ClusterPolicy metadata: name: background-match-roles spec: - validationFailureAction: Audit background: true rules: - - name: ns-roles - match: + - match: any: - resources: kinds: - - Pod + - Pod roles: - - foo-role + - foo-role + name: ns-roles validate: message: The `owner` label is required for all Namespaces. pattern: metadata: labels: - owner: "?*" \ No newline at end of file + owner: ?* + validationFailureAction: Audit diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-roles/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-roles/chainsaw-test.yaml new file mode 100755 index 0000000000..2c247a5fb6 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-match-roles/chainsaw-test.yaml @@ -0,0 +1,18 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: background-match-roles +spec: + steps: + - name: step-01 + try: + - script: + content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'invalid variable + used' \nthen \n echo \"Test succeeded. The phrase 'invalid variable used' + is found.\"\n exit 0\nelse \n echo \"Test failed. The phrase 'invalid + variable used' has not been found.\"\n exit 1\nfi\n" + - name: step-02 + try: + - error: + file: chainsaw-step-02-error-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-roles/01-script-check-for-output.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-roles/01-script-check-for-output.yaml deleted file mode 100644 index 8bf3a886f3..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-roles/01-script-check-for-output.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script-check-for-output -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'variable {{request.roles}} - is not allowed' \nthen \n echo \"Test succeeded. The phrase 'variable {{request.roles}} - is not allowed' is found.\"\n exit 0\nelse \n echo \"Test failed. The - phrase 'variable {{request.roles}} is not allowed' has not been found.\"\n - \ exit 1\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-roles/02-errors.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-roles/chainsaw-step-02-error-1-1.yaml old mode 100644 new mode 100755 similarity index 78% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-roles/02-errors.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-roles/chainsaw-step-02-error-1-1.yaml index 8ddd546f19..3c07232669 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-roles/02-errors.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-roles/chainsaw-step-02-error-1-1.yaml @@ -3,18 +3,18 @@ kind: ClusterPolicy metadata: name: background-vars-roles spec: - validationFailureAction: Audit background: true rules: - - name: ns-vars-roles - match: + - match: any: - resources: kinds: - - Pod + - Pod + name: ns-vars-roles validate: message: The `owner` label is required for all Namespaces. pattern: metadata: labels: - foo: "{{request.roles}}" \ No newline at end of file + foo: '{{request.roles}}' + validationFailureAction: Audit diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-roles/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-roles/chainsaw-test.yaml new file mode 100755 index 0000000000..645945de07 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-roles/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: background-vars-roles +spec: + steps: + - name: step-01 + try: + - script: + content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'variable {{request.roles}} + is not allowed' \nthen \n echo \"Test succeeded. The phrase 'variable + {{request.roles}} is not allowed' is found.\"\n exit 0\nelse \n echo + \"Test failed. The phrase 'variable {{request.roles}} is not allowed' has + not been found.\"\n exit 1\nfi\n" + - name: step-02 + try: + - error: + file: chainsaw-step-02-error-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-serviceAccountName/01-script-check-for-output.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-serviceAccountName/01-script-check-for-output.yaml deleted file mode 100644 index 87fe149843..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-serviceAccountName/01-script-check-for-output.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script-check-for-output -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'variable {{serviceAccountName}} - is not allowed' \nthen \n echo \"Test succeeded. The phrase 'variable {{serviceAccountName}} - is not allowed' is found.\"\n exit 0\nelse \n echo \"Test failed. The - phrase 'variable {{serviceAccountName}} is not allowed' has not been found.\"\n - \ exit 1\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-serviceAccountName/02-errors.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-serviceAccountName/chainsaw-step-02-error-1-1.yaml old mode 100644 new mode 100755 similarity index 76% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-serviceAccountName/02-errors.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-serviceAccountName/chainsaw-step-02-error-1-1.yaml index 071a720227..3c6208e302 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-serviceAccountName/02-errors.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-serviceAccountName/chainsaw-step-02-error-1-1.yaml @@ -3,18 +3,18 @@ kind: ClusterPolicy metadata: name: background-vars-serviceaccountname spec: - validationFailureAction: Audit background: true rules: - - name: ns-vars-serviceaccountname - match: + - match: any: - resources: kinds: - - Pod + - Pod + name: ns-vars-serviceaccountname validate: message: The `owner` label is required for all Namespaces. pattern: metadata: labels: - baz: "{{serviceAccountName}}" \ No newline at end of file + baz: '{{serviceAccountName}}' + validationFailureAction: Audit diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-serviceAccountName/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-serviceAccountName/chainsaw-test.yaml new file mode 100755 index 0000000000..9fede504a0 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-serviceAccountName/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: background-vars-serviceaccountname +spec: + steps: + - name: step-01 + try: + - script: + content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'variable {{serviceAccountName}} + is not allowed' \nthen \n echo \"Test succeeded. The phrase 'variable + {{serviceAccountName}} is not allowed' is found.\"\n exit 0\nelse \n + \ echo \"Test failed. The phrase 'variable {{serviceAccountName}} is not + allowed' has not been found.\"\n exit 1\nfi\n" + - name: step-02 + try: + - error: + file: chainsaw-step-02-error-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-userInfo/01-script-check-for-output.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-userInfo/01-script-check-for-output.yaml deleted file mode 100644 index 84a51f07d9..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-userInfo/01-script-check-for-output.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script-check-for-output -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'variable {{request.userInfo}} - is not allowed' \nthen \n echo \"Test succeeded. The phrase 'variable {{request.userInfo}} - is not allowed' is found.\"\n exit 0\nelse \n echo \"Test failed. The - phrase 'variable {{request.userInfo}} is not allowed' has not been found.\"\n - \ exit 1\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-userInfo/02-errors.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-userInfo/chainsaw-step-02-error-1-1.yaml old mode 100644 new mode 100755 similarity index 77% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-userInfo/02-errors.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-userInfo/chainsaw-step-02-error-1-1.yaml index 2534e8b57f..1c57165c64 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-userInfo/02-errors.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-userInfo/chainsaw-step-02-error-1-1.yaml @@ -3,18 +3,18 @@ kind: ClusterPolicy metadata: name: background-vars-userinfo spec: - validationFailureAction: Audit background: true rules: - - name: ns-vars-userinfo - match: + - match: any: - resources: kinds: - - Pod + - Pod + name: ns-vars-userinfo validate: message: The `owner` label is required for all Namespaces. pattern: metadata: labels: - owner: "{{request.userInfo}}" \ No newline at end of file + owner: '{{request.userInfo}}' + validationFailureAction: Audit diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-userInfo/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-userInfo/chainsaw-test.yaml new file mode 100755 index 0000000000..8abacab625 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/background-vars-userInfo/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: background-vars-userinfo +spec: + steps: + - name: step-01 + try: + - script: + content: "if kubectl apply -f manifests.yaml 2>&1 | grep -q 'variable {{request.userInfo}} + is not allowed' \nthen \n echo \"Test succeeded. The phrase 'variable + {{request.userInfo}} is not allowed' is found.\"\n exit 0\nelse \n echo + \"Test failed. The phrase 'variable {{request.userInfo}} is not allowed' + has not been found.\"\n exit 1\nfi\n" + - name: step-02 + try: + - error: + file: chainsaw-step-02-error-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/01-manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/01-manifests.yaml deleted file mode 100644 index 6f0f902ec5..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/01-manifests.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: test-cm-lookup ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: test-cm-lookup - name: keys -data: - foo: bar ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: validate-labels -spec: - validationFailureAction: Audit - background: true - rules: - - name: validate-labels - match: - any: - - resources: - kinds: - - Pod - context: - - name: keys - configMap: - name: keys - namespace: test-cm-lookup - validate: - pattern: - metadata: - labels: - foo: "{{ keys.data.foo }}" \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..87054ea19a --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-cm-lookup diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..93d1b33db9 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + foo: bar +kind: ConfigMap +metadata: + name: keys + namespace: test-cm-lookup diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..8788990515 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,24 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: validate-labels +spec: + background: true + rules: + - context: + - configMap: + name: keys + namespace: test-cm-lookup + name: keys + match: + any: + - resources: + kinds: + - Pod + name: validate-labels + validate: + pattern: + metadata: + labels: + foo: '{{ keys.data.foo }}' + validationFailureAction: Audit diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/01-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/01-assert.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/02-goodpod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 85% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/02-goodpod.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-02-apply-1-1.yaml index 74097529b4..5a2df4e03e --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/02-goodpod.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-02-apply-1-1.yaml @@ -1,11 +1,11 @@ apiVersion: v1 kind: Pod metadata: - name: test-cm-lookup-pod - namespace: test-cm-lookup labels: foo: bar + name: test-cm-lookup-pod + namespace: test-cm-lookup spec: containers: - image: nginx - name: test-cm-lookup \ No newline at end of file + name: test-cm-lookup diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/02-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 68% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/02-assert.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-02-assert-1-1.yaml index cd6d198362..919fd1da4f --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/02-assert.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-02-assert-1-1.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: Pod metadata: name: test-cm-lookup-pod - namespace: test-cm-lookup \ No newline at end of file + namespace: test-cm-lookup diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/03-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-03-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 97% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/03-assert.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-03-assert-1-1.yaml index d5f9565351..e55c5bc584 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/03-assert.