diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml index acd8bb0194..b2da88cae5 100644 --- a/.github/workflows/conformance.yaml +++ b/.github/workflows/conformance.yaml @@ -147,7 +147,7 @@ jobs: - name: Install Chainsaw uses: kyverno/chainsaw/.github/actions/install@c08ae80bc45546987edff33212bf33161c84ce59 # v0.0.6 with: - release: v0.0.7-alpha.3 + release: v0.0.7-alpha.5 - name: Test with Chainsaw shell: bash env: @@ -217,7 +217,7 @@ jobs: - name: Install Chainsaw uses: kyverno/chainsaw/.github/actions/install@c08ae80bc45546987edff33212bf33161c84ce59 # v0.0.6 with: - release: v0.0.7-alpha.3 + release: v0.0.7-alpha.5 - name: Test with Chainsaw shell: bash env: @@ -287,7 +287,7 @@ jobs: - name: Install Chainsaw uses: kyverno/chainsaw/.github/actions/install@c08ae80bc45546987edff33212bf33161c84ce59 # v0.0.6 with: - release: v0.0.7-alpha.3 + release: v0.0.7-alpha.5 - name: Test with Chainsaw shell: bash env: @@ -359,7 +359,7 @@ jobs: - name: Install Chainsaw uses: kyverno/chainsaw/.github/actions/install@c08ae80bc45546987edff33212bf33161c84ce59 # v0.0.6 with: - release: v0.0.7-alpha.3 + release: v0.0.7-alpha.5 - name: Test with Chainsaw shell: bash env: @@ -429,7 +429,7 @@ jobs: - name: Install Chainsaw uses: kyverno/chainsaw/.github/actions/install@c08ae80bc45546987edff33212bf33161c84ce59 # v0.0.6 with: - release: v0.0.7-alpha.3 + release: v0.0.7-alpha.5 - name: Test with Chainsaw shell: bash env: @@ -505,7 +505,7 @@ jobs: - name: Install Chainsaw uses: kyverno/chainsaw/.github/actions/install@c08ae80bc45546987edff33212bf33161c84ce59 # v0.0.6 with: - release: v0.0.7-alpha.3 + release: v0.0.7-alpha.5 - name: Test with Chainsaw shell: bash env: @@ -580,7 +580,7 @@ jobs: - name: Install Chainsaw uses: kyverno/chainsaw/.github/actions/install@c08ae80bc45546987edff33212bf33161c84ce59 # v0.0.6 with: - release: v0.0.7-alpha.3 + release: v0.0.7-alpha.5 - name: Test with Chainsaw shell: bash env: @@ -674,7 +674,7 @@ jobs: - name: Install Chainsaw uses: kyverno/chainsaw/.github/actions/install@c08ae80bc45546987edff33212bf33161c84ce59 # v0.0.6 with: - release: v0.0.7-alpha.3 + release: v0.0.7-alpha.5 - name: Test with Chainsaw shell: bash env: @@ -748,7 +748,7 @@ jobs: - name: Install Chainsaw uses: kyverno/chainsaw/.github/actions/install@c08ae80bc45546987edff33212bf33161c84ce59 # v0.0.6 with: - release: v0.0.7-alpha.3 + release: v0.0.7-alpha.5 - name: Test with Chainsaw shell: bash env: diff --git a/test/conformance/chainsaw/_config/common.yaml b/test/conformance/chainsaw/_config/common.yaml index 99885436df..7c7e5a0a95 100755 --- a/test/conformance/chainsaw/_config/common.yaml +++ b/test/conformance/chainsaw/_config/common.yaml @@ -5,9 +5,9 @@ metadata: spec: timeouts: assert: 90s - cleanup: 150s error: 90s parallel: 1 fullName: true failFast: false excludeTestRegex: '_.+' + forceTerminationGracePeriod: 5s diff --git a/test/conformance/chainsaw/cleanup/validation/cron-format/03-invalidpolicy.yaml b/test/conformance/chainsaw/cleanup/validation/cron-format/03-invalidpolicy.yaml index 82f61480a6..709f748d92 100644 --- a/test/conformance/chainsaw/cleanup/validation/cron-format/03-invalidpolicy.yaml +++ b/test/conformance/chainsaw/cleanup/validation/cron-format/03-invalidpolicy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: invalidpolicy.yaml diff --git a/test/conformance/chainsaw/cleanup/validation/no-user-info-in-match/01-cleanuppolicy.yaml b/test/conformance/chainsaw/cleanup/validation/no-user-info-in-match/01-cleanuppolicy.yaml index 03376582f1..cccf7f08e4 100644 --- a/test/conformance/chainsaw/cleanup/validation/no-user-info-in-match/01-cleanuppolicy.yaml +++ b/test/conformance/chainsaw/cleanup/validation/no-user-info-in-match/01-cleanuppolicy.yaml @@ -8,14 +8,17 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: cleanuppolicy-with-subjects.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: cleanuppolicy-with-roles.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: cleanuppolicy-with-clusterroles.yaml diff --git a/test/conformance/chainsaw/cleanup/validation/not-supported-attributes-in-context/01-cleanup-policy.yaml b/test/conformance/chainsaw/cleanup/validation/not-supported-attributes-in-context/01-cleanup-policy.yaml index d2f3742ab5..a49b470aba 100644 --- a/test/conformance/chainsaw/cleanup/validation/not-supported-attributes-in-context/01-cleanup-policy.yaml +++ b/test/conformance/chainsaw/cleanup/validation/not-supported-attributes-in-context/01-cleanup-policy.yaml @@ -8,10 +8,12 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: cleanuppolicy-with-image-registry.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: cleanuppolicy-with-configmap.yaml diff --git a/test/conformance/chainsaw/deferred/dependencies/02-testcase.yaml b/test/conformance/chainsaw/deferred/dependencies/02-testcase.yaml index 62780ba600..57f059f183 100644 --- a/test/conformance/chainsaw/deferred/dependencies/02-testcase.yaml +++ b/test/conformance/chainsaw/deferred/dependencies/02-testcase.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: deploy.yaml diff --git a/test/conformance/chainsaw/events/policy/policy-violation/02-resource.yaml b/test/conformance/chainsaw/events/policy/policy-violation/02-resource.yaml index 36f9a5b5d3..c90b1ac26d 100644 --- a/test/conformance/chainsaw/events/policy/policy-violation/02-resource.yaml +++ b/test/conformance/chainsaw/events/policy/policy-violation/02-resource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource.yaml diff --git a/test/conformance/chainsaw/exceptions/allows-rejects-creation/03-configmap.yaml b/test/conformance/chainsaw/exceptions/allows-rejects-creation/03-configmap.yaml index 89f0b17167..134374a3c7 100644 --- a/test/conformance/chainsaw/exceptions/allows-rejects-creation/03-configmap.yaml +++ b/test/conformance/chainsaw/exceptions/allows-rejects-creation/03-configmap.yaml @@ -10,8 +10,9 @@ spec: - apply: file: configmap-allowed.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: configmap-rejected.yaml - assert: file: configmap-allowed.yaml diff --git a/test/conformance/chainsaw/exceptions/applies-to-delete/05-delete.yaml b/test/conformance/chainsaw/exceptions/applies-to-delete/05-delete.yaml index 9a4767fab5..bb2c056c57 100644 --- a/test/conformance/chainsaw/exceptions/applies-to-delete/05-delete.yaml +++ b/test/conformance/chainsaw/exceptions/applies-to-delete/05-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: apps/v1 - kind: Deployment - name: test-dpl1 - namespace: reza-dev + ref: + apiVersion: apps/v1 + kind: Deployment + name: test-dpl1 + namespace: reza-dev diff --git a/test/conformance/chainsaw/exceptions/background-mode/standard/01-exception.yaml b/test/conformance/chainsaw/exceptions/background-mode/standard/01-exception.yaml index 490d53eea8..ddace9363c 100644 --- a/test/conformance/chainsaw/exceptions/background-mode/standard/01-exception.yaml +++ b/test/conformance/chainsaw/exceptions/background-mode/standard/01-exception.yaml @@ -10,8 +10,9 @@ spec: - apply: file: exception-allowed.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: exception-rejected.yaml - assert: file: exception-allowed.yaml diff --git a/test/conformance/chainsaw/exceptions/conditions/03-deployment.yaml b/test/conformance/chainsaw/exceptions/conditions/03-deployment.yaml index 10116fd4ce..8dadbe873c 100644 --- a/test/conformance/chainsaw/exceptions/conditions/03-deployment.yaml +++ b/test/conformance/chainsaw/exceptions/conditions/03-deployment.yaml @@ -10,6 +10,11 @@ spec: - apply: file: good-deployment.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: bad-deployment.yaml + finally: + - script: + content: sleep 5 + timeout: 10s \ No newline at end of file diff --git a/test/conformance/chainsaw/exceptions/conditions/04-sleep.yaml b/test/conformance/chainsaw/exceptions/conditions/04-sleep.yaml deleted file mode 100644 index f30782fbbe..0000000000 --- a/test/conformance/chainsaw/exceptions/conditions/04-sleep.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: chainsaw.kyverno.io/v1alpha1 -kind: TestStep -metadata: - creationTimestamp: null - name: sleep -spec: - timeouts: {} - try: - - command: - args: - - "4" - entrypoint: sleep diff --git a/test/conformance/chainsaw/exceptions/only-for-specific-user/03-configmap.yaml b/test/conformance/chainsaw/exceptions/only-for-specific-user/03-configmap.yaml index ca5e9e866c..0f2db9adfe 100644 --- a/test/conformance/chainsaw/exceptions/only-for-specific-user/03-configmap.yaml +++ b/test/conformance/chainsaw/exceptions/only-for-specific-user/03-configmap.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: configmap.yaml diff --git a/test/conformance/chainsaw/exceptions/with-wildcard/03-configmap.yaml b/test/conformance/chainsaw/exceptions/with-wildcard/03-configmap.yaml index 89f0b17167..134374a3c7 100644 --- a/test/conformance/chainsaw/exceptions/with-wildcard/03-configmap.yaml +++ b/test/conformance/chainsaw/exceptions/with-wildcard/03-configmap.yaml @@ -10,8 +10,9 @@ spec: - apply: file: configmap-allowed.