diff --git a/definitions/install.yaml b/definitions/install.yaml
index dd5d5068d0..f7ca441a23 100644
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@@ -35,29 +35,31 @@ spec:
resource:
type: object
required:
- - kind
+ - kinds
properties:
- kind:
- type: string
- enum:
- - ConfigMap
- - CronJob
- - DaemonSet
- - Deployment
- - Endpoints
- - HorizontalPodAutoscaler
- - Ingress
- - Job
- - LimitRange
- - Namespace
- - NetworkPolicy
- - PersistentVolumeClaim
- - PodDisruptionBudget
- - PodTemplate
- - ResourceQuota
- - Secret
- - Service
- - StatefulSet
+ kinds:
+ type: array
+ items:
+ type: string
+ enum:
+ - ConfigMap
+ - CronJob
+ - DaemonSet
+ - Deployment
+ - Endpoints
+ - HorizontalPodAutoscaler
+ - Ingress
+ - Job
+ - LimitRange
+ - Namespace
+ - NetworkPolicy
+ - PersistentVolumeClaim
+ - PodDisruptionBudget
+ - PodTemplate
+ - ResourceQuota
+ - Secret
+ - Service
+ - StatefulSet
name:
type: string
selector:
diff --git a/examples/CLI/deployment/policy-deployment.yaml b/examples/CLI/deployment/policy-deployment.yaml
index 52b5ac0ee9..23e52be16b 100644
--- a/examples/CLI/deployment/policy-deployment.yaml
+++ b/examples/CLI/deployment/policy-deployment.yaml
@@ -6,7 +6,8 @@ spec :
rules:
- name: deployment-policy
resource:
- kind : Deployment
+ kinds :
+ - Deployment
selector :
matchLabels :
cli: test
diff --git a/examples/Validate/check_cpu_memory.yaml b/examples/Validate/check_cpu_memory.yaml
index 61ab1d2b70..f4a418296a 100644
--- a/examples/Validate/check_cpu_memory.yaml
+++ b/examples/Validate/check_cpu_memory.yaml
@@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: check-cpu-memory
@@ -6,7 +6,8 @@ spec:
rules:
- name: check-defined
resource:
- kind: Deployment
+ kinds:
+ - Deployment
validate:
message: "Resource requests and limits are required for CPU and memory"
pattern:
@@ -22,7 +23,8 @@ spec:
cpu: "?"
- name: check-memory-in-range
resource:
- kind: Deployment
+ kinds:
+ - Deployment
validate:
message: "Memory request cannot be greater than 10Gi"
pattern:
diff --git a/examples/Validate/check_hostpath.yaml b/examples/Validate/check_hostpath.yaml
index 8ebe1d7817..35dd08225b 100644
--- a/examples/Validate/check_hostpath.yaml
+++ b/examples/Validate/check_hostpath.yaml
@@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: check-host-path
@@ -6,7 +6,8 @@ spec:
rules:
- name: check-host-path
resource:
- kind: Pod
+ kinds:
+ - Pod
validate:
message: "Host path volumes are not allowed"
pattern:
diff --git a/examples/Validate/check_image_version.yaml b/examples/Validate/check_image_version.yaml
index e71335499e..15c8cb2d9a 100644
--- a/examples/Validate/check_image_version.yaml
+++ b/examples/Validate/check_image_version.yaml
@@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: image-pull-policy
@@ -7,7 +7,8 @@ spec:
- name: image-pull-policy
message: "Image tag ':latest' requires imagePullPolicy 'Always'"
resource:
- kind: Deployment
+ kinds:
+ - Deployment
overlay:
template:
spec:
diff --git a/examples/Validate/check_nodeport.yaml b/examples/Validate/check_nodeport.yaml
index 1a5fd25c05..c2456f00e3 100644
--- a/examples/Validate/check_nodeport.yaml
+++ b/examples/Validate/check_nodeport.yaml
@@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: check-host-path
@@ -6,7 +6,8 @@ spec:
rules:
- name: check-host-path
resource:
- kind: Service
+ kinds:
+ - Service
validate:
message: "Node port services are not allowed"
pattern:
diff --git a/examples/Validate/check_probe_exists.yaml b/examples/Validate/check_probe_exists.yaml
index d055455bf5..442525a423 100644
--- a/examples/Validate/check_probe_exists.yaml
+++ b/examples/Validate/check_probe_exists.yaml
@@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: check-probe-exists
@@ -6,7 +6,8 @@ spec:
rules:
- name: check-liveness-probe-exists
resource:
- kind: StatefulSet
+ kinds:
+ - StatefulSet
validate:
message: "a livenessProbe is required"
pattern:
@@ -14,10 +15,11 @@ spec:
# In this case every object in containers list will be checked for pattern
- name: "*"
livenessProbe:
- periodSeconds: ?