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-03-assert-1-1.yaml @@ -18,4 +18,4 @@ summary: fail: 0 pass: 1 skip: 0 - warn: 0 \ No newline at end of file + warn: 0 diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-test.yaml new file mode 100755 index 0000000000..527f950b61 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-test.yaml @@ -0,0 +1,27 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: configmap-context-lookup +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - assert: + file: chainsaw-step-03-assert-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/01-serviceaccount.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/01-serviceaccount.yaml deleted file mode 100644 index 995712f187..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/01-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: serviceaccount -spec: - timeouts: {} - try: - - apply: - file: serviceaccount.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/02-rbac.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/02-rbac.yaml deleted file mode 100644 index 36f4242fac..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/02-rbac.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: rbac -spec: - timeouts: {} - try: - - apply: - file: rbac.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/03-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/03-policy.yaml deleted file mode 100644 index 909c002ac4..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/03-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/04-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/04-pod.yaml deleted file mode 100644 index 6e5d4d3e5b..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/04-pod.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - command: - args: - - apply - - -f - - ./pod.yaml - - --as=system:serviceaccount:default:test-account - entrypoint: kubectl diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/chainsaw-test.yaml new file mode 100755 index 0000000000..455a1d211d --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/with-permissions/chainsaw-test.yaml @@ -0,0 +1,30 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: with-permissions +spec: + steps: + - name: step-01 + try: + - apply: + file: serviceaccount.yaml + - name: step-02 + try: + - apply: + file: rbac.yaml + - name: step-03 + try: + - apply: + file: policy.yaml + - assert: + file: policy.yaml + - name: step-04 + try: + - command: + args: + - apply + - -f + - ./pod.yaml + - --as=system:serviceaccount:default:test-account + entrypoint: kubectl diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/01-serviceaccount.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/01-serviceaccount.yaml deleted file mode 100644 index 995712f187..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/01-serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: serviceaccount -spec: - timeouts: {} - try: - - apply: - file: serviceaccount.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/02-rbac.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/02-rbac.yaml deleted file mode 100644 index 36f4242fac..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/02-rbac.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: rbac -spec: - timeouts: {} - try: - - apply: - file: rbac.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/03-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/03-policy.yaml deleted file mode 100644 index 909c002ac4..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/03-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/04-deployment.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/04-deployment.yaml deleted file mode 100644 index f9a71333d4..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/04-deployment.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: deployment -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f ./deployment.yaml --as=system:serviceaccount:default:test-account-1\nthen\n - \ echo \"Test failed. Deployment shouldn't be created.\"\n exit 1\nelse \n - \ echo \"Test succeeded. Deployment isn't created as expected.\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/chainsaw-test.yaml new file mode 100755 index 0000000000..481dd62215 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/authorizor-checks/without-permissions/chainsaw-test.yaml @@ -0,0 +1,28 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: without-permissions +spec: + steps: + - name: step-01 + try: + - apply: + file: serviceaccount.yaml + - name: step-02 + try: + - apply: + file: rbac.yaml + - name: step-03 + try: + - apply: + file: policy.yaml + - assert: + file: policy.yaml + - name: step-04 + try: + - script: + content: "if kubectl apply -f ./deployment.yaml --as=system:serviceaccount:default:test-account-1\nthen\n + \ echo \"Test failed. Deployment shouldn't be created.\"\n exit 1\nelse + \n echo \"Test succeeded. Deployment isn't created as expected.\"\n exit + 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/02-resources.yaml deleted file mode 100644 index 8f5676912c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/02-resources.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: pod-pass.yaml - - apply: - expect: - - check: - ($error != null): true - file: pod-fail.yaml - finally: - - sleep: - duration: 5s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/chainsaw-test.yaml new file mode 100755 index 0000000000..79cf9d4a0d --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cel-preconditions +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - finally: + - sleep: + duration: 5s + name: step-02 + try: + - apply: + file: pod-pass.yaml + - apply: + expect: + - check: + ($error != null): true + file: pod-fail.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/01-ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/01-ns.yaml deleted file mode 100644 index 3dee45aec0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/01-ns.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: ns -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: ns.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/02-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/02-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/03-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/03-resources.yaml deleted file mode 100644 index f1862217bb..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/03-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: deployments-pass.yaml - - apply: - expect: - - check: - ($error != null): true - file: deployments-fail.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/04-sleep.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/04-sleep.yaml deleted file mode 100644 index 2cb97b9e36..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/04-sleep.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - sleep: - duration: 3s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/chainsaw-test.yaml new file mode 100755 index 0000000000..6ce3547f3b --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/chainsaw-test.yaml @@ -0,0 +1,32 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: cel-variables +spec: + steps: + - name: step-01 + try: + - apply: + file: ns.yaml + - assert: + file: ns.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-03 + try: + - apply: + file: deployments-pass.yaml + - apply: + expect: + - check: + ($error != null): true + file: deployments-fail.yaml + - name: step-04 + try: + - sleep: + duration: 3s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/01-ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/01-ns.yaml deleted file mode 100644 index 3dee45aec0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/01-ns.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: ns -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: ns.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/02-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/02-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/03-statefulset.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/03-statefulset.yaml deleted file mode 100644 index 06a8691af4..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/03-statefulset.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: statefulset -spec: - timeouts: {} - try: - - apply: - file: statefulset-pass.yaml - - apply: - expect: - - check: - ($error != null): true - file: statefulset-fail.yaml - finally: - - sleep: - duration: 5s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/chainsaw-test.yaml new file mode 100755 index 0000000000..c997c6c2b2 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/chainsaw-test.yaml @@ -0,0 +1,31 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: check-statefulset-namespace +spec: + steps: + - name: step-01 + try: + - apply: + file: ns.yaml + - assert: + file: ns.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - finally: + - sleep: + duration: 5s + name: step-03 + try: + - apply: + file: statefulset-pass.yaml + - apply: + expect: + - check: + ($error != null): true + file: statefulset-fail.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/02-resources.yaml deleted file mode 100644 index 0baa90ace7..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/02-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: pod-pass.yaml - - apply: - expect: - - check: - ($error != null): true - file: pod-fail.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/chainsaw-test.yaml new file mode 100755 index 0000000000..b2e02b4267 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/chainsaw-test.yaml @@ -0,0 +1,22 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: disallow-host-port +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod-pass.yaml + - apply: + expect: + - check: + ($error != null): true + file: pod-fail.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/01-crd.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/01-crd.yaml deleted file mode 100644 index 36684ade76..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/01-crd.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: crd -spec: - timeouts: {} - try: - - apply: - file: crd.yaml - - assert: - file: crd-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/02-namespaceConstraint.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/02-namespaceConstraint.yaml deleted file mode 100644 index fc937fcebf..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/02-namespaceConstraint.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: namespace-constraint -spec: - timeouts: {} - try: - - apply: - file: namespaceConstraint.yaml - - assert: - file: namespaceConstraint.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/03-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/03-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/03-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/04-ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/04-ns.yaml deleted file mode 100644 index 670b9ceb73..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/04-ns.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: ns -spec: - timeouts: {} - try: - - apply: - file: ns-pass.yaml - - apply: - expect: - - check: - ($error != null): true - file: ns-fail.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/chainsaw-test.yaml new file mode 100755 index 0000000000..8871cb6e51 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/chainsaw-test.yaml @@ -0,0 +1,34 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: clusterscoped +spec: + steps: + - name: step-01 + try: + - apply: + file: crd.yaml + - assert: + file: crd-assert.yaml + - name: step-02 + try: + - apply: + file: namespaceConstraint.yaml + - assert: + file: namespaceConstraint.yaml + - name: step-03 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-04 + try: + - apply: + file: ns-pass.yaml + - apply: + expect: + - check: + ($error != null): true + file: ns-fail.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/01-crd.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/01-crd.yaml deleted file mode 100644 index 36684ade76..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/01-crd.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: crd -spec: - timeouts: {} - try: - - apply: - file: crd.yaml - - assert: - file: crd-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/02-nameConstraint.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/02-nameConstraint.yaml deleted file mode 100644 index df09445ef6..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/02-nameConstraint.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: name-constraint -spec: - timeouts: {} - try: - - apply: - file: nameConstraint.yaml - - assert: - file: nameConstraint.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/03-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/03-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/03-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/04-ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/04-ns.yaml deleted file mode 100644 index 6f5526242b..