diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e2a71106a..2e195837f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -38,12 +38,12 @@ jobs: # - istio # - karpenter # - kasten - - kubecost - - kubeops - - kubevirt - - linkerd - - nginx-ingress - - openshift + # - kubecost + # - kubeops + # - kubevirt + # - linkerd + # - nginx-ingress + # - openshift - other/a - other/b-d - other/e-l @@ -113,12 +113,12 @@ jobs: - istio - karpenter - kasten - # - kubecost - # - kubeops - # - kubevirt - # - linkerd - # - nginx-ingress - # - openshift + - kubecost + - kubeops + - kubevirt + - linkerd + - nginx-ingress + - openshift # - other/a # - other/b-d # - other/e-l diff --git a/kubecost/enable-kubecost-continuous-rightsizing/.chainsaw-test/chainsaw-test.yaml b/kubecost/enable-kubecost-continuous-rightsizing/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..5e1c7dd12 --- /dev/null +++ b/kubecost/enable-kubecost-continuous-rightsizing/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,26 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: enable-kubecost-continuous-rightsizing +spec: + steps: + - name: step-01 + try: + - apply: + file: ../enable-kubecost-continuous-rightsizing.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ../.kyverno-test/resource.yaml + finally: + - sleep: + duration: 5s + - name: step-03 + try: + - assert: + file: ../.kyverno-test/patchedResource1.yaml + - error: + file: not-patched-deploy.yaml diff --git a/kubecost/enable-kubecost-continuous-rightsizing/not-patched-deploy.yaml b/kubecost/enable-kubecost-continuous-rightsizing/.chainsaw-test/not-patched-deploy.yaml similarity index 100% rename from kubecost/enable-kubecost-continuous-rightsizing/not-patched-deploy.yaml rename to kubecost/enable-kubecost-continuous-rightsizing/.chainsaw-test/not-patched-deploy.yaml diff --git a/kubecost/enable-kubecost-continuous-rightsizing/policy-ready.yaml b/kubecost/enable-kubecost-continuous-rightsizing/.chainsaw-test/policy-ready.yaml similarity index 100% rename from kubecost/enable-kubecost-continuous-rightsizing/policy-ready.yaml rename to kubecost/enable-kubecost-continuous-rightsizing/.chainsaw-test/policy-ready.yaml diff --git a/kubecost/enable-kubecost-continuous-rightsizing/01-policy.yaml b/kubecost/enable-kubecost-continuous-rightsizing/01-policy.yaml deleted file mode 100644 index 94ff88cf1..000000000 --- a/kubecost/enable-kubecost-continuous-rightsizing/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- enable-kubecost-continuous-rightsizing.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/kubecost/enable-kubecost-continuous-rightsizing/02-resources.yaml b/kubecost/enable-kubecost-continuous-rightsizing/02-resources.yaml deleted file mode 100644 index 87be16ca6..000000000 --- a/kubecost/enable-kubecost-continuous-rightsizing/02-resources.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- .kyverno-test/resource.yaml \ No newline at end of file diff --git a/kubecost/enable-kubecost-continuous-rightsizing/03-mutated.yaml b/kubecost/enable-kubecost-continuous-rightsizing/03-mutated.yaml deleted file mode 100644 index 3ac7a5830..000000000 --- a/kubecost/enable-kubecost-continuous-rightsizing/03-mutated.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -assert: -- .kyverno-test/patchedResource1.yaml -error: -- not-patched-deploy.yaml \ No newline at end of file diff --git a/kubecost/require-kubecost-labels/01-assert.yaml b/kubecost/require-kubecost-labels/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from kubecost/require-kubecost-labels/01-assert.yaml rename to kubecost/require-kubecost-labels/.chainsaw-test/chainsaw-step-01-assert-1.yaml index 88c19dc4e..ed44c7cf3 --- a/kubecost/require-kubecost-labels/01-assert.yaml +++ b/kubecost/require-kubecost-labels/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: require-kubecost-labels status: - ready: true \ No newline at end of file + ready: true diff --git a/kubecost/require-kubecost-labels/.chainsaw-test/chainsaw-test.yaml b/kubecost/require-kubecost-labels/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..528eed0d3 --- /dev/null +++ b/kubecost/require-kubecost-labels/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: require-kubecost-labels +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' ../require-kubecost-labels.