mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
chore: bump chainsaw (#10687)
* chore: bump chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bump Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v0.2.8-beta.1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v0.2.8-beta.2 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * beta 3 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cli Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
7a6fee648b
commit
e004d8ae8d
18 changed files with 42 additions and 35 deletions
22
.github/workflows/conformance.yaml
vendored
22
.github/workflows/conformance.yaml
vendored
|
|
@ -128,7 +128,7 @@ jobs:
|
|||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install chainsaw
|
||||
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
|
||||
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
|
||||
# create cluster
|
||||
- name: Create kind cluster
|
||||
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
|
||||
|
|
@ -197,7 +197,7 @@ jobs:
|
|||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install chainsaw
|
||||
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
|
||||
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
|
||||
# create cluster
|
||||
- name: Create kind cluster
|
||||
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
|
||||
|
|
@ -271,7 +271,7 @@ jobs:
|
|||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install chainsaw
|
||||
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
|
||||
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
|
||||
# create cluster
|
||||
- name: Create kind cluster
|
||||
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
|
||||
|
|
@ -340,7 +340,7 @@ jobs:
|
|||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install chainsaw
|
||||
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
|
||||
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
|
||||
# create cluster
|
||||
- name: Create kind cluster
|
||||
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
|
||||
|
|
@ -413,7 +413,7 @@ jobs:
|
|||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install chainsaw
|
||||
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
|
||||
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
|
||||
# create cluster
|
||||
- name: Create kind cluster
|
||||
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
|
||||
|
|
@ -489,7 +489,7 @@ jobs:
|
|||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install chainsaw
|
||||
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
|
||||
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
|
||||
# create cluster
|
||||
- name: Create kind cluster
|
||||
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
|
||||
|
|
@ -564,7 +564,7 @@ jobs:
|
|||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install chainsaw
|
||||
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
|
||||
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
|
||||
# create cluster
|
||||
- name: Create kind cluster
|
||||
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
|
||||
|
|
@ -643,7 +643,7 @@ jobs:
|
|||
- name: Install Cosign
|
||||
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
|
||||
- name: Install chainsaw
|
||||
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
|
||||
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
|
||||
# create cluster
|
||||
- name: Create kind cluster and setup Sigstore Scaffolding
|
||||
uses: sigstore/scaffolding/actions/setup@634364a897dff805b1a26ab18abaefe379616785
|
||||
|
|
@ -733,7 +733,7 @@ jobs:
|
|||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install chainsaw
|
||||
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
|
||||
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
|
||||
# create cluster
|
||||
- name: Create kind cluster
|
||||
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
|
||||
|
|
@ -842,7 +842,7 @@ jobs:
|
|||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Install chainsaw
|
||||
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
|
||||
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
|
||||
- name: Download kyverno CLI archive
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
|
|
@ -967,7 +967,7 @@ jobs:
|
|||
with:
|
||||
name: kubectl-kyverno
|
||||
- name: Install chainsaw
|
||||
uses: kyverno/action-install-chainsaw@573a9c636f7c586f86ecb9de9674176daf80ee29 # v0.2.5
|
||||
uses: kyverno/action-install-chainsaw@82d8e747037f840e0ef9bdd97ecdc617f5535bdc # v0.2.8
|
||||
# create cluster
|
||||
- name: Create kind cluster
|
||||
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
|
||||
|
|
|
|||
10
test/conformance/chainsaw/_step-templates/apply-policy.yaml
Normal file
10
test/conformance/chainsaw/_step-templates/apply-policy.yaml
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: StepTemplate
|
||||
metadata:
|
||||
name: apply-policy
|
||||
spec:
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
|
||||
apiVersion: chainsaw.kyverno.io/v1alpha1
|
||||
kind: Test
|
||||
metadata:
|
||||
|
|
@ -5,9 +6,5 @@ metadata:
|
|||
name: conditions
|
||||
spec:
|
||||
steps:
|
||||
- name: step-01
|
||||
try:
|
||||
- apply:
|
||||
file: policy.yaml
|
||||
- assert:
|
||||
file: policy-assert.yaml
|
||||
- use:
|
||||
template: ../../_step-templates/apply-policy.yaml
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ spec:
|
|||
- script:
|
||||
content: kyverno apply policy.yaml --exception exception.yaml --cluster --namespace ns-1
|
||||
check:
|
||||
($stdout): |-
|
||||
(trim_space($stdout)): |-
|
||||
Applying 3 policy rule(s) to 1 resource(s) with 1 exception(s)...