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/04-ns.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: ns -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: ns.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml new file mode 100755 index 0000000000..86be2ee5e7 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml @@ -0,0 +1,32 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: match-clusterscoped-resource +spec: + steps: + - name: step-01 + try: + - apply: + file: crd.yaml + - assert: + file: crd-assert.yaml + - name: step-02 + try: + - apply: + file: nameConstraint.yaml + - assert: + file: nameConstraint.yaml + - name: step-03 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-04 + try: + - apply: + expect: + - check: + ($error != null): true + file: ns.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/01-ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/01-ns.yaml deleted file mode 100644 index 3dee45aec0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/01-ns.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: ns -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: ns.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/02-crd.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/02-crd.yaml deleted file mode 100644 index 36684ade76..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/02-crd.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: crd -spec: - timeouts: {} - try: - - apply: - file: crd.yaml - - assert: - file: crd-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/03-replicaLimit.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/03-replicaLimit.yaml deleted file mode 100644 index b37fe68e2c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/03-replicaLimit.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: replica-limit -spec: - timeouts: {} - try: - - apply: - file: replicaLimit.yaml - - assert: - file: replicaLimit.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/04-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/04-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/04-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/05-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/05-resources.yaml deleted file mode 100644 index 4635228ba6..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/05-resources.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: deployment-pass.yaml - - apply: - expect: - - check: - ($error != null): true - file: deployment-fail.yaml - finally: - - sleep: - duration: 5s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml new file mode 100755 index 0000000000..53a8e81853 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: set-paramref-namespace +spec: + steps: + - name: step-01 + try: + - apply: + file: ns.yaml + - assert: + file: ns.yaml + - name: step-02 + try: + - apply: + file: crd.yaml + - assert: + file: crd-assert.yaml + - name: step-03 + try: + - apply: + file: replicaLimit.yaml + - assert: + file: replicaLimit.yaml + - name: step-04 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - finally: + - sleep: + duration: 5s + name: step-05 + try: + - apply: + file: deployment-pass.yaml + - apply: + expect: + - check: + ($error != null): true + file: deployment-fail.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/01-ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/01-ns.yaml deleted file mode 100644 index 3dee45aec0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/01-ns.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: ns -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: ns.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/02-crd.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/02-crd.yaml deleted file mode 100644 index 36684ade76..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/02-crd.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: crd -spec: - timeouts: {} - try: - - apply: - file: crd.yaml - - assert: - file: crd-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/03-replicaLimit.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/03-replicaLimit.yaml deleted file mode 100644 index b37fe68e2c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/03-replicaLimit.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: replica-limit -spec: - timeouts: {} - try: - - apply: - file: replicaLimit.yaml - - assert: - file: replicaLimit.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/04-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/04-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/04-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/05-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/05-resources.yaml deleted file mode 100644 index 36c97fc482..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/05-resources.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: statefulset-pass.yaml - - apply: - expect: - - check: - ($error != null): true - file: statefulset-fail.yaml - finally: - - sleep: - duration: 5s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml new file mode 100755 index 0000000000..4702abdf8a --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: unset-paramref-namespace +spec: + steps: + - name: step-01 + try: + - apply: + file: ns.yaml + - assert: + file: ns.yaml + - name: step-02 + try: + - apply: + file: crd.yaml + - assert: + file: crd-assert.yaml + - name: step-03 + try: + - apply: + file: replicaLimit.yaml + - assert: + file: replicaLimit.yaml + - name: step-04 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - finally: + - sleep: + duration: 5s + name: step-05 + try: + - apply: + file: statefulset-pass.yaml + - apply: + expect: + - check: + ($error != null): true + file: statefulset-fail.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/01-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/01-resources.yaml deleted file mode 100644 index 6433c34d01..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/01-resources.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: resources.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/02-policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/02-policies.yaml deleted file mode 100644 index 6c8390bdf4..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/02-policies.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policies -spec: - timeouts: {} - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/03-debug.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/03-debug.yaml deleted file mode 100644 index 48aa8cbc47..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/03-debug.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: debug -spec: - timeouts: {} - try: - - script: - content: "if kubectl debug --image=busybox foo\nthen \n exit 1\nelse \n exit - 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/chainsaw-test.yaml new file mode 100755 index 0000000000..7d46a42648 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/chainsaw-test.yaml @@ -0,0 +1,22 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: with-pod +spec: + steps: + - name: step-01 + try: + - apply: + file: resources.yaml + - name: step-02 + try: + - apply: + file: policies.yaml + - assert: + file: policies-assert.yaml + - name: step-03 + try: + - script: + content: "if kubectl debug --image=busybox foo\nthen \n exit 1\nelse \n exit + 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/01-policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/01-policies.yaml deleted file mode 100644 index 6c8390bdf4..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/01-policies.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policies -spec: - timeouts: {} - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/02-resources.yaml deleted file mode 100644 index 6433c34d01..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/02-resources.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: resources.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/03-debug.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/03-debug.yaml deleted file mode 100644 index 48aa8cbc47..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/03-debug.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: debug -spec: - timeouts: {} - try: - - script: - content: "if kubectl debug --image=busybox foo\nthen \n exit 1\nelse \n exit - 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/chainsaw-test.yaml new file mode 100755 index 0000000000..db6a36fb63 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/chainsaw-test.yaml @@ -0,0 +1,22 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: with-subresource +spec: + steps: + - name: step-01 + try: + - apply: + file: policies.yaml + - assert: + file: policies-assert.yaml + - name: step-02 + try: + - apply: + file: resources.yaml + - name: step-03 + try: + - script: + content: "if kubectl debug --image=busybox foo\nthen \n exit 1\nelse \n exit + 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/01-policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/01-policies.yaml deleted file mode 100644 index 6c8390bdf4..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/01-policies.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policies -spec: - timeouts: {} - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/02-resources.yaml deleted file mode 100644 index 6433c34d01..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/02-resources.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: resources.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/03-debug.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/03-debug.yaml deleted file mode 100644 index 48aa8cbc47..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/03-debug.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: debug -spec: - timeouts: {} - try: - - script: - content: "if kubectl debug --image=busybox foo\nthen \n exit 1\nelse \n exit - 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/chainsaw-test.yaml new file mode 100755 index 0000000000..fed5f91565 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/chainsaw-test.yaml @@ -0,0 +1,22 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: with-wildcard +spec: + steps: + - name: step-01 + try: + - apply: + file: policies.yaml + - assert: + file: policies-assert.yaml + - name: step-02 + try: + - apply: + file: resources.yaml + - name: step-03 + try: + - script: + content: "if kubectl debug --image=busybox foo\nthen \n exit 1\nelse \n exit + 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/01-manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/01-manifests.yaml deleted file mode 100644 index a367c75615..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/01-manifests.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: test-validate ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: deny-evict-by-pod-label -spec: - validationFailureAction: Enforce - background: false - rules: - - name: deny-evict-by-label - match: - resources: - kinds: - - Pod/eviction - context: - - name: podevictlabel - apiCall: - urlPath: "/api/v1/namespaces/{{request.namespace}}/pods/{{request.name}}" - jmesPath: "metadata.labels.evict" - validate: - message: Evicting Pods protected with the label 'evict=false' is forbidden. - deny: - conditions: - all: - - key: "{{ podevictlabel }}" - operator: Equals - value: "false" ---- -apiVersion: v1 -kind: Pod -metadata: - name: nginx - labels: - app: nginx - tier: frontend - evict: "false" - namespace: test-validate -spec: - containers: - - name: nginx - image: nginx \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/02-script.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/02-script.yaml deleted file mode 100644 index 13338eac63..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/02-script.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - script: - content: sleep 5 - timeout: 10s - - script: - content: ./api-initiated-eviction.sh - timeout: 30s - finally: - - sleep: - duration: 5s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..ddccd1ac34 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-validate diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..8d4c08681d --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,26 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: deny-evict-by-pod-label +spec: + background: false + rules: + - context: + - apiCall: + jmesPath: metadata.labels.evict + urlPath: /api/v1/namespaces/{{request.namespace}}/pods/{{request.name}} + name: podevictlabel + match: + resources: + kinds: + - Pod/eviction + name: deny-evict-by-label + validate: + deny: + conditions: + all: + - key: '{{ podevictlabel }}' + operator: Equals + value: "false" + message: Evicting Pods protected with the label 'evict=false' is forbidden. + validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..bdddc0e4f5 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Pod +metadata: + labels: + app: nginx + evict: "false" + tier: frontend + name: nginx + namespace: test-validate +spec: + containers: + - image: nginx + name: nginx diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/01-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/01-assert.