Skip to content

Commit

Permalink
disallow-proc-mount: add chainsaw test
Browse files Browse the repository at this point in the history 
Signed-off-by: Mohamed Awnallah <[email protected]>
  • Loading branch information
@mohamedawnallah
mohamedawnallah committed Jul 7, 2024
1 parent a1b8992 commit 825d8ec
Show file tree
Hide file tree
Showing 5 changed files with 89 additions and 0 deletions.
6 changes: 6 additions & 0 deletions pod-security/baseline/disallow-proc-mount/.chainsaw-test/chainsaw-step-01-assert-1.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: disallow-proc-mount
status:
ready: true
38 changes: 38 additions & 0 deletions pod-security/baseline/disallow-proc-mount/.chainsaw-test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
name: disallow-proc-mount
spec:
steps:
- name: step-01
try:
- apply:
file: ../disallow-proc-mount.yaml
- patch:
resource:
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: disallow-proc-mount
spec:
validationFailureAction: Enforce
- assert:
file: chainsaw-step-01-assert-1.yaml
- name: step-02
try:
- apply:
file: valid-pod.yaml
- name: step-03
try:
- apply:
expect:
- check:
($error != null): true
file: invalid-pod-containers.yaml
- name: step-04
try:
- apply:
expect:
- check:
($error != null): true
file: invalid-pod-initcontainers.yaml
15 changes: 15 additions & 0 deletions pod-security/baseline/disallow-proc-mount/.chainsaw-test/invalid-pod-containers.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: invalid-pod-containers
spec:
containers:
- name: invalid-container
image: nginx:1.14.1
securityContext:
procMount: Unmasked
initContainers:
- name: valid-init-container
image: busybox:1.35
securityContext:
procMount: Default
15 changes: 15 additions & 0 deletions pod-security/baseline/disallow-proc-mount/.chainsaw-test/invalid-pod-initcontainers.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: invalid-pod-initcontainers
spec:
containers:
- name: valid-container
image: nginx:1.14.1
securityContext:
procMount: Default
initContainers:
- name: invalid-init-container
image: busybox:1.35
securityContext:
procMount: Unmasked
15 changes: 15 additions & 0 deletions pod-security/baseline/disallow-proc-mount/.chainsaw-test/valid-pod.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: valid-pod
spec:
containers:
- name: valid-container
image: nginx:1.14.1
securityContext:
procMount: Default
initContainers:
- name: valid-init-container
image: busybox:1.35
securityContext:
procMount: Default

0 comments on commit 825d8ec

Please sign in to comment.