+ periodSeconds: "?"
- resource:
- kind: Deployment
- name: check-readiness-probe-exists
+ kinds:
+ - Deployment
+ name: check-readinessprobe-exists
validate:
message: "a readinessProbe is required"
pattern:
@@ -25,4 +27,4 @@ spec:
# In this case every object in containers list will be checked for pattern
- name: "*"
readinessProbe:
- periodSeconds: ?
+ periodSeconds: "?"
diff --git a/examples/Validate/check_probe_intervals.yaml b/examples/Validate/check_probe_intervals.yaml
index 77bc50b9ce..15f93e4a88 100644
--- a/examples/Validate/check_probe_intervals.yaml
+++ b/examples/Validate/check_probe_intervals.yaml
@@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: check-probe-intervals
@@ -6,7 +6,8 @@ spec:
rules:
- name: check-probe-intervals
resource:
- kind: Deployment
+ kinds:
+ - Deployment
validate:
message: "livenessProbe must be > 10s"
pattern:
@@ -16,7 +17,9 @@ spec:
livenessProbe:
periodSeconds: ">10"
- resource:
- kind: Deployment
+ kinds:
+ - Deployment
+ name: check-readinessprobe-intervals
validate:
pattern:
message: "readinessProbe must be > 10s"
diff --git a/examples/Validate/check_whitelist_registries.yaml b/examples/Validate/check_whitelist_registries.yaml
index 79aceab2e0..386fe92cda 100644
--- a/examples/Validate/check_whitelist_registries.yaml
+++ b/examples/Validate/check_whitelist_registries.yaml
@@ -1,4 +1,4 @@
-apiVersion: policy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: check-whitelist-registries
@@ -7,7 +7,8 @@ spec:
- name: check-whitelist-registries
message: "Registry is not allowed"
resource:
- kind: Deployment
+ kinds:
+ - Deployment
validate:
pattern:
template:
diff --git a/pkg/apis/policy/v1alpha1/types.go b/pkg/apis/policy/v1alpha1/types.go
index 0e4374494c..12c0f7c9dd 100644
--- a/pkg/apis/policy/v1alpha1/types.go
+++ b/pkg/apis/policy/v1alpha1/types.go
@@ -33,7 +33,7 @@ type Rule struct {
// ResourceDescription describes the resource to which the PolicyRule will be applied.
type ResourceDescription struct {
- Kind string `json:"kind"`
+ Kinds []string `json:"kinds"`
Name *string `json:"name"`
Selector *metav1.LabelSelector `json:"selector"`
}
diff --git a/pkg/apis/policy/v1alpha1/utils.go b/pkg/apis/policy/v1alpha1/utils.go
index 65719ba360..3fe4bf570b 100644
--- a/pkg/apis/policy/v1alpha1/utils.go
+++ b/pkg/apis/policy/v1alpha1/utils.go
@@ -22,13 +22,11 @@ func (r *Rule) Validate() error {
}
// Validate checks if all necesarry fields are present and have values. Also checks a Selector.
-// Returns error if resource definition is invalid.
