diff --git a/test/conformance/chainsaw/validate/anchors/conditional-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/anchors/conditional-deprecated/chainsaw-test.yaml index ef23c20c13..9d9f0b04a2 100644 --- a/test/conformance/chainsaw/validate/anchors/conditional-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/anchors/conditional-deprecated/chainsaw-test.yaml @@ -4,35 +4,43 @@ metadata: name: conditional-anchor spec: steps: - - name: apply-namespace - try: - - apply: - file: namespace.yaml - - name: apply-policy - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml - - name: apply-labelled-resource - try: - - apply: - file: labelled-resource.yaml - - name: apply-unlabelled-resource - try: - - apply: - file: unlabelled-resource.yaml - - name: apply-scaling - try: - - script: - content: - "if kubectl -n test-anchors scale deployment labelled-deployment --replicas 2\nthen - \n exit 0\nelse \n exit 1\nfi\n" - - script: - content: - "if kubectl -n test-anchors scale deployment labelled-deployment --replicas 9\nthen - \n exit 1\nelse \n exit 0\nfi\n" - - script: - content: - "if kubectl -n test-anchors scale deployment unlabelled-deployment --replicas 9\nthen - \n exit 0\nelse \n exit 1\nfi\n" + - name: apply-namespace + try: + - apply: + file: namespace.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: restrict-scale + - name: apply-labelled-resource + try: + - apply: + file: labelled-resource.yaml + - name: apply-unlabelled-resource + try: + - apply: + file: unlabelled-resource.yaml + - name: apply-scaling + try: + - script: + content: + "if kubectl -n test-anchors scale deployment labelled-deployment --replicas 2\nthen + \n exit 0\nelse \n exit 1\nfi\n" + - script: + content: + "if kubectl -n test-anchors scale deployment labelled-deployment --replicas 9\nthen + \n exit 1\nelse \n exit 0\nfi\n" + - script: + content: + "if kubectl -n test-anchors scale deployment unlabelled-deployment --replicas 9\nthen + \n exit 0\nelse \n exit 1\nfi\n" diff --git a/test/conformance/chainsaw/validate/anchors/conditional-deprecated/policy-ready.yaml b/test/conformance/chainsaw/validate/anchors/conditional-deprecated/policy-ready.yaml deleted file mode 100644 index 07ccd2afd8..0000000000 --- a/test/conformance/chainsaw/validate/anchors/conditional-deprecated/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: restrict-scale -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/anchors/conditional/chainsaw-test.yaml b/test/conformance/chainsaw/validate/anchors/conditional/chainsaw-test.yaml index ef23c20c13..9d9f0b04a2 100644 --- a/test/conformance/chainsaw/validate/anchors/conditional/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/anchors/conditional/chainsaw-test.yaml @@ -4,35 +4,43 @@ metadata: name: conditional-anchor spec: steps: - - name: apply-namespace - try: - - apply: - file: namespace.yaml - - name: apply-policy - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml - - name: apply-labelled-resource - try: - - apply: - file: labelled-resource.yaml - - name: apply-unlabelled-resource - try: - - apply: - file: unlabelled-resource.yaml - - name: apply-scaling - try: - - script: - content: - "if kubectl -n test-anchors scale deployment labelled-deployment --replicas 2\nthen - \n exit 0\nelse \n exit 1\nfi\n" - - script: - content: - "if kubectl -n test-anchors scale deployment labelled-deployment --replicas 9\nthen - \n exit 1\nelse \n exit 0\nfi\n" - - script: - content: - "if kubectl -n test-anchors scale deployment unlabelled-deployment --replicas 9\nthen - \n exit 0\nelse \n exit 1\nfi\n" + - name: apply-namespace + try: + - apply: + file: namespace.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: restrict-scale + - name: apply-labelled-resource + try: + - apply: + file: labelled-resource.yaml + - name: apply-unlabelled-resource + try: + - apply: + file: unlabelled-resource.yaml + - name: apply-scaling + try: + - script: + content: + "if kubectl -n test-anchors scale deployment labelled-deployment --replicas 2\nthen + \n exit 0\nelse \n exit 1\nfi\n" + - script: + content: + "if kubectl -n test-anchors scale deployment labelled-deployment --replicas 9\nthen + \n exit 1\nelse \n exit 0\nfi\n" + - script: + content: + "if kubectl -n test-anchors scale deployment unlabelled-deployment --replicas 9\nthen + \n exit 0\nelse \n exit 1\nfi\n" diff --git a/test/conformance/chainsaw/validate/anchors/conditional/policy-ready.yaml b/test/conformance/chainsaw/validate/anchors/conditional/policy-ready.yaml deleted file mode 100644 index 07ccd2afd8..0000000000 --- a/test/conformance/chainsaw/validate/anchors/conditional/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: restrict-scale -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/chainsaw-test.yaml index 833c3be776..20df5bb5c0 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: apply-on-deletion spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: cpol-apply-on-deletion - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/policy-ready.yaml deleted file mode 100644 index e652590157..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion-deprecated/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-apply-on-deletion -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/chainsaw-test.yaml index 833c3be776..20df5bb5c0 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: apply-on-deletion spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: cpol-apply-on-deletion - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/policy-ready.yaml deleted file mode 100644 index e652590157..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/apply-on-deletion/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: cpol-apply-on-deletion -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/chainsaw-test.yaml index 67d9bdc41e..928affd769 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: cel-messages-upon-resource-failure spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-host-port-in-pods - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/policy-assert.yaml deleted file mode 100644 index 44cefa2052..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure-deprecated/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-host-port-in-pods -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/chainsaw-test.yaml index 67d9bdc41e..928affd769 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: cel-messages-upon-resource-failure spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-host-port-in-pods - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/policy-assert.yaml deleted file mode 100644 index 44cefa2052..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/cel-messages-upon-resource-failure/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-host-port-in-pods -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/chainsaw-test.yaml index 212eaae486..f741b6acc4 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/chainsaw-test.yaml @@ -4,18 +4,34 @@ metadata: name: check-message-upon-resource-failure spec: steps: - - name: step-01 - try: - - apply: - file: policy-1.yaml - - assert: - file: policy-assert1.yaml - - name: step-02 - try: - - apply: - file: policy-2.yaml - - assert: - file: policy-assert2.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy-1.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-ns-owner-label + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy-2.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: preconditions-check - name: step-03 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-assert1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-assert1.yaml deleted file mode 100644 index 7041619c19..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-assert1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-ns-owner-label -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-assert2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-assert2.yaml deleted file mode 100644 index 84062db7e0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure-deprecated/policy-assert2.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: preconditions-check -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/chainsaw-test.yaml index 212eaae486..f741b6acc4 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/chainsaw-test.yaml @@ -4,18 +4,34 @@ metadata: name: check-message-upon-resource-failure spec: steps: - - name: step-01 - try: - - apply: - file: policy-1.yaml - - assert: - file: policy-assert1.yaml - - name: step-02 - try: - - apply: - file: policy-2.yaml - - assert: - file: policy-assert2.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy-1.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-ns-owner-label + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy-2.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: preconditions-check - name: step-03 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/policy-assert1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/policy-assert1.yaml deleted file mode 100644 index 7041619c19..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/policy-assert1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-ns-owner-label -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/policy-assert2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/policy-assert2.yaml deleted file mode 100644 index 84062db7e0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/policy-assert2.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: preconditions-check -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/different-configuration-for-actions/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/different-configuration-for-actions/chainsaw-test.yaml index 6783a12079..1dfba826f1 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/different-configuration-for-actions/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/different-configuration-for-actions/chainsaw-test.yaml @@ -4,20 +4,28 @@ metadata: name: different-configuration-for-actions spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml - - name: step-02 - try: + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-ns-labels + - name: step-02 + try: + - apply: + file: good-resources.yaml + - name: step-03 + try: - apply: - file: good-resources.yaml - - name: step-03 - try: - - apply: - expect: - - check: - ($error != null): true - file: bad-resources.yaml + expect: + - check: + ($error != null): true + file: bad-resources.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/different-configuration-for-actions/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/different-configuration-for-actions/policy-assert.yaml deleted file mode 100644 index 3d14b530d7..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/different-configuration-for-actions/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-ns-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/chainsaw-test.yaml index 262fdd97fa..f428ec2221 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: ephemeral-containers spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: restrict-image-registries - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/policy-ready.yaml deleted file mode 100644 index 3061a8121c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers-deprecated/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: restrict-image-registries -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/chainsaw-test.yaml index 262fdd97fa..f428ec2221 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: ephemeral-containers spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: restrict-image-registries - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/policy-ready.yaml deleted file mode 100644 index 3061a8121c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/ephemeral-containers/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: restrict-image-registries -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/chainsaw-test.yaml index ba81beb92a..c37bea3bc5 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/chainsaw-test.yaml @@ -10,15 +10,26 @@ spec: file: keda.yaml - assert: file: keda-ready.yaml - - name: step-01 - try: - - apply: - file: cluster-policy.yaml - - assert: - file: cluster-policy-ready.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: external-metrics-policy + - name: wait policy ready + use: + template: ../../../../_step-templates/policy-ready.yaml + with: + bindings: + - name: name + value: external-metrics-policy-default + - name: namespace + value: default diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/cluster-policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/cluster-policy-ready.yaml deleted file mode 100644 index 5770a6453c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/cluster-policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: external-metrics-policy -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/cluster-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/cluster-policy.yaml deleted file mode 100644 index 8a4bb5c351..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/cluster-policy.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: external-metrics-policy -spec: - validationFailureAction: Enforce - background: false - rules: - - name: external-metrics-rule - match: - all: - - clusterRoles: - - evil-cr - resources: - kinds: - - Secret - validate: - message: 'You should be careful when trying to change/delete {{request.oldObject.kind}} in {{request.oldObject.name}}. These are my-precious resources and touching them might break my heart.' - deny: - conditions: - any: - - key: '{{request.operation}}' - operator: Equals - value: DELETE - - key: '{{request.operation}}' - operator: Equals - value: UPDATE - - key: '{{request.operation}}' - operator: Equals - value: CREATE \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/policy-ready.yaml deleted file mode 100644 index a963ab024b..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/policy-ready.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: external-metrics-policy-default - namespace: default -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/policy.yaml index ae4b0451e3..02ad41a1d2 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/policy.