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: configmap-rejected.yaml - assert: file: configmap-allowed.yaml diff --git a/test/conformance/chainsaw/filter/exclude/sa/no-wildcard/02-resource.yaml b/test/conformance/chainsaw/filter/exclude/sa/no-wildcard/02-resource.yaml index 36f9a5b5d3..c90b1ac26d 100644 --- a/test/conformance/chainsaw/filter/exclude/sa/no-wildcard/02-resource.yaml +++ b/test/conformance/chainsaw/filter/exclude/sa/no-wildcard/02-resource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource.yaml diff --git a/test/conformance/chainsaw/filter/exclude/sa/wildcard/02-resource.yaml b/test/conformance/chainsaw/filter/exclude/sa/wildcard/02-resource.yaml index 36f9a5b5d3..c90b1ac26d 100644 --- a/test/conformance/chainsaw/filter/exclude/sa/wildcard/02-resource.yaml +++ b/test/conformance/chainsaw/filter/exclude/sa/wildcard/02-resource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource.yaml diff --git a/test/conformance/chainsaw/filter/exclude/user/no-wildcard/block/02-resource.yaml b/test/conformance/chainsaw/filter/exclude/user/no-wildcard/block/02-resource.yaml index 36f9a5b5d3..c90b1ac26d 100644 --- a/test/conformance/chainsaw/filter/exclude/user/no-wildcard/block/02-resource.yaml +++ b/test/conformance/chainsaw/filter/exclude/user/no-wildcard/block/02-resource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource.yaml diff --git a/test/conformance/chainsaw/filter/exclude/user/wildcard/block/02-resource.yaml b/test/conformance/chainsaw/filter/exclude/user/wildcard/block/02-resource.yaml index 36f9a5b5d3..c90b1ac26d 100644 --- a/test/conformance/chainsaw/filter/exclude/user/wildcard/block/02-resource.yaml +++ b/test/conformance/chainsaw/filter/exclude/user/wildcard/block/02-resource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource.yaml diff --git a/test/conformance/chainsaw/filter/match/user/no-wildcard/block/02-resource.yaml b/test/conformance/chainsaw/filter/match/user/no-wildcard/block/02-resource.yaml index 36f9a5b5d3..c90b1ac26d 100644 --- a/test/conformance/chainsaw/filter/match/user/no-wildcard/block/02-resource.yaml +++ b/test/conformance/chainsaw/filter/match/user/no-wildcard/block/02-resource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource.yaml diff --git a/test/conformance/chainsaw/filter/match/user/wildcard/block/02-resource.yaml b/test/conformance/chainsaw/filter/match/user/wildcard/block/02-resource.yaml index 36f9a5b5d3..c90b1ac26d 100644 --- a/test/conformance/chainsaw/filter/match/user/wildcard/block/02-resource.yaml +++ b/test/conformance/chainsaw/filter/match/user/wildcard/block/02-resource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource.yaml diff --git a/test/conformance/chainsaw/flags/standard/emit-events/03-resource.yaml b/test/conformance/chainsaw/flags/standard/emit-events/03-resource.yaml index 5a80990db1..dda9e3c8fa 100644 --- a/test/conformance/chainsaw/flags/standard/emit-events/03-resource.yaml +++ b/test/conformance/chainsaw/flags/standard/emit-events/03-resource.yaml @@ -10,6 +10,7 @@ spec: - apply: file: resource.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource-fail.yaml diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/03-delete.yaml index eab588495e..02cc9b3e39 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/03-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-list-sync-same-trigger-source-delete-source/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: Secret - name: mysecret - namespace: clone-list-sync-same-trigger-source-trigger-ns + ref: + apiVersion: v1 + kind: Secret + name: mysecret + namespace: clone-list-sync-same-trigger-source-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/04-delete-source.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/04-delete-source.yaml index dbb8b9e328..3c20473c46 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/04-delete-source.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-source-name-exceeds-63-characters/04-delete-source.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: Secret - name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred - namespace: default + ref: + apiVersion: v1 + kind: Secret + name: regcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcredregcred + namespace: default diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/03-delete.yaml index dd4a010d8d..6e157c1a92 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/03-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/clone-sync-same-trigger-source-delete-source/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: Secret - name: mysecret - namespace: clone-sync-same-trigger-source-trigger-ns + ref: + apiVersion: v1 + kind: Secret + name: mysecret + namespace: clone-sync-same-trigger-source-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/02-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/02-delete.yaml index 78b8349188..bc82c95a02 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/02-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-create-on-trigger-deletion/02-delete.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: Namespace - name: cpol-clone-create-on-trigger-deletion-trigger-ns + ref: + apiVersion: v1 + kind: Namespace + name: cpol-clone-create-on-trigger-deletion-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/04-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/04-delete.yaml index 73ebf3ef2e..530665fb24 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/04-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-clone-sync-reinstall-policy/04-delete.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - delete: - apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: cpol-clone-sync-reinstall-policy + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-clone-sync-reinstall-policy diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/02-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/02-delete.yaml index 57b0091257..b2ece129cc 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/02-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-create-on-trigger-deletion/02-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: cpol-create-on-trigger-deletion-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: cpol-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/04-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/04-delete.yaml index 15666d1c14..081781af77 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/04-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/cornercases/trigger-resource-name-exceeds-63-characters/04-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap - namespace: trigger-resource-name-exceeds-63-characters-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: my-configmapmy-configmapmy-configmapmy-configmapmy-configmapmy-configmap + namespace: trigger-resource-name-exceeds-63-characters-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/04-delete-secret.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/04-delete-secret.yaml index 18663afad1..d2561b85ac 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/04-delete-secret.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-downstream/04-delete-secret.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: Secret - name: regcred - namespace: cpol-clone-nosync-delete-downstream-ns + ref: + apiVersion: v1 + kind: Secret + name: regcred + namespace: cpol-clone-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/03-removepolicy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/03-removepolicy.yaml index 8e5ad77af8..d20d45f284 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/03-removepolicy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-policy/03-removepolicy.yaml @@ -10,6 +10,7 @@ spec: - assert: file: check.yaml - delete: - apiVersion: kyverno.io/v2beta1 - kind: ClusterPolicy - name: cpol-nosync-clone-delete-policy + ref: + apiVersion: kyverno.io/v2beta1 + kind: ClusterPolicy + name: cpol-nosync-clone-delete-policy diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/03-deletesource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/03-deletesource.yaml index da148b4f20..b982ea9cd5 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/03-deletesource.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-source/03-deletesource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: Secret - name: regcred + ref: + apiVersion: v1 + kind: Secret + name: regcred diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/03-delete.yaml index 0e366bd41d..c6318330de 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/03-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/nosync/cpol-clone-nosync-delete-trigger/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: cpol-clone-nosync-delete-trigger-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: cpol-clone-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/03-delete.yaml index 4d449af05d..85f559c2bf 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/03-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-list-sync-delete-source/03-delete.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: Namespace - name: cpol-clone-list-sync-delete-source-trigger-ns-1 + ref: + apiVersion: v1 + kind: Namespace + name: cpol-clone-list-sync-delete-source-trigger-ns-1 diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/04-delete-secret.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/04-delete-secret.yaml index 93aff7f38a..f444010646 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/04-delete-secret.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-downstream/04-delete-secret.