mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-10 18:06:55 +00:00
e004d8ae8d
* chore: bump chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bump Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v0.2.8-beta.1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v0.2.8-beta.2 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * beta 3 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cli Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
34 lines
1.7 KiB
YAML
Executable file
34 lines
1.7 KiB
YAML
Executable file
apiVersion: chainsaw.kyverno.io/v1alpha1
|
|
kind: Test
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: invalid-pod-security-exceptions
|
|
spec:
|
|
steps:
|
|
- name: Apply the first policy exception
|
|
try:
|
|
- script:
|
|
content: kubectl apply -f exception-1.yaml
|
|
check:
|
|
($error != null): true
|
|
# This check ensures the contents of stderr are exactly as shown.
|
|
(trim_space($stderr)): |-
|
|
Error from server: error when creating "exception-1.yaml": admission webhook "kyverno-svc.kyverno.svc" denied the request: [spec.podSecurity[0].controlName: Invalid value: "Capabilities": exclude.images must be specified for the container level control, spec.podSecurity[3].controlName: Invalid value: "Privilege Escalation": exclude.images must be specified for the container level control]
|
|
- name: Apply the second policy exception
|
|
try:
|
|
- script:
|
|
content: kubectl apply -f exception-2.yaml
|
|
check:
|
|
($error != null): true
|
|
# This check ensures the contents of stderr are exactly as shown.
|
|
(trim_space($stderr)): |-
|
|
Error from server: error when creating "exception-2.yaml": admission webhook "kyverno-svc.kyverno.svc" denied the request: spec.podSecurity[0].values: Forbidden: values is required
|
|
- name: Apply the third policy exception
|
|
try:
|
|
- script:
|
|
content: kubectl apply -f exception-3.yaml
|
|
check:
|
|
($error != null): true
|
|
# This check ensures the contents of stderr are exactly as shown.
|
|
(trim_space($stderr)): |-
|
|
Error from server: error when creating "exception-3.yaml": admission webhook "kyverno-svc.kyverno.svc" denied the request: spec.podSecurity[0].restrictedField: Forbidden: restrictedField is required
|