+// Returns error if
+// - kinds is not defined
func (pr *ResourceDescription) Validate() error {
- // TBD: selector or name MUST be specified
- if pr.Kind == "" {
+ if len(pr.Kinds) == 0 {
return errors.New("The Kind is not specified")
- } else if pr.Name == nil && pr.Selector == nil {
- return errors.New("Neither Name nor Selector is specified")
}
if pr.Selector != nil {
diff --git a/pkg/apis/policy/v1alpha1/utils_test.go b/pkg/apis/policy/v1alpha1/utils_test.go
index 2d050ce3dc..867cfd729e 100644
--- a/pkg/apis/policy/v1alpha1/utils_test.go
+++ b/pkg/apis/policy/v1alpha1/utils_test.go
@@ -9,8 +9,8 @@ import (
var defaultResourceDescriptionName = "defaultResourceDescription"
var defaultResourceDescription = ResourceDescription{
- Kind: "Deployment",
- Name: &defaultResourceDescriptionName,
+ Kinds: []string{"Deployment"},
+ Name: &defaultResourceDescriptionName,
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{"LabelForSelector": "defaultResourceDescription"},
},
@@ -43,7 +43,7 @@ func Test_ResourceDescription_EmptyKind(t *testing.T) {
func Test_ResourceDescription_EmptyNameAndSelector(t *testing.T) {
resourceDescription := ResourceDescription{
- Kind: "Deployment",
+ Kinds: []string{"Deployment"},
}
err := resourceDescription.Validate()
assert.Assert(t, err != nil)
diff --git a/pkg/engine/utils.go b/pkg/engine/utils.go
index f13f501f4d..0ba32f8949 100644
--- a/pkg/engine/utils.go
+++ b/pkg/engine/utils.go
@@ -13,7 +13,7 @@ import (
// ResourceMeetsDescription checks requests kind, name and labels to fit the policy rule
func ResourceMeetsDescription(resourceRaw []byte, description kubepolicy.ResourceDescription, gvk metav1.GroupVersionKind) bool {
- if description.Kind != gvk.Kind {
+ if !findKind(description.Kinds, gvk.Kind) {
return false
}
@@ -104,3 +104,12 @@ func ParseRegexPolicyResourceName(policyResourceName string) (string, bool) {
}
return strings.Trim(regex[1], " "), true
}
+
+func findKind(kinds []string, kindGVK string) bool {
+ for _, kind := range kinds {
+ if kind == kindGVK {
+ return true
+ }
+ }
+ return false
+}
diff --git a/pkg/engine/validation_test.go b/pkg/engine/validation_test.go
index e0b031d216..84d94632f0 100644
--- a/pkg/engine/validation_test.go
+++ b/pkg/engine/validation_test.go
@@ -358,7 +358,7 @@ func TestValidateMapElement_OneElementInArrayNotPass(t *testing.T) {
}
func TestValidate_ServiceTest(t *testing.T) {
- rawPolicy := []byte(`{ "apiVersion": "kubepolicy.nirmata.io/v1alpha1", "kind": "Policy", "metadata": { "name": "policy-service" }, "spec": { "rules": [ { "name": "ps1", "resource": { "kind": "Service", "name": "game-service*" }, "mutate": { "patches": [ { "path": "/metadata/labels/isMutated", "op": "add", "value": "true" }, { "path": "/metadata/labels/secretLabel", "op": "replace", "value": "weKnow" }, { "path": "/metadata/labels/originalLabel", "op": "remove" }, { "path": "/spec/selector/app", "op": "replace", "value": "mutedApp" } ] }, "validate": { "message": "This resource is broken", "pattern": { "spec": { "ports": [ { "name": "hs", "protocol": 32 } ] } } } } ] } }`)