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: Secret - name: regcred - namespace: cpol-clone-sync-delete-downstream-ns + ref: + apiVersion: v1 + kind: Secret + name: regcred + namespace: cpol-clone-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/04-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/04-delete.yaml index cb54057806..7079d1ee29 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/04-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-policy/04-delete.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - delete: - apiVersion: kyverno.io/v2beta1 - kind: ClusterPolicy - name: cpol-clone-sync-delete-policy + ref: + apiVersion: kyverno.io/v2beta1 + kind: ClusterPolicy + name: cpol-clone-sync-delete-policy diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/03-deletesource.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/03-deletesource.yaml index a0e15ceb9a..cb7350b536 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/03-deletesource.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-source/03-deletesource.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: Secret - name: regcred - namespace: cpol-clone-sync-delete-source-ns + ref: + apiVersion: v1 + kind: Secret + name: regcred + namespace: cpol-clone-sync-delete-source-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/03-delete.yaml index a4e1594504..66d65522af 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/03-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/clone/sync/cpol-clone-sync-delete-trigger/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: cpol-clone-sync-delete-trigger-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: cpol-clone-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/04-downstream-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/04-downstream-delete.yaml index 787125c040..ac4fa64f36 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/04-downstream-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-downstream/04-downstream-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: cpol-data-nosync-delete-downstream-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: cpol-data-nosync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/03-delete-policy.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/03-delete-policy.yaml index 0f66402150..873b00512e 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/03-delete-policy.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-policy/03-delete-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - delete: - apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: cpol-data-nosync-delete-policy-policy + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-data-nosync-delete-policy-policy diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/04-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/04-delete.yaml index c1de4bfa4b..54c2af45c9 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/04-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/nosync/cpol-data-nosync-delete-trigger/04-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: cpol-data-nosync-delete-trigger-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: cpol-data-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/03-delete.yaml index eaf29f7030..e82b946274 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/03-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-downstream/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: cpol-data-sync-delete-downstream-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: cpol-data-sync-delete-downstream-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/03-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/03-delete.yaml index 18ce624cdd..9785141488 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/03-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-one-trigger/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: foosource-1 - namespace: cpol-data-sync-delete-one-trigger-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: foosource-1 + namespace: cpol-data-sync-delete-one-trigger-ns diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/04-policy-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/04-policy-delete.yaml index 6af5a6adcc..703e38f14f 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/04-policy-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-policy/04-policy-delete.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - delete: - apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: cpol-data-sync-delete-policy + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-data-sync-delete-policy diff --git a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/02-delete.yaml b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/02-delete.yaml index 9dd0ba4696..c72265e18e 100644 --- a/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/02-delete.yaml +++ b/test/conformance/chainsaw/generate/clusterpolicy/standard/data/sync/cpol-data-sync-delete-trigger/02-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: cpol-data-sync-delete-trigger-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: cpol-data-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/02-delete.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/02-delete.yaml index 1e43d840a5..d225687bca 100644 --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/02-delete.yaml +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-clone-create-on-trigger-deletion/02-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: pol-clone-create-on-trigger-deletion-configmap - namespace: pol-clone-create-on-trigger-deletion-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: pol-clone-create-on-trigger-deletion-configmap + namespace: pol-clone-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/02-delete.yaml b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/02-delete.yaml index 72b0f8c98c..a3412238e0 100644 --- a/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/02-delete.yaml +++ b/test/conformance/chainsaw/generate/policy/cornercases/pol-data-create-on-trigger-deletion/02-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: pol-create-on-trigger-deletion-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: pol-create-on-trigger-deletion-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/04-delete-downstream.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/04-delete-downstream.yaml index c68533ff7b..3c87ec3d67 100644 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/04-delete-downstream.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-downstream/04-delete-downstream.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: Secret - name: newsecret - namespace: default + ref: + apiVersion: v1 + kind: Secret + name: newsecret + namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/03-delete-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/03-delete-policy.yaml index 9eff3ac1ba..d8968d0f1c 100644 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/03-delete-policy.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-policy/03-delete-policy.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: kyverno.io/v2beta1 - kind: Policy - name: pol-clone-nosync-delete-policy - namespace: default + ref: + apiVersion: kyverno.io/v2beta1 + kind: Policy + name: pol-clone-nosync-delete-policy + namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/03-delete-source.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/03-delete-source.yaml index dd05e85e60..e38f59f9ca 100644 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/03-delete-source.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-source/03-delete-source.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: Secret - name: regcred - namespace: default + ref: + apiVersion: v1 + kind: Secret + name: regcred + namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/03-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/03-delete.yaml index fd815c11eb..dd5a480833 100644 --- a/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/03-delete.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/nosync/pol-clone-nosync-delete-trigger/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: pol-clone-nosync-delete-trigger-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: pol-clone-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/04-delete-policy.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/04-delete-policy.yaml index 2c14201eaa..82283ec76a 100644 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/04-delete-policy.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-policy/04-delete-policy.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: kyverno.io/v2beta1 - kind: Policy - name: pol-clone-sync-delete-policy - namespace: default + ref: + apiVersion: kyverno.io/v2beta1 + kind: Policy + name: pol-clone-sync-delete-policy + namespace: default diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/03-deletesource.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/03-deletesource.yaml index 512bd80e43..746df42ee6 100644 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/03-deletesource.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-source/03-deletesource.