[Feature] Add kuttl tests with policy exceptions disabled (#7117)

* added tests

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* removed redundant code

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* typo fix and README changes

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

---------

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

test/conformance/kuttl/policy-validation/cluster-policy/invalid-timeout/README.md

@@ -4,4 +4,4 @@ This test tries to create policies with invalid timeouts (`< 1` or `> 30`).
 
 ## Expected Behavior
 
-Policies shoudl be rejected.
+Policies should be rejected.

test/conformance/kuttl/policy-validation/cluster-policy/policy-exceptions-disabled/00-policy.yaml

@@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- policy.yaml
+assert:
+- policy-assert.yaml

test/conformance/kuttl/policy-validation/cluster-policy/policy-exceptions-disabled/01-policy_exception.yaml

@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- policy_exception.yaml

test/conformance/kuttl/policy-validation/cluster-policy/policy-exceptions-disabled/02-resource.yaml

@@ -0,0 +1,5 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+apply:
+- file: resource.yaml
+  shouldFail: true

test/conformance/kuttl/policy-validation/cluster-policy/policy-exceptions-disabled/README.md

@@ -0,0 +1,7 @@
+## Description
+
+This test is attempting to create a resource with the label "app: my-test-app", which would typically violate the policy defined. However, there is a policy exception defined for resources with the same label, which should bypass the policy. Since the Policy Exception feature has not been enabled, the resource will be blocked by the policy instead of being allowed.
+
+## Expected Behavior
+
+The Pod should be blocked.

test/conformance/kuttl/policy-validation/cluster-policy/policy-exceptions-disabled/policy-assert.yaml

@@ -0,0 +1,9 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: require-app-label
+status:
+  conditions:
+  - reason: Succeeded
+    status: "True"
+    type: Ready

test/conformance/kuttl/policy-validation/cluster-policy/policy-exceptions-disabled/policy.yaml

@@ -0,0 +1,21 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: require-app-label
+spec:
+  validationFailureAction: Enforce
+  background: false
+  rules:
+    - name: require-app-label
+      match:
+        any:
+        - resources:
+           kinds:
+           - Pod
+           - Deployment
+      validate:
+        message: Pod must include the 'app=my-app' label
+        pattern:
+          metadata:
+            labels:
+              app: my-app 

test/conformance/kuttl/policy-validation/cluster-policy/policy-exceptions-disabled/policy_exception.yaml

@@ -0,0 +1,21 @@
+apiVersion: kyverno.io/v2alpha1
+kind: PolicyException
+metadata:
+  name: label-exception
+  namespace: default
+spec:
+  exceptions:
+  - policyName: require-app-label
+    ruleNames:
+    - require-app-label
+  match:
+    any:
+    - resources:
+        kinds:
+        - Pod
+        - Deployment
+        namespaces:
+        - default
+        selector:
+         matchLabels:
+           app: my-test-app

test/conformance/kuttl/policy-validation/cluster-policy/policy-exceptions-disabled/resource.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: my-pod
+  labels:
+    app: my-test-app
+spec:
+  containers:
+  - name: nginx
+    image: nginx