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics-deprecated/policy.yaml @@ -1,4 +1,35 @@ apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: external-metrics-policy +spec: + validationFailureAction: Enforce + background: false + rules: + - name: external-metrics-rule + match: + all: + - clusterRoles: + - evil-cr + resources: + kinds: + - Secret + validate: + message: 'You should be careful when trying to change/delete {{request.oldObject.kind}} in {{request.oldObject.name}}. These are my-precious resources and touching them might break my heart.' + deny: + conditions: + any: + - key: '{{request.operation}}' + operator: Equals + value: DELETE + - key: '{{request.operation}}' + operator: Equals + value: UPDATE + - key: '{{request.operation}}' + operator: Equals + value: CREATE +--- +apiVersion: kyverno.io/v1 kind: Policy metadata: name: external-metrics-policy-default @@ -28,4 +59,4 @@ spec: value: UPDATE - key: '{{request.operation}}' operator: Equals - value: CREATE \ No newline at end of file + value: CREATE diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/chainsaw-test.yaml index ba81beb92a..c37bea3bc5 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/chainsaw-test.yaml @@ -10,15 +10,26 @@ spec: file: keda.yaml - assert: file: keda-ready.yaml - - name: step-01 - try: - - apply: - file: cluster-policy.yaml - - assert: - file: cluster-policy-ready.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: external-metrics-policy + - name: wait policy ready + use: + template: ../../../../_step-templates/policy-ready.yaml + with: + bindings: + - name: name + value: external-metrics-policy-default + - name: namespace + value: default diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/cluster-policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/cluster-policy-ready.yaml deleted file mode 100644 index 5770a6453c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/cluster-policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: external-metrics-policy -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/cluster-policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/cluster-policy.yaml deleted file mode 100644 index 962fd74f73..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/cluster-policy.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: external-metrics-policy -spec: - background: false - rules: - - name: external-metrics-rule - match: - all: - - clusterRoles: - - evil-cr - resources: - kinds: - - Secret - validate: - failureAction: Enforce - message: 'You should be careful when trying to change/delete {{request.oldObject.kind}} in {{request.oldObject.name}}. These are my-precious resources and touching them might break my heart.' - deny: - conditions: - any: - - key: '{{request.operation}}' - operator: Equals - value: DELETE - - key: '{{request.operation}}' - operator: Equals - value: UPDATE - - key: '{{request.operation}}' - operator: Equals - value: CREATE \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/policy-ready.yaml deleted file mode 100644 index a963ab024b..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/policy-ready.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: external-metrics-policy-default - namespace: default -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/policy.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/policy.yaml index 5b54ad615e..97424de559 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/policy.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/external-metrics/policy.yaml @@ -1,4 +1,35 @@ apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: external-metrics-policy +spec: + background: false + rules: + - name: external-metrics-rule + match: + all: + - clusterRoles: + - evil-cr + resources: + kinds: + - Secret + validate: + failureAction: Enforce + message: 'You should be careful when trying to change/delete {{request.oldObject.kind}} in {{request.oldObject.name}}. These are my-precious resources and touching them might break my heart.' + deny: + conditions: + any: + - key: '{{request.operation}}' + operator: Equals + value: DELETE + - key: '{{request.operation}}' + operator: Equals + value: UPDATE + - key: '{{request.operation}}' + operator: Equals + value: CREATE +--- +apiVersion: kyverno.io/v1 kind: Policy metadata: name: external-metrics-policy-default @@ -28,4 +59,4 @@ spec: value: UPDATE - key: '{{request.operation}}' operator: Equals - value: CREATE \ No newline at end of file + value: CREATE diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/chainsaw-test.yaml index e5ed2f0064..262c7fcf7e 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: variable-substitution-failure-messages spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-panic - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/policy-assert.yaml deleted file mode 100644 index 84d72139a2..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution-deprecated/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-panic -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution/chainsaw-test.yaml index e5ed2f0064..262c7fcf7e 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: variable-substitution-failure-messages spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-panic - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution/policy-assert.yaml deleted file mode 100644 index 84d72139a2..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/invalid-jmespath-variable-substitution/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-panic -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/chainsaw-test.yaml index ba73d74fd7..f132c31284 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: psa-run-as-non-root spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: psp-restricted-limited - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/policy-assert.yaml deleted file mode 100644 index e5855a5d4f..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/psa-run-as-non-root/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: psp-restricted-limited -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/chainsaw-test.yaml index baeb8c622f..dddec827ab 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/chainsaw-test.yaml @@ -8,9 +8,17 @@ spec: try: - apply: file: chainsaw-step-00-apply-1-1.yaml - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: generate-cm-for-kube-state-metrics-crds diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/policy-assert.yaml deleted file mode 100644 index f5fb60444d..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting-deprecated/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: generate-cm-for-kube-state-metrics-crds -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/chainsaw-test.yaml index baeb8c622f..dddec827ab 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/chainsaw-test.yaml @@ -8,9 +8,17 @@ spec: try: - apply: file: chainsaw-step-00-apply-1-1.yaml - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: generate-cm-for-kube-state-metrics-crds diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/policy-assert.yaml deleted file mode 100644 index f5fb60444d..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/schema-validation-for-mutateExisting/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: generate-cm-for-kube-state-metrics-crds -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/two-rules-with-different-action/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/two-rules-with-different-action/chainsaw-test.yaml index 2a5e977cec..704671b9e7 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/two-rules-with-different-action/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/two-rules-with-different-action/chainsaw-test.yaml @@ -4,30 +4,38 @@ metadata: name: two-rules-with-different-action spec: steps: - - name: step-01 - try: - - script: - content: kubectl patch configmap kyverno -p '{"data":{"generateSuccessEvents":"true"}}' -n kyverno - - assert: - file: kyverno-configmap-assert.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml - - name: step-03 - try: + - name: step-01 + try: + - script: + content: kubectl patch configmap kyverno -p '{"data":{"generateSuccessEvents":"true"}}' -n kyverno + - assert: + file: kyverno-configmap-assert.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-ns-labels + - name: step-03 + try: + - apply: + file: good-resources.yaml + - name: step-04 + try: - apply: - file: good-resources.yaml - - name: step-04 - try: - - apply: - expect: - - check: - ($error != null): true - file: bad-resources.yaml - - name: step-05 - try: - - assert: - file: events-assert.yaml + expect: + - check: + ($error != null): true + file: bad-resources.yaml + - name: step-05 + try: + - assert: + file: events-assert.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/two-rules-with-different-action/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/two-rules-with-different-action/policy-assert.yaml deleted file mode 100644 index 3d14b530d7..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/two-rules-with-different-action/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-ns-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/chainsaw-test.yaml index 22f1cd0a4b..6311ab9c44 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/chainsaw-test.yaml @@ -4,20 +4,28 @@ metadata: name: validate-pattern-should-fail spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml - - name: step-02 - try: - - apply: - expect: - - check: - ($error != null): true - file: resource.yaml - - name: step-03 - try: - - assert: - file: event-assert.yaml \ No newline at end of file + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: priv + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: resource.yaml + - name: step-03 + try: + - assert: + file: event-assert.yaml \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/policy-assert.yaml deleted file mode 100644 index a695a5250c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail-deprecated/policy-assert.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: priv -spec: {} -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail/chainsaw-test.yaml index 22f1cd0a4b..6311ab9c44 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail/chainsaw-test.yaml @@ -4,20 +4,28 @@ metadata: name: validate-pattern-should-fail spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml - - name: step-02 - try: - - apply: - expect: - - check: - ($error != null): true - file: resource.yaml - - name: step-03 - try: - - assert: - file: event-assert.yaml \ No newline at end of file + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: priv + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: resource.yaml + - name: step-03 + try: + - assert: + file: event-assert.yaml \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail/policy-assert.yaml deleted file mode 100644 index a695a5250c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-fail/policy-assert.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: priv -spec: {} -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/chainsaw-test.yaml index 712f6d3ca8..9c398ddc73 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/chainsaw-test.yaml @@ -4,27 +4,35 @@ metadata: name: validate-pattern-should-pass spec: steps: - - name: step-01 - try: - - script: - content: kubectl patch configmap kyverno -p '{"data":{"generateSuccessEvents":"true"}}' -n kyverno + - name: step-01 + try: + - script: + content: kubectl patch configmap kyverno -p '{"data":{"generateSuccessEvents":"true"}}' -n kyverno + - assert: + file: kyverno-configmap-assert.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: priv + - name: step-03 + try: + - apply: + file: resource.yaml + - name: step-04 + try: - assert: - file: kyverno-configmap-assert.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml - - name: step-03 - try: - - apply: - file: resource.yaml - - name: step-04 - try: - - assert: - file: event-assert.yaml - - name: step-05 - try: - - assert: - file: report-pass-assert.yaml \ No newline at end of file + file: event-assert.yaml + - name: step-05 + try: + - assert: + file: report-pass-assert.yaml \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/policy-assert.yaml deleted file mode 100644 index a695a5250c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass-deprecated/policy-assert.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: priv -spec: {} -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass/chainsaw-test.yaml index 712f6d3ca8..9c398ddc73 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass/chainsaw-test.yaml @@ -4,27 +4,35 @@ metadata: name: validate-pattern-should-pass spec: steps: - - name: step-01 - try: - - script: - content: kubectl patch configmap kyverno -p '{"data":{"generateSuccessEvents":"true"}}' -n kyverno + - name: step-01 + try: + - script: + content: kubectl patch configmap kyverno -p '{"data":{"generateSuccessEvents":"true"}}' -n kyverno + - assert: + file: kyverno-configmap-assert.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: priv + - name: step-03 + try: + - apply: + file: resource.yaml + - name: step-04 + try: - assert: - file: kyverno-configmap-assert.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml - - name: step-03 - try: - - apply: - file: resource.yaml - - name: step-04 - try: - - assert: - file: event-assert.yaml - - name: step-05 - try: - - assert: - file: report-pass-assert.yaml \ No newline at end of file + file: event-assert.yaml + - name: step-05 + try: + - assert: + file: report-pass-assert.yaml \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass/policy-assert.yaml deleted file mode 100644 index a695a5250c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-pass/policy-assert.