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: Secret - name: regcred - namespace: pol-clone-sync-delete-source + ref: + apiVersion: v1 + kind: Secret + name: regcred + namespace: pol-clone-sync-delete-source diff --git a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/03-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/03-delete.yaml index f413781963..a7d85b13de 100644 --- a/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/03-delete.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/clone/sync/pol-clone-sync-delete-trigger/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: pol-clone-sync-delete-trigger-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: pol-clone-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-create-policy-invalid/01-create.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-create-policy-invalid/01-create.yaml index 01472eee4c..94305ebd1d 100644 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-create-policy-invalid/01-create.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-create-policy-invalid/01-create.yaml @@ -10,6 +10,7 @@ spec: - apply: file: ns.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy.yaml diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/03-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/03-delete.yaml index 2bd699fad4..16281c3681 100644 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/03-delete.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-downstream/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: hammer + ref: + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: hammer diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/03-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/03-delete.yaml index f7f39f820c..19963cab45 100644 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/03-delete.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-policy/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: kyverno.io/v1 - kind: Policy - name: pol-data-nosync-delete-policy-policy - namespace: manta + ref: + apiVersion: kyverno.io/v1 + kind: Policy + name: pol-data-nosync-delete-policy-policy + namespace: manta diff --git a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/04-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/04-delete.yaml index 7af553272e..bf1e22bf01 100644 --- a/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/04-delete.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/nosync/pol-data-nosync-delete-trigger/04-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: pol-data-nosync-delete-trigger-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: pol-data-nosync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/03-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/03-delete.yaml index 0582a1c7c3..65dff2c9e5 100644 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/03-delete.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-downstream/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: zk-kafka-address - namespace: exeter + ref: + apiVersion: v1 + kind: ConfigMap + name: zk-kafka-address + namespace: exeter diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/03-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/03-delete.yaml index 328f19e7f4..7de8335b2a 100644 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/03-delete.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-policy/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: kyverno.io/v1 - kind: Policy - name: pol-data-sync-delete-policy-policy - namespace: manasis + ref: + apiVersion: kyverno.io/v1 + kind: Policy + name: pol-data-sync-delete-policy-policy + namespace: manasis diff --git a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/05-delete.yaml b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/05-delete.yaml index b571c46a26..855619bfbf 100644 --- a/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/05-delete.yaml +++ b/test/conformance/chainsaw/generate/policy/standard/data/sync/pol-data-sync-delete-trigger/05-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: test-org - namespace: pol-data-sync-delete-trigger-ns + ref: + apiVersion: v1 + kind: ConfigMap + name: test-org + namespace: pol-data-sync-delete-trigger-ns diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/02-check.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/02-check.yaml index dac64d3a80..5bc57a38b3 100644 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/02-check.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/cloneList/02-check.yaml @@ -10,14 +10,17 @@ spec: - apply: file: policy-pass.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-fail-1.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-fail-2.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-fail-3.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/02-update.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/02-update.yaml index 3848a17f86..cec54d9fc6 100644 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/02-update.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clone/02-update.yaml @@ -8,10 +8,12 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-name.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-namespace.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/02-update.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/02-update.yaml index 02fe0d69e0..3de733d074 100644 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/02-update.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-clonelist/02-update.yaml @@ -8,14 +8,17 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-ns.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-kinds.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-selector.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/02-update.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/02-update.yaml index 4861d6a93e..8ee15a01f1 100644 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/02-update.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-downstream/02-update.yaml @@ -8,18 +8,22 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-name.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-apiversion.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-namespace.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-kind.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/02-update.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/02-update.yaml index 613f58950f..c9b14c461f 100644 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/02-update.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/immutable-rule-spec/02-update.yaml @@ -8,20 +8,24 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-rule-name.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-rule-match.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-rule-exclude.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-rule-preconditions.yaml - apply: file: update-rule-generate-synchronize.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/01-fail-no-permission.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/01-fail-no-permission.yaml index 241f77887c..bb09f49d44 100644 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/01-fail-no-permission.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/01-fail-no-permission.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/04-delete.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/04-delete.yaml index 3cc6bcc3fa..37e3953846 100644 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/04-delete.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/no-permission/04-delete.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - delete: - apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: cpol-validate-create-sa-permission + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: cpol-validate-create-sa-permission diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/03-check.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/03-check.yaml index b051d10ee4..fbc1d53c51 100644 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/03-check.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/permissions/same-kind/03-check.yaml @@ -12,10 +12,12 @@ spec: - apply: file: policy-1-subresource.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-2.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-2-subresource.yaml diff --git a/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/02-check.yaml b/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/02-check.yaml index dad6acffa0..ff1bfc925a 100644 --- a/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/02-check.yaml +++ b/test/conformance/chainsaw/generate/validation/clusterpolicy/target-namespace-scope/02-check.yaml @@ -8,12 +8,14 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-fail-1-no-ns-namespaced-target.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-fail-2-ns-cluster-target.yaml - apply: file: policy-pass-1-ns-namespaced-target.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/cloneList/02-check.yaml b/test/conformance/chainsaw/generate/validation/policy/cloneList/02-check.yaml index dac64d3a80..5bc57a38b3 100644 --- a/test/conformance/chainsaw/generate/validation/policy/cloneList/02-check.yaml +++ b/test/conformance/chainsaw/generate/validation/policy/cloneList/02-check.yaml @@ -10,14 +10,17 @@ spec: - apply: file: policy-pass.