diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b0b5b64d7..e2a71106a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,10 +34,10 @@ jobs: # - cert-manager # - consul # - external-secret-operator - - flux - - istio - - karpenter - - kasten + # - flux + # - istio + # - karpenter + # - kasten - kubecost - kubeops - kubevirt @@ -109,10 +109,10 @@ jobs: - cert-manager - consul - external-secret-operator - # - flux - # - istio - # - karpenter - # - kasten + - flux + - istio + - karpenter + - kasten # - kubecost # - kubeops # - kubevirt diff --git a/castai/add-castai-removal-disabled/.chainsaw-test/chainsaw-test.yaml b/castai/add-castai-removal-disabled/.chainsaw-test/chainsaw-test.yaml index e8e7cb56e..b5f6d4cd3 100755 --- a/castai/add-castai-removal-disabled/.chainsaw-test/chainsaw-test.yaml +++ b/castai/add-castai-removal-disabled/.chainsaw-test/chainsaw-test.yaml @@ -15,6 +15,9 @@ spec: try: - apply: file: ../.kyverno-test/resources.yaml + finally: + - sleep: + duration: 5s - name: step-03 try: - assert: diff --git a/flux/generate-flux-multi-tenant-resources/03-ns.yaml b/flux/generate-flux-multi-tenant-resources/.chainsaw-test/chainsaw-step-03-apply-1.yaml old mode 100644 new mode 100755 similarity index 68% rename from flux/generate-flux-multi-tenant-resources/03-ns.yaml rename to flux/generate-flux-multi-tenant-resources/.chainsaw-test/chainsaw-step-03-apply-1.yaml index 225f91f97..2ca7049b6 --- a/flux/generate-flux-multi-tenant-resources/03-ns.yaml +++ b/flux/generate-flux-multi-tenant-resources/.chainsaw-test/chainsaw-step-03-apply-1.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: Namespace metadata: - name: flux-tenant-namespace labels: - toolkit.fluxcd.io/tenant: ftenant \ No newline at end of file + toolkit.fluxcd.io/tenant: ftenant + name: flux-tenant-namespace diff --git a/flux/generate-flux-multi-tenant-resources/.chainsaw-test/chainsaw-test.yaml b/flux/generate-flux-multi-tenant-resources/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..48213ff0f --- /dev/null +++ b/flux/generate-flux-multi-tenant-resources/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,29 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: generate-flux-multi-tenant-resources +spec: + steps: + - name: step-01 + try: + - apply: + file: ns.yaml + - apply: + file: cluster-role.yaml + - name: step-02 + try: + - apply: + file: ../generate-flux-multi-tenant-resources.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1.yaml + - name: step-04 + try: + - assert: + file: generatedResources.yaml + - error: + file: notGeneratedResource.yaml diff --git a/flux/generate-flux-multi-tenant-resources/cluster-role.yaml b/flux/generate-flux-multi-tenant-resources/.chainsaw-test/cluster-role.yaml similarity index 100% rename from flux/generate-flux-multi-tenant-resources/cluster-role.yaml rename to flux/generate-flux-multi-tenant-resources/.chainsaw-test/cluster-role.yaml diff --git a/flux/generate-flux-multi-tenant-resources/generatedResources.yaml b/flux/generate-flux-multi-tenant-resources/.chainsaw-test/generatedResources.yaml similarity index 100% rename from flux/generate-flux-multi-tenant-resources/generatedResources.yaml rename to flux/generate-flux-multi-tenant-resources/.chainsaw-test/generatedResources.yaml diff --git a/flux/generate-flux-multi-tenant-resources/notGeneratedResource.yaml b/flux/generate-flux-multi-tenant-resources/.chainsaw-test/notGeneratedResource.yaml similarity index 100% rename from flux/generate-flux-multi-tenant-resources/notGeneratedResource.yaml rename to flux/generate-flux-multi-tenant-resources/.chainsaw-test/notGeneratedResource.yaml diff --git a/flux/generate-flux-multi-tenant-resources/ns.yaml b/flux/generate-flux-multi-tenant-resources/.chainsaw-test/ns.yaml similarity index 100% rename from flux/generate-flux-multi-tenant-resources/ns.yaml rename to flux/generate-flux-multi-tenant-resources/.chainsaw-test/ns.yaml diff --git a/flux/generate-flux-multi-tenant-resources/policy-ready.yaml b/flux/generate-flux-multi-tenant-resources/.chainsaw-test/policy-ready.yaml similarity index 100% rename from flux/generate-flux-multi-tenant-resources/policy-ready.yaml rename to flux/generate-flux-multi-tenant-resources/.chainsaw-test/policy-ready.yaml diff --git a/flux/generate-flux-multi-tenant-resources/01-manifests.yaml b/flux/generate-flux-multi-tenant-resources/01-manifests.yaml deleted file mode 100644 index 02b91a0ea..000000000 --- a/flux/generate-flux-multi-tenant-resources/01-manifests.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- ns.yaml -- cluster-role.yaml \ No newline at end of file diff --git a/flux/generate-flux-multi-tenant-resources/02-policy.yaml b/flux/generate-flux-multi-tenant-resources/02-policy.yaml deleted file mode 100644 index 424bffbf2..000000000 --- a/flux/generate-flux-multi-tenant-resources/02-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- generate-flux-multi-tenant-resources.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/flux/generate-flux-multi-tenant-resources/04-generated.yaml b/flux/generate-flux-multi-tenant-resources/04-generated.yaml deleted file mode 100644 index ea2c39a99..000000000 --- a/flux/generate-flux-multi-tenant-resources/04-generated.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -assert: -- generatedResources.yaml -error: -- notGeneratedResource.yaml \ No newline at end of file diff --git a/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-1.yaml b/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-1.yaml new file mode 100755 index 000000000..30e325f84 --- /dev/null +++ b/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -0,0 +1,6 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: verify-flux-sources +status: + ready: true diff --git a/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-2.yaml b/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-2.yaml new file mode 100755 index 000000000..688485ded --- /dev/null +++ b/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-2.yaml @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: buckets.source.toolkit.fluxcd.io +spec: {} +status: + acceptedNames: + kind: Bucket + listKind: BucketList + plural: buckets + singular: bucket + storedVersions: + - v1beta2 diff --git a/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-3.yaml b/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-3.yaml new file mode 100755 index 000000000..79db50af3 --- /dev/null +++ b/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-3.yaml @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gitrepositories.source.toolkit.fluxcd.io +spec: {} +status: + acceptedNames: + kind: GitRepository + listKind: GitRepositoryList + plural: gitrepositories + singular: gitrepository + storedVersions: + - v1 diff --git a/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-4.yaml b/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-4.yaml new file mode 100755 index 000000000..51fc5cd50 --- /dev/null +++ b/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-4.yaml @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: imagerepositories.image.toolkit.fluxcd.io +spec: {} +status: + acceptedNames: + kind: ImageRepository + listKind: ImageRepositoryList + plural: imagerepositories + singular: imagerepository + storedVersions: + - v1beta2 diff --git a/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-5.yaml b/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-5.yaml new file mode 100755 index 000000000..22d1c289c --- /dev/null +++ b/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-01-assert-5.yaml @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: helmrepositories.source.toolkit.fluxcd.io +spec: {} +status: + acceptedNames: + kind: HelmRepository + listKind: HelmRepositoryList + plural: helmrepositories + singular: helmrepository + storedVersions: + - v1beta2 diff --git a/istio/create-authorizationpolicy/05-ns.yaml b/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-02-apply-1.yaml old mode 100644 new mode 100755 similarity index 60% rename from istio/create-authorizationpolicy/05-ns.yaml rename to flux/verify-flux-sources/.chainsaw-test/chainsaw-step-02-apply-1.yaml index 17ebd5b2a..c00a4321e --- a/istio/create-authorizationpolicy/05-ns.yaml +++ b/flux/verify-flux-sources/.chainsaw-test/chainsaw-step-02-apply-1.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: istio-cr-authpol-ns \ No newline at end of file + name: flux-system diff --git a/flux/verify-flux-sources/.chainsaw-test/chainsaw-test.yaml b/flux/verify-flux-sources/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..255e631de --- /dev/null +++ b/flux/verify-flux-sources/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,63 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: verify-flux-sources +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../verify-flux-sources.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - assert: + file: chainsaw-step-01-assert-2.yaml + - assert: + file: chainsaw-step-01-assert-3.yaml + - assert: + file: chainsaw-step-01-assert-4.yaml + - assert: + file: chainsaw-step-01-assert-5.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1.yaml + - name: step-03 + try: + - apply: + expect: + - check: + ($error != null): true + file: repo-bad-git.yaml + - apply: + expect: + - check: + ($error != null): true + file: repo-bad-bucket.yaml + - apply: + expect: + - check: + ($error != null): true + file: repo-bad-helm.yaml + - apply: + expect: + - check: + ($error != null): true + file: repo-bad-image.yaml + - apply: + file: repo-good-git.yaml + - apply: + file: repo-good-bucket.yaml + - apply: + file: repo-good-helm.yaml + - apply: + file: repo-good-image.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: verify-flux-sources diff --git a/flux/verify-flux-sources/repo-bad-bucket.yaml b/flux/verify-flux-sources/.chainsaw-test/repo-bad-bucket.yaml similarity index 100% rename from flux/verify-flux-sources/repo-bad-bucket.yaml rename to flux/verify-flux-sources/.chainsaw-test/repo-bad-bucket.yaml diff --git a/flux/verify-flux-sources/repo-bad-git.yaml b/flux/verify-flux-sources/.chainsaw-test/repo-bad-git.yaml similarity index 100% rename from flux/verify-flux-sources/repo-bad-git.yaml rename to flux/verify-flux-sources/.chainsaw-test/repo-bad-git.yaml diff --git a/flux/verify-flux-sources/repo-bad-helm.yaml b/flux/verify-flux-sources/.chainsaw-test/repo-bad-helm.yaml similarity index 100% rename from flux/verify-flux-sources/repo-bad-helm.yaml rename to flux/verify-flux-sources/.chainsaw-test/repo-bad-helm.yaml diff --git a/flux/verify-flux-sources/repo-bad-image.yaml b/flux/verify-flux-sources/.chainsaw-test/repo-bad-image.yaml similarity index 100% rename from flux/verify-flux-sources/repo-bad-image.yaml rename to flux/verify-flux-sources/.chainsaw-test/repo-bad-image.yaml diff --git a/flux/verify-flux-sources/repo-good-bucket.yaml b/flux/verify-flux-sources/.chainsaw-test/repo-good-bucket.yaml similarity index 100% rename from flux/verify-flux-sources/repo-good-bucket.yaml rename to flux/verify-flux-sources/.chainsaw-test/repo-good-bucket.yaml diff --git a/flux/verify-flux-sources/repo-good-git.yaml b/flux/verify-flux-sources/.chainsaw-test/repo-good-git.yaml similarity index 100% rename from flux/verify-flux-sources/repo-good-git.yaml rename to flux/verify-flux-sources/.chainsaw-test/repo-good-git.yaml diff --git a/flux/verify-flux-sources/repo-good-helm.yaml b/flux/verify-flux-sources/.chainsaw-test/repo-good-helm.yaml similarity index 100% rename from flux/verify-flux-sources/repo-good-helm.yaml rename to flux/verify-flux-sources/.chainsaw-test/repo-good-helm.yaml diff --git a/flux/verify-flux-sources/repo-good-image.yaml b/flux/verify-flux-sources/.chainsaw-test/repo-good-image.yaml similarity index 100% rename from flux/verify-flux-sources/repo-good-image.yaml rename to flux/verify-flux-sources/.chainsaw-test/repo-good-image.yaml diff --git a/flux/verify-flux-sources/01-assert.yaml b/flux/verify-flux-sources/01-assert.yaml deleted file mode 100644 index 180d026fa..000000000 --- a/flux/verify-flux-sources/01-assert.