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: priv -spec: {} -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/chainsaw-test.yaml index 7805cdd765..9f7a246382 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/chainsaw-test.yaml @@ -4,17 +4,25 @@ metadata: name: validate-pattern-should-skip spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml - - name: step-02 - try: - - apply: - file: resource.yaml - - name: step-03 - try: - - assert: - file: report-skip-assert.yaml \ No newline at end of file + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: priv + - name: step-02 + try: + - apply: + file: resource.yaml + - name: step-03 + try: + - assert: + file: report-skip-assert.yaml \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/policy-assert.yaml deleted file mode 100644 index a695a5250c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip-deprecated/policy-assert.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: priv -spec: {} -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip/chainsaw-test.yaml index 7805cdd765..9f7a246382 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip/chainsaw-test.yaml @@ -4,17 +4,25 @@ metadata: name: validate-pattern-should-skip spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml - - name: step-02 - try: - - apply: - file: resource.yaml - - name: step-03 - try: - - assert: - file: report-skip-assert.yaml \ No newline at end of file + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: priv + - name: step-02 + try: + - apply: + file: resource.yaml + - name: step-03 + try: + - assert: + file: report-skip-assert.yaml \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip/policy-assert.yaml deleted file mode 100644 index a695a5250c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/validate-pattern-should-skip/policy-assert.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: priv -spec: {} -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/chainsaw-test.yaml index cc9816b76c..ab34590b91 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: variable-substitution-failure-messages spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: uid-groups-fsgroup-validate - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/policy-assert.yaml deleted file mode 100644 index efa97035d5..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages-deprecated/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: uid-groups-fsgroup-validate -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/chainsaw-test.yaml index cc9816b76c..ab34590b91 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: variable-substitution-failure-messages spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: uid-groups-fsgroup-validate - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/policy-assert.yaml deleted file mode 100644 index efa97035d5..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: uid-groups-fsgroup-validate -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 0c97fb1ab2..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: ingress-unique-host -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-test.yaml index ff8b6cf135..4168779572 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-test.yaml @@ -4,16 +4,26 @@ metadata: name: lazyload spec: steps: + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: ingress-unique-host - name: step-01 try: - - apply: - file: chainsaw-step-01-apply-1-1.yaml - apply: file: chainsaw-step-01-apply-1-2.yaml - apply: file: chainsaw-step-01-apply-1-3.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml - assert: file: chainsaw-step-01-assert-1-2.yaml - name: step-02 diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/chainsaw-step-01-apply-1-1.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/lazyload/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 6fe832672c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-subjectaccessreview -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-test.yaml index d74a54999e..5686f79390 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-test.yaml @@ -12,10 +12,20 @@ spec: file: chainsaw-step-01-apply-1-2.yaml - apply: file: chainsaw-step-01-apply-1-3.yaml - - apply: - file: chainsaw-step-01-apply-1-4.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-subjectaccessreview - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/chainsaw-step-01-apply-1-4.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls-deprecated/subjectaccessreview/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/default/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/default/chainsaw-test.yaml index 32611b781c..11b41de5b2 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/default/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/default/chainsaw-test.yaml @@ -8,12 +8,20 @@ spec: try: - apply: file: ns-bad.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: default - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 0c97fb1ab2..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: ingress-unique-host -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-test.yaml index ff8b6cf135..4168779572 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-test.yaml @@ -4,16 +4,26 @@ metadata: name: lazyload spec: steps: + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: ingress-unique-host - name: step-01 try: - - apply: - file: chainsaw-step-01-apply-1-1.yaml - apply: file: chainsaw-step-01-apply-1-2.yaml - apply: file: chainsaw-step-01-apply-1-3.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml - assert: file: chainsaw-step-01-assert-1-2.yaml - name: step-02 diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/chainsaw-step-01-apply-1-1.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/lazyload/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 6fe832672c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-subjectaccessreview -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-test.yaml index d74a54999e..5686f79390 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-test.yaml @@ -12,10 +12,20 @@ spec: file: chainsaw-step-01-apply-1-2.yaml - apply: file: chainsaw-step-01-apply-1-3.yaml - - apply: - file: chainsaw-step-01-apply-1-4.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-subjectaccessreview - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-4.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/chainsaw-step-01-apply-1-4.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/apicalls/subjectaccessreview/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 075d398147..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: validate-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-test.yaml index 66c3f05880..f33095a2ac 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-test.yaml @@ -10,10 +10,20 @@ spec: file: chainsaw-step-01-apply-1-1.yaml - apply: file: chainsaw-step-01-apply-1-2.yaml - - apply: - file: chainsaw-step-01-apply-1-3.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: validate-labels - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/chainsaw-step-01-apply-1-3.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit-deprecated/configmap-context-lookup/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 075d398147..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: validate-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-test.yaml index 66c3f05880..f33095a2ac 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-test.yaml @@ -10,10 +10,20 @@ spec: file: chainsaw-step-01-apply-1-1.yaml - apply: file: chainsaw-step-01-apply-1-2.yaml - - apply: - file: chainsaw-step-01-apply-1-3.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: validate-labels - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-apply-1-3.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/chainsaw-step-01-apply-1-3.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/audit/configmap-context-lookup/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/chainsaw-test.yaml index 09a1ec07ca..a6ef15c218 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: cel-preconditions spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-host-port-range - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/policy-assert.yaml deleted file mode 100644 index 9ee9af9fde..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-preconditions/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-host-port-range -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/chainsaw-test.yaml index 2f1c08254b..96f5e1293a 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/chainsaw-test.yaml @@ -10,12 +10,20 @@ spec: file: ns.yaml - assert: file: ns.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: image-matches-namespace-environment.policy.example.com - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/policy-assert.yaml deleted file mode 100644 index acb6a9fa1c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/cel-variables/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: image-matches-namespace-environment.policy.example.com -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/chainsaw-test.yaml index df5d80a17a..8dc708e672 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/chainsaw-test.yaml @@ -10,12 +10,20 @@ spec: file: ns.yaml - assert: file: ns.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-statefulset-namespace - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/policy-assert.yaml deleted file mode 100644 index d721c304a9..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/check-statefulset-namespace/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-statefulset-namespace -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/chainsaw-test.yaml index d487c4bacb..4992ebe52e 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: disallow-host-port spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-host-port - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/policy-assert.yaml deleted file mode 100644 index a53a885448..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/disallow-host-port/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-host-port -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/chainsaw-test.yaml index 44b5c2948c..0bee1bd843 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/chainsaw-test.yaml @@ -18,12 +18,20 @@ spec: file: namespaceConstraint.yaml - assert: file: namespaceConstraint.yaml - - name: step-03 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-namespace-name-01 - name: step-04 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/policy-assert.yaml deleted file mode 100644 index 28cee3049a..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/clusterscoped/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-namespace-name-01 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml index b6b22a7e81..309b8b1e68 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml @@ -16,12 +16,20 @@ spec: file: nameConstraint.yaml - assert: file: nameConstraint.yaml - - name: step-03 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-namespace-name-02 - name: step-04 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/policy-assert.yaml deleted file mode 100644 index a540add3b7..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/match-clusterscoped-resource/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-namespace-name-02 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml index 05025102b8..258395c3f9 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml @@ -24,12 +24,20 @@ spec: file: replicaLimit.yaml - assert: file: replicaLimit.yaml - - name: step-04 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-deployment-replicas-01 - name: step-05 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/policy-assert.yaml deleted file mode 100644 index d94b5b3f4f..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/set-paramref-namespace/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-deployment-replicas-01 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml index ea9aaff67e..04d78ecef3 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml @@ -24,12 +24,20 @@ spec: file: replicaLimit.yaml - assert: file: replicaLimit.yaml - - name: step-04 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-statefulset-replicas - name: step-05 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/policy-assert.yaml deleted file mode 100644 index 3f2481450a..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel-deprecated/parameter-resources/namespaced/unset-paramref-namespace/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-statefulset-replicas -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/chainsaw-test.yaml index 09a1ec07ca..a6ef15c218 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: cel-preconditions spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-host-port-range - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/policy-assert.yaml deleted file mode 100644 index 9ee9af9fde..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-preconditions/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-host-port-range -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/chainsaw-test.yaml index 2f1c08254b..96f5e1293a 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/chainsaw-test.yaml @@ -10,12 +10,20 @@ spec: file: ns.yaml - assert: file: ns.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: image-matches-namespace-environment.policy.example.com - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/policy-assert.yaml deleted file mode 100644 index acb6a9fa1c..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/cel-variables/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: image-matches-namespace-environment.policy.example.com -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/chainsaw-test.yaml index df5d80a17a..8dc708e672 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/chainsaw-test.yaml @@ -10,12 +10,20 @@ spec: file: ns.yaml - assert: file: ns.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-statefulset-namespace - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/policy-assert.yaml deleted file mode 100644 index d721c304a9..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/check-statefulset-namespace/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-statefulset-namespace -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/deny/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/deny/chainsaw-test.yaml index 0df4a4bd3e..ccf7102416 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/deny/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/deny/chainsaw-test.yaml @@ -8,12 +8,20 @@ spec: try: - script: content: kubectl run nginx --image=nginx - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: restrict-operations-on-pod - name: step-03 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/deny/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/deny/policy-assert.yaml deleted file mode 100644 index ea680d38cb..