-
Notifications
You must be signed in to change notification settings - Fork 254
Commit
Signed-off-by: Charles-Edouard Brétéché <[email protected]>
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
apiVersion: chainsaw.kyverno.io/v1alpha1 | ||
kind: Test | ||
metadata: | ||
creationTimestamp: null | ||
name: disallow-capabilities | ||
spec: | ||
steps: | ||
- name: step-01 | ||
try: | ||
- script: | ||
content: | | ||
sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' ../disallow-capabilities.yaml | kubectl create -f - | ||
- assert: | ||
file: chainsaw-step-01-assert-1.yaml | ||
- name: step-02 | ||
try: | ||
- apply: | ||
file: ../../../../pod-security/baseline/disallow-capabilities/.chainsaw-test/pod-good.yaml | ||
- apply: | ||
expect: | ||
- check: | ||
($error != null): true | ||
file: ../../../../pod-security/baseline/disallow-capabilities/.chainsaw-test/pod-bad.yaml | ||
- apply: | ||
file: ../../../../pod-security/baseline/disallow-capabilities/.chainsaw-test/podcontroller-good.yaml | ||
- apply: | ||
expect: | ||
- check: | ||
($error != null): true | ||
file: ../../../../pod-security/baseline/disallow-capabilities/.chainsaw-test/podcontroller-bad.yaml | ||
- name: step-99 | ||
try: | ||
- delete: | ||
ref: | ||
apiVersion: kyverno.io/v1 | ||
kind: ClusterPolicy | ||
name: disallow-capabilities |
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
apiVersion: chainsaw.kyverno.io/v1alpha1 | ||
kind: Test | ||
metadata: | ||
creationTimestamp: null | ||
name: disallow-host-namespaces | ||
spec: | ||
steps: | ||
- name: step-01 | ||
try: | ||
- script: | ||
content: | | ||
sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' ../disallow-host-namespaces.yaml | kubectl create -f - | ||
- assert: | ||
file: chainsaw-step-01-assert-1.yaml | ||
- name: step-02 | ||
try: | ||
- apply: | ||
file: ../../../../pod-security/baseline/disallow-host-namespaces/.chainsaw-test/pod-good.yaml | ||
- apply: | ||
expect: | ||
- check: | ||
($error != null): true | ||
file: ../../../../pod-security/baseline/disallow-host-namespaces/.chainsaw-test/pod-bad.yaml | ||
- apply: | ||
file: ../../../../pod-security/baseline/disallow-host-namespaces/.chainsaw-test/podcontroller-good.yaml | ||
- apply: | ||
expect: | ||
- check: | ||
($error != null): true | ||
file: ../../../../pod-security/baseline/disallow-host-namespaces/.chainsaw-test/podcontroller-bad.yaml | ||
- name: step-99 | ||
try: | ||
- delete: | ||
ref: | ||
apiVersion: kyverno.io/v1 | ||
kind: ClusterPolicy | ||
name: disallow-host-namespaces |
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
apiVersion: chainsaw.kyverno.io/v1alpha1 | ||
kind: Test | ||
metadata: | ||
creationTimestamp: null | ||
name: disallow-host-path | ||
spec: | ||
steps: | ||
- name: step-01 | ||
try: | ||
- script: | ||
content: | | ||
sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' ../disallow-host-path.yaml | kubectl create -f - | ||
- assert: | ||
file: chainsaw-step-01-assert-1.yaml | ||
- name: step-02 | ||
try: | ||
- apply: | ||
file: ../../../../pod-security/baseline/disallow-host-path/.chainsaw-test/pod-good.yaml | ||
- apply: | ||
expect: | ||
- check: | ||
($error != null): true | ||
file: ../../../../pod-security/baseline/disallow-host-path/.chainsaw-test/pod-bad.yaml | ||
- apply: | ||
file: ../../../../pod-security/baseline/disallow-host-path/.chainsaw-test/podcontroller-good.yaml | ||
- apply: | ||
expect: | ||
- check: | ||
($error != null): true | ||
file: ../../../../pod-security/baseline/disallow-host-path/.chainsaw-test/podcontroller-bad.yaml | ||
- name: step-99 | ||
try: | ||
- delete: | ||
ref: | ||
apiVersion: kyverno.io/v1 | ||
