mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
chore: fix cli test files (#8418)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
3247f0c9cc
commit
5433cb9a69
18 changed files with 201 additions and 201 deletions
|
|
@ -4,6 +4,12 @@ policies:
|
|||
resources:
|
||||
- resource.yaml
|
||||
results:
|
||||
- kind: Service
|
||||
policy: disable-connection-draining
|
||||
resources:
|
||||
- nlb-aws-controller-no-attributes
|
||||
result: skip
|
||||
rule: clb
|
||||
- kind: Service
|
||||
patchedResource: patched.yaml
|
||||
policy: disable-connection-draining
|
||||
|
|
@ -11,9 +17,3 @@ results:
|
|||
- nlb-aws-controller-no-attributes
|
||||
result: pass
|
||||
rule: nlb-no-attributes
|
||||
- kind: Service
|
||||
policy: disable-connection-draining
|
||||
resources:
|
||||
- nlb-aws-controller-no-attributes
|
||||
result: skip
|
||||
rule: clb
|
||||
|
|
|
|||
|
|
@ -4,13 +4,6 @@ policies:
|
|||
resources:
|
||||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
patchedResource: pod-updated-image.yaml
|
||||
policy: mutate-images
|
||||
resources:
|
||||
- mypod
|
||||
result: pass
|
||||
rule: test
|
||||
- kind: Pod
|
||||
patchedResource: patched-resource.yaml
|
||||
policy: foreach-json-patch
|
||||
|
|
@ -18,4 +11,11 @@ results:
|
|||
- nginx
|
||||
result: pass
|
||||
rule: add-security-context
|
||||
- kind: Pod
|
||||
patchedResource: pod-updated-image.yaml
|
||||
policy: mutate-images
|
||||
resources:
|
||||
- mypod
|
||||
result: pass
|
||||
rule: test
|
||||
variables: values.yaml
|
||||
|
|
|
|||
|
|
@ -4,13 +4,6 @@ policies:
|
|||
resources:
|
||||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
policy: add-safe-to-evict
|
||||
resources:
|
||||
- pod-without-emptydir-hostpath
|
||||
- pod-without-emptydir-hostpath-1
|
||||
result: skip
|
||||
rule: annotate-empty-dir
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource.yaml
|
||||
policy: add-safe-to-evict
|
||||
|
|
@ -25,3 +18,10 @@ results:
|
|||
- pod-with-emptydir-hostpath-1
|
||||
result: pass
|
||||
rule: annotate-empty-dir
|
||||
- kind: Pod
|
||||
policy: add-safe-to-evict
|
||||
resources:
|
||||
- pod-without-emptydir-hostpath
|
||||
- pod-without-emptydir-hostpath-1
|
||||
result: skip
|
||||
rule: annotate-empty-dir
|
||||
|
|
|
|||
|
|
@ -4,27 +4,6 @@ policies:
|
|||
resources:
|
||||
- resource.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource2.yaml
|
||||
policy: add-label
|
||||
resources:
|
||||
- testing/same-name-but-diff-namespace
|
||||
result: pass
|
||||
rule: add-label
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource1.yaml
|
||||
policy: add-label
|
||||
resources:
|
||||
- practice/resource-equal-to-patch-res-for-cp
|
||||
result: skip
|
||||
rule: add-label
|
||||
- kind: Pod
|
||||
patchedResource: patched-resource.yaml
|
||||
policy: example
|
||||
resources:
|
||||
- example
|
||||
result: pass
|
||||
rule: object_from_lists
|
||||
- kind: Deployment
|
||||
patchedResource: patchedResource4.yaml
|
||||
policy: add-label
|
||||
|
|
@ -32,6 +11,13 @@ results:
|
