mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

chore: fix cli test files (#8418)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2023-09-15 11:48:30 +02:00 committed by GitHub
parent 3247f0c9cc
commit 5433cb9a69
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 201 additions and 201 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
test/cli/test-mutate/connection-draining/kyverno-test.yaml
View file

@ -4,6 +4,12 @@ policies:
resources: resources:
- resource.yaml - resource.yaml
results: results:
- kind: Service
policy: disable-connection-draining
resources:
- nlb-aws-controller-no-attributes
result: skip
rule: clb
- kind: Service - kind: Service
patchedResource: patched.yaml patchedResource: patched.yaml
policy: disable-connection-draining policy: disable-connection-draining
@ -11,9 +17,3 @@ results:
- nlb-aws-controller-no-attributes - nlb-aws-controller-no-attributes
result: pass result: pass
rule: nlb-no-attributes rule: nlb-no-attributes
- kind: Service
policy: disable-connection-draining
resources:
- nlb-aws-controller-no-attributes
result: skip
rule: clb

14
test/cli/test-mutate/foreach/kyverno-test.yaml
View file

@ -4,13 +4,6 @@ policies:
resources: resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod
patchedResource: pod-updated-image.yaml
policy: mutate-images
resources:
- mypod
result: pass
rule: test
- kind: Pod - kind: Pod
patchedResource: patched-resource.yaml patchedResource: patched-resource.yaml
policy: foreach-json-patch policy: foreach-json-patch
@ -18,4 +11,11 @@ results:
- nginx - nginx
result: pass result: pass
rule: add-security-context rule: add-security-context
- kind: Pod
patchedResource: pod-updated-image.yaml
policy: mutate-images
resources:
- mypod
result: pass
rule: test
variables: values.yaml variables: values.yaml

14
test/cli/test-mutate/global-anchor/kyverno-test.yaml
View file

@ -4,13 +4,6 @@ policies:
resources: resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod
policy: add-safe-to-evict
resources:
- pod-without-emptydir-hostpath
- pod-without-emptydir-hostpath-1
result: skip
rule: annotate-empty-dir
- kind: Pod - kind: Pod
patchedResource: patchedResource.yaml patchedResource: patchedResource.yaml
policy: add-safe-to-evict policy: add-safe-to-evict
@ -25,3 +18,10 @@ results:
- pod-with-emptydir-hostpath-1 - pod-with-emptydir-hostpath-1
result: pass result: pass
rule: annotate-empty-dir rule: annotate-empty-dir
- kind: Pod
policy: add-safe-to-evict
resources:
- pod-without-emptydir-hostpath
- pod-without-emptydir-hostpath-1
result: skip
rule: annotate-empty-dir

42
test/cli/test-mutate/kyverno-test.yaml
View file

@ -4,27 +4,6 @@ policies:
resources: resources:
- resource.yaml - resource.yaml
results: results:
- kind: Pod
patchedResource: patchedResource2.yaml
policy: add-label
resources:
- testing/same-name-but-diff-namespace
result: pass
rule: add-label
- kind: Pod
patchedResource: patchedResource1.yaml
policy: add-label
resources:
- practice/resource-equal-to-patch-res-for-cp
result: skip
rule: add-label
- kind: Pod
patchedResource: patched-resource.yaml
policy: example
resources:
- example
result: pass
rule: object_from_lists
- kind: Deployment - kind: Deployment
patchedResource: patchedResource4.yaml patchedResource: patchedResource4.yaml
policy: add-label policy: add-label
@ -32,6 +11,13 @@ results:
- mydeploy - mydeploy
result: pass result: pass
rule: add-label rule: add-label
- kind: Pod
patchedResource: patchedResource2.yaml
policy: add-label
resources:
- testing/same-name-but-diff-namespace
result: pass
rule: add-label
- kind: Pod - kind: Pod
patchedResource: patchedResource3.yaml patchedResource: patchedResource3.yaml
policy: add-label policy: add-label
@ -46,6 +32,20 @@ results:
- same-name-but-diff-kind - same-name-but-diff-kind
result: pass result: pass
rule: add-label rule: add-label
- kind: Pod
patchedResource: patchedResource1.yaml
policy: add-label
resources:
- practice/resource-equal-to-patch-res-for-cp
result: skip
rule: add-label
- kind: Pod
patchedResource: patched-resource.yaml
policy: example
resources:
- example
result: pass
rule: object_from_lists
- kind: Pod - kind: Pod
patchedResource: patchedResource8.yaml patchedResource: patchedResource8.yaml
policy: testing/add-ndots policy: testing/add-ndots

