mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00
Code Activity
kyverno/test/conformance/chainsaw/exceptions/exclude-privileged-containers
History
Mariam Fahmy 2140a0239b
chore: rename validationFailureAction to failureAction under the rule (#10893) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2024-08-27 20:07:57 +00:00
..
chainsaw-test.yaml feat: add chainsaw tests for pod security in exceptions (#9667) 2024-02-06 13:07:58 +00:00
exception.yaml chore: use v2 for exceptions in chainsaw tests (#10529) 2024-06-24 11:54:57 +00:00
ns.yaml feat: add chainsaw tests for pod security in exceptions (#9667) 2024-02-06 13:07:58 +00:00
pod-allowed-1.yaml feat: add chainsaw tests for pod security in exceptions (#9667) 2024-02-06 13:07:58 +00:00
pod-allowed-2.yaml feat: add chainsaw tests for pod security in exceptions (#9667) 2024-02-06 13:07:58 +00:00
pod-rejected-1.yaml feat: add chainsaw tests for pod security in exceptions (#9667) 2024-02-06 13:07:58 +00:00
pod-rejected-2.yaml feat: add chainsaw tests for pod security in exceptions (#9667) 2024-02-06 13:07:58 +00:00
pod-rejected-3.yaml feat: add chainsaw tests for pod security in exceptions (#9667) 2024-02-06 13:07:58 +00:00
policy-assert.yaml feat: add chainsaw tests for pod security in exceptions (#9667) 2024-02-06 13:07:58 +00:00
policy.yaml chore: rename validationFailureAction to failureAction under the rule (#10893) 2024-08-27 20:07:57 +00:00
README.md feat: add chainsaw tests for pod security in exceptions (#9667) 2024-02-06 13:07:58 +00:00

README.md

Description

This test creates a policy that enforces the baseline profile and a policy exception that exempts any pod whose image is nginx in the staging-ns namespace and sets the securityContext.privileged field in containers and initContainers only.

Steps

    • Create a cluster policy
    • Assert the policy becomes ready
    • Create a policy exception for the cluster policy created above.
    • Try to create a pod named good-pod-1 with securityContext.privileged set to false in the default namespace, expecting the creation to succeed.
    • Try to create a pod named good-pod-2 whose image is nginx in the staging-ns namespace and the securityContext.privileged is set to true in containers and initContainers, expecting the creation to succeed.
    • Try to create a pod named bad-pod-1 whose image is nginx in the staging-ns namespace and the securityContext.privileged is set to true in containers, initContainers and ephemeralContainers, expecting the creation to fail.
    • Try to create a pod named bad-pod-2 whose image is busybox in the staging-ns namespace and the securityContext.privileged is set to true in containers and initContainers, expecting the creation to fail.
    • Try to create a pod named bad-pod-3 whose image is nginx in the default namespace and the securityContext.privileged is set to true, expecting the creation to fail.