mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 10:55:05 +00:00
Code Activity

update policy and test case

Browse source
This commit is contained in:
Jim Bugwadia 2019-11-01 14:37:17 -07:00
parent 97425392fe
commit 4fbc57bfed
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
samples/best_practices/disallow_new_capabilities.yaml
View file

@ -20,12 +20,12 @@ spec:
message: "Capabilities cannot be added"
anyPattern:
- spec:
(securityContext):
(capabilities):
X(add): null
=(securityContext):
=(capabilities):
X(add): null
- spec:
containers:
- name: "*"
(securityContext):
(capabilities):
=(securityContext):
=(capabilities):
X(add): null

2
test/scenarios/samples/best_practices/scenario_validate_disallow_new_capabilities.yaml
View file

@ -14,5 +14,5 @@ expected:
rules:
- name: deny-new-capabilities
type: Validation
message: Validation rule 'deny-new-capabilities' failed at '/spec/containers/securityContext/capabilities/add' for resource Pod//capabilities. Capabilities cannot be added
message: Validation rule 'deny-new-capabilities' failed to validate patterns defined in anyPattern. Capabilities cannot be added; anyPattern[0] failed at path /spec/; anyPattern[1] failed at path /spec/containers/0/securityContext/capabilities/add/
success: false