12
test/cli/test/anypattern_skip_error/kyverno-test.yaml
View file

@ -4,12 +4,6 @@ policies:
resources: resources:
- resource.yaml - resource.yaml
results: results:
- kind: Service
policy: validate-service-loadbalancer
resources:
- service-clusterip-skip
result: skip
rule: check-loadbalancer-public
- kind: Service - kind: Service
policy: validate-service-loadbalancer policy: validate-service-loadbalancer
resources: resources:
@ -23,3 +17,9 @@ results:
- service-public-pass - service-public-pass
result: pass result: pass
rule: check-loadbalancer-public rule: check-loadbalancer-public
- kind: Service
policy: validate-service-loadbalancer
resources:
- service-clusterip-skip
result: skip
rule: check-loadbalancer-public

16
test/cli/test/autogen/kyverno-test.yaml
View file

@ -4,12 +4,6 @@ policies:
resources: resources:
- resources.yaml - resources.yaml
results: results:
- kind: StatefulSet
policy: require-common-labels
resources:
- StatefulSet-with-labels
result: pass
rule: check-for-labels
- kind: CronJob - kind: CronJob
policy: require-common-labels policy: require-common-labels
resources: resources:
@ -28,6 +22,12 @@ results:
- pod-missing-labels - pod-missing-labels
result: fail result: fail
rule: check-for-labels rule: check-for-labels
- kind: StatefulSet
policy: require-common-labels
resources:
- StatefulSet-without-labels
result: fail
rule: check-for-labels
- kind: CronJob - kind: CronJob
policy: require-common-labels policy: require-common-labels
resources: resources:
@ -49,6 +49,6 @@ results:
- kind: StatefulSet - kind: StatefulSet
policy: require-common-labels policy: require-common-labels
resources: resources:
- StatefulSet-without-labels - StatefulSet-with-labels
result: fail result: pass
rule: check-for-labels rule: check-for-labels

92
test/cli/test/custom-functions/kyverno-test.yaml
View file

@ -4,12 +4,6 @@ policies:
resources: resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod
policy: path-canonicalize
resources:
- mount-containerd-sock
result: fail
rule: disallow-mount-containerd-sock
- kind: Secret - kind: Secret
policy: base64 policy: base64
resources: resources:
@ -22,48 +16,12 @@ results:
- base64-test-match - base64-test-match
result: pass result: pass
rule: secret-value-must-match-label rule: secret-value-must-match-label
- kind: ConfigMap - kind: Pod
policy: test-parse-json policy: path-canonicalize
resources: resources:
- invalid-test - mount-containerd-sock
result: fail result: fail
rule: test-json-parsing-jmespath rule: disallow-mount-containerd-sock
- kind: ConfigMap
policy: test-parse-yaml
resources:
- invalid-yaml-test
result: fail
rule: test-yaml-parsing-jmespath
- kind: ConfigMap
policy: test-parse-json
resources:
- valid-test
result: pass
rule: test-json-parsing-jmespath
- kind: ConfigMap
policy: test-parse-yaml
resources:
- valid-yaml-test
result: pass
rule: test-yaml-parsing-jmespath
- kind: ConfigMap
policy: test-parse-yaml-array
resources:
- invalid-yaml-test
result: fail
rule: test-yaml-parsing-jmespath
- kind: ConfigMap
policy: test-x509-decode
resources:
- test-x509-configmap
result: fail
rule: test-x509-decode
- kind: ConfigMap
policy: test-parse-yaml-array
resources:
- valid-yaml-test
result: pass
rule: test-yaml-parsing-jmespath
- kind: Namespace - kind: Namespace
policy: pattern-match policy: pattern-match
resources: resources:
@ -76,3 +34,45 @@ results:
- pattern-match-test-match - pattern-match-test-match
result: pass result: pass
rule: label-must-match-pattern rule: label-must-match-pattern
- kind: ConfigMap
policy: test-parse-json
resources:
- invalid-test
result: fail
rule: test-json-parsing-jmespath
- kind: ConfigMap
policy: test-parse-json
resources:
- valid-test
result: pass
rule: test-json-parsing-jmespath
- kind: ConfigMap
policy: test-parse-yaml
resources:
- invalid-yaml-test
result: fail
rule: test-yaml-parsing-jmespath
- kind: ConfigMap
policy: test-parse-yaml
resources:
- valid-yaml-test
result: pass
rule: test-yaml-parsing-jmespath
- kind: ConfigMap
policy: test-parse-yaml-array
resources:
- invalid-yaml-test
result: fail
rule: test-yaml-parsing-jmespath
- kind: ConfigMap
policy: test-parse-yaml-array
resources:
- valid-yaml-test
result: pass
rule: test-yaml-parsing-jmespath
- kind: ConfigMap
policy: test-x509-decode
resources:
- test-x509-configmap
result: fail
rule: test-x509-decode

