mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 17:37:12 +00:00
Code Activity
kyverno/test/conformance/chainsaw/reports/background/multiple-exceptions-with-pod-security
History
gcp-cherry-pick-bot[bot] 1e46816e00
chore: bump chainsaw (#11161) (#11177) 
* chore: bump chainsaw



* more template use



* v0.2.10



* go mod



---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2024-09-17 10:09:15 +00:00
..
chainsaw-test.yaml chore: bump chainsaw (#11161) (#11177) 2024-09-17 10:09:15 +00:00
exceptions.yaml fix: return all the exceptions that match the incoming resource (#10722) 2024-07-25 17:36:19 +00:00
pod.yaml fix: return all the exceptions that match the incoming resource (#10722) 2024-07-25 17:36:19 +00:00
policy-assert.yaml fix: return all the exceptions that match the incoming resource (#10722) 2024-07-25 17:36:19 +00:00
policy.yaml fix: return all the exceptions that match the incoming resource (#10722) 2024-07-25 17:36:19 +00:00
README.md fix: return all the exceptions that match the incoming resource (#10722) 2024-07-25 17:36:19 +00:00
report-fail-assert.yaml fix: return all the exceptions that match the incoming resource (#10722) 2024-07-25 17:36:19 +00:00
report-skip-assert.yaml fix: return all the exceptions that match the incoming resource (#10722) 2024-07-25 17:36:19 +00:00

README.md

Description

This test makes sure that the report is generated correctly when multiple exceptions are created for the same policy.

Expected Behavior

  1. Create a pod with two init containers. The first init container should have the NET_ADMIN and NET_RAW capabilities, and the second init container should have the SYS_TIME capability.

  2. Create a policy that applies the baseline profile.

  3. Create two exceptions for the init containters as follows:

    • The first exception init1-exception-baseline allows the values of NET_ADMIN and NET_RAW capabilities in the init containers.
    • The second exception init2-exception-baseline allows the values of SYS_TIME capabilities in the init containers.

  4. It is expected that a policy report is generated with a skip result.

  5. Delete the first exception.

  6. It is expected that a policy report is updated with a fail result since the first init container violates the policy and it isn't excluded by the second exception.

Reference Issue(s)

#10580