1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

chore: bump chainsaw (#10687)

* chore: bump chainsaw

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* bump

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* v0.2.8-beta.1

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* v0.2.8-beta.2

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* beta 3

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cli

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2024-07-31 17:50:20 +02:00 committed by GitHub
parent 7a6fee648b
commit e004d8ae8d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
18 changed files with 42 additions and 35 deletions

View file

@ -128,7 +128,7 @@ jobs:
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
# create cluster
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
@ -197,7 +197,7 @@ jobs:
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
# create cluster
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
@ -271,7 +271,7 @@ jobs:
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
# create cluster
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
@ -340,7 +340,7 @@ jobs:
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
# create cluster
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
@ -413,7 +413,7 @@ jobs:
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
# create cluster
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
@ -489,7 +489,7 @@ jobs:
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
# create cluster
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
@ -564,7 +564,7 @@ jobs:
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
# create cluster
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
@ -643,7 +643,7 @@ jobs:
- name: Install Cosign
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
# create cluster
- name: Create kind cluster and setup Sigstore Scaffolding
uses: sigstore/scaffolding/actions/setup@634364a897dff805b1a26ab18abaefe379616785
@ -733,7 +733,7 @@ jobs:
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
# create cluster
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
@ -842,7 +842,7 @@ jobs:
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
- name: Download kyverno CLI archive
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
@ -967,7 +967,7 @@ jobs:
with:
name: kubectl-kyverno
- name: Install chainsaw
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
# create cluster
- name: Create kind cluster
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0

View file

@ -0,0 +1,10 @@
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: StepTemplate
metadata:
name: apply-policy
spec:
try:
- apply:
file: policy.yaml
- assert:
file: policy-assert.yaml

View file

@ -1,3 +1,4 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
@ -5,9 +6,5 @@ metadata:
name: conditions
spec:
steps:
- name: step-01
try:
- apply:
file: policy.yaml
- assert:
file: policy-assert.yaml
- use:
template: ../../_step-templates/apply-policy.yaml

View file

@ -22,7 +22,7 @@ spec:
- script:
content: kyverno apply policy.yaml --exception exception.yaml --cluster --namespace ns-1
check:
($stdout): |-
(trim_space($stdout)): |-
Applying 3 policy rule(s) to 1 resource(s) with 1 exception(s)...
pass: 0, fail: 0, warn: 0, error: 0, skip: 1

View file

@ -49,5 +49,5 @@ spec:
content: kubectl get updaterequests -n kyverno
check:
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
No resources found in kyverno namespace.

View file

@ -12,5 +12,5 @@ spec:
check:
($error != null): false
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
Warning: Global context entry name is not provided

View file

@ -40,5 +40,5 @@ spec:
content: kubectl get updaterequests -n kyverno
check:
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
No resources found in kyverno namespace.

View file

@ -40,5 +40,5 @@ spec:
content: kubectl get updaterequests -n kyverno
check:
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
No resources found in kyverno namespace.

View file

@ -37,5 +37,5 @@ spec:
content: kubectl get updaterequests -n kyverno
check:
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
No resources found in kyverno namespace.

View file

@ -37,5 +37,5 @@ spec:
content: kubectl get updaterequests -n kyverno
check:
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
No resources found in kyverno namespace.

View file

@ -12,7 +12,7 @@ spec:
check:
($error != null): true
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
Error from server: error when creating "exception-1.yaml": admission webhook "kyverno-svc.kyverno.svc" denied the request: [spec.podSecurity[0].controlName: Invalid value: "Capabilities": exclude.images must be specified for the container level control, spec.podSecurity[3].controlName: Invalid value: "Privilege Escalation": exclude.images must be specified for the container level control]
- name: Apply the second policy exception
try:
@ -21,7 +21,7 @@ spec:
check:
($error != null): true
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
Error from server: error when creating "exception-2.yaml": admission webhook "kyverno-svc.kyverno.svc" denied the request: spec.podSecurity[0].values: Forbidden: values is required
- name: Apply the third policy exception
try:
@ -30,5 +30,5 @@ spec:
check:
($error != null): true
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
Error from server: error when creating "exception-3.yaml": admission webhook "kyverno-svc.kyverno.svc" denied the request: spec.podSecurity[0].restrictedField: Forbidden: restrictedField is required

View file

@ -12,7 +12,7 @@ spec:
check:
($error != null): true
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
Error from server: error when creating "policy-1.yaml": admission webhook "validate-policy.kyverno.svc" denied the request: spec.rules[0].podSecurity.exclude[0].values: Forbidden: values is required
- name: Apply the second policy
try:
@ -21,5 +21,5 @@ spec:
check:
($error != null): true
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
Error from server: error when creating "policy-2.yaml": admission webhook "validate-policy.kyverno.svc" denied the request: spec.rules[0].podSecurity.exclude[0].restrictedField: Forbidden: restrictedField is required

View file

@ -23,7 +23,7 @@ spec:
content: kubectl apply -f resource.yaml
check:
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
Error from server: error when creating "resource.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
resource Namespace//asdfhl was blocked due to the following policies

View file

@ -23,7 +23,7 @@ spec:
content: kubectl apply -f resource.yaml
check:
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
Error from server: error when creating "resource.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
resource Namespace//asdfhl was blocked due to the following policies

View file

@ -18,7 +18,7 @@ spec:
check:
($error != null): true
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
Error from server: error when creating "pod.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
resource Pod/default/test was blocked due to the following policies

View file

@ -18,7 +18,7 @@ spec:
check:
($error != null): true
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
Error from server: error when creating "pod.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
resource Pod/default/test was blocked due to the following policies

View file

@ -18,7 +18,7 @@ spec:
check:
($error != null): true
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
Error from server: error when creating "pod.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
resource Pod/default/ba was blocked due to the following policies

View file

@ -18,7 +18,7 @@ spec:
check:
($error != null): true
# This check ensures the contents of stderr are exactly as shown.
($stderr): |-
(trim_space($stderr)): |-
Error from server: error when creating "pod.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
resource Pod/default/ba was blocked due to the following policies