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-test.yaml new file mode 100755 index 0000000000..dc2fd1cb37 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-test.yaml @@ -0,0 +1,28 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: api-initiated-pod-eviction +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - finally: + - sleep: + duration: 5s + name: step-02 + try: + - script: + content: sleep 5 + timeout: 10s + - script: + content: ./api-initiated-eviction.sh + timeout: 30s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/01-manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/01-manifests.yaml deleted file mode 100644 index 247260a02a..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/01-manifests.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: test-validate ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: deny-exec-by-pod-label - annotations: - policies.kyverno.io/title: Block Pod Exec by Pod Label - policies.kyverno.io/category: Sample - policies.kyverno.io/minversion: 1.4.2 - policies.kyverno.io/subject: Pod - policies.kyverno.io/description: >- - The 'exec' command may be used to gain shell access, or run other commands, in a Pod's container. While this can - be useful for troubleshooting purposes, it could represent an attack vector and is discouraged. - This policy blocks Pod exec commands to Pods having the label 'exec=false'. -spec: - validationFailureAction: Enforce - background: false - rules: - - name: deny-exec-by-label - match: - resources: - kinds: - - Pod/exec - context: - - name: podexeclabel - apiCall: - urlPath: "/api/v1/namespaces/{{request.namespace}}/pods/{{request.name}}" - jmesPath: "metadata.labels.exec" - preconditions: - all: - - key: "{{ request.operation }}" - operator: Equals - value: CONNECT - validate: - message: Exec'ing into Pods protected with the label 'exec=false' is forbidden. - deny: - conditions: - all: - - key: "{{ podexeclabel }}" - operator: Equals - value: "false" ---- -apiVersion: v1 -kind: Pod -metadata: - name: nginx - labels: - app: nginx - tier: frontend - exec: "false" - namespace: test-validate -spec: - containers: - - name: nginx - image: nginx \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/02-script.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/02-script.yaml deleted file mode 100644 index e1e3eb6bcc..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/02-script.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - script: - content: "if kubectl -n test-validate exec nginx -it -- sh 2>&1 | grep -q \"Exec'ing - into Pods protected with the label 'exec=false' is forbidden\" \nthen \n echo - \"Tested failed. Exec Request was not blocked.\"\n exit 1 \nelse \n echo - \"Test succeeded. Exec Request was blocked.\"\n exit 0\nfi\n" - finally: - - sleep: - duration: 5s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..ddccd1ac34 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-validate diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..84df326e27 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,40 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + annotations: + policies.kyverno.io/category: Sample + policies.kyverno.io/description: The 'exec' command may be used to gain shell + access, or run other commands, in a Pod's container. While this can be useful + for troubleshooting purposes, it could represent an attack vector and is discouraged. + This policy blocks Pod exec commands to Pods having the label 'exec=false'. + policies.kyverno.io/minversion: 1.4.2 + policies.kyverno.io/subject: Pod + policies.kyverno.io/title: Block Pod Exec by Pod Label + name: deny-exec-by-pod-label +spec: + background: false + rules: + - context: + - apiCall: + jmesPath: metadata.labels.exec + urlPath: /api/v1/namespaces/{{request.namespace}}/pods/{{request.name}} + name: podexeclabel + match: + resources: + kinds: + - Pod/exec + name: deny-exec-by-label + preconditions: + all: + - key: '{{ request.operation }}' + operator: Equals + value: CONNECT + validate: + deny: + conditions: + all: + - key: '{{ podexeclabel }}' + operator: Equals + value: "false" + message: Exec'ing into Pods protected with the label 'exec=false' is forbidden. + validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..80f8c34db6 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Pod +metadata: + labels: + app: nginx + exec: "false" + tier: frontend + name: nginx + namespace: test-validate +spec: + containers: + - image: nginx + name: nginx diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/01-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/01-assert.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-test.yaml new file mode 100755 index 0000000000..08f32dd1cd --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-test.yaml @@ -0,0 +1,28 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: block-pod-exec-requests +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - finally: + - sleep: + duration: 5s + name: step-02 + try: + - script: + content: "if kubectl -n test-validate exec nginx -it -- sh 2>&1 | grep -q + \"Exec'ing into Pods protected with the label 'exec=false' is forbidden\" + \nthen \n echo \"Tested failed. Exec Request was not blocked.\"\n exit + 1 \nelse \n echo \"Test succeeded. Exec Request was blocked.\"\n exit + 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/01-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/01-assert.yaml deleted file mode 100644 index e6cfe62f12..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/01-assert.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: nginx-test-scaling-policy -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: nginx-test - name: nginx-test - namespace: test-validate -status: - replicas: 2 ---- -apiVersion: kyverno.io/v2beta1 -kind: PolicyException -metadata: - name: allow-scaling-nginx-test - namespace: test-validate -spec: - exceptions: - - policyName: nginx-test-scaling-policy - ruleNames: - - validate-nginx-test - match: - any: - - resources: - kinds: - - Deployment/scale - names: - - nginx-test diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/01-manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/01-manifests.yaml deleted file mode 100644 index f712c36815..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/01-manifests.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: test-validate ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: nginx-test-scaling-policy -spec: - background: false - failurePolicy: Fail - rules: - - match: - resources: - kinds: - - "Deployment/scale" - names: - - nginx-test - namespaces: - - test-validate - name: validate-nginx-test - validate: - message: 'nginx-test needs to have 2 replicas' - pattern: - spec: - replicas: 2 - validationFailureAction: Enforce ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: nginx-test - name: nginx-test - namespace: test-validate -spec: - replicas: 2 - selector: - matchLabels: - app: nginx-test - template: - metadata: - labels: - app: nginx-test - spec: - containers: - - image: nginx - name: nginx ---- -apiVersion: kyverno.io/v2beta1 -kind: PolicyException -metadata: - name: allow-scaling-nginx-test - namespace: test-validate -spec: - exceptions: - - policyName: nginx-test-scaling-policy - ruleNames: - - validate-nginx-test - match: - any: - - resources: - kinds: - - Deployment/scale - names: - - nginx-test \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/02-script.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/02-script.yaml deleted file mode 100644 index 0b85ec9ebf..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/02-script.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - script: - content: "if kubectl scale deployment nginx-test --replicas=1 -n test-validate - 2>&1 | grep -q 'validation error: nginx-test needs to have 2 replicas' \nthen - \n echo \"Test failed. Resource was blocked from scaling.\"\n exit 1\nelse - \n echo \"Tested succeeded. Resource was allowed to scale.\"\n exit 0 \nfi\n" - finally: - - sleep: - duration: 5s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..ddccd1ac34 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-validate diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..dbc2c6a063 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,23 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: nginx-test-scaling-policy +spec: + background: false + failurePolicy: Fail + rules: + - match: + resources: + kinds: + - Deployment/scale + names: + - nginx-test + namespaces: + - test-validate + name: validate-nginx-test + validate: + message: nginx-test needs to have 2 replicas + pattern: + spec: + replicas: 2 + validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..c092e98eb6 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: nginx-test + name: nginx-test + namespace: test-validate +spec: + replicas: 2 + selector: + matchLabels: + app: nginx-test + template: + metadata: + labels: + app: nginx-test + spec: + containers: + - image: nginx + name: nginx diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-4.yaml new file mode 100755 index 0000000000..f936108985 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-4.yaml @@ -0,0 +1,17 @@ +apiVersion: kyverno.io/v2beta1 +kind: PolicyException +metadata: + name: allow-scaling-nginx-test + namespace: test-validate +spec: + exceptions: + - policyName: nginx-test-scaling-policy + ruleNames: + - validate-nginx-test + match: + any: + - resources: + kinds: + - Deployment/scale + names: + - nginx-test diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/01-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 53% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/01-assert.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml index 28ed7ef9d1..31d63d44d0 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/01-assert.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml @@ -7,13 +7,3 @@ status: - reason: Succeeded status: "True" type: Ready ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: nginx-test - name: nginx-test - namespace: test-validate -status: - replicas: 2 diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..5d32750add --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,9 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: nginx-test + name: nginx-test + namespace: test-validate +status: + replicas: 2 diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-assert-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-assert-1-3.yaml new file mode 100755 index 0000000000..f936108985 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-assert-1-3.yaml @@ -0,0 +1,17 @@ +apiVersion: kyverno.io/v2beta1 +kind: PolicyException +metadata: + name: allow-scaling-nginx-test + namespace: test-validate +spec: + exceptions: + - policyName: nginx-test-scaling-policy + ruleNames: + - validate-nginx-test + match: + any: + - resources: + kinds: + - Deployment/scale + names: + - nginx-test diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-test.yaml new file mode 100755 index 0000000000..66b1f2a5af --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-test.yaml @@ -0,0 +1,34 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: bypass-with-policy-exception +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - apply: + file: chainsaw-step-01-apply-1-4.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-3.yaml + - finally: + - sleep: + duration: 5s + name: step-02 + try: + - script: + content: "if kubectl scale deployment nginx-test --replicas=1 -n test-validate + 2>&1 | grep -q 'validation error: nginx-test needs to have 2 replicas' \nthen + \n echo \"Test failed. Resource was blocked from scaling.\"\n exit 1\nelse + \n echo \"Tested succeeded. Resource was allowed to scale.\"\n exit 0 + \nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/02-csr-create.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/02-csr-create.yaml deleted file mode 100644 index 09ddfd4319..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/02-csr-create.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: csr-create -spec: - timeouts: {} - try: - - apply: - file: csr.yaml - - assert: - file: csr-mutated.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/chainsaw-test.yaml new file mode 100755 index 0000000000..5bbb7aa517 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/chainsaw-test.yaml @@ -0,0 +1,19 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: csr +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: csr.yaml + - assert: + file: csr-mutated.