mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-13 11:18:47 +00:00
update tests/scenario
This commit is contained in:
Shuting Zhao
parent
15895d3852
commit
443619757e
15 changed files with 28 additions and 28 deletions
|
|
@ -1817,7 +1817,7 @@ func TestValidate_image_tag_fail(t *testing.T) {
|
|||
resourceUnstructured, err := ConvertToUnstructured(rawResource)
|
||||
assert.NilError(t, err)
|
||||
msgs := []string{
|
||||
"Validation rule 'validate-tag' succeeded for Pod//myapp-pod.",
|
||||
"Validation rule 'validate-tag' succeeded.",
|
||||
"Validation error: imagePullPolicy 'Always' required with tag 'latest'\nValidation rule 'validate-latest' failed at path '/spec/containers/0/imagePullPolicy/' for Pod//myapp-pod.",
|
||||
}
|
||||
er := Validate(policy, *resourceUnstructured)
|
||||
|
|
@ -1915,8 +1915,8 @@ func TestValidate_image_tag_pass(t *testing.T) {
|
|||
resourceUnstructured, err := ConvertToUnstructured(rawResource)
|
||||
assert.NilError(t, err)
|
||||
msgs := []string{
|
||||
"Validation rule 'validate-tag' succeeded for Pod//myapp-pod.",
|
||||
"Validation rule 'validate-latest' succeeded for Pod//myapp-pod.",
|
||||
"Validation rule 'validate-tag' succeeded.",
|
||||
"Validation rule 'validate-latest' succeeded.",
|
||||
}
|
||||
er := Validate(policy, *resourceUnstructured)
|
||||
for index, r := range er.PolicyResponse.Rules {
|
||||
|
|
@ -1992,7 +1992,7 @@ func TestValidate_Fail_anyPattern(t *testing.T) {
|
|||
resourceUnstructured, err := ConvertToUnstructured(rawResource)
|
||||
assert.NilError(t, err)
|
||||
er := Validate(policy, *resourceUnstructured)
|
||||
msgs := []string{"Validation error: A namespace is required\nValidation rule check-default-namespace anyPattern[0] failed at path /metadata/namespace/ for Pod//myapp-pod.\nValidation rule check-default-namespace anyPattern[1] failed at path /metadata/namespace/ for Pod//myapp-pod."}
|
||||
msgs := []string{"Validation error for Pod//myapp-pod: A namespace is required\nValidation rule check-default-namespace anyPattern[0] failed at path /metadata/namespace/.\nValidation rule check-default-namespace anyPattern[1] failed at path /metadata/namespace/."}
|
||||
for index, r := range er.PolicyResponse.Rules {
|
||||
assert.Equal(t, r.Message, msgs[index])
|
||||
}
|
||||
|
|
@ -2162,7 +2162,7 @@ func TestValidate_anchor_arraymap_pass(t *testing.T) {
|
|||
resourceUnstructured, err := ConvertToUnstructured(rawResource)
|
||||
assert.NilError(t, err)
|
||||
er := Validate(policy, *resourceUnstructured)
|
||||
msgs := []string{"Validation rule 'validate-host-path' succeeded for Pod//image-with-hostpath."}
|
||||
msgs := []string{"Validation rule 'validate-host-path' succeeded."}
|
||||
|
||||
for index, r := range er.PolicyResponse.Rules {
|
||||
assert.Equal(t, r.Message, msgs[index])
|
||||
|
|
@ -2319,7 +2319,7 @@ func TestValidate_anchor_map_notfound(t *testing.T) {
|
|||
resourceUnstructured, err := ConvertToUnstructured(rawResource)
|
||||
assert.NilError(t, err)
|
||||
er := Validate(policy, *resourceUnstructured)
|
||||
msgs := []string{"Validation rule 'pod rule 2' succeeded for Pod//myapp-pod."}
|
||||
msgs := []string{"Validation rule 'pod rule 2' succeeded."}
|
||||
|
||||
for index, r := range er.PolicyResponse.Rules {
|
||||
assert.Equal(t, r.Message, msgs[index])
|
||||
|
|
@ -2391,7 +2391,7 @@ func TestValidate_anchor_map_found_valid(t *testing.T) {
|
|||
resourceUnstructured, err := ConvertToUnstructured(rawResource)
|
||||
assert.NilError(t, err)
|
||||
er := Validate(policy, *resourceUnstructured)
|
||||
msgs := []string{"Validation rule 'pod rule 2' succeeded for Pod//myapp-pod."}
|
||||
msgs := []string{"Validation rule 'pod rule 2' succeeded."}
|
||||
|
||||
for index, r := range er.PolicyResponse.Rules {
|
||||
assert.Equal(t, r.Message, msgs[index])
|
||||
|
|
@ -2537,7 +2537,7 @@ func TestValidate_AnchorList_pass(t *testing.T) {