+ rawPolicy := []byte(`{ "apiVersion": "kyverno.nirmata.io/v1alpha1", "kind": "Policy", "metadata": { "name": "policy-service" }, "spec": { "rules": [ { "name": "ps1", "resource": { "kind": "Service", "name": "game-service*" }, "mutate": { "patches": [ { "path": "/metadata/labels/isMutated", "op": "add", "value": "true" }, { "path": "/metadata/labels/secretLabel", "op": "replace", "value": "weKnow" }, { "path": "/metadata/labels/originalLabel", "op": "remove" }, { "path": "/spec/selector/app", "op": "replace", "value": "mutedApp" } ] }, "validate": { "message": "This resource is broken", "pattern": { "spec": { "ports": [ { "name": "hs", "protocol": 32 } ] } } } } ] } }`)
rawResource := []byte(`{ "kind": "Service", "apiVersion": "v1", "metadata": { "name": "game-service", "labels": { "originalLabel": "isHere", "secretLabel": "thisIsMySecret" } }, "spec": { "selector": { "app": "MyApp" }, "ports": [ { "name": "http", "protocol": "TCP", "port": 80, "targetPort": 9376 } ] } }`)
var policy kubepolicy.Policy
@@ -372,7 +372,7 @@ func TestValidate_ServiceTest(t *testing.T) {
}
func TestValidate_MapHasFloats(t *testing.T) {
- rawPolicy := []byte(`{ "apiVersion": "kubepolicy.nirmata.io/v1alpha1", "kind": "Policy", "metadata": { "name": "policy-deployment-changed" }, "spec": { "rules": [ { "name": "First policy v2", "resource": { "kind": "Deployment", "name": "nginx-*" }, "mutate": { "patches": [ { "path": "/metadata/labels/isMutated", "op": "add", "value": "true" }, { "path": "/metadata/labels/app", "op": "replace", "value": "nginx_is_mutated" } ] }, "validate": { "message": "replicas number is wrong", "pattern": { "metadata": { "labels": { "app": "*" } }, "spec": { "replicas": 3 } } } } ] } }`)
+ rawPolicy := []byte(`{ "apiVersion": "kyverno.nirmata.io/v1alpha1", "kind": "Policy", "metadata": { "name": "policy-deployment-changed" }, "spec": { "rules": [ { "name": "First policy v2", "resource": { "kind": "Deployment", "name": "nginx-*" }, "mutate": { "patches": [ { "path": "/metadata/labels/isMutated", "op": "add", "value": "true" }, { "path": "/metadata/labels/app", "op": "replace", "value": "nginx_is_mutated" } ] }, "validate": { "message": "replicas number is wrong", "pattern": { "metadata": { "labels": { "app": "*" } }, "spec": { "replicas": 3 } } } } ] } }`)
rawResource := []byte(`{ "apiVersion": "apps/v1", "kind": "Deployment", "metadata": { "name": "nginx-deployment", "labels": { "app": "nginx" } }, "spec": { "replicas": 3, "selector": { "matchLabels": { "app": "nginx" } }, "template": { "metadata": { "labels": { "app": "nginx" } }, "spec": { "containers": [ { "name": "nginx", "image": "nginx:1.7.9", "ports": [ { "containerPort": 80 } ] } ] } } } }`)
var policy kubepolicy.Policy
diff --git a/test/ConfigMap/policy-CM.yaml b/test/ConfigMap/policy-CM.yaml
index e9449d118e..4cef6e1084 100644
--- a/test/ConfigMap/policy-CM.yaml
+++ b/test/ConfigMap/policy-CM.yaml
@@ -6,7 +6,8 @@ spec :
rules:
- name: pCM1
resource:
- kind : ConfigMap
+ kinds :
+ - ConfigMap
name: "game-config"
mutate:
patches:
@@ -15,7 +16,8 @@ spec :
value : newValue
- name: pCM2
resource:
- kind : ConfigMap
+ kinds :
+ - ConfigMap
name: "game-config"
mutate:
patches:
@@ -26,7 +28,8 @@ spec :
value : "data is replaced"
- name: pCM3
resource:
- kind : ConfigMap
+ kinds :
+ - ConfigMap
name: "game-config"
mutate:
patches:
@@ -40,7 +43,8 @@ spec :
game.properties: "*enemies=aliens*"
- name: pCM4
resource:
- kind : ConfigMap
+ kinds :
+ - ConfigMap
name: "game-config"
validate:
message: "This CM data is broken because it does not have ui.properties"
diff --git a/test/ConfigMapGenerator-SecretGenerator/policy-cm-test.yaml b/test/ConfigMapGenerator-SecretGenerator/policy-cm-test.yaml