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-fail-1.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-fail-2.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-fail-3.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-clone/02-update.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-clone/02-update.yaml index 6213c2864a..2410548dac 100644 --- a/test/conformance/chainsaw/generate/validation/policy/immutable-clone/02-update.yaml +++ b/test/conformance/chainsaw/generate/validation/policy/immutable-clone/02-update.yaml @@ -8,10 +8,12 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-namespace.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-name.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/02-update.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/02-update.yaml index 02fe0d69e0..3de733d074 100644 --- a/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/02-update.yaml +++ b/test/conformance/chainsaw/generate/validation/policy/immutable-clonelist/02-update.yaml @@ -8,14 +8,17 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-ns.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-kinds.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-selector.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/02-update.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/02-update.yaml index 4861d6a93e..8ee15a01f1 100644 --- a/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/02-update.yaml +++ b/test/conformance/chainsaw/generate/validation/policy/immutable-downstream/02-update.yaml @@ -8,18 +8,22 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-name.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-apiversion.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-namespace.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-kind.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/02-update.yaml b/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/02-update.yaml index 613f58950f..c9b14c461f 100644 --- a/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/02-update.yaml +++ b/test/conformance/chainsaw/generate/validation/policy/immutable-rule-spec/02-update.yaml @@ -8,20 +8,24 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-rule-name.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-rule-match.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-rule-exclude.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: update-rule-preconditions.yaml - apply: file: update-rule-generate-synchronize.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/permissions/02-fail-no-permission.yaml b/test/conformance/chainsaw/generate/validation/policy/permissions/02-fail-no-permission.yaml index 241f77887c..bb09f49d44 100644 --- a/test/conformance/chainsaw/generate/validation/policy/permissions/02-fail-no-permission.yaml +++ b/test/conformance/chainsaw/generate/validation/policy/permissions/02-fail-no-permission.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/02-check.yaml b/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/02-check.yaml index ac2c3c9fa7..65560bd1fc 100644 --- a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/02-check.yaml +++ b/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/02-check.yaml @@ -10,18 +10,22 @@ spec: - apply: file: policy-pass.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-fail-0.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-fail-1.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-fail-2.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-fail-3.yaml diff --git a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/03-delete.yaml b/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/03-delete.yaml index 8afa2edc7f..fb52bfe46b 100644 --- a/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/03-delete.yaml +++ b/test/conformance/chainsaw/generate/validation/policy/target-namespace-scope/03-delete.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - delete: - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - name: roles.iam.aws.crossplane.io + ref: + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + name: roles.iam.aws.crossplane.io diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/02-delete-cm.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/02-delete-cm.yaml index 4fcba59476..e8b6b38e38 100644 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/02-delete-cm.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/basic-delete/02-delete-cm.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: v1 - kind: ConfigMap - name: dictionary-2 - namespace: staging-2 + ref: + apiVersion: v1 + kind: ConfigMap + name: dictionary-2 + namespace: staging-2 diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-namespace-variable/01-fail-no-permission.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-namespace-variable/01-fail-no-permission.yaml index 241f77887c..bb09f49d44 100644 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-namespace-variable/01-fail-no-permission.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-namespace-variable/01-fail-no-permission.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/01-fail-no-permission.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/01-fail-no-permission.yaml index 241f77887c..bb09f49d44 100644 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/01-fail-no-permission.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/auth-check/cpol-standard-auth-check/01-fail-no-permission.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/01-no-targets-fail.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/01-no-targets-fail.yaml index 872433061c..2b3b5ee54f 100644 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/01-no-targets-fail.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/mutate-existing-require-targets/01-no-targets-fail.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-no-targets.yaml diff --git a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/target-variable-validation/01-policy.yaml b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/target-variable-validation/01-policy.yaml index d718935bdf..b86d18523d 100644 --- a/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/target-variable-validation/01-policy.yaml +++ b/test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/validation/target-variable-validation/01-policy.yaml @@ -8,8 +8,9 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-bad.yaml - apply: file: policy-good.yaml diff --git a/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/02-fail-no-permission.yaml b/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/02-fail-no-permission.yaml index 241f77887c..bb09f49d44 100644 --- a/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/02-fail-no-permission.yaml +++ b/test/conformance/chainsaw/mutate/policy/standard/existing/validation/auth-check/02-fail-no-permission.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy.yaml diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/admission-disabled/01-policy.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/admission-disabled/01-policy.yaml index a0d1b31766..f3cdc4fef2 100644 --- a/test/conformance/chainsaw/policy-validation/cluster-policy/admission-disabled/01-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/cluster-policy/admission-disabled/01-policy.yaml @@ -10,14 +10,17 @@ spec: - apply: file: policy-validate.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-mutate.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-generate.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-verify-image.yaml diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/all-disabled/01-policy.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/all-disabled/01-policy.yaml index df1eb99be6..03dc7ef071 100644 --- a/test/conformance/chainsaw/policy-validation/cluster-policy/all-disabled/01-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/cluster-policy/all-disabled/01-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy.yaml diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/01-policy.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/01-policy.yaml index 414bdc162c..959aed61a3 100644 --- a/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/01-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/01-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-1.yaml diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/02-policy.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/02-policy.yaml index 07728aa0a2..5b87a9083c 100644 --- a/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/02-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/02-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-2.yaml diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/03-policy.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/03-policy.yaml index c658eb5c25..5b801264bc 100644 --- a/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/03-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/03-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-3.yaml diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/04-policy.