|||
- mydeploy
|
||||
result: pass
|
||||
rule: add-label
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource2.yaml
|
||||
policy: add-label
|
||||
resources:
|
||||
- testing/same-name-but-diff-namespace
|
||||
result: pass
|
||||
rule: add-label
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource3.yaml
|
||||
policy: add-label
|
||||
|
|
@ -46,6 +32,20 @@ results:
|
|||
- same-name-but-diff-kind
|
||||
result: pass
|
||||
rule: add-label
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource1.yaml
|
||||
policy: add-label
|
||||
resources:
|
||||
- practice/resource-equal-to-patch-res-for-cp
|
||||
result: skip
|
||||
rule: add-label
|
||||
- kind: Pod
|
||||
patchedResource: patched-resource.yaml
|
||||
policy: example
|
||||
resources:
|
||||
- example
|
||||
result: pass
|
||||
rule: object_from_lists
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource8.yaml
|
||||
policy: testing/add-ndots
|
||||
|
|
|
|||
|
|
@ -4,12 +4,6 @@ policies:
|
|||
resources:
|
||||
- resource.yaml
|
||||
results:
|
||||
- kind: Service
|
||||
policy: validate-service-loadbalancer
|
||||
resources:
|
||||
- service-clusterip-skip
|
||||
result: skip
|
||||
rule: check-loadbalancer-public
|
||||
- kind: Service
|
||||
policy: validate-service-loadbalancer
|
||||
resources:
|
||||
|
|
@ -23,3 +17,9 @@ results:
|
|||
- service-public-pass
|
||||
result: pass
|
||||
rule: check-loadbalancer-public
|
||||
- kind: Service
|
||||
policy: validate-service-loadbalancer
|
||||
resources:
|
||||
- service-clusterip-skip
|
||||
result: skip
|
||||
rule: check-loadbalancer-public
|
||||
|
|
|
|||
|
|
@ -4,12 +4,6 @@ policies:
|
|||
resources:
|
||||
- resources.yaml
|
||||
results:
|
||||
- kind: StatefulSet
|
||||
policy: require-common-labels
|
||||
resources:
|
||||
- StatefulSet-with-labels
|
||||
result: pass
|
||||
rule: check-for-labels
|
||||
- kind: CronJob
|
||||
policy: require-common-labels
|
||||
resources:
|
||||
|
|
@ -28,6 +22,12 @@ results:
|
|||
- pod-missing-labels
|
||||
result: fail
|
||||
rule: check-for-labels
|
||||
- kind: StatefulSet
|
||||
policy: require-common-labels
|
||||
resources:
|
||||
- StatefulSet-without-labels
|
||||
result: fail
|
||||
rule: check-for-labels
|
||||
- kind: CronJob
|
||||
policy: require-common-labels
|
||||
resources:
|
||||
|
|
@ -49,6 +49,6 @@ results:
|
|||
- kind: StatefulSet
|
||||
policy: require-common-labels
|
||||
resources:
|
||||
- StatefulSet-without-labels
|
||||
result: fail
|
||||
- StatefulSet-with-labels
|
||||
result: pass
|
||||
rule: check-for-labels
|
||||
|
|
|
|||
|
|
@ -4,12 +4,6 @@ policies:
|
|||
resources:
|
||||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
policy: path-canonicalize
|
||||
resources:
|
||||
- mount-containerd-sock
|
||||
result: fail
|
||||
rule: disallow-mount-containerd-sock
|
||||
- kind: Secret
|
||||
policy: base64
|
||||
resources:
|
||||
|
|
@ -22,48 +16,12 @@ results:
|
|||
- base64-test-match
|
||||
result: pass
|
||||
rule: secret-value-must-match-label
|
||||
- kind: ConfigMap
|
||||
