chore: add cascading kuttl test (#6425)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

test/conformance/kuttl/mutate/cascading/two-foreach-rules/01-policy.yaml

@@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- policy.yaml
+assert:
+- policy-assert.yaml

test/conformance/kuttl/mutate/cascading/two-foreach-rules/02-configmap.yaml

@@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- file: configmap.yaml
+assert:
+- configmap-assert.yaml

test/conformance/kuttl/mutate/cascading/two-foreach-rules/README.md

@@ -0,0 +1,9 @@
+## Description
+
+This test creates a policy with two mutation rules.
+The second rule depends on the mutation in the first rule.
+To succeed, the changes in the first mutation rule need to cascade correctly to get the second rule to execute correctly.
+
+## Related issue
+
+https://github.com/kyverno/kyverno/issues/6210

test/conformance/kuttl/mutate/cascading/two-foreach-rules/configmap-assert.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm
+  annotations:
+    mutation1: '1'
+    mutation2: 'found mutation1: 1'

test/conformance/kuttl/mutate/cascading/two-foreach-rules/configmap.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cm

test/conformance/kuttl/mutate/cascading/two-foreach-rules/policy-assert.yaml

@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: mutate-chain
+status:
+  conditions:
+  - reason: Succeeded
+    status: 'True'
+    type: Ready

test/conformance/kuttl/mutate/cascading/two-foreach-rules/policy.yaml

@@ -0,0 +1,35 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: mutate-chain
+spec:
+  background: false
+  validationFailureAction: Enforce
+  rules:
+    - name: mutation1
+      match:
+        all:
+          - resources:
+              kinds:
+                - v1/ConfigMap
+      mutate:
+        foreach:
+          - list: "['dummy']"
+            patchStrategicMerge:
+              metadata:
+                annotations:
+                  # value is a counter in case K8s decides for multiple mutation rounds
+                  mutation1: "{{ not_null(request.object.metadata.annotations.mutation1, '0') | add(@, '1') }}"
+    - name: mutation2
+      match:
+        all:
+          - resources:
+              kinds:
+                - v1/ConfigMap
+      mutate:
+        foreach:
+          - list: "['dummy']"
+            patchStrategicMerge:
+              metadata:
+                annotations:
+                  mutation2: "found mutation1: {{ request.object.metadata.annotations.mutation1 || '<nothing>' }}"