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: verify-flux-sources -status: - ready: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: buckets.source.toolkit.fluxcd.io -spec: {} -status: - acceptedNames: - kind: Bucket - listKind: BucketList - plural: buckets - singular: bucket - storedVersions: - - v1beta2 ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: gitrepositories.source.toolkit.fluxcd.io -spec: {} -status: - acceptedNames: - kind: GitRepository - listKind: GitRepositoryList - plural: gitrepositories - singular: gitrepository - storedVersions: - - v1 ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: imagerepositories.image.toolkit.fluxcd.io -spec: {} -status: - acceptedNames: - kind: ImageRepository - listKind: ImageRepositoryList - plural: imagerepositories - singular: imagerepository - storedVersions: - - v1beta2 ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: helmrepositories.source.toolkit.fluxcd.io -spec: {} -status: - acceptedNames: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - singular: helmrepository - storedVersions: - - v1beta2 \ No newline at end of file diff --git a/flux/verify-flux-sources/01-enforce.yaml b/flux/verify-flux-sources/01-enforce.yaml deleted file mode 100644 index 79991c838..000000000 --- a/flux/verify-flux-sources/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' verify-flux-sources.yaml | kubectl create -f - \ No newline at end of file diff --git a/flux/verify-flux-sources/03-manifests.yaml b/flux/verify-flux-sources/03-manifests.yaml deleted file mode 100644 index 2ac30add5..000000000 --- a/flux/verify-flux-sources/03-manifests.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: repo-bad-git.yaml - shouldFail: true -- file: repo-bad-bucket.yaml - shouldFail: true -- file: repo-bad-helm.yaml - shouldFail: true -- file: repo-bad-image.yaml - shouldFail: true -- file: repo-good-git.yaml - shouldFail: false -- file: repo-good-bucket.yaml - shouldFail: false -- file: repo-good-helm.yaml - shouldFail: false -- file: repo-good-image.yaml - shouldFail: false \ No newline at end of file diff --git a/flux/verify-flux-sources/99-delete.yaml b/flux/verify-flux-sources/99-delete.yaml deleted file mode 100644 index cc82f1af0..000000000 --- a/flux/verify-flux-sources/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: verify-flux-sources \ No newline at end of file diff --git a/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-02-apply-1.yaml b/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-02-apply-1.yaml new file mode 100755 index 000000000..5800cf99a --- /dev/null +++ b/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-02-apply-1.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + istio-injection: enabled + name: istio-test-en-ns diff --git a/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-02-apply-2.yaml b/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-02-apply-2.yaml new file mode 100755 index 000000000..ac1969893 --- /dev/null +++ b/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-02-apply-2.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + istio-injection: disabled + name: istio-test-dis-ns diff --git a/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-02-apply-3.yaml b/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-02-apply-3.yaml new file mode 100755 index 000000000..6b17ee831 --- /dev/null +++ b/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-02-apply-3.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-test-none-ns diff --git a/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-02-apply-4.yaml b/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-02-apply-4.yaml new file mode 100755 index 000000000..7b14de9b6 --- /dev/null +++ b/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-02-apply-4.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + foo: bar + name: istio-test-alt-ns diff --git a/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-test.yaml b/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..e25532f02 --- /dev/null +++ b/istio/add-sidecar-injection-namespace/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,33 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: add-sidecar-injection-namespace +spec: + steps: + - name: step-01 + try: + - apply: + file: ../add-sidecar-injection-namespace.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1.yaml + - apply: + file: chainsaw-step-02-apply-2.yaml + - apply: + file: chainsaw-step-02-apply-3.yaml + - apply: + file: chainsaw-step-02-apply-4.yaml + - name: step-03 + try: + - assert: + file: patched-ns-alt.yaml + - assert: + file: patched-ns-disabled.yaml + - assert: + file: patched-ns-enabled.yaml + - assert: + file: patched-ns-none.yaml diff --git a/istio/add-sidecar-injection-namespace/patched-ns-alt.yaml b/istio/add-sidecar-injection-namespace/.chainsaw-test/patched-ns-alt.yaml similarity index 100% rename from istio/add-sidecar-injection-namespace/patched-ns-alt.yaml rename to istio/add-sidecar-injection-namespace/.chainsaw-test/patched-ns-alt.yaml diff --git a/istio/add-sidecar-injection-namespace/patched-ns-disabled.yaml b/istio/add-sidecar-injection-namespace/.chainsaw-test/patched-ns-disabled.yaml similarity index 100% rename from istio/add-sidecar-injection-namespace/patched-ns-disabled.yaml rename to istio/add-sidecar-injection-namespace/.chainsaw-test/patched-ns-disabled.yaml diff --git a/istio/add-sidecar-injection-namespace/patched-ns-enabled.yaml b/istio/add-sidecar-injection-namespace/.chainsaw-test/patched-ns-enabled.yaml similarity index 100% rename from istio/add-sidecar-injection-namespace/patched-ns-enabled.yaml rename to istio/add-sidecar-injection-namespace/.chainsaw-test/patched-ns-enabled.yaml diff --git a/istio/add-sidecar-injection-namespace/patched-ns-none.yaml b/istio/add-sidecar-injection-namespace/.chainsaw-test/patched-ns-none.yaml similarity index 100% rename from istio/add-sidecar-injection-namespace/patched-ns-none.yaml rename to istio/add-sidecar-injection-namespace/.chainsaw-test/patched-ns-none.yaml diff --git a/istio/add-sidecar-injection-namespace/policy-ready.yaml b/istio/add-sidecar-injection-namespace/.chainsaw-test/policy-ready.yaml similarity index 100% rename from istio/add-sidecar-injection-namespace/policy-ready.yaml rename to istio/add-sidecar-injection-namespace/.chainsaw-test/policy-ready.yaml diff --git a/istio/add-sidecar-injection-namespace/01-policy.yaml b/istio/add-sidecar-injection-namespace/01-policy.yaml deleted file mode 100644 index 011415a18..000000000 --- a/istio/add-sidecar-injection-namespace/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- add-sidecar-injection-namespace.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/istio/add-sidecar-injection-namespace/02-ns.yaml b/istio/add-sidecar-injection-namespace/02-ns.yaml deleted file mode 100644 index fe75f4d1d..000000000 --- a/istio/add-sidecar-injection-namespace/02-ns.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - istio-injection: enabled - name: istio-test-en-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - labels: - istio-injection: disabled - name: istio-test-dis-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - name: istio-test-none-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - labels: - foo: bar - name: istio-test-alt-ns \ No newline at end of file diff --git a/istio/add-sidecar-injection-namespace/03-mutated.yaml b/istio/add-sidecar-injection-namespace/03-mutated.yaml deleted file mode 100644 index aac4f3f0b..000000000 --- a/istio/add-sidecar-injection-namespace/03-mutated.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -assert: -- patched-ns-alt.yaml -- patched-ns-disabled.yaml -- patched-ns-enabled.yaml -- patched-ns-none.yaml \ No newline at end of file diff --git a/istio/create-authorizationpolicy/01-assert.yaml b/istio/create-authorizationpolicy/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 96% rename from istio/create-authorizationpolicy/01-assert.yaml rename to istio/create-authorizationpolicy/.chainsaw-test/chainsaw-step-01-assert-1.yaml index 286289f27..a71855e46 --- a/istio/create-authorizationpolicy/01-assert.yaml +++ b/istio/create-authorizationpolicy/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -10,4 +10,4 @@ status: plural: authorizationpolicies singular: authorizationpolicy storedVersions: - - v1beta1 \ No newline at end of file + - v1beta1 diff --git a/istio/create-authorizationpolicy/02-clusterrole.yaml b/istio/create-authorizationpolicy/.chainsaw-test/chainsaw-step-02-apply-1.yaml old mode 100644 new mode 100755 similarity index 97% rename from istio/create-authorizationpolicy/02-clusterrole.yaml rename to istio/create-authorizationpolicy/.chainsaw-test/chainsaw-step-02-apply-1.yaml index 23a229a5f..8a8805516 --- a/istio/create-authorizationpolicy/02-clusterrole.yaml +++ b/istio/create-authorizationpolicy/.chainsaw-test/chainsaw-step-02-apply-1.yaml @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kyverno:background-controller:istio-authzpolicy labels: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:istio-authzpolicy rules: - apiGroups: - security.istio.io @@ -14,4 +14,4 @@ rules: verbs: - create - update - - delete \ No newline at end of file + - delete diff --git a/istio/create-authorizationpolicy/.chainsaw-test/chainsaw-step-05-apply-1.yaml b/istio/create-authorizationpolicy/.chainsaw-test/chainsaw-step-05-apply-1.yaml new file mode 100755 index 000000000..978f5c219 --- /dev/null +++ b/istio/create-authorizationpolicy/.chainsaw-test/chainsaw-step-05-apply-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-cr-authpol-ns diff --git a/istio/create-authorizationpolicy/06-assert.yaml b/istio/create-authorizationpolicy/.chainsaw-test/chainsaw-step-06-assert-1.yaml old mode 100644 new mode 100755 similarity index 93% rename from istio/create-authorizationpolicy/06-assert.yaml rename to istio/create-authorizationpolicy/.chainsaw-test/chainsaw-step-06-assert-1.yaml index 2016da964..6daa6a54a --- a/istio/create-authorizationpolicy/06-assert.yaml +++ b/istio/create-authorizationpolicy/.chainsaw-test/chainsaw-step-06-assert-1.yaml @@ -3,4 +3,4 @@ kind: AuthorizationPolicy metadata: name: default-deny namespace: istio-cr-authpol-ns -spec: {} \ No newline at end of file +spec: {} diff --git a/istio/create-authorizationpolicy/.chainsaw-test/chainsaw-test.yaml b/istio/create-authorizationpolicy/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..096333ba0 --- /dev/null +++ b/istio/create-authorizationpolicy/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,29 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: create-authorizationpolicy +spec: + steps: + - name: step-01 + try: + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1.yaml + - name: step-04 + try: + - apply: + file: ../create-authorizationpolicy.yaml + - assert: + file: policy-ready.yaml + - name: step-05 + try: + - apply: + file: chainsaw-step-05-apply-1.yaml + - name: step-06 + try: + - assert: + file: chainsaw-step-06-assert-1.yaml diff --git a/istio/create-authorizationpolicy/policy-ready.yaml b/istio/create-authorizationpolicy/.chainsaw-test/policy-ready.yaml similarity index 100% rename from istio/create-authorizationpolicy/policy-ready.yaml rename to istio/create-authorizationpolicy/.chainsaw-test/policy-ready.yaml diff --git a/istio/create-authorizationpolicy/04-policy.yaml b/istio/create-authorizationpolicy/04-policy.yaml deleted file mode 100644 index 362a07c1c..000000000 --- a/istio/create-authorizationpolicy/04-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- create-authorizationpolicy.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/istio/enforce-sidecar-injection-namespace/01-assert.yaml b/istio/enforce-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from istio/enforce-sidecar-injection-namespace/01-assert.yaml rename to istio/enforce-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-01-assert-1.yaml index bbce661d4..acc3f29fb --- a/istio/enforce-sidecar-injection-namespace/01-assert.yaml +++ b/istio/enforce-sidecar-injection-namespace/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: enforce-sidecar-injection-namespace status: - ready: true \ No newline at end of file + ready: true diff --git a/istio/enforce-sidecar-injection-namespace/.chainsaw-test/chainsaw-test.yaml b/istio/enforce-sidecar-injection-namespace/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..abe11ae56 --- /dev/null +++ b/istio/enforce-sidecar-injection-namespace/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,40 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: enforce-sidecar-injection-namespace +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../enforce-sidecar-injection-namespace.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: ns-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: ns-bad-disabled.yaml + - apply: + expect: + - check: + ($error != null): true + file: ns-bad-nolabel.yaml + - apply: + expect: + - check: + ($error != null): true + file: ns-bad-somelabel.