diff --git a/test/cli/test/policy.yaml b/test/cli/test/simple/policy.yaml
similarity index 100%
rename from test/cli/test/policy.yaml
rename to test/cli/test/simple/policy.yaml
diff --git a/test/cli/test/resources.yaml b/test/cli/test/simple/resources.yaml
similarity index 100%
rename from test/cli/test/resources.yaml
rename to test/cli/test/simple/resources.yaml
diff --git a/test/cli/test/test.yaml b/test/cli/test/simple/test.yaml
similarity index 93%
rename from test/cli/test/test.yaml
rename to test/cli/test/simple/test.yaml
index f1063ead4d..674f1b00ea 100644
--- a/test/cli/test/test.yaml
+++ b/test/cli/test/simple/test.yaml
@@ -1,4 +1,4 @@
-name: test
+name: test-simple
 policies:
   - policy.yaml
 resources:
diff --git a/test/cli/test/variables/cm-array-example.yaml b/test/cli/test/variables/cm-array-example.yaml
new file mode 100644
index 0000000000..7415720b80
--- /dev/null
+++ b/test/cli/test/variables/cm-array-example.yaml
@@ -0,0 +1,25 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cm-array-example
+spec:
+  validationFailureAction: enforce
+  background: false
+  rules:
+  - name: validate-role-annotation
+    context:
+      - name: roles-dictionary
+        configMap:
+          name: roles-dictionary
+          namespace: default
+    match:
+      resources:
+        kinds:
+        - Pod
+    validate:
+      message: "The role {{ request.object.metadata.annotations.role }} is not in the allowed list of roles: {{ \"roles-dictionary\".data.\"allowed-roles\" }}."
+      deny:
+        conditions:
+        - key: "{{ request.object.metadata.annotations.role }}"
+          operator: NotIn
+          value:  "{{ \"roles-dictionary\".data.\"allowed-roles\" }}"
diff --git a/test/cli/test/variables/cm-variable-example.yaml b/test/cli/test/variables/cm-variable-example.yaml
new file mode 100644
index 0000000000..7055a66d2d
--- /dev/null
+++ b/test/cli/test/variables/cm-variable-example.yaml
@@ -0,0 +1,21 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: cm-variable-example
+spec:
+  rules:
+  - name: example-configmap-lookup
+    context:
+    - name: dictionary
+      configMap:
+        name: some-config-map
+        namespace: some-namespace
+    match:
+      resources:
+        kinds:
+        - Pod
+    validate:
+      pattern:
+        metadata:
+          labels:
+            my-environment-name: "{{dictionary.data.env}}"
diff --git a/test/cli/test/variables/resources.yaml b/test/cli/test/variables/resources.yaml
new file mode 100644
index 0000000000..a96522f5f2
--- /dev/null
+++ b/test/cli/test/variables/resources.yaml
@@ -0,0 +1,43 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-env-test
+  labels:
+    my-environment-name: test
+spec: 
+  containers:
+  - name: nginx
+    image: nginx:latest
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-env-dev
+  labels:
+    my-environment-name: dev
+spec: 
+  containers:
+  - name: nginx
+    image: nginx:1.12
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-web
+  annotations:
+    role: web
+spec: 
+  containers:
+  - name: nginx
+    image: nginx:latest
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-app
+  annotations:
+    role: app
+spec: 
+  containers:
+  - name: nginx
+    image: nginx:1.12
diff --git a/test/cli/test/variables/test.yaml b/test/cli/test/variables/test.yaml
new file mode 100644
index 0000000000..4473d21506
--- /dev/null
+++ b/test/cli/test/variables/test.yaml
@@ -0,0 +1,24 @@
+name: test-variables
+policies:
+  - cm-variable-example.yaml
+  - cm-array-example.yaml
+resources:
+  - resources.yaml
+variables: variables.yaml
+results:
+  - policy: cm-variable-example
+    rule: example-configmap-lookup
+    resource: test-env-test
+    status: pass
+  - policy: cm-variable-example
+    rule: example-configmap-lookup
+    resource: test-env-dev
+    status: fail
+  - policy: cm-array-example
+    rule: validate-role-annotation
+    resource: test-web
+    status: fail
+  - policy: cm-array-example
+    rule: validate-role-annotation
+    resource: test-app
+    status: pass
diff --git a/test/cli/test/variables/variables.yaml b/test/cli/test/variables/variables.yaml
new file mode 100644
index 0000000000..942ddc9ce2
--- /dev/null
+++ b/test/cli/test/variables/variables.yaml
@@ -0,0 +1,25 @@
+policies:
+  - name: cm-variable-example
+    rules:
+      - name: example-configmap-lookup
+        values:
+          dictionary.data.env: test
+    resources:
+      - name: test-env-test
+        values:
+          request.object.metadata.name: test-env-test
+      - name: test-env-dev
+        values:
+          request.object.metadata.name: test-env-dev
+  - name: cm-array-example
+    rules:
+      - name: validate-role-annotation
+        values:
+          roles-dictionary.data.allowed-roles: "[\"app\",\"test\"]"
+    resources:
+      - name: test-web
+        values:
+          request.object.metadata.annotations.role: web
+      - name: test-app
+        values:
+          request.object.metadata.annotations.role: app