apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  creationTimestamp: null
  name: psa-run-as-non-root
spec:
  steps:
  - name: step-01
    try:
    - apply:
        file: policy.yaml
    - assert:
        file: policy-assert.yaml
  - name: step-02
    try:
    - apply:
        file: exception.yaml
  - name: step-03
    try:
    - script:
        content: kubectl apply -f bad-pod-01.yaml
        check:
          ($error != null): true
          (contains($stderr, 'spec.containers[0].securityContext.runAsNonRoot')): true
  - name: step-04
    try:
    - script:
        content: kubectl apply -f bad-pod-02.yaml
        check:
          ($error != null): true
          (contains($stderr, 'spec.containers[0].securityContext.runAsNonRoot')): true
  - name: step-05
    try:
    - apply:
        file: good-pod.yaml