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: enforce-sidecar-injection-namespace diff --git a/istio/enforce-sidecar-injection-namespace/ns-bad-disabled.yaml b/istio/enforce-sidecar-injection-namespace/.chainsaw-test/ns-bad-disabled.yaml similarity index 100% rename from istio/enforce-sidecar-injection-namespace/ns-bad-disabled.yaml rename to istio/enforce-sidecar-injection-namespace/.chainsaw-test/ns-bad-disabled.yaml diff --git a/istio/enforce-sidecar-injection-namespace/ns-bad-nolabel.yaml b/istio/enforce-sidecar-injection-namespace/.chainsaw-test/ns-bad-nolabel.yaml similarity index 100% rename from istio/enforce-sidecar-injection-namespace/ns-bad-nolabel.yaml rename to istio/enforce-sidecar-injection-namespace/.chainsaw-test/ns-bad-nolabel.yaml diff --git a/istio/enforce-sidecar-injection-namespace/ns-bad-somelabel.yaml b/istio/enforce-sidecar-injection-namespace/.chainsaw-test/ns-bad-somelabel.yaml similarity index 100% rename from istio/enforce-sidecar-injection-namespace/ns-bad-somelabel.yaml rename to istio/enforce-sidecar-injection-namespace/.chainsaw-test/ns-bad-somelabel.yaml diff --git a/istio/enforce-sidecar-injection-namespace/ns-good.yaml b/istio/enforce-sidecar-injection-namespace/.chainsaw-test/ns-good.yaml similarity index 100% rename from istio/enforce-sidecar-injection-namespace/ns-good.yaml rename to istio/enforce-sidecar-injection-namespace/.chainsaw-test/ns-good.yaml diff --git a/istio/enforce-sidecar-injection-namespace/01-enforce.yaml b/istio/enforce-sidecar-injection-namespace/01-enforce.yaml deleted file mode 100644 index f36d8ae8d..000000000 --- a/istio/enforce-sidecar-injection-namespace/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' enforce-sidecar-injection-namespace.yaml | kubectl create -f - \ No newline at end of file diff --git a/istio/enforce-sidecar-injection-namespace/02-manifests.yaml b/istio/enforce-sidecar-injection-namespace/02-manifests.yaml deleted file mode 100644 index eea425fce..000000000 --- a/istio/enforce-sidecar-injection-namespace/02-manifests.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: ns-good.yaml - shouldFail: false -- file: ns-bad-disabled.yaml - shouldFail: true -- file: ns-bad-nolabel.yaml - shouldFail: true -- file: ns-bad-somelabel.yaml - shouldFail: true \ No newline at end of file diff --git a/istio/enforce-sidecar-injection-namespace/99-delete.yaml b/istio/enforce-sidecar-injection-namespace/99-delete.yaml deleted file mode 100644 index 54bfdaced..000000000 --- a/istio/enforce-sidecar-injection-namespace/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: enforce-sidecar-injection-namespace \ No newline at end of file diff --git a/istio/enforce-strict-mtls/.chainsaw-test/chainsaw-step-01-assert-1.yaml b/istio/enforce-strict-mtls/.chainsaw-test/chainsaw-step-01-assert-1.yaml new file mode 100755 index 000000000..c5f7637cb --- /dev/null +++ b/istio/enforce-strict-mtls/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -0,0 +1,6 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: enforce-strict-mtls +status: + ready: true diff --git a/istio/enforce-strict-mtls/01-assert.yaml b/istio/enforce-strict-mtls/.chainsaw-test/chainsaw-step-01-assert-2.yaml old mode 100644 new mode 100755 similarity index 71% rename from istio/enforce-strict-mtls/01-assert.yaml rename to istio/enforce-strict-mtls/.chainsaw-test/chainsaw-step-01-assert-2.yaml index f8bfc1329..56561a629 --- a/istio/enforce-strict-mtls/01-assert.yaml +++ b/istio/enforce-strict-mtls/.chainsaw-test/chainsaw-step-01-assert-2.yaml @@ -1,10 +1,3 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: enforce-strict-mtls -status: - ready: true ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -17,4 +10,4 @@ status: plural: peerauthentications singular: peerauthentication storedVersions: - - v1beta1 \ No newline at end of file + - v1beta1 diff --git a/istio/enforce-strict-mtls/.chainsaw-test/chainsaw-test.yaml b/istio/enforce-strict-mtls/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..16c2d0908 --- /dev/null +++ b/istio/enforce-strict-mtls/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,32 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: enforce-strict-mtls +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../enforce-strict-mtls.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - assert: + file: chainsaw-step-01-assert-2.yaml + - name: step-02 + try: + - apply: + file: pa-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: pa-bad.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: enforce-strict-mtls diff --git a/istio/enforce-strict-mtls/pa-bad.yaml b/istio/enforce-strict-mtls/.chainsaw-test/pa-bad.yaml similarity index 100% rename from istio/enforce-strict-mtls/pa-bad.yaml rename to istio/enforce-strict-mtls/.chainsaw-test/pa-bad.yaml diff --git a/istio/enforce-strict-mtls/pa-good.yaml b/istio/enforce-strict-mtls/.chainsaw-test/pa-good.yaml similarity index 100% rename from istio/enforce-strict-mtls/pa-good.yaml rename to istio/enforce-strict-mtls/.chainsaw-test/pa-good.yaml diff --git a/istio/enforce-strict-mtls/01-enforce.yaml b/istio/enforce-strict-mtls/01-enforce.yaml deleted file mode 100644 index 7268db256..000000000 --- a/istio/enforce-strict-mtls/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' enforce-strict-mtls.yaml | kubectl create -f - \ No newline at end of file diff --git a/istio/enforce-strict-mtls/02-manifests.yaml b/istio/enforce-strict-mtls/02-manifests.yaml deleted file mode 100644 index 08906f968..000000000 --- a/istio/enforce-strict-mtls/02-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: pa-good.yaml - shouldFail: false -- file: pa-bad.yaml - shouldFail: true \ No newline at end of file diff --git a/istio/enforce-strict-mtls/99-delete.yaml b/istio/enforce-strict-mtls/99-delete.yaml deleted file mode 100644 index 6cbbee33f..000000000 --- a/istio/enforce-strict-mtls/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: enforce-strict-mtls \ No newline at end of file diff --git a/istio/enforce-tls-hosts-host-subnets/.chainsaw-test/chainsaw-step-01-assert-1.yaml b/istio/enforce-tls-hosts-host-subnets/.chainsaw-test/chainsaw-step-01-assert-1.yaml new file mode 100755 index 000000000..a79bc18f7 --- /dev/null +++ b/istio/enforce-tls-hosts-host-subnets/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -0,0 +1,6 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: enforce-tls-hosts-host-subnets +status: + ready: true diff --git a/istio/enforce-tls-hosts-host-subnets/01-assert.yaml b/istio/enforce-tls-hosts-host-subnets/.chainsaw-test/chainsaw-step-01-assert-2.yaml old mode 100644 new mode 100755 similarity index 68% rename from istio/enforce-tls-hosts-host-subnets/01-assert.yaml rename to istio/enforce-tls-hosts-host-subnets/.chainsaw-test/chainsaw-step-01-assert-2.yaml index 3f272a61f..0e3bbf237 --- a/istio/enforce-tls-hosts-host-subnets/01-assert.yaml +++ b/istio/enforce-tls-hosts-host-subnets/.chainsaw-test/chainsaw-step-01-assert-2.yaml @@ -1,10 +1,3 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: enforce-tls-hosts-host-subnets -status: - ready: true ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -17,4 +10,4 @@ status: plural: destinationrules singular: destinationrule storedVersions: - - v1alpha3 \ No newline at end of file + - v1alpha3 diff --git a/istio/enforce-tls-hosts-host-subnets/.chainsaw-test/chainsaw-test.yaml b/istio/enforce-tls-hosts-host-subnets/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..b505f5b66 --- /dev/null +++ b/istio/enforce-tls-hosts-host-subnets/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,32 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: enforce-tls-hosts-host-subnets +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../enforce-tls-hosts-host-subnets.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - assert: + file: chainsaw-step-01-assert-2.yaml + - name: step-02 + try: + - apply: + file: dr-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: dr-bad.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: enforce-tls-hosts-host-subnets diff --git a/istio/enforce-tls-hosts-host-subnets/dr-bad.yaml b/istio/enforce-tls-hosts-host-subnets/.chainsaw-test/dr-bad.yaml similarity index 100% rename from istio/enforce-tls-hosts-host-subnets/dr-bad.yaml rename to istio/enforce-tls-hosts-host-subnets/.chainsaw-test/dr-bad.yaml diff --git a/istio/enforce-tls-hosts-host-subnets/dr-good.yaml b/istio/enforce-tls-hosts-host-subnets/.chainsaw-test/dr-good.yaml similarity index 100% rename from istio/enforce-tls-hosts-host-subnets/dr-good.yaml rename to istio/enforce-tls-hosts-host-subnets/.chainsaw-test/dr-good.yaml diff --git a/istio/enforce-tls-hosts-host-subnets/01-enforce.yaml b/istio/enforce-tls-hosts-host-subnets/01-enforce.yaml deleted file mode 100644 index e2769b90c..000000000 --- a/istio/enforce-tls-hosts-host-subnets/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' enforce-tls-hosts-host-subnets.yaml | kubectl create -f - \ No newline at end of file diff --git a/istio/enforce-tls-hosts-host-subnets/02-manifests.yaml b/istio/enforce-tls-hosts-host-subnets/02-manifests.yaml deleted file mode 100644 index 08733106b..000000000 --- a/istio/enforce-tls-hosts-host-subnets/02-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: dr-good.yaml - shouldFail: false -- file: dr-bad.yaml - shouldFail: true \ No newline at end of file diff --git a/istio/enforce-tls-hosts-host-subnets/99-delete.yaml b/istio/enforce-tls-hosts-host-subnets/99-delete.yaml deleted file mode 100644 index 0e600c34f..000000000 --- a/istio/enforce-tls-hosts-host-subnets/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: enforce-tls-hosts-host-subnets \ No newline at end of file diff --git a/istio/prevent-disabling-injection-pods/01-assert.yaml b/istio/prevent-disabling-injection-pods/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from istio/prevent-disabling-injection-pods/01-assert.yaml rename to istio/prevent-disabling-injection-pods/.chainsaw-test/chainsaw-step-01-assert-1.yaml index 7b1ff2f8a..4c6866bd0 --- a/istio/prevent-disabling-injection-pods/01-assert.yaml +++ b/istio/prevent-disabling-injection-pods/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: prevent-disabling-injection-pods status: - ready: true \ No newline at end of file + ready: true diff --git a/istio/prevent-disabling-injection-pods/.chainsaw-test/chainsaw-test.yaml b/istio/prevent-disabling-injection-pods/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..915ac7c52 --- /dev/null +++ b/istio/prevent-disabling-injection-pods/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: prevent-disabling-injection-pods +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../prevent-disabling-injection-pods.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: pod-good.yaml + - apply: + file: podcontroller-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: pod-bad.yaml + - apply: + expect: + - check: + ($error != null): true + file: podcontroller-bad.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: prevent-disabling-injection-pods diff --git a/istio/prevent-disabling-injection-pods/pod-bad.yaml b/istio/prevent-disabling-injection-pods/.chainsaw-test/pod-bad.yaml similarity index 100% rename from istio/prevent-disabling-injection-pods/pod-bad.yaml rename to istio/prevent-disabling-injection-pods/.chainsaw-test/pod-bad.yaml diff --git a/istio/prevent-disabling-injection-pods/pod-good.yaml b/istio/prevent-disabling-injection-pods/.chainsaw-test/pod-good.yaml similarity index 100% rename from istio/prevent-disabling-injection-pods/pod-good.yaml rename to istio/prevent-disabling-injection-pods/.chainsaw-test/pod-good.yaml diff --git a/istio/prevent-disabling-injection-pods/podcontroller-bad.yaml b/istio/prevent-disabling-injection-pods/.chainsaw-test/podcontroller-bad.yaml similarity index 100% rename from istio/prevent-disabling-injection-pods/podcontroller-bad.yaml rename to istio/prevent-disabling-injection-pods/.chainsaw-test/podcontroller-bad.yaml diff --git a/istio/prevent-disabling-injection-pods/podcontroller-good.yaml b/istio/prevent-disabling-injection-pods/.chainsaw-test/podcontroller-good.yaml similarity index 100% rename from istio/prevent-disabling-injection-pods/podcontroller-good.yaml rename to istio/prevent-disabling-injection-pods/.chainsaw-test/podcontroller-good.yaml diff --git a/istio/prevent-disabling-injection-pods/01-enforce.yaml b/istio/prevent-disabling-injection-pods/01-enforce.yaml deleted file mode 100644 index 912bc5e7a..000000000 --- a/istio/prevent-disabling-injection-pods/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' prevent-disabling-injection-pods.yaml | kubectl create -f - \ No newline at end of file diff --git a/istio/prevent-disabling-injection-pods/02-manifests.yaml b/istio/prevent-disabling-injection-pods/02-manifests.yaml deleted file mode 100644 index 170b42166..000000000 --- a/istio/prevent-disabling-injection-pods/02-manifests.