policy: test-parse-json
|
||||
- kind: Pod
|
||||
policy: path-canonicalize
|
||||
resources:
|
||||
- invalid-test
|
||||
- mount-containerd-sock
|
||||
result: fail
|
||||
rule: test-json-parsing-jmespath
|
||||
- kind: ConfigMap
|
||||
policy: test-parse-yaml
|
||||
resources:
|
||||
- invalid-yaml-test
|
||||
result: fail
|
||||
rule: test-yaml-parsing-jmespath
|
||||
- kind: ConfigMap
|
||||
policy: test-parse-json
|
||||
resources:
|
||||
- valid-test
|
||||
result: pass
|
||||
rule: test-json-parsing-jmespath
|
||||
- kind: ConfigMap
|
||||
policy: test-parse-yaml
|
||||
resources:
|
||||
- valid-yaml-test
|
||||
result: pass
|
||||
rule: test-yaml-parsing-jmespath
|
||||
- kind: ConfigMap
|
||||
policy: test-parse-yaml-array
|
||||
resources:
|
||||
- invalid-yaml-test
|
||||
result: fail
|
||||
rule: test-yaml-parsing-jmespath
|
||||
- kind: ConfigMap
|
||||
policy: test-x509-decode
|
||||
resources:
|
||||
- test-x509-configmap
|
||||
result: fail
|
||||
rule: test-x509-decode
|
||||
- kind: ConfigMap
|
||||
policy: test-parse-yaml-array
|
||||
resources:
|
||||
- valid-yaml-test
|
||||
result: pass
|
||||
rule: test-yaml-parsing-jmespath
|
||||
rule: disallow-mount-containerd-sock
|
||||
- kind: Namespace
|
||||
policy: pattern-match
|
||||
resources:
|
||||
|
|
@ -76,3 +34,45 @@ results:
|
|||
- pattern-match-test-match
|
||||
result: pass
|
||||
rule: label-must-match-pattern
|
||||
- kind: ConfigMap
|
||||
policy: test-parse-json
|
||||
resources:
|
||||
- invalid-test
|
||||
result: fail
|
||||
rule: test-json-parsing-jmespath
|
||||
- kind: ConfigMap
|
||||
policy: test-parse-json
|
||||
resources:
|
||||
- valid-test
|
||||
result: pass
|
||||
rule: test-json-parsing-jmespath
|
||||
- kind: ConfigMap
|
||||
policy: test-parse-yaml
|
||||
resources:
|
||||
- invalid-yaml-test
|
||||
result: fail
|
||||
rule: test-yaml-parsing-jmespath
|
||||
- kind: ConfigMap
|
||||
policy: test-parse-yaml
|
||||
resources:
|
||||
- valid-yaml-test
|
||||
result: pass
|
||||
rule: test-yaml-parsing-jmespath
|
||||
- kind: ConfigMap
|
||||
policy: test-parse-yaml-array
|
||||
resources:
|
||||
- invalid-yaml-test
|
||||
result: fail
|
||||
rule: test-yaml-parsing-jmespath
|
||||
- kind: ConfigMap
|
||||
policy: test-parse-yaml-array
|
||||
resources:
|
||||
- valid-yaml-test
|
||||
result: pass
|
||||
rule: test-yaml-parsing-jmespath
|
||||
- kind: ConfigMap
|
||||
policy: test-x509-decode
|
||||
resources:
|
||||
- test-x509-configmap
|
||||
result: fail
|
||||
rule: test-x509-decode
|
||||
|
|
|
|||
|
|
@ -5,18 +5,12 @@ resources:
|
|||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
policy: validate-image-list
|
||||
policy: validate-empty-dir-mountpath
|
||||
resources:
|
||||
- test-pod
|
||||
- test-pod-ghcr
|
||||
result: fail
|
||||
rule: check-image
|
||||
- kind: Pod
|
||||
policy: validate-empty-dir-resources
|
||||
resources:
|
||||
- test-pod-with-gke-vol
|
||||
result: skip
|
||||
rule: check-resources
|
||||
- test-pod2
|
||||
result: pass
|
||||
rule: check-mount-paths
|
||||
