From c78ab6654c081397746ca4a76cdd014fef7d44ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Tue, 4 Feb 2025 10:22:43 +0100 Subject: [PATCH] tests: add chainsaw test for image data loading (#12077) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- .../context/image-data/chainsaw-test.yaml | 17 ++++++++++++++ .../context/image-data/deployment.yaml | 19 +++++++++++++++ .../context/image-data/policy.yaml | 23 +++++++++++++++++++ 3 files changed, 59 insertions(+) create mode 100755 test/conformance/chainsaw/validating-policies/context/image-data/chainsaw-test.yaml create mode 100644 test/conformance/chainsaw/validating-policies/context/image-data/deployment.yaml create mode 100644 test/conformance/chainsaw/validating-policies/context/image-data/policy.yaml diff --git a/test/conformance/chainsaw/validating-policies/context/image-data/chainsaw-test.yaml b/test/conformance/chainsaw/validating-policies/context/image-data/chainsaw-test.yaml new file mode 100755 index 0000000000..9d0838e12d --- /dev/null +++ b/test/conformance/chainsaw/validating-policies/context/image-data/chainsaw-test.yaml @@ -0,0 +1,17 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + name: image-data +spec: + steps: + - name: create policy + try: + - create: + file: policy.yaml + - sleep: + duration: 10s + - name: create deployment + try: + - create: + file: deployment.yaml diff --git a/test/conformance/chainsaw/validating-policies/context/image-data/deployment.yaml b/test/conformance/chainsaw/validating-policies/context/image-data/deployment.yaml new file mode 100644 index 0000000000..cdd89bd495 --- /dev/null +++ b/test/conformance/chainsaw/validating-policies/context/image-data/deployment.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment + labels: + app: nginx +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:latest diff --git a/test/conformance/chainsaw/validating-policies/context/image-data/policy.yaml b/test/conformance/chainsaw/validating-policies/context/image-data/policy.yaml new file mode 100644 index 0000000000..b35a982f62 --- /dev/null +++ b/test/conformance/chainsaw/validating-policies/context/image-data/policy.yaml @@ -0,0 +1,23 @@ +apiVersion: kyverno.io/v2alpha1 +kind: ValidatingPolicy +metadata: + name: check-deployment-labels +spec: + matchConstraints: + resourceRules: + - apiGroups: [apps] + apiVersions: [v1] + operations: [CREATE, UPDATE] + resources: [deployments] + variables: + - name: image + expression: >- + context.GetImageData("ghcr.io/kyverno/kyverno:latest") + - name: accept + expression: >- + variables.image != null + validations: + - expression: >- + variables.accept + message: >- + Deployment must be accepted