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: pod-good.yaml - shouldFail: false -- file: podcontroller-good.yaml - shouldFail: false -- file: pod-bad.yaml - shouldFail: true -- file: podcontroller-bad.yaml - shouldFail: true \ No newline at end of file diff --git a/istio/prevent-disabling-injection-pods/99-delete.yaml b/istio/prevent-disabling-injection-pods/99-delete.yaml deleted file mode 100644 index c654b54a2..000000000 --- a/istio/prevent-disabling-injection-pods/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: prevent-disabling-injection-pods \ No newline at end of file diff --git a/istio/require-authorizationpolicy/.chainsaw-test/chainsaw-step-01-apply-1.yaml b/istio/require-authorizationpolicy/.chainsaw-test/chainsaw-step-01-apply-1.yaml new file mode 100755 index 000000000..04657ecb4 --- /dev/null +++ b/istio/require-authorizationpolicy/.chainsaw-test/chainsaw-step-01-apply-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-reqauthzpol-good-ns diff --git a/istio/require-authorizationpolicy/.chainsaw-test/chainsaw-step-01-apply-2.yaml b/istio/require-authorizationpolicy/.chainsaw-test/chainsaw-step-01-apply-2.yaml new file mode 100755 index 000000000..90559d4a7 --- /dev/null +++ b/istio/require-authorizationpolicy/.chainsaw-test/chainsaw-step-01-apply-2.yaml @@ -0,0 +1,6 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: default-deny + namespace: istio-reqauthzpol-good-ns +spec: {} diff --git a/istio/require-authorizationpolicy/.chainsaw-test/chainsaw-step-01-apply-3.yaml b/istio/require-authorizationpolicy/.chainsaw-test/chainsaw-step-01-apply-3.yaml new file mode 100755 index 000000000..bffecea8e --- /dev/null +++ b/istio/require-authorizationpolicy/.chainsaw-test/chainsaw-step-01-apply-3.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: istio-reqauthzpol-bad-ns diff --git a/istio/require-authorizationpolicy/.chainsaw-test/chainsaw-test.yaml b/istio/require-authorizationpolicy/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..35a5c4751 --- /dev/null +++ b/istio/require-authorizationpolicy/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: require-authorizationpolicy +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1.yaml + - apply: + file: chainsaw-step-01-apply-2.yaml + - apply: + file: chainsaw-step-01-apply-3.yaml + - name: step-02 + try: + - apply: + file: ../require-authorizationpolicy.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - assert: + file: report-assert.yaml diff --git a/istio/require-authorizationpolicy/policy-ready.yaml b/istio/require-authorizationpolicy/.chainsaw-test/policy-ready.yaml similarity index 100% rename from istio/require-authorizationpolicy/policy-ready.yaml rename to istio/require-authorizationpolicy/.chainsaw-test/policy-ready.yaml diff --git a/istio/require-authorizationpolicy/report-assert.yaml b/istio/require-authorizationpolicy/.chainsaw-test/report-assert.yaml similarity index 100% rename from istio/require-authorizationpolicy/report-assert.yaml rename to istio/require-authorizationpolicy/.chainsaw-test/report-assert.yaml diff --git a/istio/require-authorizationpolicy/01-resources.yaml b/istio/require-authorizationpolicy/01-resources.yaml deleted file mode 100644 index b96448f87..000000000 --- a/istio/require-authorizationpolicy/01-resources.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: istio-reqauthzpol-good-ns ---- -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: default-deny - namespace: istio-reqauthzpol-good-ns -spec: {} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: istio-reqauthzpol-bad-ns \ No newline at end of file diff --git a/istio/require-authorizationpolicy/02-policy.yaml b/istio/require-authorizationpolicy/02-policy.yaml deleted file mode 100644 index 0ec93fa86..000000000 --- a/istio/require-authorizationpolicy/02-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- require-authorizationpolicy.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/istio/require-authorizationpolicy/03-report.yaml b/istio/require-authorizationpolicy/03-report.yaml deleted file mode 100644 index db172bedd..000000000 --- a/istio/require-authorizationpolicy/03-report.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -assert: -- report-assert.yaml diff --git a/istio/restrict-virtual-service-wildcard/bad-vs.yaml b/istio/restrict-virtual-service-wildcard/.chainsaw-test/bad-vs.yaml similarity index 100% rename from istio/restrict-virtual-service-wildcard/bad-vs.yaml rename to istio/restrict-virtual-service-wildcard/.chainsaw-test/bad-vs.yaml diff --git a/istio/restrict-virtual-service-wildcard/.chainsaw-test/chainsaw-step-01-assert-1.yaml b/istio/restrict-virtual-service-wildcard/.chainsaw-test/chainsaw-step-01-assert-1.yaml new file mode 100755 index 000000000..e823cc767 --- /dev/null +++ b/istio/restrict-virtual-service-wildcard/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -0,0 +1,6 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: restrict-virtual-service-wildcard +status: + ready: true diff --git a/istio/restrict-virtual-service-wildcard/01-assert.yaml b/istio/restrict-virtual-service-wildcard/.chainsaw-test/chainsaw-step-01-assert-2.yaml old mode 100644 new mode 100755 similarity index 67% rename from istio/restrict-virtual-service-wildcard/01-assert.yaml rename to istio/restrict-virtual-service-wildcard/.chainsaw-test/chainsaw-step-01-assert-2.yaml index 08abbb497..5380004fb --- a/istio/restrict-virtual-service-wildcard/01-assert.yaml +++ b/istio/restrict-virtual-service-wildcard/.chainsaw-test/chainsaw-step-01-assert-2.yaml @@ -1,10 +1,3 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: restrict-virtual-service-wildcard -status: - ready: true ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -17,4 +10,4 @@ status: plural: virtualservices singular: virtualservice storedVersions: - - v1alpha3 \ No newline at end of file + - v1alpha3 diff --git a/istio/restrict-virtual-service-wildcard/.chainsaw-test/chainsaw-test.yaml b/istio/restrict-virtual-service-wildcard/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..b41d0b369 --- /dev/null +++ b/istio/restrict-virtual-service-wildcard/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,32 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: restrict-virtual-service-wildcard +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../restrict-virtual-service-wildcard.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - assert: + file: chainsaw-step-01-assert-2.yaml + - name: step-02 + try: + - apply: + file: good-vs.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-vs.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: restrict-virtual-service-wildcard diff --git a/istio/restrict-virtual-service-wildcard/good-vs.yaml b/istio/restrict-virtual-service-wildcard/.chainsaw-test/good-vs.yaml similarity index 100% rename from istio/restrict-virtual-service-wildcard/good-vs.yaml rename to istio/restrict-virtual-service-wildcard/.chainsaw-test/good-vs.yaml diff --git a/istio/restrict-virtual-service-wildcard/01-enforce.yaml b/istio/restrict-virtual-service-wildcard/01-enforce.yaml deleted file mode 100644 index 303712eef..000000000 --- a/istio/restrict-virtual-service-wildcard/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' restrict-virtual-service-wildcard.yaml | kubectl create -f - \ No newline at end of file diff --git a/istio/restrict-virtual-service-wildcard/02-manifests.yaml b/istio/restrict-virtual-service-wildcard/02-manifests.yaml deleted file mode 100644 index d85a740b4..000000000 --- a/istio/restrict-virtual-service-wildcard/02-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-vs.yaml - shouldFail: false -- file: bad-vs.yaml - shouldFail: true \ No newline at end of file diff --git a/istio/restrict-virtual-service-wildcard/99-delete.yaml b/istio/restrict-virtual-service-wildcard/99-delete.yaml deleted file mode 100644 index 8c4c687b1..000000000 --- a/istio/restrict-virtual-service-wildcard/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: restrict-virtual-service-wildcard \ No newline at end of file diff --git a/karpenter/add-karpenter-daemonset-priority-class/.chainsaw-test/chainsaw-test.yaml b/karpenter/add-karpenter-daemonset-priority-class/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..dc15ed349 --- /dev/null +++ b/karpenter/add-karpenter-daemonset-priority-class/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,24 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: add-karpenter-daemonset-priority-class +spec: + steps: + - name: step-01 + try: + - apply: + file: ../add-karpenter-daemonset-priority-class.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + finally: + - sleep: + duration: 10s + - name: step-03 + try: + - assert: + file: patched-resource.yaml diff --git a/karpenter/add-karpenter-daemonset-priority-class/patched-resource.yaml b/karpenter/add-karpenter-daemonset-priority-class/.chainsaw-test/patched-resource.yaml similarity index 100% rename from karpenter/add-karpenter-daemonset-priority-class/patched-resource.yaml rename to karpenter/add-karpenter-daemonset-priority-class/.chainsaw-test/patched-resource.yaml diff --git a/karpenter/add-karpenter-daemonset-priority-class/policy-ready.yaml b/karpenter/add-karpenter-daemonset-priority-class/.chainsaw-test/policy-ready.yaml similarity index 100% rename from karpenter/add-karpenter-daemonset-priority-class/policy-ready.yaml rename to karpenter/add-karpenter-daemonset-priority-class/.chainsaw-test/policy-ready.yaml diff --git a/karpenter/add-karpenter-daemonset-priority-class/resource.yaml b/karpenter/add-karpenter-daemonset-priority-class/.chainsaw-test/resource.yaml similarity index 100% rename from karpenter/add-karpenter-daemonset-priority-class/resource.yaml rename to karpenter/add-karpenter-daemonset-priority-class/.chainsaw-test/resource.yaml diff --git a/karpenter/add-karpenter-daemonset-priority-class/01-policy.yaml b/karpenter/add-karpenter-daemonset-priority-class/01-policy.yaml deleted file mode 100644 index e550461f4..000000000 --- a/karpenter/add-karpenter-daemonset-priority-class/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- add-karpenter-daemonset-priority-class.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/karpenter/add-karpenter-daemonset-priority-class/02-resources.yaml b/karpenter/add-karpenter-daemonset-priority-class/02-resources.yaml deleted file mode 100644 index 3a6b73b69..000000000 --- a/karpenter/add-karpenter-daemonset-priority-class/02-resources.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- resource.yaml \ No newline at end of file diff --git a/karpenter/add-karpenter-daemonset-priority-class/03-mutated.yaml b/karpenter/add-karpenter-daemonset-priority-class/03-mutated.yaml deleted file mode 100644 index 1d1835ec4..000000000 --- a/karpenter/add-karpenter-daemonset-priority-class/03-mutated.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -assert: -- patched-resource.yaml \ No newline at end of file diff --git a/karpenter/add-karpenter-donot-evict/.chainsaw-test/chainsaw-test.yaml b/karpenter/add-karpenter-donot-evict/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..150c5abfd --- /dev/null +++ b/karpenter/add-karpenter-donot-evict/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,29 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: add-karpenter-donot-evict +spec: + steps: + - name: step-01 + try: + - apply: + file: ../add-karpenter-donot-evict.