apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  name: invalid-pod-security-rule
spec:
  steps:
  - name: Apply the first policy
    try:
    - script:
        content: kubectl apply -f policy-1.yaml
        check:
          ($error != null): true
          # This check ensures the contents of stderr are exactly as shown.  
          (trim_space($stderr)): |-
            Error from server: error when creating "policy-1.yaml": admission webhook "validate-policy.kyverno.svc" denied the request: spec.rules[0].podSecurity.exclude[0].values: Forbidden: values is required
  - name: Apply the second policy
    try:
    - script:
        content: kubectl apply -f policy-2.yaml
        check:
          ($error != null): true
          # This check ensures the contents of stderr are exactly as shown.  
          (trim_space($stderr)): |-
            Error from server: error when creating "policy-2.yaml": admission webhook "validate-policy.kyverno.svc" denied the request: spec.rules[0].podSecurity.exclude[0].restrictedField: Forbidden: restrictedField is required