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/04-policy.yaml index c2c9874c57..0d40312682 100644 --- a/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/04-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/04-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-4.yaml diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/05-policy.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/05-policy.yaml index 111874e718..7962cd0b15 100644 --- a/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/05-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/cluster-policy/background-subresource/05-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-5.yaml diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-subject-kind/01-policies.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-subject-kind/01-policies.yaml index 5b7367dd61..b35227e889 100644 --- a/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-subject-kind/01-policies.yaml +++ b/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-subject-kind/01-policies.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy.yaml diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout/01-policies.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout/01-policies.yaml index dde6769837..091fe5948f 100644 --- a/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout/01-policies.yaml +++ b/test/conformance/chainsaw/policy-validation/cluster-policy/invalid-timeout/01-policies.yaml @@ -8,10 +8,12 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-1.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-2.yaml diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/policy-exceptions-disabled/02-resource.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/policy-exceptions-disabled/02-resource.yaml index 36f9a5b5d3..c90b1ac26d 100644 --- a/test/conformance/chainsaw/policy-validation/cluster-policy/policy-exceptions-disabled/02-resource.yaml +++ b/test/conformance/chainsaw/policy-validation/cluster-policy/policy-exceptions-disabled/02-resource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource.yaml diff --git a/test/conformance/chainsaw/policy-validation/cluster-policy/target-context/01-policies.yaml b/test/conformance/chainsaw/policy-validation/cluster-policy/target-context/01-policies.yaml index dde6769837..091fe5948f 100644 --- a/test/conformance/chainsaw/policy-validation/cluster-policy/target-context/01-policies.yaml +++ b/test/conformance/chainsaw/policy-validation/cluster-policy/target-context/01-policies.yaml @@ -8,10 +8,12 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-1.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-2.yaml diff --git a/test/conformance/chainsaw/policy-validation/policy/admission-disabled/01-policy.yaml b/test/conformance/chainsaw/policy-validation/policy/admission-disabled/01-policy.yaml index 3ebdc1b2b8..0faf51eb1c 100644 --- a/test/conformance/chainsaw/policy-validation/policy/admission-disabled/01-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/policy/admission-disabled/01-policy.yaml @@ -10,10 +10,12 @@ spec: - apply: file: policy-validate.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-mutate.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-verify-image.yaml diff --git a/test/conformance/chainsaw/policy-validation/policy/all-disabled/01-policy.yaml b/test/conformance/chainsaw/policy-validation/policy/all-disabled/01-policy.yaml index df1eb99be6..03dc7ef071 100644 --- a/test/conformance/chainsaw/policy-validation/policy/all-disabled/01-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/policy/all-disabled/01-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy.yaml diff --git a/test/conformance/chainsaw/policy-validation/policy/background-subresource/01-policy.yaml b/test/conformance/chainsaw/policy-validation/policy/background-subresource/01-policy.yaml index 414bdc162c..959aed61a3 100644 --- a/test/conformance/chainsaw/policy-validation/policy/background-subresource/01-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/policy/background-subresource/01-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-1.yaml diff --git a/test/conformance/chainsaw/policy-validation/policy/background-subresource/02-policy.yaml b/test/conformance/chainsaw/policy-validation/policy/background-subresource/02-policy.yaml index 07728aa0a2..5b87a9083c 100644 --- a/test/conformance/chainsaw/policy-validation/policy/background-subresource/02-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/policy/background-subresource/02-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-2.yaml diff --git a/test/conformance/chainsaw/policy-validation/policy/background-subresource/03-policy.yaml b/test/conformance/chainsaw/policy-validation/policy/background-subresource/03-policy.yaml index c658eb5c25..5b801264bc 100644 --- a/test/conformance/chainsaw/policy-validation/policy/background-subresource/03-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/policy/background-subresource/03-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-3.yaml diff --git a/test/conformance/chainsaw/policy-validation/policy/background-subresource/04-policy.yaml b/test/conformance/chainsaw/policy-validation/policy/background-subresource/04-policy.yaml index c2c9874c57..0d40312682 100644 --- a/test/conformance/chainsaw/policy-validation/policy/background-subresource/04-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/policy/background-subresource/04-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-4.yaml diff --git a/test/conformance/chainsaw/policy-validation/policy/background-subresource/05-policy.yaml b/test/conformance/chainsaw/policy-validation/policy/background-subresource/05-policy.yaml index 111874e718..7962cd0b15 100644 --- a/test/conformance/chainsaw/policy-validation/policy/background-subresource/05-policy.yaml +++ b/test/conformance/chainsaw/policy-validation/policy/background-subresource/05-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-5.yaml diff --git a/test/conformance/chainsaw/policy-validation/policy/invalid-timeout/01-policies.yaml b/test/conformance/chainsaw/policy-validation/policy/invalid-timeout/01-policies.yaml index dde6769837..091fe5948f 100644 --- a/test/conformance/chainsaw/policy-validation/policy/invalid-timeout/01-policies.yaml +++ b/test/conformance/chainsaw/policy-validation/policy/invalid-timeout/01-policies.yaml @@ -8,10 +8,12 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-1.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-2.yaml diff --git a/test/conformance/chainsaw/rangeoperators/standard/02-resource.yaml b/test/conformance/chainsaw/rangeoperators/standard/02-resource.yaml index 36f9a5b5d3..c90b1ac26d 100644 --- a/test/conformance/chainsaw/rangeoperators/standard/02-resource.yaml +++ b/test/conformance/chainsaw/rangeoperators/standard/02-resource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource.yaml diff --git a/test/conformance/chainsaw/reports/background/report-deletion/03-delete-policy.yaml b/test/conformance/chainsaw/reports/background/report-deletion/03-delete-policy.yaml index e7d7e57ca0..43c76a4ec0 100644 --- a/test/conformance/chainsaw/reports/background/report-deletion/03-delete-policy.yaml +++ b/test/conformance/chainsaw/reports/background/report-deletion/03-delete-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - delete: - apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: podsecurity-subrule-restricted + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: podsecurity-subrule-restricted diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/02-teststep.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/02-teststep.yaml index e869c8ee54..02acd1a89e 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/02-teststep.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/02-teststep.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: networking.k8s.io/v1 - kind: Ingress - name: my-app-ingress - namespace: test-ingress + ref: + apiVersion: networking.k8s.io/v1 + kind: Ingress + name: my-app-ingress + namespace: test-ingress diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/02-teststep.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/02-teststep.yaml index cb3c818afe..dda504b8c5 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/02-teststep.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/02-teststep.yaml @@ -8,8 +8,9 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: cm-default-ns.yaml - apply: file: cm-test-ns.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/02-resources.yaml index 2f6f1aba07..6d4ee6ad93 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/02-resources.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/02-resources.yaml @@ -10,8 +10,9 @@ spec: - apply: file: pod-pass.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: pod-fail.yaml finally: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/03-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/03-resources.yaml index 2691ebb776..f1862217bb 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/03-resources.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/03-resources.yaml @@ -10,6 +10,7 @@ spec: - apply: file: deployments-pass.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: deployments-fail.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/03-statefulset.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/03-statefulset.yaml index 64a0e13100..8eaedab4aa 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/03-statefulset.