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/deny/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: restrict-operations-on-pod -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/chainsaw-test.yaml index d487c4bacb..4992ebe52e 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: disallow-host-port spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-host-port - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/policy-assert.yaml deleted file mode 100644 index a53a885448..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/disallow-host-port/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-host-port -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/chainsaw-test.yaml index 44b5c2948c..0bee1bd843 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/chainsaw-test.yaml @@ -18,12 +18,20 @@ spec: file: namespaceConstraint.yaml - assert: file: namespaceConstraint.yaml - - name: step-03 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-namespace-name-01 - name: step-04 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/policy-assert.yaml deleted file mode 100644 index 28cee3049a..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/clusterscoped/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-namespace-name-01 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml index b6b22a7e81..309b8b1e68 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/chainsaw-test.yaml @@ -16,12 +16,20 @@ spec: file: nameConstraint.yaml - assert: file: nameConstraint.yaml - - name: step-03 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-namespace-name-02 - name: step-04 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/policy-assert.yaml deleted file mode 100644 index a540add3b7..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/match-clusterscoped-resource/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-namespace-name-02 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml index b3d6dee42f..f9e5c72c4d 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/chainsaw-test.yaml @@ -24,12 +24,20 @@ spec: file: replicaLimit.yaml - assert: file: replicaLimit.yaml - - name: step-04 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-deployment-replicas-01 - name: step-05 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/policy-assert.yaml deleted file mode 100644 index d94b5b3f4f..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/set-paramref-namespace/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-deployment-replicas-01 -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml index 8578b5ad3b..e3236d3c95 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/chainsaw-test.yaml @@ -24,12 +24,20 @@ spec: file: replicaLimit.yaml - assert: file: replicaLimit.yaml - - name: step-04 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-statefulset-replicas - name: step-05 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/policy-assert.yaml deleted file mode 100644 index 3f2481450a..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/cel/parameter-resources/namespaced/unset-paramref-namespace/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-statefulset-replicas -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/chainsaw-test.yaml index d4cc3a2452..a6125dfb02 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/chainsaw-test.yaml @@ -8,12 +8,20 @@ spec: try: - apply: file: resources.yaml - - name: step-02 - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: block-ephemeral-containers - name: step-03 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/policies-assert.yaml deleted file mode 100644 index 48784ef1f8..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/policies-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: block-ephemeral-containers -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/policies.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-pod/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/chainsaw-test.yaml index d2fb250f32..3e6c16a0e6 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: with-subresource spec: steps: - - name: step-01 - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: block-ephemeral-containers - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/policies-assert.yaml deleted file mode 100644 index 48784ef1f8..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/policies-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: block-ephemeral-containers -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/policies.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-subresource/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/chainsaw-test.yaml index 262fbdd949..e3b4493e9a 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: with-wildcard spec: steps: - - name: step-01 - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: block-ephemeral-containers - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/policies-assert.yaml deleted file mode 100644 index 48784ef1f8..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/policies-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: block-ephemeral-containers -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/policies.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug-deprecated/with-wildcard/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/chainsaw-test.yaml index d4cc3a2452..a6125dfb02 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/chainsaw-test.yaml @@ -8,12 +8,20 @@ spec: try: - apply: file: resources.yaml - - name: step-02 - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: block-ephemeral-containers - name: step-03 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/policies-assert.yaml deleted file mode 100644 index 48784ef1f8..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/policies-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: block-ephemeral-containers -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/policies.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-pod/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/chainsaw-test.yaml index d2fb250f32..3e6c16a0e6 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: with-subresource spec: steps: - - name: step-01 - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: block-ephemeral-containers - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/policies-assert.yaml deleted file mode 100644 index 48784ef1f8..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/policies-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: block-ephemeral-containers -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/policies.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-subresource/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/chainsaw-test.yaml index 262fbdd949..e3b4493e9a 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: with-wildcard spec: steps: - - name: step-01 - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: block-ephemeral-containers - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/policies-assert.yaml deleted file mode 100644 index 48784ef1f8..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/policies-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: block-ephemeral-containers -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/policies.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/debug/with-wildcard/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index f2887a6ccb..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: deny-evict-by-pod-label -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-test.yaml index 7eddb81101..0635885c11 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-test.yaml @@ -8,12 +8,23 @@ spec: try: - apply: file: chainsaw-step-01-apply-1-1.yaml - - apply: - file: chainsaw-step-01-apply-1-2.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: deny-evict-by-pod-label + - try: - apply: file: chainsaw-step-01-apply-1-3.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml - name: step-02 try: - sleep: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/chainsaw-step-01-apply-1-2.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/api-initiated-pod-eviction/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 29794ca537..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: deny-exec-by-pod-label -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-test.yaml index 882dee0fae..4ddfafefc6 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-test.yaml @@ -4,16 +4,26 @@ metadata: name: block-pod-exec-requests spec: steps: + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: deny-exec-by-pod-label - name: step-01 try: - apply: file: chainsaw-step-01-apply-1-1.yaml - - apply: - file: chainsaw-step-01-apply-1-2.yaml - apply: file: chainsaw-step-01-apply-1-3.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/chainsaw-step-01-apply-1-2.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/block-pod-exec-requests/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 31d63d44d0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: nginx-test-scaling-policy -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-test.yaml index ee5677170e..46ba7f0974 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-test.yaml @@ -4,18 +4,28 @@ metadata: name: bypass-with-policy-exception spec: steps: + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: nginx-test-scaling-policy - name: step-01 try: - apply: file: chainsaw-step-01-apply-1-1.yaml - - apply: - file: chainsaw-step-01-apply-1-2.yaml - apply: file: chainsaw-step-01-apply-1-3.yaml - apply: file: chainsaw-step-01-apply-1-4.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml - assert: file: chainsaw-step-01-assert-1-2.yaml - assert: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/chainsaw-step-01-apply-1-2.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/bypass-with-policy-exception/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/chainsaw-test.yaml index 6c3c9d1e81..bd211806bc 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/chainsaw-test.yaml @@ -4,12 +4,27 @@ metadata: name: csr spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: validate-csr + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: mutate-csr - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/csr.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/csr.yaml index 6c18b6fad5..d41e5c6702 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/csr.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/csr.yaml @@ -7,4 +7,4 @@ spec: signerName: kubernetes.io/kube-apiserver-client expirationSeconds: 86400 usages: - - client auth \ No newline at end of file + - client auth diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/policy-ready.yaml deleted file mode 100644 index 21b61984d3..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/csr/policy-ready.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: validate-csr -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: mutate-csr -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/chainsaw-test.yaml index d910250a39..c1dbbf4e7a 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/chainsaw-test.yaml @@ -10,12 +10,20 @@ spec: file: bad-pod.yaml - assert: file: bad-pod-ready.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-labels - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/policy-ready.yaml deleted file mode 100644 index 100a267bab..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/enforce-validate-existing/policy-ready.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-labels diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/chainsaw-test.yaml index d139629a87..79e24e8eb3 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: failure-policy-ignore-anchor spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-annotations - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/policy-assert.yaml deleted file mode 100644 index d884d82d65..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/failure-policy-ignore-anchor/policy-assert.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-annotations diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/chainsaw-test.yaml index 44af1a21b1..90fe49124f 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: ns-selector-with-wildcard-kind spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: freeze-policy - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/policy-assert.yaml deleted file mode 100644 index 043c65f83d..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/ns-selector-with-wildcard-kind/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: freeze-policy -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index b0bd73c54e..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-test.yaml index 9c0007e399..0a6e9b2ef1 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: operator-allnotin-01 spec: steps: - - name: step-01 - try: - - apply: - file: chainsaw-step-01-apply-1-1.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-labels - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/chainsaw-step-01-apply-1-1.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-allnotin-01/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-step-02-assert-1-1.yaml deleted file mode 100755 index 7e920d3527..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-step-02-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v2beta1 -kind: ClusterPolicy -metadata: - name: operator-anyin-boolean-cpol -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-test.yaml index 738045ad79..56e0961c5d 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-test.yaml @@ -4,14 +4,20 @@ metadata: name: operator-anyin-boolean spec: steps: - - name: step-01 - try: - - apply: - file: chainsaw-step-01-apply-1-1.yaml - - name: step-02 - try: - - assert: - file: chainsaw-step-02-assert-1-1.