kind: ClusterPolicy | ||
name: disallow-host-path |
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
apiVersion: chainsaw.kyverno.io/v1alpha1 | ||
kind: Test | ||
metadata: | ||
creationTimestamp: null | ||
name: disallow-host-ports-range | ||
spec: | ||
steps: | ||
- name: step-01 | ||
try: | ||
- script: | ||
content: | | ||
sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' ../disallow-host-ports-range.yaml | kubectl create -f - | ||
- assert: | ||
file: chainsaw-step-01-assert-1.yaml | ||
- name: step-02 | ||
try: | ||
- apply: | ||
file: ../../../../pod-security/baseline/disallow-host-ports-range/.chainsaw-test/pod-good.yaml | ||
- apply: | ||
expect: | ||
- check: | ||
($error != null): true | ||
file: ../../../../pod-security/baseline/disallow-host-ports-range/.chainsaw-test/pod-bad.yaml | ||
- apply: | ||
file: ../../../../pod-security/baseline/disallow-host-ports-range/.chainsaw-test/podcontroller-good.yaml | ||
- apply: | ||
expect: | ||
- check: | ||
($error != null): true | ||
file: ../../../../pod-security/baseline/disallow-host-ports-range/.chainsaw-test/podcontroller-bad.yaml | ||
- name: step-99 | ||
try: | ||
- delete: | ||
ref: | ||
apiVersion: kyverno.io/v1 | ||
kind: ClusterPolicy | ||
name: disallow-host-ports-range |
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
apiVersion: chainsaw.kyverno.io/v1alpha1 | ||
kind: Test | ||
metadata: | ||
creationTimestamp: null | ||
name: disallow-host-ports | ||
spec: | ||
steps: | ||
- name: step-01 | ||
try: | ||
- script: | ||
content: | | ||
sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' ../disallow-host-ports.yaml | kubectl create -f - | ||
- assert: | ||
file: chainsaw-step-01-assert-1.yaml | ||
- name: step-02 | ||
try: | ||
- apply: | ||
file: ../../../../pod-security/baseline/disallow-host-ports/.chainsaw-test/pod-good.yaml | ||
- apply: | ||
expect: | ||
- check: | ||
($error != null): true | ||
file: ../../../../pod-security/baseline/disallow-host-ports/.chainsaw-test/pod-bad.yaml | ||
- apply: | ||
file: ../../../../pod-security/baseline/disallow-host-ports/.chainsaw-test/podcontroller-good.yaml | ||
- apply: | ||
expect: | ||
- check: | ||
($error != null): true | ||
file: ../../../../pod-security/baseline/disallow-host-ports/.chainsaw-test/podcontroller-bad.yaml | ||
- name: step-99 | ||
try: | ||
- delete: | ||
ref: | ||
apiVersion: kyverno.io/v1 | ||
kind: ClusterPolicy | ||
name: disallow-host-ports |
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
apiVersion: chainsaw.kyverno.io/v1alpha1 | ||
kind: Test | ||
metadata: | ||
creationTimestamp: null | ||
name: disallow-host-process | ||
spec: | ||
steps: | ||
- name: step-01 | ||
try: | ||
- script: | ||
content: | | ||
sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' ../disallow-host-process.yaml | kubectl create -f - | ||
- assert: | ||
file: chainsaw-step-01-assert-1.yaml | ||
- name: step-02 | ||
try: | ||
- apply: | ||
file: ../../../../pod-security/baseline/disallow-host-process/.chainsaw-test/pod-good.yaml | ||
- apply: | ||
expect: | ||
- check: | ||
($error != null): true | ||
file: ../../../../pod-security/baseline/disallow-host-process/.chainsaw-test/pod-bad.yaml | ||
- apply: | ||
file: ../../../../pod-security/baseline/disallow-host-process/.chainsaw-test/podcontroller-good.yaml | ||
- apply: | ||
expect: | ||
- check: | ||
($error != null): true | ||
file: ../../../../pod-security/baseline/disallow-host-process/.chainsaw-test/podcontroller-bad.yaml | ||
- name: step-99 | ||
try: | ||
- delete: | ||
ref: | ||
apiVersion: kyverno.io/v1 | ||
kind: ClusterPolicy | ||
name: disallow-host-process |
This file was deleted.
This file was deleted.