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/03-statefulset.yaml @@ -10,8 +10,9 @@ spec: - apply: file: statefulset-pass.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: statefulset-fail.yaml finally: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/02-resources.yaml index 902fdd4629..0baa90ace7 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/02-resources.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/02-resources.yaml @@ -10,6 +10,7 @@ spec: - apply: file: pod-pass.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: pod-fail.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/pod-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/pod-fail.yaml index 6372287332..6fdda0a983 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/pod-fail.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/pod-fail.yaml @@ -8,4 +8,3 @@ spec: image: nginx:latest ports: - hostPort: 80 - \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/04-ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/04-ns.yaml index 6641ed12c1..670b9ceb73 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/04-ns.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/04-ns.yaml @@ -10,6 +10,7 @@ spec: - apply: file: ns-pass.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: ns-fail.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/04-ns.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/04-ns.yaml index 0bab51c393..6f5526242b 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/04-ns.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/04-ns.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: ns.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/05-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/05-resources.yaml index 65dd608c29..61019e1f39 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/05-resources.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/05-resources.yaml @@ -10,8 +10,9 @@ spec: - apply: file: deployment-pass.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: deployment-fail.yaml finally: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/05-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/05-resources.yaml index af6a89b5af..1cd6d3583e 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/05-resources.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/05-resources.yaml @@ -10,8 +10,9 @@ spec: - apply: file: statefulset-pass.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: statefulset-fail.yaml finally: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/02-script.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/02-script.yaml index a9bed7f882..e40f99ff41 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/02-script.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/02-script.yaml @@ -7,6 +7,13 @@ metadata: spec: timeouts: {} try: + - script: + content: sleep 5 + timeout: 10s - script: content: ./api-initiated-eviction.sh timeout: 30s + finally: + - script: + content: sleep 5 + timeout: 10s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/02-script.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/02-script.yaml index 626963d1b0..6e57957047 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/02-script.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/02-script.yaml @@ -12,3 +12,7 @@ spec: into Pods protected with the label 'exec=false' is forbidden\" \nthen \n echo \"Tested failed. Exec Request was not blocked.\"\n exit 1 \nelse \n echo \"Test succeeded. Exec Request was blocked.\"\n exit 0\nfi\n" + finally: + - script: + content: sleep 5 + timeout: 10s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/02-script.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/02-script.yaml index 1f1aa73d71..ca643c9ac4 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/02-script.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/02-script.yaml @@ -12,3 +12,7 @@ spec: 2>&1 | grep -q 'validation error: nginx-test needs to have 2 replicas' \nthen \n echo \"Test failed. Resource was blocked from scaling.\"\n exit 1\nelse \n echo \"Tested succeeded. Resource was allowed to scale.\"\n exit 0 \nfi\n" + finally: + - script: + content: sleep 5 + timeout: 10s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/02-pod.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/02-pod.yaml index 9ced8ae36f..92c281d484 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/02-pod.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/02-pod.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: pod.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/03-pod-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/03-pod-fail.yaml index ec1d80ad3d..d12d434cf9 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/03-pod-fail.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/03-pod-fail.yaml @@ -8,8 +8,9 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: pod-fail.yaml - apply: file: pod-pass.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/04-delete.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/04-delete.yaml index 5e8150cd0e..e651953135 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/04-delete.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/04-delete.yaml @@ -7,8 +7,12 @@ metadata: spec: timeouts: {} try: + - script: + content: sleep 5 + timeout: 10s - delete: - apiVersion: apps/v1 - kind: Deployment - name: nginx - namespace: default + ref: + apiVersion: apps/v1 + kind: Deployment + name: nginx + namespace: default diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/03-pod-fail.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/03-pod-fail.yaml index ddb18226e1..7f79babf58 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/03-pod-fail.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/03-pod-fail.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: pod.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/02-resource.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/02-resource.yaml index 36f9a5b5d3..c90b1ac26d 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/02-resource.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/02-resource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/02-script.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/02-script.yaml index 569eeda791..5ec02f7e87 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/02-script.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/02-script.yaml @@ -12,3 +12,7 @@ spec: 2>&1 | grep -q 'validation error: nginx-test needs to have 2 replicas' \nthen \n echo \"Test succeeded. Resource was blocked from scaling.\"\n exit 0\nelse \n echo \"Tested failed. Resource was allowed to scale.\"\n exit 1 \nfi\n" + finally: + - script: + content: sleep 5 + timeout: 10s diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/02-resources.yaml index 469d976db8..e486d0a231 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/02-resources.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/02-resources.yaml @@ -10,6 +10,7 @@ spec: - apply: file: pod-create.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: pod-update.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/02-resources.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/02-resources.yaml index 0422ebe26e..0009b6e949 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/02-resources.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/02-resources.yaml @@ -8,12 +8,14 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: bad-pod-1.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: bad-pod-2.yaml - apply: file: good-pod.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/03-delete.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/03-delete.yaml index 8aeb4502dc..62c909f9ca 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/03-delete.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/03-delete.yaml @@ -8,7 +8,8 @@ spec: timeouts: {} try: - delete: - apiVersion: apps/v1 - kind: DaemonSet - name: test-deletion-request-datadog-operator - namespace: cpol-validate-psa-test-deletion-request + ref: + apiVersion: apps/v1 + kind: DaemonSet + name: test-deletion-request-datadog-operator + namespace: cpol-validate-psa-test-deletion-request diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/02-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/02-test.yaml index 392f3e48a5..2891ac6f35 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/02-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/02-test.yaml @@ -8,6 +8,7 @@ spec: - apply: file: pod-good.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: pod-bad.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/03-cleanup.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/03-cleanup.yaml index 8c0d1dc659..d674b8bb9c 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/03-cleanup.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/03-cleanup.yaml @@ -5,9 +5,10 @@ metadata: spec: try: - delete: - apiVersion: v1 - kind: Pod - name: test + ref: + apiVersion: v1 + kind: Pod + name: test timeout: 1m - apply: file: policy-2.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/04-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/04-test.yaml index bb9b85c7df..37d36dead9 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/04-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/04-test.yaml @@ -8,8 +8,9 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: pod-good.yaml - apply: file: pod-bad.