feat: add chainsaw tests for global context crd validation (#9628)

* feat: add chainsaw tests for global context crd validation

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add globalcontext to standard conformance action

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: overlapping names

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

.github/workflows/conformance.yaml

@@ -7,8 +7,8 @@ permissions: {}
 on:
   pull_request:
     branches:
-      - 'main'
-      - 'release*'
+      - "main"
+      - "release*"
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -104,6 +104,7 @@ jobs:
           - ^generate$/^clusterpolicy$
           - ^generate$/^policy$
           - ^generate$/^validation$
+          - ^globalcontext$
           - ^mutate$
           - ^policy-validation$
           - ^rangeoperators$
@@ -645,7 +646,7 @@ jobs:
         with:
           version: main
           k8s-version: ${{ matrix.k8s-version.version }}
-          knative-version: '1.10.0'
+          knative-version: "1.10.0"
       - name: Create TUF values config map
         run: |
           set -e

test/conformance/chainsaw/globalcontext/validate-crd/README.md

@@ -0,0 +1,10 @@
+## Description
+
+This test creates the following global context entries:
+1. A valid global context entry.
+2. A context entry with both `kubernetesResource` and `apiCall`.
+3. A context entry with neither `kubernetesResource` nor `apiCall`.
+
+## Expected Behavior
+
+1st global context entry should get created, 2nd and 3rd entries should return an error.

test/conformance/chainsaw/globalcontext/validate-crd/chainsaw-test.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  creationTimestamp: null
+  name: validate-global-context-crd
+spec:
+  steps:
+    - name: step-01
+      try:
+        - apply:
+            file: valid-context.yaml
+        - assert:
+            file: valid-context-assert.yaml
+    - name: step-02
+      try:
+        - apply:
+            file: multiple-resources.yaml
+            expect:
+              - check:
+                  ($error != null): true
+    - name: step-03
+      try:
+        - apply:
+            file: no-resource.yaml
+            expect:
+              - check:
+                  ($error != null): true

test/conformance/chainsaw/globalcontext/validate-crd/multiple-resources.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: kyverno.io/v2alpha1
+kind: GlobalContextEntry
+metadata:
+  name: ingress-2
+spec:
+  apiCall:
+    service:
+      url: https://svc.kyverno/example
+      caBundle: |-
+        -----BEGIN CERTIFICATE-----
+        -----REDACTED-----
+        -----END CERTIFICATE-----
+    refreshInterval: 10ns
+  kubernetesResource:
+    group: apis/networking.k8s.io
+    version: v1
+    resource: ingresses
+    namespace: apps

test/conformance/chainsaw/globalcontext/validate-crd/no-resource.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kyverno.io/v2alpha1
+kind: GlobalContextEntry
+metadata:
+  name: ingress-3
+spec: {}

test/conformance/chainsaw/globalcontext/validate-crd/valid-context-assert.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kyverno.io/v2alpha1
+kind: GlobalContextEntry
+metadata:
+  name: ingress-1

test/conformance/chainsaw/globalcontext/validate-crd/valid-context.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: kyverno.io/v2alpha1
+kind: GlobalContextEntry
+metadata:
+  name: ingress-1
+spec:
+  apiCall:
+    service:
+      url: https://svc.kyverno/example
+      caBundle: |-
+        -----BEGIN CERTIFICATE-----
+        -----REDACTED-----
+        -----END CERTIFICATE-----
+    refreshInterval: 10ns