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: pod-good.yaml + - apply: + file: podcontroller-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: pod-bad.yaml + - apply: + expect: + - check: + ($error != null): true + file: podcontroller-bad.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: require-kubecost-labels diff --git a/kubecost/require-kubecost-labels/pod-bad.yaml b/kubecost/require-kubecost-labels/.chainsaw-test/pod-bad.yaml similarity index 100% rename from kubecost/require-kubecost-labels/pod-bad.yaml rename to kubecost/require-kubecost-labels/.chainsaw-test/pod-bad.yaml diff --git a/kubecost/require-kubecost-labels/pod-good.yaml b/kubecost/require-kubecost-labels/.chainsaw-test/pod-good.yaml similarity index 100% rename from kubecost/require-kubecost-labels/pod-good.yaml rename to kubecost/require-kubecost-labels/.chainsaw-test/pod-good.yaml diff --git a/kubecost/require-kubecost-labels/podcontroller-bad.yaml b/kubecost/require-kubecost-labels/.chainsaw-test/podcontroller-bad.yaml similarity index 100% rename from kubecost/require-kubecost-labels/podcontroller-bad.yaml rename to kubecost/require-kubecost-labels/.chainsaw-test/podcontroller-bad.yaml diff --git a/kubecost/require-kubecost-labels/podcontroller-good.yaml b/kubecost/require-kubecost-labels/.chainsaw-test/podcontroller-good.yaml similarity index 100% rename from kubecost/require-kubecost-labels/podcontroller-good.yaml rename to kubecost/require-kubecost-labels/.chainsaw-test/podcontroller-good.yaml diff --git a/kubecost/require-kubecost-labels/01-enforce.yaml b/kubecost/require-kubecost-labels/01-enforce.yaml deleted file mode 100644 index 635c743ff..000000000 --- a/kubecost/require-kubecost-labels/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' require-kubecost-labels.yaml | kubectl create -f - \ No newline at end of file diff --git a/kubecost/require-kubecost-labels/02-manifests.yaml b/kubecost/require-kubecost-labels/02-manifests.yaml deleted file mode 100644 index 170b42166..000000000 --- a/kubecost/require-kubecost-labels/02-manifests.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: pod-good.yaml - shouldFail: false -- file: podcontroller-good.yaml - shouldFail: false -- file: pod-bad.yaml - shouldFail: true -- file: podcontroller-bad.yaml - shouldFail: true \ No newline at end of file diff --git a/kubecost/require-kubecost-labels/99-delete.yaml b/kubecost/require-kubecost-labels/99-delete.yaml deleted file mode 100644 index 5566b2ec8..000000000 --- a/kubecost/require-kubecost-labels/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: require-kubecost-labels \ No newline at end of file diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/00-assert.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-00-assert-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from kubeops/config-syncer-secret-generation-from-rancher-capi/00-assert.yaml rename to kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-00-assert-1.yaml diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-1.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-1.yaml new file mode 100755 index 000000000..d82091bc1 --- /dev/null +++ b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-1.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kubeops-cluster-ns diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-2.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-2.yaml new file mode 100755 index 000000000..f682cde2f --- /dev/null +++ b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kubed diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-3.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-3.yaml new file mode 100755 index 000000000..58986405f --- /dev/null +++ b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-3.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + kubeconfig: Y2x1c3RlcnM6DQotIGNsdXN0ZXI6DQogICAgY2VydGlmaWNhdGUtYXV0aG9yaXR5LWRhdGE6IFltRnlDZz09DQogICAgc2VydmVyOiBodHRwczovLzEyNy4wLjAuMToxMjM0NQ0KICBuYW1lOiBjbHVzdGVyDQpjb250ZXh0czoNCi0gY29udGV4dDoNCiAgICBjbHVzdGVyOiBjbHVzdGVyDQogICAgdXNlcjogdXNlcg0KICBuYW1lOiBjbHVzdGVyDQpjdXJyZW50LWNvbnRleHQ6IGNsdXN0ZXINCnByZWZlcmVuY2VzOiB7fQ0KdXNlcnM6DQotIG5hbWU6IHVzZXINCiAgdXNlcjoNCiAgICBjbGllbnQtY2VydGlmaWNhdGUtZGF0YTogWW1GeUNnPT0= +kind: Secret +metadata: + name: kubed + namespace: kubed diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-4.