|
||||
|
||||
pass: 0, fail: 0, warn: 0, error: 0, skip: 1
|
||||
|
|
|
|||
|
|
@ -49,5 +49,5 @@ spec:
|
|||
content: kubectl get updaterequests -n kyverno
|
||||
check:
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
No resources found in kyverno namespace.
|
||||
|
|
|
|||
|
|
@ -12,5 +12,5 @@ spec:
|
|||
check:
|
||||
($error != null): false
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
Warning: Global context entry name is not provided
|
||||
|
|
|
|||
|
|
@ -40,5 +40,5 @@ spec:
|
|||
content: kubectl get updaterequests -n kyverno
|
||||
check:
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
No resources found in kyverno namespace.
|
||||
|
|
|
|||
|
|
@ -40,5 +40,5 @@ spec:
|
|||
content: kubectl get updaterequests -n kyverno
|
||||
check:
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
No resources found in kyverno namespace.
|
||||
|
|
|
|||
|
|
@ -37,5 +37,5 @@ spec:
|
|||
content: kubectl get updaterequests -n kyverno
|
||||
check:
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
No resources found in kyverno namespace.
|
||||
|
|
|
|||
|
|
@ -37,5 +37,5 @@ spec:
|
|||
content: kubectl get updaterequests -n kyverno
|
||||
check:
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
No resources found in kyverno namespace.
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ spec:
|
|||
check:
|
||||
($error != null): true
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
Error from server: error when creating "exception-1.yaml": admission webhook "kyverno-svc.kyverno.svc" denied the request: [spec.podSecurity[0].controlName: Invalid value: "Capabilities": exclude.images must be specified for the container level control, spec.podSecurity[3].controlName: Invalid value: "Privilege Escalation": exclude.images must be specified for the container level control]
|
||||
- name: Apply the second policy exception
|
||||
try:
|
||||
|
|
@ -21,7 +21,7 @@ spec:
|
|||
check:
|
||||
($error != null): true
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
Error from server: error when creating "exception-2.yaml": admission webhook "kyverno-svc.kyverno.svc" denied the request: spec.podSecurity[0].values: Forbidden: values is required
|
||||
- name: Apply the third policy exception
|
||||
try:
|
||||
|
|
@ -30,5 +30,5 @@ spec:
|
|||
check:
|
||||
($error != null): true
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
Error from server: error when creating "exception-3.yaml": admission webhook "kyverno-svc.kyverno.svc" denied the request: spec.podSecurity[0].restrictedField: Forbidden: restrictedField is required
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ spec:
|
|||
check:
|
||||
($error != null): true
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
Error from server: error when creating "policy-1.yaml": admission webhook "validate-policy.kyverno.svc" denied the request: spec.rules[0].podSecurity.exclude[0].values: Forbidden: values is required
|
||||
- name: Apply the second policy
|
||||
try:
|
||||
|
|
@ -21,5 +21,5 @@ spec:
|
|||
check:
|
||||
($error != null): true
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
Error from server: error when creating "policy-2.yaml": admission webhook "validate-policy.kyverno.svc" denied the request: spec.rules[0].podSecurity.exclude[0].restrictedField: Forbidden: restrictedField is required
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ spec:
|
|||
content: kubectl apply -f resource.yaml
|
||||
check:
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
Error from server: error when creating "resource.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
|
||||
|
||||
resource Namespace//asdfhl was blocked due to the following policies
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ spec:
|
|||
content: kubectl apply -f resource.yaml
|
||||
check:
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
Error from server: error when creating "resource.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
|
||||
|
||||
resource Namespace//asdfhl was blocked due to the following policies
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ spec:
|
|||
check:
|
||||
($error != null): true
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
Error from server: error when creating "pod.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
|
||||
|
||||
resource Pod/default/test was blocked due to the following policies
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ spec:
|
|||
check:
|
||||
($error != null): true
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
Error from server: error when creating "pod.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
|
||||
|
||||
resource Pod/default/test was blocked due to the following policies
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ spec:
|
|||
check:
|
||||
($error != null): true
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
Error from server: error when creating "pod.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
|
||||
|
||||
resource Pod/default/ba was blocked due to the following policies
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ spec:
|
|||
check:
|
||||
($error != null): true
|
||||
# This check ensures the contents of stderr are exactly as shown.
|
||||
($stderr): |-
|
||||
(trim_space($stderr)): |-
|
||||
Error from server: error when creating "pod.yaml": admission webhook "validate.kyverno.svc-fail" denied the request:
|
||||
|
||||
resource Pod/default/ba was blocked due to the following policies
|
||||
|
|
|
|||
Loading…
Reference in a new issue