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: operator-anyin-boolean-cpol - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/chainsaw-step-01-apply-1-1.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/operator-anyin-boolean/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index d3fab0a660..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-owner -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-test.yaml index 091ee00f63..b43177789b 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: resource-apply-block spec: steps: - - name: step-01 - try: - - apply: - file: chainsaw-step-01-apply-1-1.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-owner - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/chainsaw-step-01-apply-1-1.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/resource-apply-block/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 31d63d44d0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: nginx-test-scaling-policy -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-test.yaml index d8ac04a072..4d26481869 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-test.yaml @@ -8,12 +8,23 @@ spec: try: - apply: file: chainsaw-step-01-apply-1-1.yaml - - apply: - file: chainsaw-step-01-apply-1-2.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: nginx-test-scaling-policy + - try: - apply: file: chainsaw-step-01-apply-1-3.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml - assert: file: chainsaw-step-01-assert-1-2.yaml - name: step-02 diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-2.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce-deprecated/scaling-with-kubectl-scale/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index f2887a6ccb..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: deny-evict-by-pod-label -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-test.yaml index 7eddb81101..0635885c11 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-test.yaml @@ -8,12 +8,23 @@ spec: try: - apply: file: chainsaw-step-01-apply-1-1.yaml - - apply: - file: chainsaw-step-01-apply-1-2.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: deny-evict-by-pod-label + - try: - apply: file: chainsaw-step-01-apply-1-3.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml - name: step-02 try: - sleep: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/chainsaw-step-01-apply-1-2.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/api-initiated-pod-eviction/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 29794ca537..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: deny-exec-by-pod-label -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-test.yaml index 882dee0fae..4ddfafefc6 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-test.yaml @@ -4,16 +4,26 @@ metadata: name: block-pod-exec-requests spec: steps: + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: deny-exec-by-pod-label - name: step-01 try: - apply: file: chainsaw-step-01-apply-1-1.yaml - - apply: - file: chainsaw-step-01-apply-1-2.yaml - apply: file: chainsaw-step-01-apply-1-3.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/chainsaw-step-01-apply-1-2.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/block-pod-exec-requests/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 31d63d44d0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: nginx-test-scaling-policy -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-test.yaml index ee5677170e..46ba7f0974 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-test.yaml @@ -4,18 +4,28 @@ metadata: name: bypass-with-policy-exception spec: steps: + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: nginx-test-scaling-policy - name: step-01 try: - apply: file: chainsaw-step-01-apply-1-1.yaml - - apply: - file: chainsaw-step-01-apply-1-2.yaml - apply: file: chainsaw-step-01-apply-1-3.yaml - apply: file: chainsaw-step-01-apply-1-4.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml - assert: file: chainsaw-step-01-assert-1-2.yaml - assert: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/chainsaw-step-01-apply-1-2.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/bypass-with-policy-exception/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/chainsaw-test.yaml index 6c3c9d1e81..bd211806bc 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/chainsaw-test.yaml @@ -4,12 +4,27 @@ metadata: name: csr spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: validate-csr + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: mutate-csr - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/policy-ready.yaml deleted file mode 100644 index 21b61984d3..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/csr/policy-ready.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: validate-csr -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: mutate-csr -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-allow-existing-violations/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-allow-existing-violations/chainsaw-test.yaml index 2d50aaa4bb..3876bc84c4 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-allow-existing-violations/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-allow-existing-violations/chainsaw-test.yaml @@ -10,12 +10,20 @@ spec: file: bad-pod.yaml - assert: file: bad-pod-ready.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-labels-allow-existing - name: step-03 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-allow-existing-violations/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-allow-existing-violations/policy-ready.yaml deleted file mode 100644 index 217cca6ae5..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-allow-existing-violations/policy-ready.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-labels-allow-existing diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-deny/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-deny/chainsaw-test.yaml index d910250a39..81558ee8c5 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-deny/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-deny/chainsaw-test.yaml @@ -10,12 +10,20 @@ spec: file: bad-pod.yaml - assert: file: bad-pod-ready.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-labels-deny - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-deny/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-deny/policy-ready.yaml deleted file mode 100644 index b99900de54..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-deny/policy-ready.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-labels-deny diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-pss/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-pss/chainsaw-test.yaml index 10a5d8f7f0..8bef22487b 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-pss/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-pss/chainsaw-test.yaml @@ -10,12 +10,20 @@ spec: file: bad-deploy.yaml - assert: file: bad-deploy-ready.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: podsecurity-subrule-baseline - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-pss/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-pss/policy-ready.yaml deleted file mode 100644 index a192a3f658..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing-pss/policy-ready.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: podsecurity-subrule-baseline diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing/chainsaw-test.yaml index d910250a39..f994f350bc 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing/chainsaw-test.yaml @@ -10,12 +10,20 @@ spec: file: bad-pod.yaml - assert: file: bad-pod-ready.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-labels-validate-existing - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing/policy-ready.yaml deleted file mode 100644 index e8be2f369b..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/enforce-validate-existing/policy-ready.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-labels-validate-existing diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/chainsaw-test.yaml index d139629a87..79e24e8eb3 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: failure-policy-ignore-anchor spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-annotations - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/policy-assert.yaml deleted file mode 100644 index d884d82d65..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/failure-policy-ignore-anchor/policy-assert.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-annotations diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/chainsaw-test.yaml index 44af1a21b1..90fe49124f 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: ns-selector-with-wildcard-kind spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: freeze-policy - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/policy-assert.yaml deleted file mode 100644 index 043c65f83d..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/ns-selector-with-wildcard-kind/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: freeze-policy -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index b0bd73c54e..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-labels -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-test.yaml index 9c0007e399..0a6e9b2ef1 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: operator-allnotin-01 spec: steps: - - name: step-01 - try: - - apply: - file: chainsaw-step-01-apply-1-1.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-labels - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/chainsaw-step-01-apply-1-1.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-allnotin-01/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-step-02-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-step-02-assert-1-1.yaml deleted file mode 100755 index 7e920d3527..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-step-02-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v2beta1 -kind: ClusterPolicy -metadata: - name: operator-anyin-boolean-cpol -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-test.yaml index 738045ad79..56e0961c5d 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-test.yaml @@ -4,14 +4,20 @@ metadata: name: operator-anyin-boolean spec: steps: - - name: step-01 - try: - - apply: - file: chainsaw-step-01-apply-1-1.yaml - - name: step-02 - try: - - assert: - file: chainsaw-step-02-assert-1-1.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: operator-anyin-boolean-cpol - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/chainsaw-step-01-apply-1-1.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/operator-anyin-boolean/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index d3fab0a660..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-owner -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-test.yaml index 091ee00f63..b43177789b 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: resource-apply-block spec: steps: - - name: step-01 - try: - - apply: - file: chainsaw-step-01-apply-1-1.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-owner - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-01-apply-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/chainsaw-step-01-apply-1-1.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/resource-apply-block/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 31d63d44d0..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: nginx-test-scaling-policy -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-test.yaml index d8ac04a072..4d26481869 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-test.yaml @@ -8,12 +8,23 @@ spec: try: - apply: file: chainsaw-step-01-apply-1-1.yaml - - apply: - file: chainsaw-step-01-apply-1-2.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: nginx-test-scaling-policy + - try: - apply: file: chainsaw-step-01-apply-1-3.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml - assert: file: chainsaw-step-01-assert-1-2.yaml - name: step-02 diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/chainsaw-step-01-apply-1-2.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/enforce/scaling-with-kubectl-scale/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace(deprecated)/chainsaw-test.yaml index e72b40b486..ea57731fc9 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace(deprecated)/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace(deprecated)/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: exclude-namespace spec: steps: - - name: step-01 - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-label - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace(deprecated)/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace(deprecated)/policies-assert.yaml deleted file mode 100644 index 7149accf8d..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace(deprecated)/policies-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-label -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace(deprecated)/policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace(deprecated)/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace(deprecated)/policies.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace(deprecated)/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/chainsaw-test.yaml index e72b40b486..ea57731fc9 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: exclude-namespace spec: steps: - - name: step-01 - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-label - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/policies-assert.yaml deleted file mode 100644 index 7149accf8d..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/policies-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-label -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/policies.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/policies.yaml rename to test/conformance/chainsaw/validate/clusterpolicy/standard/exclude/exclude-namespace/policy.yaml diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/chainsaw-test.yaml index 95e861ad3e..08a196fe8b 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/chainsaw-test.yaml @@ -16,12 +16,20 @@ spec: file: crd-1.yaml - assert: file: crd-ready-1.