|
|||
resourceUnstructured, err := ConvertToUnstructured(rawResource)
|
||||
assert.NilError(t, err)
|
||||
er := Validate(policy, *resourceUnstructured)
|
||||
msgs := []string{"Validation rule 'pod image rule' succeeded for Pod//myapp-pod."}
|
||||
msgs := []string{"Validation rule 'pod image rule' succeeded."}
|
||||
|
||||
for index, r := range er.PolicyResponse.Rules {
|
||||
t.Log(r.Message)
|
||||
|
|
@ -2760,7 +2760,7 @@ func TestValidate_existenceAnchor_pass(t *testing.T) {
|
|||
resourceUnstructured, err := ConvertToUnstructured(rawResource)
|
||||
assert.NilError(t, err)
|
||||
er := Validate(policy, *resourceUnstructured)
|
||||
msgs := []string{"Validation rule 'pod image rule' succeeded for Pod//myapp-pod."}
|
||||
msgs := []string{"Validation rule 'pod image rule' succeeded."}
|
||||
|
||||
for index, r := range er.PolicyResponse.Rules {
|
||||
assert.Equal(t, r.Message, msgs[index])
|
||||
|
|
@ -2933,7 +2933,7 @@ func TestValidate_negationAnchor_pass(t *testing.T) {
|
|||
resourceUnstructured, err := ConvertToUnstructured(rawResource)
|
||||
assert.NilError(t, err)
|
||||
er := Validate(policy, *resourceUnstructured)
|
||||
msgs := []string{"Validation rule 'validate-host-path' succeeded for Pod//image-with-hostpath."}
|
||||
msgs := []string{"Validation rule 'validate-host-path' succeeded."}
|
||||
|
||||
for index, r := range er.PolicyResponse.Rules {
|
||||
assert.Equal(t, r.Message, msgs[index])
|
||||
|
|
|
|||
|
|
@ -28,5 +28,5 @@ expected:
|
|||
rules:
|
||||
- name: check-cpu-memory-limits
|
||||
type: Validation
|
||||
message: Validation rule 'check-cpu-memory-limits' succeeded for Deployment//qos-demo.
|
||||
message: Validation rule 'check-cpu-memory-limits' succeeded.
|
||||
success: true
|
||||
|
|
@ -15,5 +15,5 @@ expected:
|
|||
rules:
|
||||
- name: validate-default-proc-mount
|
||||
type: Validation
|
||||
message: "Validation rule 'validate-default-proc-mount' succeeded for Pod//nginx-proc-mount."
|
||||
message: "Validation rule 'validate-default-proc-mount' succeeded."
|
||||
success: true
|
||||
|
|
@ -14,9 +14,9 @@ expected:
|
|||
rules:
|
||||
- name: check-readinessProbe-exists
|
||||
type: Validation
|
||||
message: Validation rule 'check-readinessProbe-exists' succeeded for Pod//probe.
|
||||
message: Validation rule 'check-readinessProbe-exists' succeeded.
|
||||
success: true
|
||||
- name: check-livenessProbe-exists
|
||||
type: Validation
|
||||
message: Validation rule 'check-livenessProbe-exists' succeeded for Pod//probe.
|
||||
message: Validation rule 'check-livenessProbe-exists' succeeded.
|
||||
success: true
|
||||
|
|
|
|||
|
|
@ -15,5 +15,5 @@ expected:
|
|||
rules:
|
||||
- name: validate-volumes-whitelist
|
||||
type: Validation
|
||||
message: "Validation rule 'validate-volumes-whitelist' anyPattern[2] succeeded for Pod//test-volumes."
|
||||
message: "Validation rule 'validate-volumes-whitelist' anyPattern[2] succeeded."
|
||||
success: true
|
||||
|
|
@ -14,7 +14,7 @@ expected:
|
|||
rules:
|
||||
- name: image-tag-notspecified
|
||||
type: Validation
|
||||
message: "Validation rule 'image-tag-notspecified' succeeded for Pod//myapp-pod."
|
||||
message: "Validation rule 'image-tag-notspecified' succeeded."
|
||||
success: true
|
||||
- name: image-tag-not-latest
|
||||
type: Validation
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@ expected:
|
|||
rules:
|
||||
- name: image-tag-notspecified
|
||||
type: Validation
|
||||
message: "Validation rule 'image-tag-notspecified' succeeded for Pod//myapp-pod."
|
||||
message: "Validation rule 'image-tag-notspecified' succeeded."
|
||||
success: true
|
||||
- name: image-tag-not-latest
|
||||
type: Validation
|
||||
message: "Validation rule 'image-tag-not-latest' succeeded for Pod//myapp-pod."
|
||||
message: "Validation rule 'image-tag-not-latest' succeeded."