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ../.kyverno-test/resource.yaml + - apply: + file: resource-others.yaml + - name: step-03 + try: + - assert: + file: ../.kyverno-test/patched01.yaml + - assert: + file: ../.kyverno-test/patched02.yaml + - assert: + file: patched03.yaml + - assert: + file: patched04.yaml diff --git a/karpenter/add-karpenter-donot-evict/patched03.yaml b/karpenter/add-karpenter-donot-evict/.chainsaw-test/patched03.yaml similarity index 100% rename from karpenter/add-karpenter-donot-evict/patched03.yaml rename to karpenter/add-karpenter-donot-evict/.chainsaw-test/patched03.yaml diff --git a/karpenter/add-karpenter-donot-evict/patched04.yaml b/karpenter/add-karpenter-donot-evict/.chainsaw-test/patched04.yaml similarity index 100% rename from karpenter/add-karpenter-donot-evict/patched04.yaml rename to karpenter/add-karpenter-donot-evict/.chainsaw-test/patched04.yaml diff --git a/karpenter/add-karpenter-donot-evict/policy-ready.yaml b/karpenter/add-karpenter-donot-evict/.chainsaw-test/policy-ready.yaml similarity index 100% rename from karpenter/add-karpenter-donot-evict/policy-ready.yaml rename to karpenter/add-karpenter-donot-evict/.chainsaw-test/policy-ready.yaml diff --git a/karpenter/add-karpenter-donot-evict/resource-others.yaml b/karpenter/add-karpenter-donot-evict/.chainsaw-test/resource-others.yaml similarity index 100% rename from karpenter/add-karpenter-donot-evict/resource-others.yaml rename to karpenter/add-karpenter-donot-evict/.chainsaw-test/resource-others.yaml diff --git a/karpenter/add-karpenter-donot-evict/01-policy.yaml b/karpenter/add-karpenter-donot-evict/01-policy.yaml deleted file mode 100644 index 1a9059d7d..000000000 --- a/karpenter/add-karpenter-donot-evict/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- add-karpenter-donot-evict.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/karpenter/add-karpenter-donot-evict/02-resources.yaml b/karpenter/add-karpenter-donot-evict/02-resources.yaml deleted file mode 100644 index 9522391fb..000000000 --- a/karpenter/add-karpenter-donot-evict/02-resources.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- .kyverno-test/resource.yaml -- resource-others.yaml \ No newline at end of file diff --git a/karpenter/add-karpenter-donot-evict/03-mutated.yaml b/karpenter/add-karpenter-donot-evict/03-mutated.yaml deleted file mode 100644 index 5712a4f3a..000000000 --- a/karpenter/add-karpenter-donot-evict/03-mutated.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -assert: -- .kyverno-test/patched01.yaml -- .kyverno-test/patched02.yaml -- patched03.yaml -- patched04.yaml \ No newline at end of file diff --git a/karpenter/add-karpenter-nodeselector/.chainsaw-test/chainsaw-test.yaml b/karpenter/add-karpenter-nodeselector/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..1432c042d --- /dev/null +++ b/karpenter/add-karpenter-nodeselector/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,29 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: add-karpenter-nodeselector +spec: + steps: + - name: step-01 + try: + - apply: + file: ../add-karpenter-nodeselector.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: resource.yaml + - name: step-03 + try: + - assert: + file: patch-med.yaml + - assert: + file: patch-lg.yaml + - error: + file: patch-med-bad.yaml + - error: + file: patch-lg-bad.yaml + - error: + file: patch-sm-bad.yaml diff --git a/karpenter/add-karpenter-nodeselector/patch-lg-bad.yaml b/karpenter/add-karpenter-nodeselector/.chainsaw-test/patch-lg-bad.yaml similarity index 100% rename from karpenter/add-karpenter-nodeselector/patch-lg-bad.yaml rename to karpenter/add-karpenter-nodeselector/.chainsaw-test/patch-lg-bad.yaml diff --git a/karpenter/add-karpenter-nodeselector/patch-lg.yaml b/karpenter/add-karpenter-nodeselector/.chainsaw-test/patch-lg.yaml similarity index 100% rename from karpenter/add-karpenter-nodeselector/patch-lg.yaml rename to karpenter/add-karpenter-nodeselector/.chainsaw-test/patch-lg.yaml diff --git a/karpenter/add-karpenter-nodeselector/patch-med-bad.yaml b/karpenter/add-karpenter-nodeselector/.chainsaw-test/patch-med-bad.yaml similarity index 100% rename from karpenter/add-karpenter-nodeselector/patch-med-bad.yaml rename to karpenter/add-karpenter-nodeselector/.chainsaw-test/patch-med-bad.yaml diff --git a/karpenter/add-karpenter-nodeselector/patch-med.yaml b/karpenter/add-karpenter-nodeselector/.chainsaw-test/patch-med.yaml similarity index 100% rename from karpenter/add-karpenter-nodeselector/patch-med.yaml rename to karpenter/add-karpenter-nodeselector/.chainsaw-test/patch-med.yaml diff --git a/karpenter/add-karpenter-nodeselector/patch-sm-bad.yaml b/karpenter/add-karpenter-nodeselector/.chainsaw-test/patch-sm-bad.yaml similarity index 100% rename from karpenter/add-karpenter-nodeselector/patch-sm-bad.yaml rename to karpenter/add-karpenter-nodeselector/.chainsaw-test/patch-sm-bad.yaml diff --git a/karpenter/add-karpenter-nodeselector/policy-ready.yaml b/karpenter/add-karpenter-nodeselector/.chainsaw-test/policy-ready.yaml similarity index 100% rename from karpenter/add-karpenter-nodeselector/policy-ready.yaml rename to karpenter/add-karpenter-nodeselector/.chainsaw-test/policy-ready.yaml diff --git a/karpenter/add-karpenter-nodeselector/resource.yaml b/karpenter/add-karpenter-nodeselector/.chainsaw-test/resource.yaml similarity index 100% rename from karpenter/add-karpenter-nodeselector/resource.yaml rename to karpenter/add-karpenter-nodeselector/.chainsaw-test/resource.yaml diff --git a/karpenter/add-karpenter-nodeselector/01-policy.yaml b/karpenter/add-karpenter-nodeselector/01-policy.yaml deleted file mode 100644 index c01afe365..000000000 --- a/karpenter/add-karpenter-nodeselector/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- add-karpenter-nodeselector.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/karpenter/add-karpenter-nodeselector/02-resources.yaml b/karpenter/add-karpenter-nodeselector/02-resources.yaml deleted file mode 100644 index 3a6b73b69..000000000 --- a/karpenter/add-karpenter-nodeselector/02-resources.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- resource.yaml \ No newline at end of file diff --git a/karpenter/add-karpenter-nodeselector/03-mutated.yaml b/karpenter/add-karpenter-nodeselector/03-mutated.yaml deleted file mode 100644 index f150916e7..000000000 --- a/karpenter/add-karpenter-nodeselector/03-mutated.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -assert: -- patch-med.yaml -- patch-lg.yaml -error: -- patch-med-bad.yaml -- patch-lg-bad.yaml -- patch-sm-bad.yaml \ No newline at end of file diff --git a/karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/chainsaw-test.yaml b/karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..b9d51e160 --- /dev/null +++ b/karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,45 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: set-karpenter-non-cpu-limits +spec: + steps: + - name: step-01 + try: + - apply: + file: ../set-karpenter-non-cpu-limits.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - apply: + file: ../.kyverno-test/resources.yaml + - apply: + file: podcontroller-resources.yaml + - apply: + file: pod-others.yaml + - name: step-03 + try: + - assert: + file: ../.kyverno-test/pod-memory-patched1.yaml + - assert: + file: ../.kyverno-test/pod-memory-patched2.yaml + - assert: + file: ../.kyverno-test/pod-memory-patched3.yaml + - assert: + file: ../.kyverno-test/pod-memory-patched4.yaml + - assert: + file: ../.kyverno-test/pod-ephemeral-storage-patched1.yaml + - assert: + file: ../.kyverno-test/pod-ephemeral-storage-patched2.yaml + - assert: + file: ../.kyverno-test/pod-ephemeral-storage-patched3.yaml + - assert: + file: ../.kyverno-test/pod-ephemeral-storage-patched4.yaml + - assert: + file: podcontroller-patched.yaml + - assert: + file: pod-others-patched.yaml diff --git a/karpenter/set-karpenter-non-cpu-limits/ns.yaml b/karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/ns.yaml similarity index 100% rename from karpenter/set-karpenter-non-cpu-limits/ns.yaml rename to karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/ns.yaml diff --git a/karpenter/set-karpenter-non-cpu-limits/pod-others-patched.yaml b/karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/pod-others-patched.yaml similarity index 100% rename from karpenter/set-karpenter-non-cpu-limits/pod-others-patched.yaml rename to karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/pod-others-patched.yaml diff --git a/karpenter/set-karpenter-non-cpu-limits/pod-others.yaml b/karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/pod-others.yaml similarity index 100% rename from karpenter/set-karpenter-non-cpu-limits/pod-others.yaml rename to karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/pod-others.yaml diff --git a/karpenter/set-karpenter-non-cpu-limits/podcontroller-patched.yaml b/karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/podcontroller-patched.yaml similarity index 100% rename from karpenter/set-karpenter-non-cpu-limits/podcontroller-patched.yaml rename to karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/podcontroller-patched.yaml diff --git a/karpenter/set-karpenter-non-cpu-limits/podcontroller-resources.yaml b/karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/podcontroller-resources.yaml similarity index 100% rename from karpenter/set-karpenter-non-cpu-limits/podcontroller-resources.yaml rename to karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/podcontroller-resources.yaml diff --git a/karpenter/set-karpenter-non-cpu-limits/policy-ready.yaml b/karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/policy-ready.yaml similarity index 100% rename from karpenter/set-karpenter-non-cpu-limits/policy-ready.yaml rename to karpenter/set-karpenter-non-cpu-limits/.chainsaw-test/policy-ready.yaml diff --git a/karpenter/set-karpenter-non-cpu-limits/01-policy.yaml b/karpenter/set-karpenter-non-cpu-limits/01-policy.yaml deleted file mode 100644 index 9efbf6ded..000000000 --- a/karpenter/set-karpenter-non-cpu-limits/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- set-karpenter-non-cpu-limits.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/karpenter/set-karpenter-non-cpu-limits/02-resources.yaml b/karpenter/set-karpenter-non-cpu-limits/02-resources.yaml deleted file mode 100644 index cb01a51c6..000000000 --- a/karpenter/set-karpenter-non-cpu-limits/02-resources.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- ns.yaml -- .kyverno-test/resources.yaml -- podcontroller-resources.yaml -- pod-others.yaml \ No newline at end of file diff --git a/karpenter/set-karpenter-non-cpu-limits/03-mutated.yaml b/karpenter/set-karpenter-non-cpu-limits/03-mutated.yaml deleted file mode 100644 index 58ee118b6..000000000 --- a/karpenter/set-karpenter-non-cpu-limits/03-mutated.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -assert: -- .kyverno-test/pod-memory-patched1.yaml -- .kyverno-test/pod-memory-patched2.yaml -- .kyverno-test/pod-memory-patched3.yaml -- .kyverno-test/pod-memory-patched4.yaml -- .kyverno-test/pod-ephemeral-storage-patched1.yaml -- .kyverno-test/pod-ephemeral-storage-patched2.yaml -- .kyverno-test/pod-ephemeral-storage-patched3.yaml -- .kyverno-test/pod-ephemeral-storage-patched4.yaml -- podcontroller-patched.yaml -- pod-others-patched.yaml \ No newline at end of file diff --git a/kasten/k10-3-2-1-backup/.chainsaw-test/chainsaw-step-01-assert-1.yaml b/kasten/k10-3-2-1-backup/.chainsaw-test/chainsaw-step-01-assert-1.yaml new file mode 100755 index 000000000..6a2d17d12 --- /dev/null +++ b/kasten/k10-3-2-1-backup/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -0,0 +1,6 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: k10-3-2-1-backup-policy +status: + ready: true diff --git a/kasten/k10-generate-policy-by-preset-label/01-assert.yaml b/kasten/k10-3-2-1-backup/.chainsaw-test/chainsaw-step-01-assert-2.yaml old mode 100644 new mode 100755 similarity index 95% rename from kasten/k10-generate-policy-by-preset-label/01-assert.yaml rename to kasten/k10-3-2-1-backup/.chainsaw-test/chainsaw-step-01-assert-2.yaml index b1cd44e79..d660e00cb --- a/kasten/k10-generate-policy-by-preset-label/01-assert.yaml +++ b/kasten/k10-3-2-1-backup/.chainsaw-test/chainsaw-step-01-assert-2.yaml @@ -10,4 +10,4 @@ status: plural: policies singular: policy storedVersions: - - v1alpha1 \ No newline at end of file + - v1alpha1 diff --git a/kasten/k10-3-2-1-backup/.chainsaw-test/chainsaw-test.yaml b/kasten/k10-3-2-1-backup/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..cc8fc7584 --- /dev/null +++ b/kasten/k10-3-2-1-backup/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,32 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: k10-3-2-1-backup +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../k10-3-2-1-backup.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - assert: + file: chainsaw-step-01-assert-2.yaml + - name: step-02 + try: + - apply: + file: k10-good-policy.yaml + - apply: + expect: + - check: + ($error != null): true + file: k10-bad-policy.