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/02-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/02-pod.yaml deleted file mode 100644 index 92c281d484..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/02-pod.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: pod.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/chainsaw-test.yaml new file mode 100755 index 0000000000..42b6c480b8 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/chainsaw-test.yaml @@ -0,0 +1,20 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: failure-policy-ignore-anchor +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: pod.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/02-ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/02-ns.yaml deleted file mode 100644 index 3dee45aec0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/02-ns.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: ns -spec: - timeouts: {} - try: - - apply: - file: ns.yaml - - assert: - file: ns.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/03-pod-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/03-pod-fail.yaml deleted file mode 100644 index d12d434cf9..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/03-pod-fail.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod-fail -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: pod-fail.yaml - - apply: - file: pod-pass.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/chainsaw-test.yaml new file mode 100755 index 0000000000..1392e77bcf --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/chainsaw-test.yaml @@ -0,0 +1,28 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: ns-selector-with-wildcard-kind +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: ns.yaml + - name: step-03 + try: + - apply: + expect: + - check: + ($error != null): true + file: pod-fail.yaml + - apply: + file: pod-pass.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/01-manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/01-manifests.yaml deleted file mode 100644 index 255e4f3130..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/01-manifests.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-labels -spec: - background: false - rules: - - name: check-for-labels - match: - any: - - resources: - kinds: - - Deployment - preconditions: - any: - - key: "{{ request.object.metadata.namespace }}" - operator: AllNotIn - value: - - kyverno - - def* - validate: - message: "label 'app.kubernetes.io/name' is required" - pattern: - metadata: - labels: - app.kubernetes.io/name: "?*" - validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/02-script.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/02-script.yaml deleted file mode 100644 index 7b77870e6a..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/02-script.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - script: - content: | - if kubectl apply -f resource.yaml 2>&1 | grep -q "label ''app.kubernetes.io/name'' is required" - then - echo "Test succeeded. Resource was blocked from label." - exit 0 - else - echo "Tested failed. Resource was allowed to create." - exit 1 - fi diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/04-delete.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/04-delete.yaml deleted file mode 100644 index ec24b5be28..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/04-delete.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - sleep: - duration: 5s - - delete: - ref: - apiVersion: apps/v1 - kind: Deployment - name: nginx - namespace: default diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..b1a6ded157 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,27 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: require-labels +spec: + background: false + rules: + - match: + any: + - resources: + kinds: + - Deployment + name: check-for-labels + preconditions: + any: + - key: '{{ request.object.metadata.namespace }}' + operator: AllNotIn + value: + - kyverno + - def* + validate: + message: label 'app.kubernetes.io/name' is required + pattern: + metadata: + labels: + app.kubernetes.io/name: ?* + validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/01-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/01-assert.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/03-deployment.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 85% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/03-deployment.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-03-apply-1-1.yaml index cf53ab73b8..9c54b05a52 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/03-deployment.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-03-apply-1-1.yaml @@ -16,5 +16,5 @@ spec: app: nginx spec: containers: - - image: nginx - name: nginx + - image: nginx + name: nginx diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-test.yaml new file mode 100755 index 0000000000..4b981f4c79 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: operator-allnotin-01 +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - script: + content: | + if kubectl apply -f resource.yaml 2>&1 | grep -q "label ''app.kubernetes.io/name'' is required" + then + echo "Test succeeded. Resource was blocked from label." + exit 0 + else + echo "Tested failed. Resource was allowed to create." + exit 1 + fi + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml + - name: step-04 + try: + - sleep: + duration: 5s + - delete: + ref: + apiVersion: apps/v1 + kind: Deployment + name: nginx + namespace: default diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/01-policy.yaml deleted file mode 100644 index 6bf3852832..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/01-policy.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: kyverno.io/v2beta1 -kind: ClusterPolicy -metadata: - name: operator-anyin-boolean-cpol - # annotations: - # pod-policies.kyverno.io/autogen-controllers: none -spec: - validationFailureAction: Enforce - background: false - rules: - - name: check-commands - match: - any: - - resources: - kinds: - - Pod - preconditions: - all: - - key: "{{ length(request.object.spec.containers[].livenessProbe.exec.command[] || `[]`) }}" - operator: GreaterThan - value: 0 - - key: "{{ request.operation }}" - operator: NotEquals - value: DELETE - validate: - message: Cannot use commands `jcmd`, `ps`, or `ls` in liveness probes. - deny: - conditions: - any: - - key: true - operator: AnyIn - value: "{{ request.object.spec.containers[].livenessProbe.exec.command[].regex_match('\\bjcmd\\b',@) }}" \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/03-pod-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/03-pod-fail.yaml deleted file mode 100644 index 7f79babf58..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/03-pod-fail.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: pod-fail -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: pod.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..7ab935daf4 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,32 @@ +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: operator-anyin-boolean-cpol +spec: + background: false + rules: + - match: + any: + - resources: + kinds: + - Pod + name: check-commands + preconditions: + all: + - key: '{{ length(request.object.spec.containers[].livenessProbe.exec.command[] + || `[]`) }}' + operator: GreaterThan + value: 0 + - key: '{{ request.operation }}' + operator: NotEquals + value: DELETE + validate: + deny: + conditions: + any: + - key: true + operator: AnyIn + value: '{{ request.object.spec.containers[].livenessProbe.exec.command[].regex_match(''\bjcmd\b'',@) + }}' + message: Cannot use commands `jcmd`, `ps`, or `ls` in liveness probes. + validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/02-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-step-02-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/02-assert.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-step-02-assert-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-test.yaml new file mode 100755 index 0000000000..73bcb0a434 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-test.yaml @@ -0,0 +1,22 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: operator-anyin-boolean +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - name: step-02 + try: + - assert: + file: chainsaw-step-02-assert-1-1.yaml + - name: step-03 + try: + - apply: + expect: + - check: + ($error != null): true + file: pod.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/02-resource.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/02-resource.yaml deleted file mode 100644 index c90b1ac26d..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/02-resource.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: resource.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/01-manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-01-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 80% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/01-manifests.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-01-apply-1-1.yaml index 86c1bf0e2f..963db7addd --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/01-manifests.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-01-apply-1-1.yaml @@ -3,18 +3,18 @@ kind: ClusterPolicy metadata: name: require-owner spec: - validationFailureAction: Enforce background: false rules: - - name: check-owner - match: + - match: any: - resources: kinds: - - Namespace + - Namespace + name: check-owner validate: message: The `owner` label is required for all Namespaces. pattern: metadata: labels: - owner: "?*" \ No newline at end of file + owner: ?* + validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/01-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/01-assert.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/03-errors.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-03-error-1-1.yaml old mode 100644 new mode 100755 similarity index 69% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/03-errors.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-03-error-1-1.yaml index 0950676715..5ddd30bbf9 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/03-errors.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-03-error-1-1.yaml @@ -1,8 +1,8 @@ apiVersion: v1 kind: Namespace metadata: - name: mytestingns + annotations: + cloud.platformzero.com/serviceClass: xl2 labels: app-type: corp - annotations: - cloud.platformzero.com/serviceClass: "xl2" \ No newline at end of file + name: mytestingns diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-test.yaml new file mode 100755 index 0000000000..9f8364f2bf --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-test.yaml @@ -0,0 +1,24 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: resource-apply-block +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: resource.yaml + - name: step-03 + try: + - error: + file: chainsaw-step-03-error-1-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/01-manifests.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/01-manifests.yaml deleted file mode 100644 index 89a7eb6d8b..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/01-manifests.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: test-validate ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: nginx-test-scaling-policy -spec: - background: false - failurePolicy: Fail - rules: - - match: - resources: - kinds: - - "Deployment/scale" - names: - - nginx-test - namespaces: - - test-validate - name: validate-nginx-test - validate: - message: 'nginx-test needs to have 2 replicas' - pattern: - spec: - replicas: 2 - validationFailureAction: Enforce ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: nginx-test - name: nginx-test - namespace: test-validate -spec: - replicas: 2 - selector: - matchLabels: - app: nginx-test - template: - metadata: - labels: - app: nginx-test - spec: - containers: - - image: nginx - name: nginx \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/02-script.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/02-script.yaml deleted file mode 100644 index ed82ed5688..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/02-script.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - script: - content: "if kubectl scale deployment nginx-test --replicas=1 -n test-validate - 2>&1 | grep -q 'validation error: nginx-test needs to have 2 replicas' \nthen - \n echo \"Test succeeded. Resource was blocked from scaling.\"\n exit 0\nelse - \n echo \"Tested failed. Resource was allowed to scale.