|
||||
success: true
|
||||
|
|
|
|||
|
|
@ -14,6 +14,6 @@ expected:
|
|||
rules:
|
||||
- name: deny-runasrootuser
|
||||
type: Validation
|
||||
message: "Validation rule 'deny-runasrootuser' anyPattern[1] succeeded for Pod//check-root-user."
|
||||
message: "Validation rule 'deny-runasrootuser' anyPattern[1] succeeded."
|
||||
success: true
|
||||
|
||||
|
|
|
|||
|
|
@ -14,5 +14,5 @@ expected:
|
|||
rules:
|
||||
- name: disallow-automoutingapicred
|
||||
type: Validation
|
||||
message: Validation rule 'disallow-automoutingapicred' succeeded for Pod//myapp-pod.
|
||||
message: Validation rule 'disallow-automoutingapicred' succeeded.
|
||||
success: true
|
||||
|
|
@ -20,6 +20,6 @@ expected:
|
|||
success: false
|
||||
- name: check-namespace-exist
|
||||
type: Validation
|
||||
message: "Validation rule 'check-namespace-exist' succeeded for Pod/default/myapp-pod."
|
||||
message: "Validation rule 'check-namespace-exist' succeeded."
|
||||
success: true
|
||||
|
||||
|
|
|
|||
|
|
@ -14,5 +14,5 @@ expected:
|
|||
rules:
|
||||
- name: deny-use-of-host-fs
|
||||
type: Validation
|
||||
message: Validation rule 'deny-use-of-host-fs' succeeded for Pod//image-with-hostpath.
|
||||
message: Validation rule 'deny-use-of-host-fs' succeeded.
|
||||
success: true
|
||||
|
|
@ -14,5 +14,5 @@ expected:
|
|||
rules:
|
||||
- name: deny-new-capabilities
|
||||
type: Validation
|
||||
message: "Validation error: Capabilities cannot be added\nValidation rule deny-new-capabilities anyPattern[0] failed at path /spec/ for Pod//add-new-capabilities.\nValidation rule deny-new-capabilities anyPattern[1] failed at path /spec/containers/0/securityContext/capabilities/add/ for Pod//add-new-capabilities."
|
||||
message: "Validation error for Pod//add-new-capabilities: Capabilities cannot be added\nValidation rule deny-new-capabilities anyPattern[0] failed at path /spec/.\nValidation rule deny-new-capabilities anyPattern[1] failed at path /spec/containers/0/securityContext/capabilities/add/."
|
||||
success: false
|
||||
|
|
@ -14,6 +14,6 @@ expected:
|
|||
rules:
|
||||
- name: deny-privileged-priviligedescalation
|
||||
type: Validation
|
||||
message: "Validation error: Privileged mode is not allowed. Set allowPrivilegeEscalation and privileged to false\nValidation rule deny-privileged-priviligedescalation anyPattern[0] failed at path /spec/securityContext/ for Pod//check-privileged-cfg.\nValidation rule deny-privileged-priviligedescalation anyPattern[1] failed at path /spec/containers/0/securityContext/allowPrivilegeEscalation/ for Pod//check-privileged-cfg."
|
||||
message: "Validation error for Pod//check-privileged-cfg: Privileged mode is not allowed. Set allowPrivilegeEscalation and privileged to false\nValidation rule deny-privileged-priviligedescalation anyPattern[0] failed at path /spec/securityContext/.\nValidation rule deny-privileged-priviligedescalation anyPattern[1] failed at path /spec/containers/0/securityContext/allowPrivilegeEscalation/."
|
||||
success: false
|
||||
|
||||
|
|
|
|||
|
|
@ -14,5 +14,5 @@ expected:
|
|||
rules:
|
||||
- name: trusted-registries
|
||||
type: Validation
|
||||
message: Validation rule 'trusted-registries' succeeded for Pod//k8s-nginx.
|
||||
message: Validation rule 'trusted-registries' succeeded.
|
||||
success: true
|
||||
|
|
@ -15,13 +15,13 @@ expected:
|
|||
rules:
|
||||
- name: validate-userid
|
||||
type: Validation
|
||||
message: Validation rule 'validate-userid' succeeded for Pod//fsgroup-demo.
|
||||
message: Validation rule 'validate-userid' succeeded.
|
||||
success: true
|
||||
- name: validate-groupid
|
||||
type: Validation
|
||||
message: Validation rule 'validate-groupid' succeeded for Pod//fsgroup-demo.
|
||||
message: Validation rule 'validate-groupid' succeeded.
|
||||
success: true
|
||||
- name: validate-fsgroup
|
||||
type: Validation
|
||||
message: Validation rule 'validate-fsgroup' succeeded for Pod//fsgroup-demo.
|
||||
message: Validation rule 'validate-fsgroup' succeeded.
|
||||
success: true
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue