apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  name: restrict-image-registries
spec:
  steps:
  - name: create policy
    use:
      template: ../../_step-templates/create-policy.yaml
      with:
        bindings:
        - name: file
          value: policy.yaml
  - name: wait policy ready
    use:
      template: ../../_step-templates/cluster-policy-ready.yaml
      with:
        bindings:
        - name: name
          value: restrict-image-registries
  - name: check autogen
    try:
    - assert:
        file: check-autogen.yaml
  - name: step-02
    try:
    - script:
        content: kubectl run nginx-1 --image nginx
        check:
          ($error != null): true
          (contains($stderr, 'rule validate-registries failed at path /spec/containers/0/image/')): true
  - name: step-03
    try:
    - script:
        content: kubectl create deployment testing --image=nginx --replicas=1
        check:
          ($error != null): true
          (contains($stderr, 'rule autogen-validate-registries failed at path /spec/template/spec/containers/0/image/')): true
  - name: step-04
    try:
    - script:
        content: kubectl create cronjob my-job --image=busybox --schedule="*/1 * * * *"
        check:
          ($error != null): true
          (contains($stderr, 'rule autogen-cronjob-validate-registries failed')): true