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-4.yaml new file mode 100755 index 000000000..7a21547f4 --- /dev/null +++ b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-4.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + value: Y2x1c3RlcnM6DQotIGNsdXN0ZXI6DQogICAgY2VydGlmaWNhdGUtYXV0aG9yaXR5LWRhdGE6IFptOXYNCiAgICBzZXJ2ZXI6IGh0dHBzOi8vMTI3LjAuMC4xOjY5NjkNCiAgbmFtZTogY2x1c3Rlcg0KY29udGV4dHM6DQotIGNvbnRleHQ6DQogICAgY2x1c3RlcjogY2x1c3Rlcg0KICAgIHVzZXI6IHVzZXINCiAgbmFtZTogY2x1c3Rlcg0KY3VycmVudC1jb250ZXh0OiBjbHVzdGVyDQpwcmVmZXJlbmNlczoge30NCnVzZXJzOg0KLSBuYW1lOiB1c2VyDQogIHVzZXI6DQogICAgY2xpZW50LWNlcnRpZmljYXRlLWRhdGE6IFptOXY= +kind: Secret +metadata: + name: rancher-cluster-kubeconfig + namespace: kubeops-cluster-ns diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-5.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-5.yaml new file mode 100755 index 000000000..52a0ff1be --- /dev/null +++ b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-5.yaml @@ -0,0 +1,15 @@ +apiVersion: provisioning.cattle.io/v1 +kind: Cluster +metadata: + name: rancher-cluster + namespace: kubeops-cluster-ns +spec: + rkeConfig: + machinePools: + - controlPlaneRole: true + machineConfigRef: + apiVersion: elemental.cattle.io/v1beta1 + kind: MachineInventorySelectorTemplate + name: configref01 + name: machine01 + quantity: 1 diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/03-secret.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-03-apply-1.yaml old mode 100644 new mode 100755 similarity index 95% rename from kubeops/config-syncer-secret-generation-from-rancher-capi/03-secret.yaml rename to kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-03-apply-1.yaml index 7b3cae393..8cc096f25 --- a/kubeops/config-syncer-secret-generation-from-rancher-capi/03-secret.yaml +++ b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-03-apply-1.yaml @@ -1,7 +1,7 @@ apiVersion: v1 +data: + value: Y2x1c3RlcnM6DQotIGNsdXN0ZXI6DQogICAgY2VydGlmaWNhdGUtYXV0aG9yaXR5LWRhdGE6IFptOXYNCiAgICBzZXJ2ZXI6IGh0dHBzOi8vMTI3LjAuMC4xOjU0MzIxDQogIG5hbWU6IGNsdXN0ZXINCmNvbnRleHRzOg0KLSBjb250ZXh0Og0KICAgIGNsdXN0ZXI6IGNsdXN0ZXINCiAgICB1c2VyOiB1c2VyDQogIG5hbWU6IGNsdXN0ZXINCmN1cnJlbnQtY29udGV4dDogY2x1c3Rlcg0KcHJlZmVyZW5jZXM6IHt9DQp1c2VyczoNCi0gbmFtZTogdXNlcg0KICB1c2VyOg0KICAgIGNsaWVudC1jZXJ0aWZpY2F0ZS1kYXRhOiBabTl2 kind: Secret metadata: name: sample-cluster-kubeconfig namespace: kubeops-cluster-ns -data: - value: Y2x1c3RlcnM6DQotIGNsdXN0ZXI6DQogICAgY2VydGlmaWNhdGUtYXV0aG9yaXR5LWRhdGE6IFptOXYNCiAgICBzZXJ2ZXI6IGh0dHBzOi8vMTI3LjAuMC4xOjU0MzIxDQogIG5hbWU6IGNsdXN0ZXINCmNvbnRleHRzOg0KLSBjb250ZXh0Og0KICAgIGNsdXN0ZXI6IGNsdXN0ZXINCiAgICB1c2VyOiB1c2VyDQogIG5hbWU6IGNsdXN0ZXINCmN1cnJlbnQtY29udGV4dDogY2x1c3Rlcg0KcHJlZmVyZW5jZXM6IHt9DQp1c2VyczoNCi0gbmFtZTogdXNlcg0KICB1c2VyOg0KICAgIGNsaWVudC1jZXJ0aWZpY2F0ZS1kYXRhOiBabTl2 \ No newline at end of file diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-test.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..b40b0a99e --- /dev/null +++ b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,41 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: config-syncer-secret-generation-from-rancher-capi +spec: + steps: + - name: step-00 + try: + - assert: + file: chainsaw-step-00-assert-1.yaml + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1.yaml + - apply: + file: chainsaw-step-01-apply-2.yaml + - apply: + file: chainsaw-step-01-apply-3.yaml + - apply: + file: chainsaw-step-01-apply-4.yaml + - apply: + file: chainsaw-step-01-apply-5.yaml + - name: step-02 + try: + - apply: + file: ../config-syncer-secret-generation-from-rancher-capi.yaml + - assert: + file: policy-ready.yaml + - assert: + file: secret-generated01.yaml + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1.yaml + - name: step-04 + try: + - apply: + file: cluster.yaml + - assert: + file: secret-generated02.yaml diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/cluster.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/cluster.yaml similarity index 100% rename from kubeops/config-syncer-secret-generation-from-rancher-capi/cluster.yaml rename to kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/cluster.yaml diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/ns.