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: rds-enforce-final-snapshot - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/policy-ready.yaml deleted file mode 100644 index cbe2042e1b..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk-deprecated/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: rds-enforce-final-snapshot -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/chainsaw-test.yaml index 95e861ad3e..08a196fe8b 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/chainsaw-test.yaml @@ -16,12 +16,20 @@ spec: file: crd-1.yaml - assert: file: crd-ready-1.yaml - - name: step-02 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: rds-enforce-final-snapshot - name: step-03 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/policy-ready.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/policy-ready.yaml deleted file mode 100644 index cbe2042e1b..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/gvk/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: rds-enforce-final-snapshot -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update(deprecated)/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update(deprecated)/chainsaw-test.yaml index 3073395d46..6380a8f4f7 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update(deprecated)/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update(deprecated)/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: only-update spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update(deprecated)/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update(deprecated)/policy-assert.yaml deleted file mode 100644 index 5ede705d48..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update(deprecated)/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/chainsaw-test.yaml index 3073395d46..6380a8f4f7 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: only-update spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/policy-assert.yaml deleted file mode 100644 index 5ede705d48..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/operations/only-update/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/chainsaw-test.yaml index 98af094b28..f4365b6750 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: seccomp-latest-check-no-exclusion spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: latest-check-no-exclusion - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/policy-assert.yaml deleted file mode 100644 index 1738a603a5..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/seccomp-latest-check-no-exclusion/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: latest-check-no-exclusion -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/chainsaw-test.yaml index 2e9c36c065..a36dbf4b5d 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-deletion-request spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: kyverno-psa-policy-test-deletion - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/policy-assert.yaml deleted file mode 100644 index 783c4c67a2..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-deletion-request/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: kyverno-psa-policy-test-deletion -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/chainsaw-test.yaml index be2bb4c049..b341a05271 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-capabilities spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-capabilities - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/policy-assert.yaml deleted file mode 100644 index 15c3374370..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-capabilities/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-capabilities -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/chainsaw-test.yaml index 96d63391e3..96cb9e412f 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-host-namespaces spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-host-namespaces - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/policy-assert.yaml deleted file mode 100644 index 5e3b676332..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-namespaces/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-host-namespaces -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/chainsaw-test.yaml index 872c754636..5fafac5307 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-host-ports spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-host-ports - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/policy-assert.yaml deleted file mode 100644 index a137213552..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-host-ports/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-host-ports -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/chainsaw-test.yaml index 418b2e2700..7e900810ce 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-hostpath-volume spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-hostpath-volumes - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/policy-assert.yaml deleted file mode 100644 index f9ae6dc5af..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostpath-volume/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-hostpath-volumes -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/chainsaw-test.yaml index 8a0fd60a33..7d66380fdd 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-hostprocesses spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-hostprocess - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/policy-assert.yaml deleted file mode 100644 index 23cbe07db7..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-hostprocesses/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-hostprocess -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/chainsaw-test.yaml index 00637580c4..c80bae5263 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-privilege-escalation spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-privilege-escalation - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/policy-assert.yaml deleted file mode 100644 index ca0fb3dde5..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privilege-escalation/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-privilege-escalation -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/chainsaw-test.yaml index dbdf7ee7b5..be36290b67 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-privileged-containers spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-privileged-containers - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/policy-assert.yaml deleted file mode 100644 index 754f2b3064..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-privileged-containers/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-privileged-containers -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/chainsaw-test.yaml index 21b04918f3..d0a9296e78 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-restricted-capabilities spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-restricted-capabilities - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/policy-assert.yaml deleted file mode 100644 index 8e9265264a..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-capabilities/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-restricted-capabilities -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/chainsaw-test.yaml index 04a6eed8f5..58a408ada4 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-restricted-seccomp spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-restricted-seccomp - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/policy-assert.yaml deleted file mode 100644 index fa3c8d69b8..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-restricted-seccomp/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-restricted-seccomp -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/chainsaw-test.yaml index c4c873dcc3..9af25f188d 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-running-as-nonroot-user spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-running-as-non-root-user - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/policy-assert.yaml deleted file mode 100644 index 7d7d2c13c1..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot-user/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-running-as-non-root-user -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/chainsaw-test.yaml index 97d3dc847e..d3e5bd809d 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-running-as-nonroot spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-running-as-non-root - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/policy-assert.yaml deleted file mode 100644 index df09dc96cc..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-running-as-nonroot/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-running-as-non-root -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/chainsaw-test.yaml index 0eb19f9660..f43ec982c0 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-seccomp spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-seccomp - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/policy-assert.yaml deleted file mode 100644 index 60894fe185..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-seccomp/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-seccomp -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/chainsaw-test.yaml index 5f8baf7f99..cf819e60e0 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-selinux spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-selinux - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/policy-assert.yaml deleted file mode 100644 index 9a05399776..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-selinux/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-selinux -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/chainsaw-test.yaml index 7e5ed31337..4b1884bd31 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-sysctls spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-sysctls - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/policy-assert.yaml deleted file mode 100644 index 323c615563..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-sysctls/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-sysctls -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/chainsaw-test.yaml index 1632a3d3c3..47180bbe42 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-volume-types spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-volume-types - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/policy-assert.yaml deleted file mode 100644 index f647243baa..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa-deprecated/test-exclusion-volume-types/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-volume-types -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/concurrent-policy-execution/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/concurrent-policy-execution/chainsaw-test.yaml index db1e74dd4a..56548e966b 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/concurrent-policy-execution/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/concurrent-policy-execution/chainsaw-test.yaml @@ -4,33 +4,148 @@ metadata: name: concurrent-policy-execution spec: steps: - - name: install-pss-policies - try: - - script: - content: | - #!/bin/bash - set -eu - - helm --repo https://kyverno.github.io/kyverno/ -n kyverno install kyverno-policies kyverno-policies --set=podSecurityStandard=restricted --set=background=true --set=validationFailureAction=Enforce - - assert: - file: policy-asserts.yaml - - name: apply-test-pods - try: - - apply: - expect: - - check: - ($error != null): false - file: good-pod.yaml - - apply: - expect: - - check: - ($error != null): true - file: bad-pod.yaml - - name: uninstall-pss-policies - try: - - script: - content: | - #!/bin/bash - set -eu - - helm uninstall kyverno-policies -n kyverno + - name: install-pss-policies + try: + - script: + content: | + #!/bin/bash + set -eu + helm --repo https://kyverno.github.io/kyverno/ -n kyverno install kyverno-policies kyverno-policies --set=podSecurityStandard=restricted --set=background=true --set=validationFailureAction=Enforce + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-capabilities + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-capabilities-strict + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-host-namespaces + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-host-path + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-host-ports + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-host-process + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-privilege-escalation + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-privileged-containers + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-proc-mount + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: disallow-selinux + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-run-as-non-root-user + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: require-run-as-nonroot + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: restrict-apparmor-profiles + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: restrict-seccomp + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: restrict-seccomp-strict + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: restrict-sysctls + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: restrict-volume-types + - name: apply-test-pods + try: + - apply: + expect: + - check: + ($error != null): false + file: good-pod.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-pod.yaml + - name: uninstall-pss-policies + try: + - script: + content: | + #!/bin/bash + set -eu + helm uninstall kyverno-policies -n kyverno diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/concurrent-policy-execution/policy-asserts.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/concurrent-policy-execution/policy-asserts.yaml deleted file mode 100644 index 9ffe1b633b..