diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml index f74ec8bf7d..90d1e9aff9 100644 --- a/.github/workflows/conformance.yaml +++ b/.github/workflows/conformance.yaml @@ -178,6 +178,7 @@ jobs: version: v1.28.0 tests: # - autogen + - background-only # - cleanup # - deferred # - events @@ -188,14 +189,13 @@ jobs: # - generate/validation # - mutate # - policy-validation - # - rangeoperators + - rangeoperators + - rbac # - reports # - validate # - verify-manifests # - verifyImages - webhooks - - background-only - - rbac needs: prepare-images name: chainsaw - ${{ matrix.k8s-version.name }} - ${{ matrix.config.name }} - ${{ matrix.tests }} steps: diff --git a/test/conformance/chainsaw/rangeoperators/standard/01-policy.yaml b/test/conformance/chainsaw/rangeoperators/standard/01-policy.yaml new file mode 100644 index 0000000000..744135ecd0 --- /dev/null +++ b/test/conformance/chainsaw/rangeoperators/standard/01-policy.yaml @@ -0,0 +1,10 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: TestStep +metadata: + name: policy +spec: + try: + - apply: + file: policy.yaml + - assert: + file: policy-assert.yaml diff --git a/test/conformance/chainsaw/rangeoperators/standard/02-resource.yaml b/test/conformance/chainsaw/rangeoperators/standard/02-resource.yaml new file mode 100644 index 0000000000..64cdfafd61 --- /dev/null +++ b/test/conformance/chainsaw/rangeoperators/standard/02-resource.yaml @@ -0,0 +1,10 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: TestStep +metadata: + name: resource +spec: + try: + - apply: + file: resource.yaml + check: + (error == null): false diff --git a/test/conformance/chainsaw/rangeoperators/standard/README.md b/test/conformance/chainsaw/rangeoperators/standard/README.md new file mode 100644 index 0000000000..491e6f4a76 --- /dev/null +++ b/test/conformance/chainsaw/rangeoperators/standard/README.md @@ -0,0 +1,11 @@ +## Description + +This test creates a policy with range operators and a configmap. It uses ranges with negative and (un)signed positive integer endpoints. + +## Expected Behavior + +It ensures that a configmap with values not in a range are not created. + +## Reference Issue(s) + + diff --git a/test/conformance/chainsaw/rangeoperators/standard/policy-assert.yaml b/test/conformance/chainsaw/rangeoperators/standard/policy-assert.yaml new file mode 100644 index 0000000000..ddf55734a6 --- /dev/null +++ b/test/conformance/chainsaw/rangeoperators/standard/policy-assert.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: check-value +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/rangeoperators/standard/policy.yaml b/test/conformance/chainsaw/rangeoperators/standard/policy.yaml new file mode 100644 index 0000000000..488b2f9023 --- /dev/null +++ b/test/conformance/chainsaw/rangeoperators/standard/policy.yaml @@ -0,0 +1,23 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: check-value +spec: + validationFailureAction: Enforce + rules: + - name: check-value + match: + any: + - resources: + kinds: + - ConfigMap + validate: + message: "All data values must be in the specified range." + pattern: + data: + first_value: "+2-+4" + second_value: "-2-5" + third_value: "100Mi!-1024Mi" + fourth_value: "2.5-3.5" + fifth_value: "-10--8" + \ No newline at end of file diff --git a/test/conformance/chainsaw/rangeoperators/standard/resource.yaml b/test/conformance/chainsaw/rangeoperators/standard/resource.yaml new file mode 100644 index 0000000000..b5cd0a8e2d --- /dev/null +++ b/test/conformance/chainsaw/rangeoperators/standard/resource.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-config +data: + first_value: "3" + second_value: "4" + third_value: "98Mi" + fourth_value: "2.7" + fifth_value: "-15" \ No newline at end of file