index c51e727c52..9ae1f69d10 100644
--- a/test/ConfigMapGenerator-SecretGenerator/policy-cm-test.yaml
+++ b/test/ConfigMapGenerator-SecretGenerator/policy-cm-test.yaml
@@ -6,12 +6,13 @@ spec:
rules:
- name: "copyCM"
resource :
- kind : Namespace
+ kinds :
+ - Namespace
selector:
matchLabels:
LabelForSelector : "namespace2"
generate :
- kind: ConfigMap
+ - kind: ConfigMap
name : copied-cm
copyFrom :
namespace : default
diff --git a/test/ConfigMapGenerator-SecretGenerator/policy-namespace-patch-cmgCG-sgCG.yaml b/test/ConfigMapGenerator-SecretGenerator/policy-namespace-patch-cmgCG-sgCG.yaml
index 009ab1d875..522e3829c9 100644
--- a/test/ConfigMapGenerator-SecretGenerator/policy-namespace-patch-cmgCG-sgCG.yaml
+++ b/test/ConfigMapGenerator-SecretGenerator/policy-namespace-patch-cmgCG-sgCG.yaml
@@ -11,7 +11,8 @@ spec :
rules:
- name: "patchNamespace2"
resource :
- kind : Namespace
+ kinds :
+ - Namespace
selector:
matchLabels:
LabelForSelector : "namespace2"
@@ -23,12 +24,13 @@ spec :
- name: "copyCM"
resource :
- kind : Namespace
+ kinds :
+ - Namespace
selector:
matchLabels:
LabelForSelector : "namespace2"
generate :
- kind: ConfigMap
+ - kind: ConfigMap
name : copied-cm
copyFrom :
namespace : default
@@ -38,12 +40,13 @@ spec :
- name: "generateCM"
resource :
- kind : Namespace
+ kinds :
+ - Namespace
selector:
matchLabels:
LabelForSelector : "namespace2"
generate :
- kind: ConfigMap
+ - kind: ConfigMap
name : generated-cm
data :
secretData: "very sensitive data from cmg"
@@ -56,10 +59,11 @@ spec :
- name: "generateSecret"
resource :
- kind : Namespace
+ kinds :
+ - Namespace
name: ns2
generate :
- kind: Secret
+ - kind: Secret
name : generated-secrets
data :
foo : bar
@@ -72,10 +76,11 @@ spec :
- name: "copySecret"
resource :
- kind : Namespace
+ kinds :
+ - Namespace
name: ns2
generate :
- kind: Secret
+ - kind: Secret
name : copied-secrets
copyFrom :
namespace : default
diff --git a/test/CronJob/policy-cronjob-wldcrd.yaml b/test/CronJob/policy-cronjob-wldcrd.yaml
index 09f5991758..c19f7f2f07 100644
--- a/test/CronJob/policy-cronjob-wldcrd.yaml
+++ b/test/CronJob/policy-cronjob-wldcrd.yaml
@@ -6,7 +6,8 @@ spec:
rules:
- name: pCJ
resource:
- kind : CronJob
+ kinds :
+ - CronJob
name: "?ell*"
mutate:
patches:
diff --git a/test/DaemonSet/policy-daemonset.yaml b/test/DaemonSet/policy-daemonset.yaml
index 333b0daf81..63e41ef074 100644
--- a/test/DaemonSet/policy-daemonset.yaml
+++ b/test/DaemonSet/policy-daemonset.yaml
@@ -6,7 +6,8 @@ spec:
rules:
- name: "Patch and Volume validation"
resource:
- kind: DaemonSet
+ kinds:
+ - DaemonSet
name: fluentd-elasticsearch
mutate:
patches:
diff --git a/test/Deployment/policy-deployment-any.yaml b/test/Deployment/policy-deployment-any.yaml
index 20c7e3a4fd..0218a1a8a2 100644
--- a/test/Deployment/policy-deployment-any.yaml
+++ b/test/Deployment/policy-deployment-any.yaml
@@ -6,8 +6,8 @@ spec :
rules:
- name: "First policy v2"
resource:
- kind : Deployment
- name: nginx-*
+ kinds :
+ - Deployment
mutate:
patches:
- path: /metadata/labels/isMutated
diff --git a/test/Endpoint/policy-endpoints.yaml b/test/Endpoint/policy-endpoints.yaml
index d598d75329..696dac4711 100644
--- a/test/Endpoint/policy-endpoints.yaml
+++ b/test/Endpoint/policy-endpoints.yaml
@@ -6,7 +6,8 @@ spec :
rules:
- name: pEP
resource:
- kind : Endpoints
+ kinds :
+ - Endpoints
selector:
matchLabels:
label : test