\"\n exit 1 \nfi\n" - finally: - - sleep: - duration: 5s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..ddccd1ac34 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-validate diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..dbc2c6a063 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,23 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: nginx-test-scaling-policy +spec: + background: false + failurePolicy: Fail + rules: + - match: + resources: + kinds: + - Deployment/scale + names: + - nginx-test + namespaces: + - test-validate + name: validate-nginx-test + validate: + message: nginx-test needs to have 2 replicas + pattern: + spec: + replicas: 2 + validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..c092e98eb6 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: nginx-test + name: nginx-test + namespace: test-validate +spec: + replicas: 2 + selector: + matchLabels: + app: nginx-test + template: + metadata: + labels: + app: nginx-test + spec: + containers: + - image: nginx + name: nginx diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..31d63d44d0 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: nginx-test-scaling-policy +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..5d32750add --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,9 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: nginx-test + name: nginx-test + namespace: test-validate +status: + replicas: 2 diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-test.yaml new file mode 100755 index 0000000000..4afd24a68d --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-test.yaml @@ -0,0 +1,30 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: scaling-with-kubectl-scale +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - finally: + - sleep: + duration: 5s + name: step-02 + try: + - script: + content: "if kubectl scale deployment nginx-test --replicas=1 -n test-validate + 2>&1 | grep -q 'validation error: nginx-test needs to have 2 replicas' \nthen + \n echo \"Test succeeded. Resource was blocked from scaling.\"\n exit + 0\nelse \n echo \"Tested failed. Resource was allowed to scale.\"\n exit + 1 \nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/01-policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/01-policies.yaml deleted file mode 100644 index 6c8390bdf4..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/01-policies.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policies -spec: - timeouts: {} - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/02-resources.yaml deleted file mode 100644 index 6433c34d01..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/02-resources.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: resources.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/chainsaw-test.yaml new file mode 100755 index 0000000000..320cfb951a --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/chainsaw-test.yaml @@ -0,0 +1,17 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: exclude-namespace +spec: + steps: + - name: step-01 + try: + - apply: + file: policies.yaml + - assert: + file: policies-assert.yaml + - name: step-02 + try: + - apply: + file: resources.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/00-crd.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/00-crd.yaml deleted file mode 100644 index b5096b7a9f..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/00-crd.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: crd -spec: - timeouts: {} - try: - - apply: - file: crd.yaml - - assert: - file: crd-ready.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/01-crd-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/01-crd-1.yaml deleted file mode 100644 index 9153fd8bc8..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/01-crd-1.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: crd-1 -spec: - timeouts: {} - try: - - apply: - file: crd-1.yaml - - assert: - file: crd-ready-1.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/02-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/02-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/03-task.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/03-task.yaml deleted file mode 100644 index 6e15eef2ee..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/03-task.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: task -spec: - timeouts: {} - try: - - apply: - file: task.yaml - - assert: - file: task.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/chainsaw-test.yaml new file mode 100755 index 0000000000..13ed1c22db --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/chainsaw-test.yaml @@ -0,0 +1,31 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: gvk +spec: + steps: + - name: step-00 + try: + - apply: + file: crd.yaml + - assert: + file: crd-ready.yaml + - name: step-01 + try: + - apply: + file: crd-1.yaml + - assert: + file: crd-ready-1.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - apply: + file: task.yaml + - assert: + file: task.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/02-resources.yaml deleted file mode 100644 index e486d0a231..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/02-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: pod-create.yaml - - apply: - expect: - - check: - ($error != null): true - file: pod-update.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/chainsaw-test.yaml new file mode 100755 index 0000000000..c8ecfcb5b2 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/chainsaw-test.yaml @@ -0,0 +1,22 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: only-update +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod-create.yaml + - apply: + expect: + - check: + ($error != null): true + file: pod-update.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/02-resources.yaml deleted file mode 100644 index 0009b6e949..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/02-resources.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: bad-pod-1.yaml - - apply: - expect: - - check: - ($error != null): true - file: bad-pod-2.yaml - - apply: - file: good-pod.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/chainsaw-test.yaml new file mode 100755 index 0000000000..c09fa7cc32 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/chainsaw-test.yaml @@ -0,0 +1,27 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: seccomp-latest-check-no-exclusion +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: bad-pod-1.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-pod-2.yaml + - apply: + file: good-pod.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/02-resources.yaml deleted file mode 100644 index a5e5a7f166..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/02-resources.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: manifests.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/03-delete.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/03-delete.yaml deleted file mode 100644 index 62c909f9ca..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/03-delete.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: delete -spec: - timeouts: {} - try: - - delete: - ref: - apiVersion: apps/v1 - kind: DaemonSet - name: test-deletion-request-datadog-operator - namespace: cpol-validate-psa-test-deletion-request diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/chainsaw-test.yaml new file mode 100755 index 0000000000..aec8a1d460 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: test-deletion-request +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: manifests.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: apps/v1 + kind: DaemonSet + name: test-deletion-request-datadog-operator + namespace: cpol-validate-psa-test-deletion-request diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/01-policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/01-policies.yaml deleted file mode 100644 index 6c8390bdf4..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/01-policies.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policies -spec: - timeouts: {} - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/02-resources.yaml deleted file mode 100644 index 6433c34d01..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/02-resources.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - file: resources.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/03-scale.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/03-scale.yaml deleted file mode 100644 index 69fc627930..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/03-scale.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: scale -spec: - timeouts: {} - try: - - script: - content: "if kubectl scale deployment nginx-deployment --replicas 2\nthen \n - \ exit 0\nelse \n exit 1\nfi\n" - - script: - content: "if kubectl scale sts nginx-sts --replicas 2\nthen \n exit 1\nelse - \n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/chainsaw-test.yaml new file mode 100755 index 0000000000..e33542ef91 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: subresource +spec: + steps: + - name: step-01 + try: + - apply: + file: policies.yaml + - assert: + file: policies-assert.yaml + - name: step-02 + try: + - apply: + file: resources.yaml + - name: step-03 + try: + - script: + content: "if kubectl scale deployment nginx-deployment --replicas 2\nthen + \n exit 0\nelse \n exit 1\nfi\n" + - script: + content: "if kubectl scale sts nginx-sts --replicas 2\nthen \n exit 1\nelse + \n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/01-policy.yaml deleted file mode 100644 index 744135ecd0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/01-policy.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - name: policy -spec: - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/02-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/02-test.yaml deleted file mode 100644 index 2891ac6f35..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/02-test.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: test -spec: - try: - - apply: - file: pod-good.yaml - - apply: - expect: - - check: - ($error != null): true - file: pod-bad.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/03-cleanup.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/03-cleanup.yaml deleted file mode 100644 index ff5489f5a6..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/03-cleanup.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - name: cleanup -spec: - try: - - delete: - ref: - apiVersion: v1 - kind: Pod - name: test - timeout: 1m - - apply: - file: policy-2.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/04-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/04-test.yaml deleted file mode 100644 index 37d36dead9..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/04-test.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: test -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: pod-good.yaml - - apply: - file: pod-bad.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/chainsaw-test.yaml new file mode 100755 index 0000000000..b88c2d9055 --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/chainsaw-test.yaml @@ -0,0 +1,41 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: conditions +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + file: pod-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: pod-bad.yaml + - name: step-03 + try: + - delete: + ref: + apiVersion: v1 + kind: Pod + name: test + timeout: 1m0s + - apply: + file: policy-2.yaml + - name: step-04 + try: + - apply: + expect: + - check: + ($error != null): true + file: pod-good.yaml + - apply: + file: pod-bad.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage/01-policy.yaml deleted file mode 100644 index 03dc7ef071..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage/01-policy.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage/chainsaw-test.yaml new file mode 100755 index 0000000000..5e80b4845e --- /dev/null +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage/chainsaw-test.yaml @@ -0,0 +1,14 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: block-verifyimage +spec: + steps: + - name: step-01 + try: + - apply: + expect: + - check: + ($error != null): true + file: policy.yaml diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/01-manifests.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/01-manifests.yaml deleted file mode 100644 index cdb245e260..0000000000 --- a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/01-manifests.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: test-validate-e2e-adding-key-to-config-map ---- -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: configmap-policy - namespace: test-validate-e2e-adding-key-to-config-map -spec: - background: false - failurePolicy: Fail - validationFailureAction: Enforce - rules: - - match: - all: - - resources: - kinds: - - ConfigMap - name: key-abc - preconditions: - all: - - key: "admin" - operator: Equals - value: "{{ request.object.data.lock || '' }}" - validate: - anyPattern: - - data: - key: "abc" - message: Configmap key must be "abc" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: test-configmap - namespace: test-validate-e2e-adding-key-to-config-map -data: - key: xyz diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/02-script.