apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  name: exclude-ephemeral-containers
spec:
  steps:
  - name: create policy
    use:
      template: ../../_step-templates/create-policy.yaml
      with:
        bindings:
        - name: file
          value: policy.yaml
  - name: wait policy ready
    use:
      template: ../../_step-templates/cluster-policy-ready.yaml
      with:
        bindings:
        - name: name
          value: require-run-as-nonroot
  - name: step-02
    try:
    - apply:
        file: exception.yaml
  - name: step-03
    try:
    - apply:
        file: excluded-pod.yaml
  - name: step-04
    try:
    - script:
        content: if kubectl debug -n $NAMESPACE badpod --image=busybox:1.35; then exit 0; else exit 1; fi;