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/concurrent-policy-execution/policy-asserts.yaml +++ /dev/null @@ -1,171 +0,0 @@ ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-capabilities -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-capabilities-strict -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-host-namespaces -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-host-path -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-host-ports -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-host-process -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-privilege-escalation -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-privileged-containers -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-proc-mount -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: disallow-selinux -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-run-as-non-root-user -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: require-run-as-nonroot -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: restrict-apparmor-profiles -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: restrict-seccomp -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: restrict-seccomp-strict -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: restrict-sysctls -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: restrict-volume-types -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready - diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/chainsaw-test.yaml index 98af094b28..f4365b6750 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: seccomp-latest-check-no-exclusion spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: latest-check-no-exclusion - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/policy-assert.yaml deleted file mode 100644 index 1738a603a5..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/seccomp-latest-check-no-exclusion/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: latest-check-no-exclusion -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/chainsaw-test.yaml index 2e9c36c065..a36dbf4b5d 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-deletion-request spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: kyverno-psa-policy-test-deletion - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/policy-assert.yaml deleted file mode 100644 index 783c4c67a2..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-deletion-request/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: kyverno-psa-policy-test-deletion -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-capabilities/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-capabilities/chainsaw-test.yaml index be2bb4c049..b341a05271 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-capabilities/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-capabilities/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-capabilities spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-capabilities - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-capabilities/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-capabilities/policy-assert.yaml deleted file mode 100644 index 15c3374370..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-capabilities/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-capabilities -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-namespaces/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-namespaces/chainsaw-test.yaml index 96d63391e3..96cb9e412f 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-namespaces/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-namespaces/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-host-namespaces spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-host-namespaces - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-namespaces/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-namespaces/policy-assert.yaml deleted file mode 100644 index 5e3b676332..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-namespaces/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-host-namespaces -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-ports/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-ports/chainsaw-test.yaml index 872c754636..5fafac5307 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-ports/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-ports/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-host-ports spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-host-ports - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-ports/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-ports/policy-assert.yaml deleted file mode 100644 index a137213552..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-host-ports/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-host-ports -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostpath-volume/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostpath-volume/chainsaw-test.yaml index 418b2e2700..7e900810ce 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostpath-volume/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostpath-volume/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-hostpath-volume spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-hostpath-volumes - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostpath-volume/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostpath-volume/policy-assert.yaml deleted file mode 100644 index f9ae6dc5af..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostpath-volume/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-hostpath-volumes -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostprocesses/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostprocesses/chainsaw-test.yaml index 8a0fd60a33..7d66380fdd 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostprocesses/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostprocesses/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-hostprocesses spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-hostprocess - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostprocesses/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostprocesses/policy-assert.yaml deleted file mode 100644 index 23cbe07db7..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-hostprocesses/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-hostprocess -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privilege-escalation/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privilege-escalation/chainsaw-test.yaml index 00637580c4..c80bae5263 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privilege-escalation/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privilege-escalation/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-privilege-escalation spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-privilege-escalation - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privilege-escalation/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privilege-escalation/policy-assert.yaml deleted file mode 100644 index ca0fb3dde5..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privilege-escalation/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-privilege-escalation -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privileged-containers/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privileged-containers/chainsaw-test.yaml index dbdf7ee7b5..be36290b67 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privileged-containers/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privileged-containers/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-privileged-containers spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-privileged-containers - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privileged-containers/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privileged-containers/policy-assert.yaml deleted file mode 100644 index 754f2b3064..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-privileged-containers/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-privileged-containers -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-capabilities/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-capabilities/chainsaw-test.yaml index 21b04918f3..d0a9296e78 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-capabilities/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-capabilities/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-restricted-capabilities spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-restricted-capabilities - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-capabilities/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-capabilities/policy-assert.yaml deleted file mode 100644 index 8e9265264a..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-capabilities/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-restricted-capabilities -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-seccomp/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-seccomp/chainsaw-test.yaml index 04a6eed8f5..58a408ada4 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-seccomp/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-seccomp/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-restricted-seccomp spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-restricted-seccomp - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-seccomp/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-seccomp/policy-assert.yaml deleted file mode 100644 index fa3c8d69b8..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-restricted-seccomp/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-restricted-seccomp -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot-user/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot-user/chainsaw-test.yaml index c4c873dcc3..9af25f188d 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot-user/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot-user/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-running-as-nonroot-user spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-running-as-non-root-user - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot-user/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot-user/policy-assert.yaml deleted file mode 100644 index 7d7d2c13c1..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot-user/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-running-as-non-root-user -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot/chainsaw-test.yaml index 97d3dc847e..d3e5bd809d 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-running-as-nonroot spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-running-as-non-root - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot/policy-assert.yaml deleted file mode 100644 index df09dc96cc..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-running-as-nonroot/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-running-as-non-root -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-seccomp/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-seccomp/chainsaw-test.yaml index 0eb19f9660..f43ec982c0 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-seccomp/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-seccomp/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-seccomp spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-seccomp - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-seccomp/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-seccomp/policy-assert.yaml deleted file mode 100644 index 60894fe185..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-seccomp/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-seccomp -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-selinux/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-selinux/chainsaw-test.yaml index 5f8baf7f99..cf819e60e0 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-selinux/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-selinux/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-selinux spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-selinux - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-selinux/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-selinux/policy-assert.yaml deleted file mode 100644 index 9a05399776..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-selinux/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-selinux -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-sysctls/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-sysctls/chainsaw-test.yaml index 7e5ed31337..4b1884bd31 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-sysctls/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-sysctls/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-sysctls spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-sysctls - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-sysctls/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-sysctls/policy-assert.yaml deleted file mode 100644 index 323c615563..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-sysctls/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-sysctls -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-volume-types/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-volume-types/chainsaw-test.yaml index 1632a3d3c3..47180bbe42 100644 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-volume-types/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-volume-types/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: test-exclusion-volume-types spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-exclusion-volume-types - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-volume-types/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-volume-types/policy-assert.yaml deleted file mode 100644 index f647243baa..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/psa/test-exclusion-volume-types/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-exclusion-volume-types -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/chainsaw-test.yaml index 55b2c6d10a..f7cfe6325d 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/chainsaw-test.yaml @@ -4,12 +4,27 @@ metadata: name: subresource spec: steps: - - name: step-01 - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml + - name: create policies + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policies.