mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

fix: kyverno test ignores namespace of resources in resource.yaml (#8348)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-09-12 09:36:19 +02:00 committed by GitHub
parent 029a62a504
commit 53b4eaf140
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 55 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
test/cli/test/disallow-service/kyverno-test.yaml Normal file
View file

@ -0,0 +1,16 @@
name: disallow-service
policies:
- policy.yaml
resources:
- resource.yaml
results:
- policy: disallow-service
rule: disallow-service
resources: [svc1]
kind: Service
result: skip
- policy: disallow-service
rule: disallow-service
resources: [svc2]
kind: Service
result: fail

26
test/cli/test/disallow-service/policy.yaml Normal file
View file

@ -0,0 +1,26 @@
kind: ClusterPolicy
metadata:
name: disallow-service
spec:
validationFailureAction: Validate
failurePolicy: Ignore
rules:
- name: disallow-service
match:
all:
- resources:
kinds:
- Service
preconditions:
any:
- key: "{{ request.object.metadata.namespace }}"
operator: NotEquals
value: "ns1"
- key: "{{ request.object.metadata.name }}"
operator: AnyNotIn
value: ["svc1", "svc2"]
validate:
message: >-
Can't create a service. Sorry...
anyPattern:
- kind: "!Service"

13
test/cli/test/disallow-service/resource.yaml Normal file
View file

@ -0,0 +1,13 @@
# should be skipped
apiVersion: v1
kind: Service
metadata:
name: svc1
namespace: ns1
---
# should fail (wrong namespace)
apiVersion: v1
kind: Service
metadata:
name: svc2
namespace: ns3