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: k10-3-2-1-backup-policy diff --git a/kasten/k10-3-2-1-backup/k10-bad-policy.yaml b/kasten/k10-3-2-1-backup/.chainsaw-test/k10-bad-policy.yaml similarity index 100% rename from kasten/k10-3-2-1-backup/k10-bad-policy.yaml rename to kasten/k10-3-2-1-backup/.chainsaw-test/k10-bad-policy.yaml diff --git a/kasten/k10-3-2-1-backup/k10-good-policy.yaml b/kasten/k10-3-2-1-backup/.chainsaw-test/k10-good-policy.yaml similarity index 100% rename from kasten/k10-3-2-1-backup/k10-good-policy.yaml rename to kasten/k10-3-2-1-backup/.chainsaw-test/k10-good-policy.yaml diff --git a/kasten/k10-3-2-1-backup/01-enforce.yaml b/kasten/k10-3-2-1-backup/01-enforce.yaml deleted file mode 100644 index 1e1abe727..000000000 --- a/kasten/k10-3-2-1-backup/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' k10-3-2-1-backup.yaml | kubectl create -f - \ No newline at end of file diff --git a/kasten/k10-3-2-1-backup/02-manifests.yaml b/kasten/k10-3-2-1-backup/02-manifests.yaml deleted file mode 100644 index 3139a2fed..000000000 --- a/kasten/k10-3-2-1-backup/02-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: k10-good-policy.yaml - shouldFail: false -- file: k10-bad-policy.yaml - shouldFail: true \ No newline at end of file diff --git a/kasten/k10-3-2-1-backup/99-delete.yaml b/kasten/k10-3-2-1-backup/99-delete.yaml deleted file mode 100644 index da4ad35f6..000000000 --- a/kasten/k10-3-2-1-backup/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: k10-3-2-1-backup-policy \ No newline at end of file diff --git a/kasten/k10-data-protection-by-label/.chainsaw-test/chainsaw-step-01-assert-1.yaml b/kasten/k10-data-protection-by-label/.chainsaw-test/chainsaw-step-01-assert-1.yaml new file mode 100755 index 000000000..4e8dfe8c2 --- /dev/null +++ b/kasten/k10-data-protection-by-label/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -0,0 +1,6 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: k10-data-protection-by-label +status: + ready: true diff --git a/kasten/k10-generate-gold-backup-policy/01-assert.yaml b/kasten/k10-data-protection-by-label/.chainsaw-test/chainsaw-step-01-assert-2.yaml old mode 100644 new mode 100755 similarity index 95% rename from kasten/k10-generate-gold-backup-policy/01-assert.yaml rename to kasten/k10-data-protection-by-label/.chainsaw-test/chainsaw-step-01-assert-2.yaml index b1cd44e79..d660e00cb --- a/kasten/k10-generate-gold-backup-policy/01-assert.yaml +++ b/kasten/k10-data-protection-by-label/.chainsaw-test/chainsaw-step-01-assert-2.yaml @@ -10,4 +10,4 @@ status: plural: policies singular: policy storedVersions: - - v1alpha1 \ No newline at end of file + - v1alpha1 diff --git a/kasten/k10-data-protection-by-label/.chainsaw-test/chainsaw-test.yaml b/kasten/k10-data-protection-by-label/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..0848fb895 --- /dev/null +++ b/kasten/k10-data-protection-by-label/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,83 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: k10-data-protection-by-label +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../k10-data-protection-by-label.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - assert: + file: chainsaw-step-01-assert-2.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - apply: + file: deployment-good.yaml + - apply: + file: ss-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: deployment-bad-badlabel.yaml + - apply: + expect: + - check: + ($error != null): true + file: deployment-bad-nolabel.yaml + - apply: + expect: + - check: + ($error != null): true + file: ss-bad-badlabel.yaml + - apply: + expect: + - check: + ($error != null): true + file: ss-bad-nolabel.yaml + - name: step-98 + try: + - command: + args: + - delete + - deployments + - --all + - --force + - --grace-period=0 + - -n + - k10-dplabel-ns + entrypoint: kubectl + - command: + args: + - delete + - statefulsets + - --all + - --force + - --grace-period=0 + - -n + - k10-dplabel-ns + entrypoint: kubectl + - command: + args: + - delete + - pods + - --all + - --force + - --grace-period=0 + - -n + - k10-dplabel-ns + entrypoint: kubectl + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: k10-data-protection-by-label diff --git a/kasten/k10-data-protection-by-label/deployment-bad-badlabel.yaml b/kasten/k10-data-protection-by-label/.chainsaw-test/deployment-bad-badlabel.yaml similarity index 100% rename from kasten/k10-data-protection-by-label/deployment-bad-badlabel.yaml rename to kasten/k10-data-protection-by-label/.chainsaw-test/deployment-bad-badlabel.yaml diff --git a/kasten/k10-data-protection-by-label/deployment-bad-nolabel.yaml b/kasten/k10-data-protection-by-label/.chainsaw-test/deployment-bad-nolabel.yaml similarity index 100% rename from kasten/k10-data-protection-by-label/deployment-bad-nolabel.yaml rename to kasten/k10-data-protection-by-label/.chainsaw-test/deployment-bad-nolabel.yaml diff --git a/kasten/k10-data-protection-by-label/deployment-good.yaml b/kasten/k10-data-protection-by-label/.chainsaw-test/deployment-good.yaml similarity index 100% rename from kasten/k10-data-protection-by-label/deployment-good.yaml rename to kasten/k10-data-protection-by-label/.chainsaw-test/deployment-good.yaml diff --git a/kasten/k10-data-protection-by-label/nginx-deployment-invalid.yaml b/kasten/k10-data-protection-by-label/.chainsaw-test/nginx-deployment-invalid.yaml similarity index 100% rename from kasten/k10-data-protection-by-label/nginx-deployment-invalid.yaml rename to kasten/k10-data-protection-by-label/.chainsaw-test/nginx-deployment-invalid.yaml diff --git a/kasten/k10-data-protection-by-label/ns.yaml b/kasten/k10-data-protection-by-label/.chainsaw-test/ns.yaml similarity index 100% rename from kasten/k10-data-protection-by-label/ns.yaml rename to kasten/k10-data-protection-by-label/.chainsaw-test/ns.yaml diff --git a/kasten/k10-data-protection-by-label/ss-bad-badlabel.yaml b/kasten/k10-data-protection-by-label/.chainsaw-test/ss-bad-badlabel.yaml similarity index 100% rename from kasten/k10-data-protection-by-label/ss-bad-badlabel.yaml rename to kasten/k10-data-protection-by-label/.chainsaw-test/ss-bad-badlabel.yaml diff --git a/kasten/k10-data-protection-by-label/ss-bad-nolabel.yaml b/kasten/k10-data-protection-by-label/.chainsaw-test/ss-bad-nolabel.yaml similarity index 100% rename from kasten/k10-data-protection-by-label/ss-bad-nolabel.yaml rename to kasten/k10-data-protection-by-label/.chainsaw-test/ss-bad-nolabel.yaml diff --git a/kasten/k10-data-protection-by-label/ss-good.yaml b/kasten/k10-data-protection-by-label/.chainsaw-test/ss-good.yaml similarity index 100% rename from kasten/k10-data-protection-by-label/ss-good.yaml rename to kasten/k10-data-protection-by-label/.chainsaw-test/ss-good.yaml diff --git a/kasten/k10-data-protection-by-label/01-assert.yaml b/kasten/k10-data-protection-by-label/01-assert.yaml deleted file mode 100644 index c8057d777..000000000 --- a/kasten/k10-data-protection-by-label/01-assert.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: k10-data-protection-by-label -status: - ready: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: policies.config.kio.kasten.io -spec: {} -status: - acceptedNames: - kind: Policy - listKind: PolicyList - plural: policies - singular: policy - storedVersions: - - v1alpha1 \ No newline at end of file diff --git a/kasten/k10-data-protection-by-label/01-enforce.yaml b/kasten/k10-data-protection-by-label/01-enforce.yaml deleted file mode 100644 index 3ac026681..000000000 --- a/kasten/k10-data-protection-by-label/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' k10-data-protection-by-label.yaml | kubectl create -f - \ No newline at end of file diff --git a/kasten/k10-data-protection-by-label/02-manifests.yaml b/kasten/k10-data-protection-by-label/02-manifests.yaml deleted file mode 100644 index b4eba6dc5..000000000 --- a/kasten/k10-data-protection-by-label/02-manifests.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- ns.yaml -- file: deployment-good.yaml - shouldFail: false -- file: ss-good.yaml - shouldFail: false -- file: deployment-bad-badlabel.yaml - shouldFail: true -- file: deployment-bad-nolabel.yaml - shouldFail: true -- file: ss-bad-badlabel.yaml - shouldFail: true -- file: ss-bad-nolabel.yaml - shouldFail: true \ No newline at end of file diff --git a/kasten/k10-data-protection-by-label/98-delete.yaml b/kasten/k10-data-protection-by-label/98-delete.yaml deleted file mode 100644 index f53f03b49..000000000 --- a/kasten/k10-data-protection-by-label/98-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - command: kubectl delete deployments --all --force --grace-period=0 -n k10-dplabel-ns - - command: kubectl delete statefulsets --all --force --grace-period=0 -n k10-dplabel-ns - - command: kubectl delete pods --all --force --grace-period=0 -n k10-dplabel-ns \ No newline at end of file diff --git a/kasten/k10-data-protection-by-label/99-delete.yaml b/kasten/k10-data-protection-by-label/99-delete.yaml deleted file mode 100644 index 429225603..000000000 --- a/kasten/k10-data-protection-by-label/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: k10-data-protection-by-label \ No newline at end of file diff --git a/kasten/k10-generate-gold-backup-policy/01-clusterrole.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-01-apply-1.yaml old mode 100644 new mode 100755 similarity index 90% rename from kasten/k10-generate-gold-backup-policy/01-clusterrole.yaml rename to kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-01-apply-1.yaml index 7965b7582..1dc53ed2c --- a/kasten/k10-generate-gold-backup-policy/01-clusterrole.yaml +++ b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-01-apply-1.yaml @@ -1,17 +1,17 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kyverno:background-controller:k10-goldbackuppolicy labels: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:k10-goldbackuppolicy rules: - apiGroups: - - 'config.kio.kasten.io' + - config.kio.kasten.io resources: - policies verbs: - create - update - - delete \ No newline at end of file + - delete diff --git a/kasten/k10-hourly-rpo/01-assert.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 66% rename from kasten/k10-hourly-rpo/01-assert.yaml rename to kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-01-assert-1.yaml index 06576aeb3..d660e00cb --- a/kasten/k10-hourly-rpo/01-assert.yaml +++ b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -1,10 +1,3 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: k10-policy-hourly-rpo -status: - ready: true ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -17,4 +10,4 @@ status: plural: policies singular: policy storedVersions: - - v1alpha1 \ No newline at end of file + - v1alpha1 diff --git a/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-1.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-1.yaml new file mode 100755 index 000000000..caaef7d37 --- /dev/null +++ b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: k10-gp-ns01 diff --git a/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-2.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-2.yaml new file mode 100755 index 000000000..b6693353e --- /dev/null +++ b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: k10-gp-ns02 diff --git a/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-3.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-3.yaml new file mode 100755 index 000000000..b6924f910 --- /dev/null +++ b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-3.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: k10-gp-ns03 diff --git a/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-4.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-4.yaml new file mode 100755 index 000000000..5a136cef6 --- /dev/null +++ b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-4.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: k10-gp-ns04 diff --git a/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-5.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-5.yaml new file mode 100755 index 000000000..48123e7c6 --- /dev/null +++ b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-5.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + dataprotection: k10-goldpolicy + purpose: production + name: ss01 + namespace: k10-gp-ns01 +spec: + replicas: 1 + selector: + matchLabels: + app: busybox + serviceName: busybox-ss + template: + metadata: + labels: + app: busybox + spec: + containers: + - image: busybox:1.35 + name: busybox diff --git a/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-6.