28
test/cli/test/foreach/kyverno-test.yaml
View file

@ -5,18 +5,12 @@ resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod - kind: Pod
policy: validate-image-list policy: validate-empty-dir-mountpath
resources: resources:
- test-pod - test-pod
- test-pod-ghcr - test-pod2
result: fail result: pass
rule: check-image rule: check-mount-paths
- kind: Pod
policy: validate-empty-dir-resources
resources:
- test-pod-with-gke-vol
result: skip
rule: check-resources
- kind: Pod - kind: Pod
policy: validate-empty-dir-resources policy: validate-empty-dir-resources
resources: resources:
@ -32,12 +26,18 @@ results:
result: pass result: pass
rule: check-resources rule: check-resources
- kind: Pod - kind: Pod
policy: validate-empty-dir-mountpath policy: validate-empty-dir-resources
resources:
- test-pod-with-gke-vol
result: skip
rule: check-resources
- kind: Pod
policy: validate-image-list
resources: resources:
- test-pod - test-pod
- test-pod2 - test-pod-ghcr
result: pass result: fail
rule: check-mount-paths rule: check-image
- kind: Pod - kind: Pod
policy: validate-image-list-error policy: validate-image-list-error
resources: resources:

12
test/cli/test/images/verify-signature/kyverno-test.yaml
View file

@ -4,12 +4,6 @@ policies:
resources: resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod
policy: check-image
resources:
- signed
result: pass
rule: verify-signature
- kind: DataVolume - kind: DataVolume
policy: check-data-volume-image policy: check-data-volume-image
resources: resources:
@ -28,3 +22,9 @@ results:
- unsigned - unsigned
result: fail result: fail
rule: verify-signature rule: verify-signature
- kind: Pod
policy: check-image
resources:
- signed
result: pass
rule: verify-signature

24
test/cli/test/jmespath-brackets/kyverno-test.yaml
View file

@ -4,18 +4,6 @@ policies:
resources: resources:
- resources.yaml - resources.yaml
results: results:
- kind: Namespace
policy: namespace-validation
resources:
- test-invalid
result: fail
rule: namespace-validation
- kind: Namespace
policy: namespace-validation
resources:
- test-valid
result: pass
rule: namespace-validation
- kind: Pod - kind: Pod
policy: default/test-jmespath policy: default/test-jmespath
resources: resources:
@ -30,3 +18,15 @@ results:
- test-valid3 - test-valid3
result: pass result: pass
rule: test-jmespath rule: test-jmespath
- kind: Namespace
policy: namespace-validation
resources:
- test-invalid
result: fail
rule: namespace-validation
- kind: Namespace
policy: namespace-validation
resources:
- test-valid
result: pass
rule: namespace-validation