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/02-script.yaml deleted file mode 100644 index 2b3d6a1d1c..0000000000 --- a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/02-script.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: script -spec: - timeouts: {} - try: - - script: - content: "if kubectl patch ConfigMap test-configmap -n test-validate-e2e-adding-key-to-config-map - --type='json' -p=\"[{\\\"op\\\": \\\"add\\\", \\\"path\\\": \\\"/data/lock\\\", - \\\"value\\\":\"\"admin\"\"}]\" 2>&1 | grep -q 'validation error: Configmap - key must be \"abc\"' \nthen \n echo \"Test succeeded. Resource was blocked - from adding key.\"\n exit 0\nelse \n echo \"Tested failed. Resource was - not blocked from adding key.\"\n exit 1 \nfi\n" diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..e9b9475008 --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-validate-e2e-adding-key-to-config-map diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..7b96ec0b9a --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,26 @@ +apiVersion: kyverno.io/v1 +kind: Policy +metadata: + name: configmap-policy + namespace: test-validate-e2e-adding-key-to-config-map +spec: + background: false + failurePolicy: Fail + rules: + - match: + all: + - resources: + kinds: + - ConfigMap + name: key-abc + preconditions: + all: + - key: admin + operator: Equals + value: '{{ request.object.data.lock || '''' }}' + validate: + anyPattern: + - data: + key: abc + message: Configmap key must be "abc" + validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-apply-1-3.yaml new file mode 100755 index 0000000000..a5050bc357 --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-apply-1-3.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + key: xyz +kind: ConfigMap +metadata: + name: test-configmap + namespace: test-validate-e2e-adding-key-to-config-map diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/01-assert.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-assert-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/01-assert.yaml rename to test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-assert-1-1.yaml diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-test.yaml new file mode 100755 index 0000000000..a105d286a8 --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-test.yaml @@ -0,0 +1,26 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: adding-key-to-config-map +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - apply: + file: chainsaw-step-01-apply-1-3.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - name: step-02 + try: + - script: + content: "if kubectl patch ConfigMap test-configmap -n test-validate-e2e-adding-key-to-config-map + --type='json' -p=\"[{\\\"op\\\": \\\"add\\\", \\\"path\\\": \\\"/data/lock\\\", + \\\"value\\\":\"\"admin\"\"}]\" 2>&1 | grep -q 'validation error: Configmap + key must be \"abc\"' \nthen \n echo \"Test succeeded. Resource was blocked + from adding key.\"\n exit 0\nelse \n echo \"Tested failed. Resource was + not blocked from adding key.\"\n exit 1 \nfi\n" diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor/01-policy.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/validate/e2e/global-anchor/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor/03-create-bad.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor/03-create-bad.yaml deleted file mode 100644 index b11bee67df..0000000000 --- a/test/conformance/chainsaw/validate/e2e/global-anchor/03-create-bad.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-bad -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: bad.yaml diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor/02-create-good.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 66% rename from test/conformance/chainsaw/validate/e2e/global-anchor/02-create-good.yaml rename to test/conformance/chainsaw/validate/e2e/global-anchor/chainsaw-step-02-apply-1-1.yaml index 554be22b75..0eeac8625a --- a/test/conformance/chainsaw/validate/e2e/global-anchor/02-create-good.yaml +++ b/test/conformance/chainsaw/validate/e2e/global-anchor/chainsaw-step-02-apply-1-1.yaml @@ -5,7 +5,7 @@ metadata: namespace: default spec: containers: - - name: nginx - image: someimagename + - image: someimagename + name: nginx imagePullSecrets: - - name: my-registry-secret \ No newline at end of file + - name: my-registry-secret diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor/chainsaw-test.yaml new file mode 100755 index 0000000000..184c80a98d --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/global-anchor/chainsaw-test.yaml @@ -0,0 +1,24 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: global-anchor +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - apply: + expect: + - check: + ($error != null): true + file: bad.yaml diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/00-create-crd.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/00-create-crd.yaml deleted file mode 100644 index dd9379c6f0..0000000000 --- a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/00-create-crd.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-crd -spec: - timeouts: {} - try: - - apply: - file: postgresqls.yaml - - assert: - file: postgresqls-ready.yaml diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/01-assert.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/01-assert.yaml deleted file mode 100644 index d292590a53..0000000000 --- a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/01-assert.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: v1 -kind: Namespace -metadata: - name: test-validate diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/01-manifests.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/01-manifests.yaml deleted file mode 100644 index 73ffb45778..0000000000 --- a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/01-manifests.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: test-validate ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test -spec: - validationFailureAction: Enforce - rules: - - name: test-rule - match: - any: - - resources: - kinds: - - "acid.zalan.do/v1/postgresql" - validate: - message: "The label app=foo is required" - pattern: - metadata: - labels: - app: foo diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/02-resource.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/02-resource.yaml deleted file mode 100644 index c90b1ac26d..0000000000 --- a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/02-resource.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resource -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: resource.yaml diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-apply-1-1.yaml new file mode 100755 index 0000000000..ddccd1ac34 --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-apply-1-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-validate diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-apply-1-2.yaml new file mode 100755 index 0000000000..feafcffd9a --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-apply-1-2.yaml @@ -0,0 +1,19 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: test +spec: + rules: + - match: + any: + - resources: + kinds: + - acid.zalan.do/v1/postgresql + name: test-rule + validate: + message: The label app=foo is required + pattern: + metadata: + labels: + app: foo + validationFailureAction: Enforce diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-assert-1-1.yaml new file mode 100755 index 0000000000..5ede705d48 --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-assert-1-1.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: test +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-assert-1-2.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-assert-1-2.yaml new file mode 100755 index 0000000000..ddccd1ac34 --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-assert-1-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: test-validate diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-test.yaml new file mode 100755 index 0000000000..40bbf38655 --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-test.yaml @@ -0,0 +1,30 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: lowercase-kind-crd +spec: + steps: + - name: step-00 + try: + - apply: + file: postgresqls.yaml + - assert: + file: postgresqls-ready.yaml + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1-1.yaml + - apply: + file: chainsaw-step-01-apply-1-2.yaml + - assert: + file: chainsaw-step-01-assert-1-1.yaml + - assert: + file: chainsaw-step-01-assert-1-2.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: resource.yaml diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images/01-policy.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/validate/e2e/trusted-images/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images/02-create-good.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images/02-create-good.yaml deleted file mode 100644 index 27dd9ba084..0000000000 --- a/test/conformance/chainsaw/validate/e2e/trusted-images/02-create-good.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: root-pod-from-trusted-registry - # namespace: default -spec: - containers: - - name: kyverno - image: ghcr.io/kyverno/test-verify-image:unsigned diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images/03-create-bad.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images/03-create-bad.yaml deleted file mode 100644 index b11bee67df..0000000000 --- a/test/conformance/chainsaw/validate/e2e/trusted-images/03-create-bad.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: create-bad -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: bad.yaml diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images/chainsaw-step-02-apply-1-1.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images/chainsaw-step-02-apply-1-1.yaml new file mode 100755 index 0000000000..f39c4f72f0 --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/trusted-images/chainsaw-step-02-apply-1-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Pod +metadata: + name: root-pod-from-trusted-registry +spec: + containers: + - image: ghcr.io/kyverno/test-verify-image:unsigned + name: kyverno diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images/chainsaw-test.yaml new file mode 100755 index 0000000000..068dd1ced9 --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/trusted-images/chainsaw-test.yaml @@ -0,0 +1,24 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: trusted-images +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - apply: + expect: + - check: + ($error != null): true + file: bad.yaml diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode/01-policy.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/validate/e2e/x509-decode/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode/02-bad-configmap.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode/02-bad-configmap.yaml deleted file mode 100644 index 4ffd44c2f0..0000000000 --- a/test/conformance/chainsaw/validate/e2e/x509-decode/02-bad-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: bad-configmap -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: bad.yaml diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode/03-good-configmap.