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-6.yaml new file mode 100755 index 000000000..4ba469633 --- /dev/null +++ b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-6.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: busybox + dataprotection: k10-goldpolicy + purpose: production + name: deploy01 + namespace: k10-gp-ns02 +spec: + replicas: 1 + selector: + matchLabels: + app: busybox + template: + metadata: + labels: + app: busybox + spec: + containers: + - command: + - sleep + - "3600" + image: busybox:1.35 + name: busybox diff --git a/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-7.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-7.yaml new file mode 100755 index 000000000..68a62ce5f --- /dev/null +++ b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-7.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + dataprotection: k10-simplepolicy + purpose: production + name: ss02 + namespace: k10-gp-ns03 +spec: + replicas: 1 + selector: + matchLabels: + app: busybox + serviceName: busybox-ss + template: + metadata: + labels: + app: busybox + spec: + containers: + - image: busybox:1.35 + name: busybox diff --git a/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-8.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-8.yaml new file mode 100755 index 000000000..716709323 --- /dev/null +++ b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-step-03-apply-8.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: busybox + dataprotection: k10-simplepolicy + purpose: production + name: deploy02 + namespace: k10-gp-ns04 +spec: + replicas: 1 + selector: + matchLabels: + app: busybox + template: + metadata: + labels: + app: busybox + spec: + containers: + - command: + - sleep + - "3600" + image: busybox:1.35 + name: busybox diff --git a/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-test.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..bec2cc229 --- /dev/null +++ b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,88 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: k10-generate-gold-backup-policy +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1.yaml + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: ../k10-generate-gold-backup-policy.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1.yaml + - apply: + file: chainsaw-step-03-apply-2.yaml + - apply: + file: chainsaw-step-03-apply-3.yaml + - apply: + file: chainsaw-step-03-apply-4.yaml + - apply: + file: chainsaw-step-03-apply-5.yaml + - apply: + file: chainsaw-step-03-apply-6.yaml + - apply: + file: chainsaw-step-03-apply-7.yaml + - apply: + file: chainsaw-step-03-apply-8.yaml + finally: + - sleep: + duration: 10s + - name: step-04 + try: + - assert: + file: generated-policy.yaml + - error: + file: not-generated-policy.yaml + - name: step-05 + try: + - command: + args: + - delete + - all + - --all + - --force + - --grace-period=0 + - -n + - k10-gp-ns01 + entrypoint: kubectl + - command: + args: + - delete + - all + - --all + - --force + - --grace-period=0 + - -n + - k10-gp-ns02 + entrypoint: kubectl + - command: + args: + - delete + - all + - --all + - --force + - --grace-period=0 + - -n + - k10-gp-ns03 + entrypoint: kubectl + - command: + args: + - delete + - all + - --all + - --force + - --grace-period=0 + - -n + - k10-gp-ns04 + entrypoint: kubectl diff --git a/kasten/k10-generate-gold-backup-policy/generated-policy.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/generated-policy.yaml similarity index 100% rename from kasten/k10-generate-gold-backup-policy/generated-policy.yaml rename to kasten/k10-generate-gold-backup-policy/.chainsaw-test/generated-policy.yaml diff --git a/kasten/k10-generate-gold-backup-policy/not-generated-policy.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/not-generated-policy.yaml similarity index 100% rename from kasten/k10-generate-gold-backup-policy/not-generated-policy.yaml rename to kasten/k10-generate-gold-backup-policy/.chainsaw-test/not-generated-policy.yaml diff --git a/kasten/k10-generate-gold-backup-policy/policy-ready.yaml b/kasten/k10-generate-gold-backup-policy/.chainsaw-test/policy-ready.yaml similarity index 100% rename from kasten/k10-generate-gold-backup-policy/policy-ready.yaml rename to kasten/k10-generate-gold-backup-policy/.chainsaw-test/policy-ready.yaml diff --git a/kasten/k10-generate-gold-backup-policy/02-policy.yaml b/kasten/k10-generate-gold-backup-policy/02-policy.yaml deleted file mode 100644 index fe24e9bfc..000000000 --- a/kasten/k10-generate-gold-backup-policy/02-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- k10-generate-gold-backup-policy.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/kasten/k10-generate-gold-backup-policy/03-manifests.yaml b/kasten/k10-generate-gold-backup-policy/03-manifests.yaml deleted file mode 100644 index 66b1427f4..000000000 --- a/kasten/k10-generate-gold-backup-policy/03-manifests.yaml +++ /dev/null @@ -1,117 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: k10-gp-ns01 ---- -apiVersion: v1 -kind: Namespace -metadata: - name: k10-gp-ns02 ---- -apiVersion: v1 -kind: Namespace -metadata: - name: k10-gp-ns03 ---- -apiVersion: v1 -kind: Namespace -metadata: - name: k10-gp-ns04 ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: ss01 - namespace: k10-gp-ns01 - labels: - purpose: production - dataprotection: k10-goldpolicy -spec: - selector: - matchLabels: - app: busybox - serviceName: busybox-ss - replicas: 1 - template: - metadata: - labels: - app: busybox - spec: - containers: - - name: busybox - image: busybox:1.35 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: deploy01 - namespace: k10-gp-ns02 - labels: - app: busybox - purpose: production - dataprotection: k10-goldpolicy -spec: - replicas: 1 - selector: - matchLabels: - app: busybox - template: - metadata: - labels: - app: busybox - spec: - containers: - - name: busybox - image: busybox:1.35 - command: - - "sleep" - - "3600" ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: ss02 - namespace: k10-gp-ns03 - labels: - purpose: production - dataprotection: k10-simplepolicy -spec: - selector: - matchLabels: - app: busybox - serviceName: busybox-ss - replicas: 1 - template: - metadata: - labels: - app: busybox - spec: - containers: - - name: busybox - image: busybox:1.35 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: deploy02 - namespace: k10-gp-ns04 - labels: - app: busybox - purpose: production - dataprotection: k10-simplepolicy -spec: - replicas: 1 - selector: - matchLabels: - app: busybox - template: - metadata: - labels: - app: busybox - spec: - containers: - - name: busybox - image: busybox:1.35 - command: - - "sleep" - - "3600" \ No newline at end of file diff --git a/kasten/k10-generate-gold-backup-policy/04-generated.yaml b/kasten/k10-generate-gold-backup-policy/04-generated.yaml deleted file mode 100644 index 9e9b9d16a..000000000 --- a/kasten/k10-generate-gold-backup-policy/04-generated.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -assert: -- generated-policy.yaml -error: -- not-generated-policy.yaml \ No newline at end of file diff --git a/kasten/k10-generate-gold-backup-policy/05-delete.yaml b/kasten/k10-generate-gold-backup-policy/05-delete.yaml deleted file mode 100644 index 08589f5db..000000000 --- a/kasten/k10-generate-gold-backup-policy/05-delete.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- command: kubectl delete all --all --force --grace-period=0 -n k10-gp-ns01 -- command: kubectl delete all --all --force --grace-period=0 -n k10-gp-ns02 -- command: kubectl delete all --all --force --grace-period=0 -n k10-gp-ns03 -- command: kubectl delete all --all --force --grace-period=0 -n k10-gp-ns04 \ No newline at end of file diff --git a/kasten/k10-generate-policy-by-preset-label/01-clusterrole.yaml b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-01-apply-1.yaml old mode 100644 new mode 100755 similarity index 97% rename from kasten/k10-generate-policy-by-preset-label/01-clusterrole.yaml rename to kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-01-apply-1.yaml index 084115654..4be353056 --- a/kasten/k10-generate-policy-by-preset-label/01-clusterrole.yaml +++ b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-01-apply-1.yaml @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kyverno:background-controller:k10-goldbackuppolicy labels: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:k10-goldbackuppolicy rules: - apiGroups: - '*' @@ -15,4 +15,4 @@ rules: verbs: - create - update - - delete \ No newline at end of file + - delete diff --git a/kasten/k10-3-2-1-backup/01-assert.yaml b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 66% rename from kasten/k10-3-2-1-backup/01-assert.yaml rename to kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-01-assert-1.yaml index 560cb5c20..d660e00cb --- a/kasten/k10-3-2-1-backup/01-assert.yaml +++ b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -1,10 +1,3 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: k10-3-2-1-backup-policy -status: - ready: true ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -17,4 +10,4 @@ status: plural: policies singular: policy storedVersions: - - v1alpha1 \ No newline at end of file + - v1alpha1 diff --git a/flux/verify-flux-sources/02-ns.yaml b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-1.yaml old mode 100644 new mode 100755 similarity index 68% rename from flux/verify-flux-sources/02-ns.yaml rename to kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-1.yaml index ea3f7e960..7b05469bf --- a/flux/verify-flux-sources/02-ns.yaml +++ b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-1.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: flux-system \ No newline at end of file + name: kasten-io diff --git a/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-2.yaml b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-2.yaml new file mode 100755 index 000000000..6cff160c0 --- /dev/null +++ b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-2.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + dataprotection: gold + name: k10-gp-label-ns01 diff --git a/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-3.yaml b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-3.yaml new file mode 100755 index 000000000..b94f9f464 --- /dev/null +++ b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-3.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + dataprotection: silver + name: k10-gp-label-ns02 diff --git a/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-4.yaml b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-4.yaml new file mode 100755 index 000000000..12fea3d1b --- /dev/null +++ b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-4.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + dataprotection: bronze + name: k10-gp-label-ns03 diff --git a/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-5.yaml b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-5.yaml new file mode 100755 index 000000000..87f813500 --- /dev/null +++ b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-5.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + dataprotection: nothing + name: k10-gp-label-ns04 diff --git a/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-6.yaml b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-6.yaml new file mode 100755 index 000000000..e1a8a0d11 --- /dev/null +++ b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-step-03-apply-6.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: k10-gp-label-ns05 diff --git a/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-test.yaml b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..7ac9f3c32 --- /dev/null +++ b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,39 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: k10-generate-policy-by-preset-label +spec: + steps: + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1.yaml + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: ../k10-generate-policy-by-preset-label.