- kind: Pod
|
||||
policy: validate-empty-dir-resources
|
||||
resources:
|
||||
|
|
@ -32,12 +26,18 @@ results:
|
|||
result: pass
|
||||
rule: check-resources
|
||||
- kind: Pod
|
||||
policy: validate-empty-dir-mountpath
|
||||
policy: validate-empty-dir-resources
|
||||
resources:
|
||||
- test-pod-with-gke-vol
|
||||
result: skip
|
||||
rule: check-resources
|
||||
- kind: Pod
|
||||
policy: validate-image-list
|
||||
resources:
|
||||
- test-pod
|
||||
- test-pod2
|
||||
result: pass
|
||||
rule: check-mount-paths
|
||||
- test-pod-ghcr
|
||||
result: fail
|
||||
rule: check-image
|
||||
- kind: Pod
|
||||
policy: validate-image-list-error
|
||||
resources:
|
||||
|
|
|
|||
|
|
@ -4,12 +4,6 @@ policies:
|
|||
resources:
|
||||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
policy: check-image
|
||||
resources:
|
||||
- signed
|
||||
result: pass
|
||||
rule: verify-signature
|
||||
- kind: DataVolume
|
||||
policy: check-data-volume-image
|
||||
resources:
|
||||
|
|
@ -28,3 +22,9 @@ results:
|
|||
- unsigned
|
||||
result: fail
|
||||
rule: verify-signature
|
||||
- kind: Pod
|
||||
policy: check-image
|
||||
resources:
|
||||
- signed
|
||||
result: pass
|
||||
rule: verify-signature
|
||||
|
|
|
|||
|
|
@ -4,18 +4,6 @@ policies:
|
|||
resources:
|
||||
- resources.yaml
|
||||
results:
|
||||
- kind: Namespace
|
||||
policy: namespace-validation
|
||||
resources:
|
||||
- test-invalid
|
||||
result: fail
|
||||
rule: namespace-validation
|
||||
- kind: Namespace
|
||||
policy: namespace-validation
|
||||
resources:
|
||||
- test-valid
|
||||
result: pass
|
||||
rule: namespace-validation
|
||||
- kind: Pod
|
||||
policy: default/test-jmespath
|
||||
resources:
|
||||
|
|
@ -30,3 +18,15 @@ results:
|
|||
- test-valid3
|
||||
result: pass
|
||||
rule: test-jmespath
|
||||
- kind: Namespace
|
||||
policy: namespace-validation
|
||||
resources:
|
||||
- test-invalid
|
||||
result: fail
|
||||
rule: namespace-validation
|
||||
- kind: Namespace
|
||||
policy: namespace-validation
|
||||
resources:
|
||||
- test-valid
|
||||
result: pass
|
||||
rule: namespace-validation
|
||||
|
|
|
|||
|
|
@ -7,13 +7,13 @@ results:
|
|||
- kind: ConfigMap
|
||||
policy: limit-configmap-for-sa
|
||||
resources:
|
||||
- any-namespace/any-configmap-name-bad
|
||||
result: skip
|
||||
- any-namespace/any-configmap-name-good
|
||||
result: fail
|
||||
rule: limit-configmap-for-sa-developer
|
||||
- kind: ConfigMap
|
||||
policy: limit-configmap-for-sa
|
||||
resources:
|
||||
- any-namespace/any-configmap-name-good
|
||||
result: fail
|
||||
- any-namespace/any-configmap-name-bad
|
||||
result: skip
|
||||
rule: limit-configmap-for-sa-developer
|
||||
variables: variables.yaml
|
||||
|
|
|
|||
|
|
@ -11,12 +11,6 @@ results:
|
|||
- service-1
|
||||
result: pass
|
||||
rule: keda-prometheus-serveraddress
|
||||
- kind: ScaledObject
|
||||
policy: keda-prometheus-serveraddress
|
||||
resources:
|
||||
- service-3
|
||||
result: skip
|
||||
rule: keda-prometheus-serveraddress
|
||||
- kind: ScaledObject
|
||||