8
test/cli/test/limit-configmap-for-sa/kyverno-test.yaml
View file

@ -7,13 +7,13 @@ results:
- kind: ConfigMap - kind: ConfigMap
policy: limit-configmap-for-sa policy: limit-configmap-for-sa
resources: resources:
- any-namespace/any-configmap-name-bad - any-namespace/any-configmap-name-good
result: skip result: fail
rule: limit-configmap-for-sa-developer rule: limit-configmap-for-sa-developer
- kind: ConfigMap - kind: ConfigMap
policy: limit-configmap-for-sa policy: limit-configmap-for-sa
resources: resources:
- any-namespace/any-configmap-name-good - any-namespace/any-configmap-name-bad
result: fail result: skip
rule: limit-configmap-for-sa-developer rule: limit-configmap-for-sa-developer
variables: variables.yaml variables: variables.yaml

12
test/cli/test/mutate-keda-scaled-object/kyverno-test.yaml
View file

@ -11,12 +11,6 @@ results:
- service-1 - service-1
result: pass result: pass
rule: keda-prometheus-serveraddress rule: keda-prometheus-serveraddress
- kind: ScaledObject
policy: keda-prometheus-serveraddress
resources:
- service-3
result: skip
rule: keda-prometheus-serveraddress
- kind: ScaledObject - kind: ScaledObject
patchedResource: patchedResource2.yaml patchedResource: patchedResource2.yaml
policy: keda-prometheus-serveraddress policy: keda-prometheus-serveraddress
@ -24,3 +18,9 @@ results:
- service-2 - service-2
result: pass result: pass
rule: keda-prometheus-serveraddress rule: keda-prometheus-serveraddress
- kind: ScaledObject
policy: keda-prometheus-serveraddress
resources:
- service-3
result: skip
rule: keda-prometheus-serveraddress

12
test/cli/test/resource_lists/kyverno-test.yaml
View file

@ -4,12 +4,6 @@ policies:
resources: resources:
- resource.yaml - resource.yaml
results: results:
- kind: Pod
policy: resource-lists
resources:
- myapp-pod3
result: pass
rule: validate-image-tag
- kind: Pod - kind: Pod
policy: resource-lists policy: resource-lists
resources: resources:
@ -17,3 +11,9 @@ results:
- myapp-pod2 - myapp-pod2
result: pass result: pass
rule: require-image-tag rule: require-image-tag
- kind: Pod
policy: resource-lists
resources:
- myapp-pod3
result: pass
rule: validate-image-tag

12
test/cli/test/restrict-something/kyverno-test.yaml
View file

@ -4,15 +4,15 @@ policies:
resources: resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod
policy: restrict-something
resources:
- nginx-too
result: fail
rule: validate-some-non-foo
- kind: Pod - kind: Pod
policy: restrict-something policy: restrict-something
resources: resources:
- nginx-foo - nginx-foo
result: pass result: pass
rule: validate-some-foo rule: validate-some-foo
- kind: Pod
policy: restrict-something
resources:
- nginx-too
result: fail
rule: validate-some-non-foo

8
test/cli/test/restrict_ingress_host/kyverno-test.yaml
View file

@ -7,14 +7,14 @@ results:
- kind: Ingress - kind: Ingress
policy: unique-ingress-host policy: unique-ingress-host
resources: resources:
- ingress-foo-host - ingress-kyverno-host
result: skip result: fail
rule: check-single-host rule: check-single-host
- kind: Ingress - kind: Ingress
policy: unique-ingress-host policy: unique-ingress-host
resources: resources:
- ingress-kyverno-host - ingress-foo-host
result: fail result: skip
rule: check-single-host rule: check-single-host
- kind: Ingress - kind: Ingress
policy: unique-ingress-host policy: unique-ingress-host