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode/chainsaw-step-03-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/validate/e2e/x509-decode/03-good-configmap.yaml rename to test/conformance/chainsaw/validate/e2e/x509-decode/chainsaw-step-03-apply-1-1.yaml index 77e94b8d53..f7d22d7103 --- a/test/conformance/chainsaw/validate/e2e/x509-decode/03-good-configmap.yaml +++ b/test/conformance/chainsaw/validate/e2e/x509-decode/chainsaw-step-03-apply-1-1.yaml @@ -1,7 +1,4 @@ apiVersion: v1 -kind: ConfigMap -metadata: - name: test-good-configmap data: cert: | -----BEGIN CERTIFICATE----- @@ -25,3 +22,6 @@ data: UFOZZVoELaasWS559wy8og39Eq21dDMynb8Bndn/ -----END CERTIFICATE----- certB64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTakNDQWpLZ0F3SUJBZ0lVV3htajQwbCtURFZKcTk4WHk3YzZMZW8zbnA4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1BURUxNQWtHQTFVRUJoTUNlSGd4Q2pBSUJnTlZCQWdUQVhneENqQUlCZ05WQkFjVEFYZ3hDakFJQmdOVgpCQW9UQVhneENqQUlCZ05WQkFzVEFYZ3dIaGNOTVRnd01qQXlNVEl6T0RBd1doY05Nak13TWpBeE1USXpPREF3CldqQTlNUXN3Q1FZRFZRUUdFd0o0ZURFS01BZ0dBMVVFQ0JNQmVERUtNQWdHQTFVRUJ4TUJlREVLTUFnR0ExVUUKQ2hNQmVERUtNQWdHQTFVRUN4TUJlRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQgpBTkhrcU9tVmYyM0tNWGRhWlUyZUZVeDFoNHdiMDlKSU5CQjh4L0hMN1VFMEtGSmNuT29Wbk5RQjBnUnVrVW9wCmlZQ3pyek1GeUdXV21CL3BBRUtvb2wrWmlJMnVNeTZtY1lCRHRPaTRwT203VTBUUVFNVjZMLzVZZmk2NXhSejMKUlRNZC90WUFvRmk0YUNaYkpBR2p4VTZVV05ZRHpUeThFL2NQNlpubE5iVkhSaUE2L3dIc29XY1h0V1RYWVA1eQpuOWNmN0VXUWkxaE9CTTRCV21PSXlCMWY2TEVnUWlwWldNT01QUEhPM2hzdVNCbjByazdqb3ZTdDVYVGxiZ1JyCnR4cUFKaU5qSlV5a1d6SUYrbExuWkNpb2lwcEd2NXZrZEd2RTgzSm9BQ1h2WlRVd3pBK01MdTQ5Zmt3M2J3ZXEKa2JocmVyOGthY2pmR2x3M2FKTjM3ZUVDQXdFQUFhTkNNRUF3RGdZRFZSMFBBUUgvQkFRREFnRUdNQThHQTFVZApFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRktYY2I1MmJ2Nm9xbkQrRDlmVE5GSFpMOElXeE1BMEdDU3FHClNJYjNEUUVCQ3dVQUE0SUJBUUFEdkt2djN5bTBYQVl3S3hQTExsM0xjNnNKWUhEYlROMGRvbmR1RzdQWGViMWQKaHV1a0oybGZ1ZlVZcDJJR1NBeHVMZWNUWWVlQnlPVnAxZ2FNYjVMc0lHdDJCVkRtbE1Na2lIMjlMVUhzdmJ5aQo4NUNwSm83QTVSSkc2QVdXMlZCQ2lEano1djhKRk02cE1rQlJGZlhIK3B3SWdlNjVDRStNVFNRY2ZiMS9hSUlvClEyMjZQN0UvM3VVR1g0azRwRFhHL083R052eWtGNDB2MURCNXk3RERCVFE0SldpSmZ5R2tUNjlUbWRPR0xGQW0Kand4VWpXeXZFZXk0cUpleC9FR0VtNVJRY012OWl5N3RiYTF3SzdzeWtOR241dURFTEdQR0lJRUFhNXJJSG0xRgpVRk9aWlZvRUxhYXNXUzU1OXd5OG9nMzlFcTIxZERNeW5iOEJuZG4vCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K +kind: ConfigMap +metadata: + name: test-good-configmap diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode/chainsaw-test.yaml new file mode 100755 index 0000000000..671c968e8f --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/x509-decode/chainsaw-test.yaml @@ -0,0 +1,24 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: x509-decode +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: bad.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1-1.yaml diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing/01-policy.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing/01-policy.yaml deleted file mode 100644 index e521d0d761..0000000000 --- a/test/conformance/chainsaw/validate/e2e/yaml-signing/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing/03-bad-deployment.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing/03-bad-deployment.yaml deleted file mode 100644 index 2b52be6762..0000000000 --- a/test/conformance/chainsaw/validate/e2e/yaml-signing/03-bad-deployment.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: bad-deployment -spec: - timeouts: {} - try: - - script: - content: "if kubectl apply -f bad.yaml\nthen \n echo \"Tested failed. Deployment - was created when it shouldn't have been.\"\n exit 1 \nelse \n echo \"Test - succeeded. Deployment was not created as intended.\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing/02-good-deployment.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing/chainsaw-step-02-apply-1-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from test/conformance/chainsaw/validate/e2e/yaml-signing/02-good-deployment.yaml rename to test/conformance/chainsaw/validate/e2e/yaml-signing/chainsaw-step-02-apply-1-1.yaml diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing/chainsaw-test.yaml new file mode 100755 index 0000000000..b0f5898802 --- /dev/null +++ b/test/conformance/chainsaw/validate/e2e/yaml-signing/chainsaw-test.yaml @@ -0,0 +1,23 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: yaml-signing +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1-1.yaml + - name: step-03 + try: + - script: + content: "if kubectl apply -f bad.yaml\nthen \n echo \"Tested failed. Deployment + was created when it shouldn't have been.\"\n exit 1 \nelse \n echo \"Test + succeeded. Deployment was not created as intended.\"\n exit 0\nfi\n" diff --git a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/01-deployment.yaml b/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/01-deployment.yaml deleted file mode 100644 index 6a8d69aef3..0000000000 --- a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/01-deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: deployment -spec: - timeouts: {} - try: - - apply: - file: deployment.yaml - - assert: - file: deployment-assert.yaml - finally: - - sleep: - duration: 5s diff --git a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/02-policy.yaml b/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/02-policy.yaml deleted file mode 100644 index 909c002ac4..0000000000 --- a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy.yaml diff --git a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/03-report.yaml b/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/03-report.yaml deleted file mode 100644 index 7cc1316356..0000000000 --- a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/03-report.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: report -spec: - timeouts: {} - try: - - assert: - file: report-assert.yaml diff --git a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/chainsaw-test.yaml b/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/chainsaw-test.yaml new file mode 100755 index 0000000000..9fefef8bfe --- /dev/null +++ b/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-fail/chainsaw-test.yaml @@ -0,0 +1,26 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: validating-admission-policy-fail +spec: + steps: + - finally: + - sleep: + duration: 5s + name: step-01 + try: + - apply: + file: deployment.yaml + - assert: + file: deployment-assert.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy.yaml + - name: step-03 + try: + - assert: + file: report-assert.yaml diff --git a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/01-deployment.yaml b/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/01-deployment.yaml deleted file mode 100644 index 6a8d69aef3..0000000000 --- a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/01-deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: deployment -spec: - timeouts: {} - try: - - apply: - file: deployment.yaml - - assert: - file: deployment-assert.yaml - finally: - - sleep: - duration: 5s diff --git a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/02-policy.yaml b/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/02-policy.yaml deleted file mode 100644 index 909c002ac4..0000000000 --- a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy.yaml diff --git a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/03-report.yaml b/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/03-report.yaml deleted file mode 100644 index 7cc1316356..0000000000 --- a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/03-report.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: report -spec: - timeouts: {} - try: - - assert: - file: report-assert.yaml diff --git a/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/chainsaw-test.yaml b/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/chainsaw-test.yaml new file mode 100755 index 0000000000..d4ed90769d --- /dev/null +++ b/test/conformance/chainsaw/validating-admission-policy-reports/background/validating-admission-policy-pass/chainsaw-test.yaml @@ -0,0 +1,26 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: validating-admission-policy-pass +spec: + steps: + - finally: + - sleep: + duration: 5s + name: step-01 + try: + - apply: + file: deployment.yaml + - assert: + file: deployment-assert.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy.yaml + - name: step-03 + try: + - assert: + file: report-assert.yaml diff --git a/test/conformance/chainsaw/validating-admission-policy-reports/events/01-deployment.yaml b/test/conformance/chainsaw/validating-admission-policy-reports/events/01-deployment.yaml deleted file mode 100644 index 6a8d69aef3..0000000000 --- a/test/conformance/chainsaw/validating-admission-policy-reports/events/01-deployment.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: deployment -spec: - timeouts: {} - try: - - apply: - file: deployment.yaml - - assert: - file: deployment-assert.yaml - finally: - - sleep: - duration: 5s diff --git a/test/conformance/chainsaw/validating-admission-policy-reports/events/02-policy.yaml b/test/conformance/chainsaw/validating-admission-policy-reports/events/02-policy.yaml deleted file mode 100644 index 909c002ac4..0000000000 --- a/test/conformance/chainsaw/validating-admission-policy-reports/events/02-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy.yaml diff --git a/test/conformance/chainsaw/validating-admission-policy-reports/events/04-event.yaml b/test/conformance/chainsaw/validating-admission-policy-reports/events/04-event.yaml deleted file mode 100644 index fa5aa2c741..0000000000 --- a/test/conformance/chainsaw/validating-admission-policy-reports/events/04-event.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: event -spec: - timeouts: {} - try: - - assert: - file: policy-event.yaml diff --git a/test/conformance/chainsaw/validating-admission-policy-reports/events/chainsaw-test.yaml b/test/conformance/chainsaw/validating-admission-policy-reports/events/chainsaw-test.yaml new file mode 100755 index 0000000000..3aaebf57d4 --- /dev/null +++ b/test/conformance/chainsaw/validating-admission-policy-reports/events/chainsaw-test.yaml @@ -0,0 +1,26 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: events +spec: + steps: + - finally: + - sleep: + duration: 5s + name: step-01 + try: + - apply: + file: deployment.yaml + - assert: + file: deployment-assert.yaml + - name: step-02 + try: + - apply: + file: policy.yaml + - assert: + file: policy.yaml + - name: step-04 + try: + - assert: + file: policy-event.yaml diff --git a/test/conformance/chainsaw/verify-manifests/multi-signatures/01-policy.yaml b/test/conformance/chainsaw/verify-manifests/multi-signatures/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/verify-manifests/multi-signatures/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/verify-manifests/multi-signatures/02-resources.yaml b/test/conformance/chainsaw/verify-manifests/multi-signatures/02-resources.yaml deleted file mode 100644 index f0898b2998..0000000000 --- a/test/conformance/chainsaw/verify-manifests/multi-signatures/02-resources.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: resource-no-signature.yaml - - apply: - expect: - - check: - ($error != null): true - file: resource-one-signature.yaml - - apply: - file: resource-two-signatures.yaml - - apply: - expect: - - check: - ($error != null): true - file: resource-bad-signatures.yaml diff --git a/test/conformance/chainsaw/verify-manifests/multi-signatures/chainsaw-test.yaml b/test/conformance/chainsaw/verify-manifests/multi-signatures/chainsaw-test.yaml new file mode 100755 index 0000000000..8092e845b9 --- /dev/null +++ b/test/conformance/chainsaw/verify-manifests/multi-signatures/chainsaw-test.yaml @@ -0,0 +1,32 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: multi-signatures +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: resource-no-signature.yaml + - apply: + expect: + - check: + ($error != null): true + file: resource-one-signature.yaml + - apply: + file: resource-two-signatures.yaml + - apply: + expect: + - check: + ($error != null): true + file: resource-bad-signatures.yaml diff --git a/test/conformance/chainsaw/verify-manifests/single-signature/01-policy.yaml b/test/conformance/chainsaw/verify-manifests/single-signature/01-policy.yaml deleted file mode 100644 index 6134698445..0000000000 --- a/test/conformance/chainsaw/verify-manifests/single-signature/01-policy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: policy -spec: - timeouts: {} - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml diff --git a/test/conformance/chainsaw/verify-manifests/single-signature/02-resources.yaml b/test/conformance/chainsaw/verify-manifests/single-signature/02-resources.yaml deleted file mode 100644 index 849f6f4764..0000000000 --- a/test/conformance/chainsaw/verify-manifests/single-signature/02-resources.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: resources -spec: - timeouts: {} - try: - - apply: - expect: - - check: - ($error != null): true - file: resource-no-signature.yaml - - apply: - file: resource-one-signature.yaml - - apply: - file: resource-two-signatures.yaml - - apply: - expect: - - check: - ($error != null): true - file: resource-bad-signatures.yaml diff --git a/test/conformance/chainsaw/verify-manifests/single-signature/chainsaw-test.yaml b/test/conformance/chainsaw/verify-manifests/single-signature/chainsaw-test.yaml new file mode 100755 index 0000000000..04656217ff --- /dev/null +++ b/test/conformance/chainsaw/verify-manifests/single-signature/chainsaw-test.yaml @@ -0,0 +1,29 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: single-signature +spec: + steps: + - name: step-01 + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: resource-no-signature.yaml + - apply: + file: resource-one-signature.yaml + - apply: + file: resource-two-signatures.yaml + - apply: + expect: + - check: + ($error != null): true + file: resource-bad-signatures.yaml