apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  name: exclude-privilege-escalation
spec:
  steps:
  - name: create policy
    use:
      template: ../../_step-templates/create-policy.yaml
      with:
        bindings:
        - name: file
          value: policy.yaml
  - name: wait policy ready
    use:
      template: ../../_step-templates/cluster-policy-ready.yaml
      with:
        bindings:
        - name: name
          value: psa
  - name: step-02
    try:
    - apply:
        file: ns.yaml
    - assert:
        file: ns.yaml
  - name: step-03
    try:
    - apply:
        file: exception.yaml
  - name: step-04
    try:
    - apply:
        file: pod-allowed-1.yaml
    - apply:
        file: pod-allowed-2.yaml
    - apply:
        expect:
        - check:
            ($error != null): true
        file: pod-rejected-1.yaml
    - apply:
        expect:
        - check:
            ($error != null): true
        file: pod-rejected-2.yaml