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/ns.yaml similarity index 100% rename from kubeops/config-syncer-secret-generation-from-rancher-capi/ns.yaml rename to kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/ns.yaml diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/policy-ready.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/policy-ready.yaml similarity index 100% rename from kubeops/config-syncer-secret-generation-from-rancher-capi/policy-ready.yaml rename to kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/policy-ready.yaml diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/secret-generated01.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/secret-generated01.yaml similarity index 100% rename from kubeops/config-syncer-secret-generation-from-rancher-capi/secret-generated01.yaml rename to kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/secret-generated01.yaml diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/secret-generated02.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/secret-generated02.yaml similarity index 100% rename from kubeops/config-syncer-secret-generation-from-rancher-capi/secret-generated02.yaml rename to kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/secret-generated02.yaml diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/setup.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/setup.yaml similarity index 100% rename from kubeops/config-syncer-secret-generation-from-rancher-capi/setup.yaml rename to kubeops/config-syncer-secret-generation-from-rancher-capi/.chainsaw-test/setup.yaml diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/01-setup.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/01-setup.yaml deleted file mode 100644 index 908eaa00c..000000000 --- a/kubeops/config-syncer-secret-generation-from-rancher-capi/01-setup.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: kubeops-cluster-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - name: kubed ---- -apiVersion: v1 -kind: Secret -metadata: - name: kubed - namespace: kubed -data: - kubeconfig: Y2x1c3RlcnM6DQotIGNsdXN0ZXI6DQogICAgY2VydGlmaWNhdGUtYXV0aG9yaXR5LWRhdGE6IFltRnlDZz09DQogICAgc2VydmVyOiBodHRwczovLzEyNy4wLjAuMToxMjM0NQ0KICBuYW1lOiBjbHVzdGVyDQpjb250ZXh0czoNCi0gY29udGV4dDoNCiAgICBjbHVzdGVyOiBjbHVzdGVyDQogICAgdXNlcjogdXNlcg0KICBuYW1lOiBjbHVzdGVyDQpjdXJyZW50LWNvbnRleHQ6IGNsdXN0ZXINCnByZWZlcmVuY2VzOiB7fQ0KdXNlcnM6DQotIG5hbWU6IHVzZXINCiAgdXNlcjoNCiAgICBjbGllbnQtY2VydGlmaWNhdGUtZGF0YTogWW1GeUNnPT0= ---- -apiVersion: v1 -kind: Secret -metadata: - name: rancher-cluster-kubeconfig - namespace: kubeops-cluster-ns -data: - value: Y2x1c3RlcnM6DQotIGNsdXN0ZXI6DQogICAgY2VydGlmaWNhdGUtYXV0aG9yaXR5LWRhdGE6IFptOXYNCiAgICBzZXJ2ZXI6IGh0dHBzOi8vMTI3LjAuMC4xOjY5NjkNCiAgbmFtZTogY2x1c3Rlcg0KY29udGV4dHM6DQotIGNvbnRleHQ6DQogICAgY2x1c3RlcjogY2x1c3Rlcg0KICAgIHVzZXI6IHVzZXINCiAgbmFtZTogY2x1c3Rlcg0KY3VycmVudC1jb250ZXh0OiBjbHVzdGVyDQpwcmVmZXJlbmNlczoge30NCnVzZXJzOg0KLSBuYW1lOiB1c2VyDQogIHVzZXI6DQogICAgY2xpZW50LWNlcnRpZmljYXRlLWRhdGE6IFptOXY= ---- -kind: Cluster -apiVersion: provisioning.cattle.io/v1 -metadata: - name: rancher-cluster - namespace: kubeops-cluster-ns -spec: - rkeConfig: - machinePools: - - name: machine01 - controlPlaneRole: true - quantity: 1 - machineConfigRef: - apiVersion: elemental.cattle.io/v1beta1 - kind: MachineInventorySelectorTemplate - name: configref01 \ No newline at end of file diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/02-policy.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/02-policy.yaml deleted file mode 100644 index 63871b458..000000000 --- a/kubeops/config-syncer-secret-generation-from-rancher-capi/02-policy.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- config-syncer-secret-generation-from-rancher-capi.yaml -assert: -- policy-ready.yaml -- secret-generated01.yaml \ No newline at end of file diff --git a/kubeops/config-syncer-secret-generation-from-rancher-capi/04-manifests.yaml b/kubeops/config-syncer-secret-generation-from-rancher-capi/04-manifests.yaml deleted file mode 100644 index 8d2f07e38..000000000 --- a/kubeops/config-syncer-secret-generation-from-rancher-capi/04-manifests.