patchedResource: patchedResource2.yaml
|
||||
policy: keda-prometheus-serveraddress
|
||||
|
|
@ -24,3 +18,9 @@ results:
|
|||
- service-2
|
||||
result: pass
|
||||
rule: keda-prometheus-serveraddress
|
||||
- kind: ScaledObject
|
||||
policy: keda-prometheus-serveraddress
|
||||
resources:
|
||||
- service-3
|
||||
result: skip
|
||||
rule: keda-prometheus-serveraddress
|
||||
|
|
|
|||
|
|
@ -4,12 +4,6 @@ policies:
|
|||
resources:
|
||||
- resource.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
policy: resource-lists
|
||||
resources:
|
||||
- myapp-pod3
|
||||
result: pass
|
||||
rule: validate-image-tag
|
||||
- kind: Pod
|
||||
policy: resource-lists
|
||||
resources:
|
||||
|
|
@ -17,3 +11,9 @@ results:
|
|||
- myapp-pod2
|
||||
result: pass
|
||||
rule: require-image-tag
|
||||
- kind: Pod
|
||||
policy: resource-lists
|
||||
resources:
|
||||
- myapp-pod3
|
||||
result: pass
|
||||
rule: validate-image-tag
|
||||
|
|
|
|||
|
|
@ -4,15 +4,15 @@ policies:
|
|||
resources:
|
||||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
policy: restrict-something
|
||||
resources:
|
||||
- nginx-too
|
||||
result: fail
|
||||
rule: validate-some-non-foo
|
||||
- kind: Pod
|
||||
policy: restrict-something
|
||||
resources:
|
||||
- nginx-foo
|
||||
result: pass
|
||||
rule: validate-some-foo
|
||||
- kind: Pod
|
||||
policy: restrict-something
|
||||
resources:
|
||||
- nginx-too
|
||||
result: fail
|
||||
rule: validate-some-non-foo
|
||||
|
|
|
|||
|
|
@ -7,14 +7,14 @@ results:
|
|||
- kind: Ingress
|
||||
policy: unique-ingress-host
|
||||
resources:
|
||||
- ingress-foo-host
|
||||
result: skip
|
||||
- ingress-kyverno-host
|
||||
result: fail
|
||||
rule: check-single-host
|
||||
- kind: Ingress
|
||||
policy: unique-ingress-host
|
||||
resources:
|
||||
- ingress-kyverno-host
|
||||
result: fail
|
||||
- ingress-foo-host
|
||||
result: skip
|
||||
rule: check-single-host
|
||||
- kind: Ingress
|
||||
policy: unique-ingress-host
|
||||
|
|
|
|||
|
|
@ -40,17 +40,6 @@ results:
|
|||
- test/test-lifetime-fail
|
||||
result: fail
|
||||
rule: greater-than
|
||||
- kind: Pod
|
||||
policy: restrict-pod-counts
|
||||
resources:
|
||||
- myapp-pod
|
||||
- test-validate-image-tag-ignore
|
||||
- test/test-require-image-tag-fail
|
||||
- test/test-require-image-tag-pass
|
||||
- test/test-validate-image-tag-fail
|
||||
- test/test-validate-image-tag-pass
|
||||
result: fail
|
||||
rule: restrict-pod-count
|
||||
- kind: Pod
|
||||
policy: duration-test
|
||||
resources:
|
||||
|
|
@ -63,4 +52,15 @@ results:
|
|||
- test/test-lifetime-fail
|
||||
result: pass
|
||||
rule: less-than
|
||||
- kind: Pod
|
||||
policy: restrict-pod-counts
|
||||
resources:
|
||||
- myapp-pod
|
||||
- test-validate-image-tag-ignore
|
||||
- test/test-require-image-tag-fail
|
||||
- test/test-require-image-tag-pass
|
||||
- test/test-validate-image-tag-fail
|
||||
- test/test-validate-image-tag-pass
|
||||
result: fail
|
||||
rule: restrict-pod-count
|
||||
variables: values.yaml
|
||||
|
|
|
|||
|
|
@ -10,17 +10,11 @@ resources:
|
|||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
policy: cm-multiple-example
|
||||
policy: cm-array-example
|
||||
resources:
|
||||
- test-env-dev
|
||||
- test-web
|
||||
result: fail
|
||||
rule: example-configmap-lookup
|
||||
- kind: Pod
|
||||
policy: cm-multiple-example
|
||||
resources:
|
||||
- test-env-test
|
||||
result: pass
|
||||
rule: example-configmap-lookup
|
||||
rule: validate-role-annotation
|
||||
- kind: Pod
|
||||
policy: cm-array-example
|
||||
resources:
|
||||
|
|
@ -33,18 +27,18 @@ results:
|
|||
- test-blk-web
|
||||
result: fail
|
||||
rule: validate-blk-role-annotation
|
||||
- kind: Pod
|
||||
policy: cm-globalval-example
|
||||
resources:
|
||||
- test-global-prod
|
||||
result: fail
|
||||
rule: validate-mode
|
||||
- kind: Pod
|
||||
policy: cm-blk-scalar-example
|
||||
resources:
|
||||
- test-blk-app
|
||||
result: pass
|
||||
rule: validate-blk-role-annotation
|
||||
- kind: Pod
|
||||
policy: cm-globalval-example
|
||||
resources:
|
||||
- test-global-prod
|
||||
result: fail
|
||||
rule: validate-mode
|
||||
- kind: Pod
|
||||
policy: cm-globalval-example
|
||||
resources:
|
||||
|
|
@ -52,29 +46,35 @@ results:
|
|||
result: pass
|
||||
rule: validate-mode
|
||||
- kind: Pod
|
||||
policy: cm-array-example
|
||||
policy: cm-multiple-example
|
||||
resources:
|
||||
- test-web
|
||||
- test-env-dev
|
||||
result: fail
|
||||
rule: validate-role-annotation
|
||||
rule: example-configmap-lookup
|
||||
- kind: Pod
|
||||
policy: cm-multiple-example
|
||||
resources:
|
||||
- test-env-test
|
||||
result: pass
|
||||
rule: example-configmap-lookup
|
||||
- kind: Pod
|
||||
policy: cm-variable-example
|
||||
resources:
|
||||
- test-env-dev
|
||||
result: fail
|
||||
rule: example-configmap-lookup
|
||||
- kind: Pod
|
||||
policy: images
|
||||
resources:
|
||||
- test-pod-with-non-trusted-registry
|
||||
result: fail
|
||||
rule: only-allow-trusted-images
|
||||
- kind: Pod
|
||||
policy: cm-variable-example
|
||||
resources:
|
||||
- test-env-test
|
||||
result: pass
|
||||
rule: example-configmap-lookup
|
||||
- kind: Pod
|
||||
policy: images
|
||||
resources:
|
||||
- test-pod-with-non-trusted-registry
|
||||
result: fail
|
||||
rule: only-allow-trusted-images
|
||||
- kind: Pod
|
||||
policy: images
|
||||
resources:
|
||||
|
|
|
|||
|
|
@ -4,13 +4,6 @@ policies:
|
|||
resources:
|
||||
- resources.yaml
|
||||
results:
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource.yaml
|
||||
policy: mutate-wildcard
|
||||
resources:
|
||||
- wildcard-mutate
|
||||
result: pass
|
||||
rule: mutate-wildcard
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource1.yaml
|
||||
policy: mutate-wildcard
|
||||
|
|
@ -18,3 +11,10 @@ results:
|
|||
- wildcard-mutate-fail
|
||||
result: fail
|
||||
rule: mutate-wildcard
|
||||
- kind: Pod
|
||||
patchedResource: patchedResource.yaml
|
||||
policy: mutate-wildcard
|
||||
resources:
|
||||
- wildcard-mutate
|
||||
result: pass
|
||||
rule: mutate-wildcard
|
||||
|
|
|
|||
Loading…
Reference in a new issue