kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-10 01:46:55 +00:00

History

Mariam Fahmy c796bb765c fix: return policies with either audit or enforce rules from the cache (#10667 ) * fix: return policies with either audit or enforce rules from the cache Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: introduce validationFailureAction under verifyImage rules Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>		2024-08-06 18:24:28 +00:00
..
bad-pod-01.yaml	feat add chainsaw tests for pod security and exceptions (#10664 )	2024-07-16 12:14:47 +00:00
bad-pod-02.yaml	feat add chainsaw tests for pod security and exceptions (#10664 )	2024-07-16 12:14:47 +00:00
chainsaw-test.yaml	feat add chainsaw tests for pod security and exceptions (#10664 )	2024-07-16 12:14:47 +00:00
exception.yaml	feat add chainsaw tests for pod security and exceptions (#10664 )	2024-07-16 12:14:47 +00:00
good-pod.yaml	feat add chainsaw tests for pod security and exceptions (#10664 )	2024-07-16 12:14:47 +00:00
policy-assert.yaml	feat add chainsaw tests for pod security and exceptions (#10664 )	2024-07-16 12:14:47 +00:00
policy.yaml	fix: return policies with either audit or enforce rules from the cache (#10667 )	2024-08-06 18:24:28 +00:00
README.md	feat add chainsaw tests for pod security and exceptions (#10664 )	2024-07-16 12:14:47 +00:00

Description

This test creates an exception for the init containers to set the runAsNonRoot to false

Create a policy that applies the restricted profile.
Create an exception for the init containters to set the runAsNonRoot to false.
Create a pod with the following characteristics:
- The pod has an init container that sets the runAsNonRoot field to false.
- The pod has a container that doesn't set the runAsNonRoot field.
It is expected that the pod will be blocked with a message reporting the violation of the container. The init container is already excluded by the exception.
Create a pod with the following characteristics:
- The pod has an init container that sets the runAsNonRoot field to true.
- The pod has a container that doesn't set the runAsNonRoot field.
It is expected that the pod will be blocked with a message reporting the violation of the container.
Create a pod with the following characteristics:
- The pod has an init container that sets the runAsNonRoot field to false.
- The pod has a container that doesn't set the runAsNonRoot field.
- runAsNonRoot is set to true in the pod spec.
It is expected that the pod will be created successfully.

#10581