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: deny-scale-deployment + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: deny-scale-statefulset - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/policies-assert.yaml deleted file mode 100644 index 4626275f4d..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource-deprecated/policies-assert.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: deny-scale-deployment -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: deny-scale-statefulset -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/chainsaw-test.yaml index 55b2c6d10a..f7cfe6325d 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/chainsaw-test.yaml @@ -4,12 +4,27 @@ metadata: name: subresource spec: steps: - - name: step-01 - try: - - apply: - file: policies.yaml - - assert: - file: policies-assert.yaml + - name: create policies + use: + template: ../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policies.yaml + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: deny-scale-deployment + - name: wait policy ready + use: + template: ../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: deny-scale-statefulset - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/policies-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/policies-assert.yaml deleted file mode 100644 index 4626275f4d..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/subresource/policies-assert.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: deny-scale-deployment -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: deny-scale-statefulset -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/chainsaw-test.yaml index 6fcee2e6d2..869e2cf03c 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: conditions spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: preconditions - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/policy-assert.yaml deleted file mode 100644 index 199f8746dc..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions-deprecated/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: preconditions -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/chainsaw-test.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/chainsaw-test.yaml index 6fcee2e6d2..869e2cf03c 100755 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: conditions spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-assert.yaml + - name: create policy + use: + template: ../../../../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: preconditions - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/policy-assert.yaml b/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/policy-assert.yaml deleted file mode 100644 index 199f8746dc..0000000000 --- a/test/conformance/chainsaw/validate/clusterpolicy/standard/variables/lazyload/conditions/policy-assert.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: preconditions -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index eb21b4d4fb..0000000000 --- a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: configmap-policy - namespace: test-validate-e2e-adding-key-to-config-map -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-test.yaml index 5f2e570601..fbfe7b2ea8 100755 --- a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-test.yaml @@ -8,12 +8,25 @@ spec: try: - apply: file: chainsaw-step-01-apply-1-1.yaml - - apply: - file: chainsaw-step-01-apply-1-2.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - try: - apply: file: chainsaw-step-01-apply-1-3.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/policy-ready.yaml + with: + bindings: + - name: name + value: configmap-policy + - name: namespace + value: test-validate-e2e-adding-key-to-config-map - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/chainsaw-step-01-apply-1-2.yaml rename to test/conformance/chainsaw/validate/e2e/adding-key-to-config-map-deprecated/policy.yaml diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index eb21b4d4fb..0000000000 --- a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: Policy -metadata: - name: configmap-policy - namespace: test-validate-e2e-adding-key-to-config-map -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-test.yaml index 5f2e570601..fbfe7b2ea8 100755 --- a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-test.yaml @@ -8,12 +8,25 @@ spec: try: - apply: file: chainsaw-step-01-apply-1-1.yaml - - apply: - file: chainsaw-step-01-apply-1-2.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - try: - apply: file: chainsaw-step-01-apply-1-3.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/policy-ready.yaml + with: + bindings: + - name: name + value: configmap-policy + - name: namespace + value: test-validate-e2e-adding-key-to-config-map - name: step-02 try: - script: diff --git a/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/chainsaw-step-01-apply-1-2.yaml rename to test/conformance/chainsaw/validate/e2e/adding-key-to-config-map/policy.yaml diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/chainsaw-test.yaml index b6da17f0bf..11e0e349a1 100755 --- a/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: global-anchor spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: sample - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/policy-ready.yaml deleted file mode 100644 index 5f42e456d2..0000000000 --- a/test/conformance/chainsaw/validate/e2e/global-anchor-deprecated/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: sample -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor/chainsaw-test.yaml index b6da17f0bf..11e0e349a1 100755 --- a/test/conformance/chainsaw/validate/e2e/global-anchor/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/global-anchor/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: global-anchor spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: sample - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/e2e/global-anchor/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/global-anchor/policy-ready.yaml deleted file mode 100644 index 5f42e456d2..0000000000 --- a/test/conformance/chainsaw/validate/e2e/global-anchor/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: sample -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 5ede705d48..0000000000 --- a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-test.yaml index 2c845a97f4..9d1c2e35c7 100755 --- a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-test.yaml @@ -14,10 +14,21 @@ spec: try: - apply: file: chainsaw-step-01-apply-1-1.yaml - - apply: - file: chainsaw-step-01-apply-1-2.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test + - try: - assert: file: chainsaw-step-01-assert-1-2.yaml - name: step-02 diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/chainsaw-step-01-apply-1-2.yaml rename to test/conformance/chainsaw/validate/e2e/lowercase-kind-crd-deprecated/policy.yaml diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-assert-1-1.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-assert-1-1.yaml deleted file mode 100755 index 5ede705d48..0000000000 --- a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-assert-1-1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-test.yaml index 2c845a97f4..9d1c2e35c7 100755 --- a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-test.yaml @@ -14,10 +14,21 @@ spec: try: - apply: file: chainsaw-step-01-apply-1-1.yaml - - apply: - file: chainsaw-step-01-apply-1-2.yaml - - assert: - file: chainsaw-step-01-assert-1-1.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test + - try: - assert: file: chainsaw-step-01-assert-1-2.yaml - name: step-02 diff --git a/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-apply-1-2.yaml b/test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/policy.yaml similarity index 100% rename from test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/chainsaw-step-01-apply-1-2.yaml rename to test/conformance/chainsaw/validate/e2e/lowercase-kind-crd/policy.yaml diff --git a/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/chainsaw-test.yaml index 9954138cd4..3e2e630069 100755 --- a/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/chainsaw-test.yaml @@ -4,19 +4,27 @@ metadata: name: check-old-object spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml - - name: step-02 - try: - - apply: - file: ns.yaml - - assert: - file: ns-ready.yaml - - name: step-03 - try: - - apply: - file: ns-update.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-old-object + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: ns-ready.yaml + - name: step-03 + try: + - apply: + file: ns-update.yaml diff --git a/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/policy-ready.yaml deleted file mode 100644 index b8d67ef819..0000000000 --- a/test/conformance/chainsaw/validate/e2e/old-object-exists-deprecated/policy-ready.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-old-object diff --git a/test/conformance/chainsaw/validate/e2e/old-object-exists/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/old-object-exists/chainsaw-test.yaml index 9954138cd4..3e2e630069 100755 --- a/test/conformance/chainsaw/validate/e2e/old-object-exists/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/old-object-exists/chainsaw-test.yaml @@ -4,19 +4,27 @@ metadata: name: check-old-object spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml - - name: step-02 - try: - - apply: - file: ns.yaml - - assert: - file: ns-ready.yaml - - name: step-03 - try: - - apply: - file: ns-update.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-old-object + - name: step-02 + try: + - apply: + file: ns.yaml + - assert: + file: ns-ready.yaml + - name: step-03 + try: + - apply: + file: ns-update.yaml diff --git a/test/conformance/chainsaw/validate/e2e/old-object-exists/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/old-object-exists/policy-ready.yaml deleted file mode 100644 index b8d67ef819..0000000000 --- a/test/conformance/chainsaw/validate/e2e/old-object-exists/policy-ready.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-old-object diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/chainsaw-test.yaml index f23df79575..a814894dd5 100755 --- a/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: trusted-images spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-trustable-images - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/policy-ready.yaml deleted file mode 100644 index a8eeb9b888..0000000000 --- a/test/conformance/chainsaw/validate/e2e/trusted-images-deprecated/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-trustable-images -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images/chainsaw-test.yaml index f23df79575..a814894dd5 100755 --- a/test/conformance/chainsaw/validate/e2e/trusted-images/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/trusted-images/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: trusted-images spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: check-trustable-images - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/e2e/trusted-images/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/trusted-images/policy-ready.yaml deleted file mode 100644 index a8eeb9b888..0000000000 --- a/test/conformance/chainsaw/validate/e2e/trusted-images/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: check-trustable-images -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/chainsaw-test.yaml index b495d58dd8..337f3b89fb 100755 --- a/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: x509-decode spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-x509-decode - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/policy-ready.yaml deleted file mode 100644 index f83bb3d222..0000000000 --- a/test/conformance/chainsaw/validate/e2e/x509-decode-deprecated/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-x509-decode -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode/chainsaw-test.yaml index b495d58dd8..337f3b89fb 100755 --- a/test/conformance/chainsaw/validate/e2e/x509-decode/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/x509-decode/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: x509-decode spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: test-x509-decode - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/e2e/x509-decode/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/x509-decode/policy-ready.yaml deleted file mode 100644 index f83bb3d222..0000000000 --- a/test/conformance/chainsaw/validate/e2e/x509-decode/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: test-x509-decode -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/chainsaw-test.yaml index 30fcae358b..fdf96624d6 100755 --- a/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: yaml-signing spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: validate-resources - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/policy-ready.yaml deleted file mode 100644 index 85287d431e..0000000000 --- a/test/conformance/chainsaw/validate/e2e/yaml-signing-deprecated/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: validate-resources -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing/chainsaw-test.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing/chainsaw-test.yaml index 30fcae358b..fdf96624d6 100755 --- a/test/conformance/chainsaw/validate/e2e/yaml-signing/chainsaw-test.yaml +++ b/test/conformance/chainsaw/validate/e2e/yaml-signing/chainsaw-test.yaml @@ -4,12 +4,20 @@ metadata: name: yaml-signing spec: steps: - - name: step-01 - try: - - apply: - file: policy.yaml - - assert: - file: policy-ready.yaml + - name: create policy + use: + template: ../../../_step-templates/create-policy.yaml + with: + bindings: + - name: file + value: policy.yaml + - name: wait policy ready + use: + template: ../../../_step-templates/cluster-policy-ready.yaml + with: + bindings: + - name: name + value: validate-resources - name: step-02 try: - apply: diff --git a/test/conformance/chainsaw/validate/e2e/yaml-signing/policy-ready.yaml b/test/conformance/chainsaw/validate/e2e/yaml-signing/policy-ready.yaml deleted file mode 100644 index 85287d431e..0000000000 --- a/test/conformance/chainsaw/validate/e2e/yaml-signing/policy-ready.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: validate-resources -status: - conditions: - - reason: Succeeded - status: "True" - type: Ready \ No newline at end of file