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage/01-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage/01-policy.yaml index df1eb99be6..03dc7ef071 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage/01-policy.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/wildcard/block-verifyimage/01-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy.yaml diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor/03-create-bad.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor/03-create-bad.yaml index 7af48344c6..b11bee67df 100644 --- a/test/conformance/chainsaw/validate/e2e/global-anchor/03-create-bad.yaml +++ b/test/conformance/chainsaw/validate/e2e/global-anchor/03-create-bad.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: bad.yaml diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/02-resource.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/02-resource.yaml index 36f9a5b5d3..c90b1ac26d 100644 --- a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/02-resource.yaml +++ b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/02-resource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource.yaml diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images/03-create-bad.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images/03-create-bad.yaml index 7af48344c6..b11bee67df 100644 --- a/test/conformance/chainsaw/validate/e2e/trusted-images/03-create-bad.yaml +++ b/test/conformance/chainsaw/validate/e2e/trusted-images/03-create-bad.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: bad.yaml diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode/02-bad-configmap.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode/02-bad-configmap.yaml index af3f109986..4ffd44c2f0 100644 --- a/test/conformance/chainsaw/validate/e2e/x509-decode/02-bad-configmap.yaml +++ b/test/conformance/chainsaw/validate/e2e/x509-decode/02-bad-configmap.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: bad.yaml diff --git a/test/conformance/chainsaw/verify-manifests/multi-signatures/02-resources.yaml b/test/conformance/chainsaw/verify-manifests/multi-signatures/02-resources.yaml index 4edbb173bb..f0898b2998 100644 --- a/test/conformance/chainsaw/verify-manifests/multi-signatures/02-resources.yaml +++ b/test/conformance/chainsaw/verify-manifests/multi-signatures/02-resources.yaml @@ -8,16 +8,19 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource-no-signature.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource-one-signature.yaml - apply: file: resource-two-signatures.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource-bad-signatures.yaml diff --git a/test/conformance/chainsaw/verify-manifests/single-signature/02-resources.yaml b/test/conformance/chainsaw/verify-manifests/single-signature/02-resources.yaml index 96e1e23787..849f6f4764 100644 --- a/test/conformance/chainsaw/verify-manifests/single-signature/02-resources.yaml +++ b/test/conformance/chainsaw/verify-manifests/single-signature/02-resources.yaml @@ -8,14 +8,16 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource-no-signature.yaml - apply: file: resource-one-signature.yaml - apply: file: resource-two-signatures.yaml - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: resource-bad-signatures.yaml diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/imageExtractors-complex/02-create-task.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/imageExtractors-complex/02-create-task.yaml index 66057a045c..6db2ad0dd9 100644 --- a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/imageExtractors-complex/02-create-task.yaml +++ b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/imageExtractors-complex/02-create-task.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: badtask.yaml diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/imageExtractors-simple/02-create-task.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/imageExtractors-simple/02-create-task.yaml index 66057a045c..6db2ad0dd9 100644 --- a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/imageExtractors-simple/02-create-task.yaml +++ b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/imageExtractors-simple/02-create-task.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: badtask.yaml diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyed-basic-namespace-selector/03-teststep.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyed-basic-namespace-selector/03-teststep.yaml index 34dc72d48f..19f9db2011 100644 --- a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyed-basic-namespace-selector/03-teststep.yaml +++ b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyed-basic-namespace-selector/03-teststep.yaml @@ -8,8 +8,9 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: pod-unsigned.yaml - apply: file: pod-signed.yaml diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-3/02-pod.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-3/02-pod.yaml index 9ced8ae36f..92c281d484 100644 --- a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-3/02-pod.yaml +++ b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-3/02-pod.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: pod.yaml diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-2/02-pod.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-2/02-pod.yaml index 9ced8ae36f..92c281d484 100644 --- a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-2/02-pod.yaml +++ b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-2/02-pod.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: pod.yaml diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-3/02-pod.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-3/02-pod.yaml index 9ced8ae36f..92c281d484 100644 --- a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-3/02-pod.yaml +++ b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-3/02-pod.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: pod.yaml diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/noconfigmap-diffimage-success/03-create-bad-pod.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/noconfigmap-diffimage-success/03-create-bad-pod.yaml index e950814ccc..a932ca68ad 100644 --- a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/noconfigmap-diffimage-success/03-create-bad-pod.yaml +++ b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/noconfigmap-diffimage-success/03-create-bad-pod.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: bad-pod.yaml diff --git a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/nomutateDigest-verifyDigest-norequired/04-create-badpod.yaml b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/nomutateDigest-verifyDigest-norequired/04-create-badpod.yaml index eaf5386ebe..8f7550fefd 100644 --- a/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/nomutateDigest-verifyDigest-norequired/04-create-badpod.yaml +++ b/test/conformance/chainsaw/verifyImages/clusterpolicy/standard/nomutateDigest-verifyDigest-norequired/04-create-badpod.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: badpod.yaml diff --git a/test/conformance/chainsaw/webhooks/scale/01-policy.yaml b/test/conformance/chainsaw/webhooks/scale/01-policy.yaml index df1eb99be6..03dc7ef071 100644 --- a/test/conformance/chainsaw/webhooks/scale/01-policy.yaml +++ b/test/conformance/chainsaw/webhooks/scale/01-policy.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy.yaml diff --git a/test/conformance/chainsaw/webhooks/unknown-kind/01-unknown-kind.yaml b/test/conformance/chainsaw/webhooks/unknown-kind/01-unknown-kind.yaml index b4bd5b2843..0d1f8de6c7 100644 --- a/test/conformance/chainsaw/webhooks/unknown-kind/01-unknown-kind.yaml +++ b/test/conformance/chainsaw/webhooks/unknown-kind/01-unknown-kind.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-1.yaml diff --git a/test/conformance/chainsaw/webhooks/unknown-kind/02-unknown-kind-subresource.yaml b/test/conformance/chainsaw/webhooks/unknown-kind/02-unknown-kind-subresource.yaml index 565a0d0878..98609e6942 100644 --- a/test/conformance/chainsaw/webhooks/unknown-kind/02-unknown-kind-subresource.yaml +++ b/test/conformance/chainsaw/webhooks/unknown-kind/02-unknown-kind-subresource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-2.yaml diff --git a/test/conformance/chainsaw/webhooks/unknown-kind/03-wrong-version.yaml b/test/conformance/chainsaw/webhooks/unknown-kind/03-wrong-version.yaml index f1457ee852..3a9bf394a7 100644 --- a/test/conformance/chainsaw/webhooks/unknown-kind/03-wrong-version.yaml +++ b/test/conformance/chainsaw/webhooks/unknown-kind/03-wrong-version.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-3.yaml diff --git a/test/conformance/chainsaw/webhooks/unknown-kind/04-unknown-subresource.yaml b/test/conformance/chainsaw/webhooks/unknown-kind/04-unknown-subresource.yaml index 7d86bb919e..cfd74879d8 100644 --- a/test/conformance/chainsaw/webhooks/unknown-kind/04-unknown-subresource.yaml +++ b/test/conformance/chainsaw/webhooks/unknown-kind/04-unknown-subresource.yaml @@ -8,6 +8,7 @@ spec: timeouts: {} try: - apply: - check: - (error != null): true + expect: + - check: + ($error != null): true file: policy-4.yaml