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- cluster.yaml -assert: -- secret-generated02.yaml \ No newline at end of file diff --git a/kubevirt/add-services/00-assert.yaml b/kubevirt/add-services/.chainsaw-test/chainsaw-step-00-assert-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from kubevirt/add-services/00-assert.yaml rename to kubevirt/add-services/.chainsaw-test/chainsaw-step-00-assert-1.yaml diff --git a/kubevirt/add-services/01-clusterrole.yaml b/kubevirt/add-services/.chainsaw-test/chainsaw-step-01-apply-1.yaml old mode 100644 new mode 100755 similarity index 96% rename from kubevirt/add-services/01-clusterrole.yaml rename to kubevirt/add-services/.chainsaw-test/chainsaw-step-01-apply-1.yaml index d43261d7f..4bdb82b3b --- a/kubevirt/add-services/01-clusterrole.yaml +++ b/kubevirt/add-services/.chainsaw-test/chainsaw-step-01-apply-1.yaml @@ -1,11 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: kyverno:background-controller:kubevirt-services labels: app.kubernetes.io/component: background-controller app.kubernetes.io/instance: kyverno app.kubernetes.io/part-of: kyverno + name: kyverno:background-controller:kubevirt-services rules: - apiGroups: - "" @@ -14,4 +14,4 @@ rules: verbs: - create - update - - delete \ No newline at end of file + - delete diff --git a/kubevirt/add-services/.chainsaw-test/chainsaw-test.yaml b/kubevirt/add-services/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..d834f3a9b --- /dev/null +++ b/kubevirt/add-services/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,29 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: add-services +spec: + steps: + - name: step-00 + try: + - assert: + file: chainsaw-step-00-assert-1.yaml + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1.yaml + - name: step-02 + try: + - apply: + file: ../add-services.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - apply: + file: vmi.yaml + - name: step-04 + try: + - assert: + file: generated-svc.yaml diff --git a/kubevirt/add-services/generated-svc.yaml b/kubevirt/add-services/.chainsaw-test/generated-svc.yaml similarity index 100% rename from kubevirt/add-services/generated-svc.yaml rename to kubevirt/add-services/.chainsaw-test/generated-svc.yaml diff --git a/kubevirt/add-services/policy-ready.yaml b/kubevirt/add-services/.chainsaw-test/policy-ready.yaml similarity index 100% rename from kubevirt/add-services/policy-ready.yaml rename to kubevirt/add-services/.chainsaw-test/policy-ready.yaml diff --git a/kubevirt/add-services/vmi.yaml b/kubevirt/add-services/.chainsaw-test/vmi.yaml similarity index 100% rename from kubevirt/add-services/vmi.yaml rename to kubevirt/add-services/.chainsaw-test/vmi.yaml diff --git a/kubevirt/add-services/02-policy.yaml b/kubevirt/add-services/02-policy.yaml deleted file mode 100644 index 3ed9ac3e8..000000000 --- a/kubevirt/add-services/02-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- add-services.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/kubevirt/add-services/03-resources.yaml b/kubevirt/add-services/03-resources.yaml deleted file mode 100644 index cb127612f..000000000 --- a/kubevirt/add-services/03-resources.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- vmi.yaml \ No newline at end of file diff --git a/kubevirt/add-services/04-generated.yaml b/kubevirt/add-services/04-generated.yaml deleted file mode 100644 index c02e6197c..000000000 --- a/kubevirt/add-services/04-generated.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -assert: -- generated-svc.yaml \ No newline at end of file diff --git a/kubevirt/enforce-instancetype/.chainsaw-test/chainsaw-test.yaml b/kubevirt/enforce-instancetype/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..8afa2f20b --- /dev/null +++ b/kubevirt/enforce-instancetype/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,22 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: enforce-instancetype +spec: + steps: + - name: step-01 + try: + - apply: + file: ../enforce-instancetype.