mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

update policy and test case

Browse source
This commit is contained in:
Jim Bugwadia 2019-11-01 14:37:17 -07:00
parent 97425392fe
commit 4fbc57bfed
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
samples/best_practices/disallow_new_capabilities.yaml
View file

@ -20,12 +20,12 @@ spec:
message: "Capabilities cannot be added" message: "Capabilities cannot be added"
anyPattern: anyPattern:
- spec: - spec:
(securityContext): =(securityContext):
(capabilities): =(capabilities):
X(add): null X(add): null
- spec: - spec:
containers: containers:
- name: "*" - name: "*"
(securityContext): =(securityContext):
(capabilities): =(capabilities):
X(add): null X(add): null

2
test/scenarios/samples/best_practices/scenario_validate_disallow_new_capabilities.yaml
View file

@ -14,5 +14,5 @@ expected:
rules: rules:
- name: deny-new-capabilities - name: deny-new-capabilities
type: Validation type: Validation
message: Validation rule 'deny-new-capabilities' failed at '/spec/containers/securityContext/capabilities/add' for resource Pod//capabilities. Capabilities cannot be added message: Validation rule 'deny-new-capabilities' failed to validate patterns defined in anyPattern. Capabilities cannot be added; anyPattern[0] failed at path /spec/; anyPattern[1] failed at path /spec/containers/0/securityContext/capabilities/add/
success: false success: false