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1.yaml + - apply: + file: chainsaw-step-03-apply-2.yaml + - apply: + file: chainsaw-step-03-apply-3.yaml + - apply: + file: chainsaw-step-03-apply-4.yaml + - apply: + file: chainsaw-step-03-apply-5.yaml + - apply: + file: chainsaw-step-03-apply-6.yaml + - name: step-04 + try: + - assert: + file: generated-policy.yaml + - error: + file: not-generated-policy.yaml diff --git a/kasten/k10-generate-policy-by-preset-label/generated-policy.yaml b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/generated-policy.yaml similarity index 100% rename from kasten/k10-generate-policy-by-preset-label/generated-policy.yaml rename to kasten/k10-generate-policy-by-preset-label/.chainsaw-test/generated-policy.yaml diff --git a/kasten/k10-generate-policy-by-preset-label/not-generated-policy.yaml b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/not-generated-policy.yaml similarity index 100% rename from kasten/k10-generate-policy-by-preset-label/not-generated-policy.yaml rename to kasten/k10-generate-policy-by-preset-label/.chainsaw-test/not-generated-policy.yaml diff --git a/kasten/k10-generate-policy-by-preset-label/policy-ready.yaml b/kasten/k10-generate-policy-by-preset-label/.chainsaw-test/policy-ready.yaml similarity index 100% rename from kasten/k10-generate-policy-by-preset-label/policy-ready.yaml rename to kasten/k10-generate-policy-by-preset-label/.chainsaw-test/policy-ready.yaml diff --git a/kasten/k10-generate-policy-by-preset-label/02-policy.yaml b/kasten/k10-generate-policy-by-preset-label/02-policy.yaml deleted file mode 100644 index 67a961625..000000000 --- a/kasten/k10-generate-policy-by-preset-label/02-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- k10-generate-policy-by-preset-label.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/kasten/k10-generate-policy-by-preset-label/03-manifests.yaml b/kasten/k10-generate-policy-by-preset-label/03-manifests.yaml deleted file mode 100644 index ae83583aa..000000000 --- a/kasten/k10-generate-policy-by-preset-label/03-manifests.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: kasten-io ---- -apiVersion: v1 -kind: Namespace -metadata: - name: k10-gp-label-ns01 - labels: - dataprotection: gold ---- -apiVersion: v1 -kind: Namespace -metadata: - name: k10-gp-label-ns02 - labels: - dataprotection: silver ---- -apiVersion: v1 -kind: Namespace -metadata: - name: k10-gp-label-ns03 - labels: - dataprotection: bronze ---- -apiVersion: v1 -kind: Namespace -metadata: - name: k10-gp-label-ns04 - labels: - dataprotection: nothing ---- -apiVersion: v1 -kind: Namespace -metadata: - name: k10-gp-label-ns05 \ No newline at end of file diff --git a/kasten/k10-generate-policy-by-preset-label/04-generated.yaml b/kasten/k10-generate-policy-by-preset-label/04-generated.yaml deleted file mode 100644 index 9e9b9d16a..000000000 --- a/kasten/k10-generate-policy-by-preset-label/04-generated.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -assert: -- generated-policy.yaml -error: -- not-generated-policy.yaml \ No newline at end of file diff --git a/kasten/k10-hourly-rpo/.chainsaw-test/chainsaw-step-01-assert-1.yaml b/kasten/k10-hourly-rpo/.chainsaw-test/chainsaw-step-01-assert-1.yaml new file mode 100755 index 000000000..3fa1c7221 --- /dev/null +++ b/kasten/k10-hourly-rpo/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -0,0 +1,6 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: k10-policy-hourly-rpo +status: + ready: true diff --git a/kasten/k10-hourly-rpo/.chainsaw-test/chainsaw-step-01-assert-2.yaml b/kasten/k10-hourly-rpo/.chainsaw-test/chainsaw-step-01-assert-2.yaml new file mode 100755 index 000000000..d660e00cb --- /dev/null +++ b/kasten/k10-hourly-rpo/.chainsaw-test/chainsaw-step-01-assert-2.yaml @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: policies.config.kio.kasten.io +spec: {} +status: + acceptedNames: + kind: Policy + listKind: PolicyList + plural: policies + singular: policy + storedVersions: + - v1alpha1 diff --git a/kasten/k10-hourly-rpo/.chainsaw-test/chainsaw-test.yaml b/kasten/k10-hourly-rpo/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..731fc4183 --- /dev/null +++ b/kasten/k10-hourly-rpo/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,32 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: k10-hourly-rpo +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../k10-hourly-rpo.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - assert: + file: chainsaw-step-01-assert-2.yaml + - name: step-02 + try: + - apply: + file: k10-good-policy.yaml + - apply: + expect: + - check: + ($error != null): true + file: k10-bad-policy.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: k10-policy-hourly-rpo diff --git a/kasten/k10-hourly-rpo/k10-bad-policy.yaml b/kasten/k10-hourly-rpo/.chainsaw-test/k10-bad-policy.yaml similarity index 100% rename from kasten/k10-hourly-rpo/k10-bad-policy.yaml rename to kasten/k10-hourly-rpo/.chainsaw-test/k10-bad-policy.yaml diff --git a/kasten/k10-hourly-rpo/k10-good-policy.yaml b/kasten/k10-hourly-rpo/.chainsaw-test/k10-good-policy.yaml similarity index 100% rename from kasten/k10-hourly-rpo/k10-good-policy.yaml rename to kasten/k10-hourly-rpo/.chainsaw-test/k10-good-policy.yaml diff --git a/kasten/k10-hourly-rpo/01-enforce.yaml b/kasten/k10-hourly-rpo/01-enforce.yaml deleted file mode 100644 index 37a4ebb07..000000000 --- a/kasten/k10-hourly-rpo/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' k10-hourly-rpo.yaml | kubectl create -f - \ No newline at end of file diff --git a/kasten/k10-hourly-rpo/02-manifests.yaml b/kasten/k10-hourly-rpo/02-manifests.yaml deleted file mode 100644 index 3139a2fed..000000000 --- a/kasten/k10-hourly-rpo/02-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: k10-good-policy.yaml - shouldFail: false -- file: k10-bad-policy.yaml - shouldFail: true \ No newline at end of file diff --git a/kasten/k10-hourly-rpo/99-delete.yaml b/kasten/k10-hourly-rpo/99-delete.yaml deleted file mode 100644 index 3486c1fd7..000000000 --- a/kasten/k10-hourly-rpo/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: k10-policy-hourly-rpo \ No newline at end of file diff --git a/kasten/k10-minimum-retention/01-assert.yaml b/kasten/k10-minimum-retention/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from kasten/k10-minimum-retention/01-assert.yaml rename to kasten/k10-minimum-retention/.chainsaw-test/chainsaw-step-01-assert-1.yaml diff --git a/kasten/k10-minimum-retention/.chainsaw-test/chainsaw-test.yaml b/kasten/k10-minimum-retention/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..1be440945 --- /dev/null +++ b/kasten/k10-minimum-retention/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,25 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: k10-minimum-retention +spec: + steps: + - name: step-01 + try: + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: ns.yaml + - apply: + file: ../k10-minimum-retention.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - apply: + file: kuttlresource.yaml + - assert: + file: resource-mutated.yaml diff --git a/kasten/k10-minimum-retention/kuttlresource.yaml b/kasten/k10-minimum-retention/.chainsaw-test/kuttlresource.yaml similarity index 100% rename from kasten/k10-minimum-retention/kuttlresource.yaml rename to kasten/k10-minimum-retention/.chainsaw-test/kuttlresource.yaml diff --git a/kasten/k10-minimum-retention/ns.yaml b/kasten/k10-minimum-retention/.chainsaw-test/ns.yaml similarity index 100% rename from kasten/k10-minimum-retention/ns.yaml rename to kasten/k10-minimum-retention/.chainsaw-test/ns.yaml diff --git a/kasten/k10-minimum-retention/policy-ready.yaml b/kasten/k10-minimum-retention/.chainsaw-test/policy-ready.yaml similarity index 100% rename from kasten/k10-minimum-retention/policy-ready.yaml rename to kasten/k10-minimum-retention/.chainsaw-test/policy-ready.yaml diff --git a/kasten/k10-minimum-retention/resource-mutated.yaml b/kasten/k10-minimum-retention/.chainsaw-test/resource-mutated.yaml similarity index 100% rename from kasten/k10-minimum-retention/resource-mutated.yaml rename to kasten/k10-minimum-retention/.chainsaw-test/resource-mutated.yaml diff --git a/kasten/k10-minimum-retention/02-policy.yaml b/kasten/k10-minimum-retention/02-policy.yaml deleted file mode 100644 index 9fda442e4..000000000 --- a/kasten/k10-minimum-retention/02-policy.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- ns.yaml -- k10-minimum-retention.yaml -assert: -- policy-ready.yaml diff --git a/kasten/k10-minimum-retention/03-resource.yaml b/kasten/k10-minimum-retention/03-resource.yaml deleted file mode 100644 index 0cc05bd3c..000000000 --- a/kasten/k10-minimum-retention/03-resource.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- kuttlresource.yaml -assert: -- resource-mutated.yaml diff --git a/kasten/k10-validate-ns-by-preset-label/.chainsaw-test/chainsaw-step-01-assert-1.yaml b/kasten/k10-validate-ns-by-preset-label/.chainsaw-test/chainsaw-step-01-assert-1.yaml new file mode 100755 index 000000000..27e86f51b --- /dev/null +++ b/kasten/k10-validate-ns-by-preset-label/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -0,0 +1,6 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: k10-validate-ns-by-preset-label +status: + ready: true diff --git a/kasten/k10-validate-ns-by-preset-label/.chainsaw-test/chainsaw-step-01-assert-2.yaml b/kasten/k10-validate-ns-by-preset-label/.chainsaw-test/chainsaw-step-01-assert-2.yaml new file mode 100755 index 000000000..d660e00cb --- /dev/null +++ b/kasten/k10-validate-ns-by-preset-label/.chainsaw-test/chainsaw-step-01-assert-2.yaml @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: policies.config.kio.kasten.io +spec: {} +status: + acceptedNames: + kind: Policy + listKind: PolicyList + plural: policies + singular: policy + storedVersions: + - v1alpha1 diff --git a/kasten/k10-validate-ns-by-preset-label/.chainsaw-test/chainsaw-test.yaml b/kasten/k10-validate-ns-by-preset-label/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..6646694e3 --- /dev/null +++ b/kasten/k10-validate-ns-by-preset-label/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,32 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: k10-validate-ns-by-preset-label +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' ../k10-validate-ns-by-preset-label.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - assert: + file: chainsaw-step-01-assert-2.yaml + - name: step-02 + try: + - apply: + file: ns-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: ns-bad.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: k10-validate-ns-by-preset-label diff --git a/kasten/k10-validate-ns-by-preset-label/ns-bad.yaml b/kasten/k10-validate-ns-by-preset-label/.chainsaw-test/ns-bad.yaml similarity index 100% rename from kasten/k10-validate-ns-by-preset-label/ns-bad.yaml rename to kasten/k10-validate-ns-by-preset-label/.chainsaw-test/ns-bad.yaml diff --git a/kasten/k10-validate-ns-by-preset-label/ns-good.yaml b/kasten/k10-validate-ns-by-preset-label/.chainsaw-test/ns-good.yaml similarity index 100% rename from kasten/k10-validate-ns-by-preset-label/ns-good.yaml rename to kasten/k10-validate-ns-by-preset-label/.chainsaw-test/ns-good.yaml diff --git a/kasten/k10-validate-ns-by-preset-label/01-assert.yaml b/kasten/k10-validate-ns-by-preset-label/01-assert.yaml deleted file mode 100644 index 97688f738..000000000 --- a/kasten/k10-validate-ns-by-preset-label/01-assert.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: k10-validate-ns-by-preset-label -status: - ready: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: policies.config.kio.kasten.io -spec: {} -status: - acceptedNames: - kind: Policy - listKind: PolicyList - plural: policies - singular: policy - storedVersions: - - v1alpha1 \ No newline at end of file diff --git a/kasten/k10-validate-ns-by-preset-label/01-enforce.yaml b/kasten/k10-validate-ns-by-preset-label/01-enforce.yaml deleted file mode 100644 index a9c74c9ad..000000000 --- a/kasten/k10-validate-ns-by-preset-label/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' k10-validate-ns-by-preset-label.yaml | kubectl create -f - \ No newline at end of file diff --git a/kasten/k10-validate-ns-by-preset-label/02-manifests.yaml b/kasten/k10-validate-ns-by-preset-label/02-manifests.yaml deleted file mode 100644 index d8d494b03..000000000 --- a/kasten/k10-validate-ns-by-preset-label/02-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: ns-good.yaml - shouldFail: false -- file: ns-bad.yaml - shouldFail: true \ No newline at end of file diff --git a/kasten/k10-validate-ns-by-preset-label/99-delete.yaml b/kasten/k10-validate-ns-by-preset-label/99-delete.yaml deleted file mode 100644 index 25781e36e..000000000 --- a/kasten/k10-validate-ns-by-preset-label/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: k10-validate-ns-by-preset-label \ No newline at end of file