kyverno/test/conformance/chainsaw/exceptions/psa-run-as-non-root/README.md at f3c9be9d0f703c54dd40759db392bad2aca66958

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00

feat add chainsaw tests for pod security and exceptions (#10664 )

* feat add chainsaw tests for pod security and exceptions

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix: enable ProcMountType in the kind config

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

2024-07-16 12:14:47 +00:00

1.3 KiB

Raw Blame History

Description

This test creates an exception for the init containers to set the runAsNonRoot to false

Expected Behavior

Create a policy that applies the restricted profile.
Create an exception for the init containters to set the runAsNonRoot to false.
Create a pod with the following characteristics:
- The pod has an init container that sets the runAsNonRoot field to false.
- The pod has a container that doesn't set the runAsNonRoot field.
It is expected that the pod will be blocked with a message reporting the violation of the container. The init container is already excluded by the exception.
Create a pod with the following characteristics:
- The pod has an init container that sets the runAsNonRoot field to true.
- The pod has a container that doesn't set the runAsNonRoot field.
It is expected that the pod will be blocked with a message reporting the violation of the container.
Create a pod with the following characteristics:
- The pod has an init container that sets the runAsNonRoot field to false.
- The pod has a container that doesn't set the runAsNonRoot field.
- runAsNonRoot is set to true in the pod spec.
It is expected that the pod will be created successfully.

Reference Issue(s)

#10581

1.3 KiB Raw Blame History

Description

Expected Behavior

Reference Issue(s)

1.3 KiB

Raw Blame History