diff --git a/test/HorizontalPodAutoscaler/policy-hpa.yaml b/test/HorizontalPodAutoscaler/policy-hpa.yaml
index 4ec2afb3ba..fbdad6b56f 100644
--- a/test/HorizontalPodAutoscaler/policy-hpa.yaml
+++ b/test/HorizontalPodAutoscaler/policy-hpa.yaml
@@ -6,7 +6,8 @@ spec :
rules:
- name: hpa1
resource:
- kind : HorizontalPodAutoscaler
+ kinds :
+ - HorizontalPodAutoscaler
selector:
matchLabels:
originalLabel: isHere
diff --git a/test/Ingress/policy-ingress.yaml b/test/Ingress/policy-ingress.yaml
index e0c2abb1a7..220f741df6 100644
--- a/test/Ingress/policy-ingress.yaml
+++ b/test/Ingress/policy-ingress.yaml
@@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
kind: Policy
metadata :
name : policy-ingress
@@ -6,7 +6,8 @@ spec :
rules:
- name: ingress1
resource:
- kind : Ingress
+ kinds :
+ - Ingress
selector:
matchLabels:
originalLabel: isHere
diff --git a/test/Job/policy-job.yaml b/test/Job/policy-job.yaml
index eb023a8bf4..a9ef3e035d 100644
--- a/test/Job/policy-job.yaml
+++ b/test/Job/policy-job.yaml
@@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: policy-job-perl-bigint
@@ -6,7 +6,8 @@ spec :
rules:
- name: job1
resource:
- kind: Job
+ kinds:
+ - Job
name: pi
mutate:
patches:
diff --git a/test/LimitRange/policy-limitrange.yaml b/test/LimitRange/policy-limitrange.yaml
index 79d3c7bf45..ccc8fee490 100644
--- a/test/LimitRange/policy-limitrange.yaml
+++ b/test/LimitRange/policy-limitrange.yaml
@@ -1,12 +1,13 @@
-apiVersion : kubepolicy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
kind : Policy
metadata :
name : policy-limitrange
spec :
rules:
- - name:
+ - name: "rule"
resource:
- kind : LimitRange
+ kinds :
+ - LimitRange
selector:
matchLabels:
containerSize: minimal
diff --git a/test/Namespace/policy-namespace.yaml b/test/Namespace/policy-namespace.yaml
index 9ef999212f..1f8657f579 100644
--- a/test/Namespace/policy-namespace.yaml
+++ b/test/Namespace/policy-namespace.yaml
@@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
kind: Policy
metadata :
name : policy-namespace
@@ -7,7 +7,8 @@ spec :
rules:
- name: ns1
resource:
- kind : Namespace
+ kinds :
+ - Namespace
selector:
matchLabels:
LabelForSelector : "namespace"
diff --git a/test/NetworkPolicy/policy-network-policy.yaml b/test/NetworkPolicy/policy-network-policy.yaml
index 3e105c687b..2c7d415ddc 100644
--- a/test/NetworkPolicy/policy-network-policy.yaml
+++ b/test/NetworkPolicy/policy-network-policy.yaml
@@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: policy-network-policy
@@ -6,7 +6,8 @@ spec:
rules:
- name: np1
resource:
- kind : NetworkPolicy
+ kinds :
+ - NetworkPolicy
selector:
matchLabels:
originalLabel: isHere
diff --git a/test/PersistentVolumeClaim/policy-PVC.yaml b/test/PersistentVolumeClaim/policy-PVC.yaml
index 4a05f586af..7d45d2ae50 100644
--- a/test/PersistentVolumeClaim/policy-PVC.yaml
+++ b/test/PersistentVolumeClaim/policy-PVC.yaml
@@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: policy-pvc
@@ -6,7 +6,8 @@ spec:
rules:
- name: pvc1
resource:
- kind : PersistentVolumeClaim
+ kinds :
+ - PersistentVolumeClaim
matchLabels:
originalLabel: isHere
mutate:
diff --git a/test/PodDisruptionBudget/policy-pdb.yaml b/test/PodDisruptionBudget/policy-pdb.yaml
index 736d0199d4..dce6c993e0 100644
--- a/test/PodDisruptionBudget/policy-pdb.yaml
+++ b/test/PodDisruptionBudget/policy-pdb.yaml
@@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: policy-pdb