22
test/cli/test/simple/kyverno-test.yaml
View file

@ -40,17 +40,6 @@ results:
- test/test-lifetime-fail - test/test-lifetime-fail
result: fail result: fail
rule: greater-than rule: greater-than
- kind: Pod
policy: restrict-pod-counts
resources:
- myapp-pod
- test-validate-image-tag-ignore
- test/test-require-image-tag-fail
- test/test-require-image-tag-pass
- test/test-validate-image-tag-fail
- test/test-validate-image-tag-pass
result: fail
rule: restrict-pod-count
- kind: Pod - kind: Pod
policy: duration-test policy: duration-test
resources: resources:
@ -63,4 +52,15 @@ results:
- test/test-lifetime-fail - test/test-lifetime-fail
result: pass result: pass
rule: less-than rule: less-than
- kind: Pod
policy: restrict-pod-counts
resources:
- myapp-pod
- test-validate-image-tag-ignore
- test/test-require-image-tag-fail
- test/test-require-image-tag-pass
- test/test-validate-image-tag-fail
- test/test-validate-image-tag-pass
result: fail
rule: restrict-pod-count
variables: values.yaml variables: values.yaml

48
test/cli/test/variables/kyverno-test.yaml
View file

@ -10,17 +10,11 @@ resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod - kind: Pod
policy: cm-multiple-example policy: cm-array-example
resources: resources:
- test-env-dev - test-web
result: fail result: fail
rule: example-configmap-lookup rule: validate-role-annotation
- kind: Pod
policy: cm-multiple-example
resources:
- test-env-test
result: pass
rule: example-configmap-lookup
- kind: Pod - kind: Pod
policy: cm-array-example policy: cm-array-example
resources: resources:
@ -33,18 +27,18 @@ results:
- test-blk-web - test-blk-web
result: fail result: fail
rule: validate-blk-role-annotation rule: validate-blk-role-annotation
- kind: Pod
policy: cm-globalval-example
resources:
- test-global-prod
result: fail
rule: validate-mode
- kind: Pod - kind: Pod
policy: cm-blk-scalar-example policy: cm-blk-scalar-example
resources: resources:
- test-blk-app - test-blk-app
result: pass result: pass
rule: validate-blk-role-annotation rule: validate-blk-role-annotation
- kind: Pod
policy: cm-globalval-example
resources:
- test-global-prod
result: fail
rule: validate-mode
- kind: Pod - kind: Pod
policy: cm-globalval-example policy: cm-globalval-example
resources: resources:
@ -52,29 +46,35 @@ results:
result: pass result: pass
rule: validate-mode rule: validate-mode
- kind: Pod - kind: Pod
policy: cm-array-example policy: cm-multiple-example
resources: resources:
- test-web - test-env-dev
result: fail result: fail
rule: validate-role-annotation rule: example-configmap-lookup
- kind: Pod
policy: cm-multiple-example
resources:
- test-env-test
result: pass
rule: example-configmap-lookup
- kind: Pod - kind: Pod
policy: cm-variable-example policy: cm-variable-example
resources: resources:
- test-env-dev - test-env-dev
result: fail result: fail
rule: example-configmap-lookup rule: example-configmap-lookup
- kind: Pod
policy: images
resources:
- test-pod-with-non-trusted-registry
result: fail
rule: only-allow-trusted-images
- kind: Pod - kind: Pod
policy: cm-variable-example policy: cm-variable-example
resources: resources:
- test-env-test - test-env-test
result: pass result: pass
rule: example-configmap-lookup rule: example-configmap-lookup
- kind: Pod
policy: images
resources:
- test-pod-with-non-trusted-registry
result: fail
rule: only-allow-trusted-images
- kind: Pod - kind: Pod
policy: images policy: images
resources: resources:

14
test/cli/test/wildcard_mutate/kyverno-test.yaml
View file

@ -4,13 +4,6 @@ policies:
resources: resources:
- resources.yaml - resources.yaml
results: results:
- kind: Pod
patchedResource: patchedResource.yaml
policy: mutate-wildcard
resources:
- wildcard-mutate
result: pass
rule: mutate-wildcard
- kind: Pod - kind: Pod
patchedResource: patchedResource1.yaml patchedResource: patchedResource1.yaml
policy: mutate-wildcard policy: mutate-wildcard
@ -18,3 +11,10 @@ results:
- wildcard-mutate-fail - wildcard-mutate-fail
result: fail result: fail
rule: mutate-wildcard rule: mutate-wildcard
- kind: Pod
patchedResource: patchedResource.yaml
policy: mutate-wildcard
resources:
- wildcard-mutate
result: pass
rule: mutate-wildcard