@@ -6,7 +6,8 @@ spec:
rules:
- name: pdb1
resource:
- kind : PodDisruptionBudget
+ kinds :
+ - PodDisruptionBudget
name: "game-pdb"
mutate:
patches:
diff --git a/test/PodTemplate/policy-PodTemplate.yaml b/test/PodTemplate/policy-PodTemplate.yaml
index dbe7b01e2a..bd19ba6d0f 100644
--- a/test/PodTemplate/policy-PodTemplate.yaml
+++ b/test/PodTemplate/policy-PodTemplate.yaml
@@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: test-podtemplate
@@ -6,7 +6,8 @@ spec:
rules:
- name: podtemplate1
resource:
- kind : PodTemplate
+ kinds :
+ - PodTemplate
selector:
matchLabels:
originalLabel: isHere
diff --git a/test/ResourceQuota/policy-quota-validation.yaml b/test/ResourceQuota/policy-quota-validation.yaml
index fcf59a5173..5fe16379b2 100644
--- a/test/ResourceQuota/policy-quota-validation.yaml
+++ b/test/ResourceQuota/policy-quota-validation.yaml
@@ -1,12 +1,13 @@
-apiVersion : kubepolicy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
kind : Policy
metadata :
name : policy-quota-low-test-validation
spec :
rules:
- - name:
+ - name: "rule1"
resource:
- kind : ResourceQuota
+ kinds :
+ - ResourceQuota
selector:
matchLabels:
quota: low
@@ -16,9 +17,10 @@ spec :
spec:
hard:
memory: "8Gi|12Gi"
- - name:
+ - name: "rule2"
resource:
- kind : ResourceQuota
+ kinds :
+ - ResourceQuota
selector:
matchLabels:
quota: low
@@ -28,9 +30,10 @@ spec :
spec:
hard:
cpu: <3
- - name:
+ - name: "rule3"
resource:
- kind : ResourceQuota
+ kinds :
+ - ResourceQuota
selector:
matchLabels:
quota: low
diff --git a/test/ResourceQuota/policy-quota.yaml b/test/ResourceQuota/policy-quota.yaml
index 89248787fe..fe131c5a74 100644
--- a/test/ResourceQuota/policy-quota.yaml
+++ b/test/ResourceQuota/policy-quota.yaml
@@ -1,12 +1,13 @@
-apiVersion : kubepolicy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
kind : Policy
metadata :
name : policy-quota-low-test
spec :
rules:
- - name:
+ - name: "rule"
resource:
- kind : ResourceQuota
+ kinds :
+ - ResourceQuota
selector:
matchLabels:
quota: low
diff --git a/test/Secret/policy-secret.yaml b/test/Secret/policy-secret.yaml
index aeae51ad14..8e008d040c 100644
--- a/test/Secret/policy-secret.yaml
+++ b/test/Secret/policy-secret.yaml
@@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: policy-secrets
@@ -6,7 +6,8 @@ spec:
rules:
- name: secret1
resource:
- kind : Secret
+ kinds :
+ - Secret
name: "mysecret"
mutate:
patches:
diff --git a/test/Service/policy-service.yaml b/test/Service/policy-service.yaml
index c92f4c6d21..c3ba48b24b 100644
--- a/test/Service/policy-service.yaml
+++ b/test/Service/policy-service.yaml
@@ -1,4 +1,4 @@
-apiVersion : kubepolicy.nirmata.io/v1alpha1
+apiVersion : kyverno.nirmata.io/v1alpha1
kind : Policy
metadata :
name : policy-service
@@ -6,7 +6,8 @@ spec :
rules:
- name: ps1
resource:
- kind: Service
+ kinds:
+ - Service
name: "game-service*"
mutate:
patches:
diff --git a/test/StatefulSet/policy-StatefulSet.yaml b/test/StatefulSet/policy-StatefulSet.yaml
index f9277c6016..9da7967d7a 100644
--- a/test/StatefulSet/policy-StatefulSet.yaml
+++ b/test/StatefulSet/policy-StatefulSet.yaml
@@ -1,4 +1,4 @@
-apiVersion: kubepolicy.nirmata.io/v1alpha1
+apiVersion: kyverno.nirmata.io/v1alpha1
kind: Policy
metadata:
name: policy-statefulset
@@ -6,7 +6,8 @@ spec:
rules:
- name: statefulset1
resource:
- kind : StatefulSet
+ kinds :
+ - StatefulSet
selector:
matchLabels:
originalLabel: isHere