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: vm-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: vm-bad.yaml diff --git a/kubevirt/enforce-instancetype/policy-ready.yaml b/kubevirt/enforce-instancetype/.chainsaw-test/policy-ready.yaml similarity index 100% rename from kubevirt/enforce-instancetype/policy-ready.yaml rename to kubevirt/enforce-instancetype/.chainsaw-test/policy-ready.yaml diff --git a/kubevirt/enforce-instancetype/vm-bad.yaml b/kubevirt/enforce-instancetype/.chainsaw-test/vm-bad.yaml similarity index 100% rename from kubevirt/enforce-instancetype/vm-bad.yaml rename to kubevirt/enforce-instancetype/.chainsaw-test/vm-bad.yaml diff --git a/kubevirt/enforce-instancetype/vm-good.yaml b/kubevirt/enforce-instancetype/.chainsaw-test/vm-good.yaml similarity index 100% rename from kubevirt/enforce-instancetype/vm-good.yaml rename to kubevirt/enforce-instancetype/.chainsaw-test/vm-good.yaml diff --git a/kubevirt/enforce-instancetype/01-policy.yaml b/kubevirt/enforce-instancetype/01-policy.yaml deleted file mode 100644 index 49e350d43..000000000 --- a/kubevirt/enforce-instancetype/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- enforce-instancetype.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/kubevirt/enforce-instancetype/02-resources.yaml b/kubevirt/enforce-instancetype/02-resources.yaml deleted file mode 100644 index e541f6a10..000000000 --- a/kubevirt/enforce-instancetype/02-resources.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: vm-good.yaml - shouldFail: false -- file: vm-bad.yaml - shouldFail: true \ No newline at end of file diff --git a/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-1.yaml b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-1.yaml new file mode 100755 index 000000000..c0b82c3dd --- /dev/null +++ b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-1.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + foo: bar + name: lmi-ns01 diff --git a/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-2.yaml b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-2.yaml new file mode 100755 index 000000000..97022190c --- /dev/null +++ b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + config.linkerd.io/proxy-await: enabled + linkerd.io/inject: enabled + name: lmi-ns02 diff --git a/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-3.yaml b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-3.yaml new file mode 100755 index 000000000..d67891bfc --- /dev/null +++ b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-3.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + config.linkerd.io/proxy-await: disabled + linkerd.io/inject: disabled + name: lmi-ns03 diff --git a/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-4.yaml b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-4.yaml new file mode 100755 index 000000000..b0b24dd1d --- /dev/null +++ b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-4.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + config.linkerd.io/proxy-await: disabled + name: lmi-ns04 diff --git a/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-5.yaml b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-5.yaml new file mode 100755 index 000000000..495f126be --- /dev/null +++ b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-apply-5.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + linkerd.io/inject: disabled + name: lmi-ns05 diff --git a/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-1.yaml b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-1.yaml new file mode 100755 index 000000000..f52ea869b --- /dev/null +++ b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-1.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + config.linkerd.io/proxy-await: enabled + foo: bar + linkerd.io/inject: enabled + name: lmi-ns01 diff --git a/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-2.yaml b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-2.yaml new file mode 100755 index 000000000..97022190c --- /dev/null +++ b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-2.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + config.linkerd.io/proxy-await: enabled + linkerd.io/inject: enabled + name: lmi-ns02 diff --git a/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-3.yaml b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-3.yaml new file mode 100755 index 000000000..d67891bfc --- /dev/null +++ b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-3.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + config.linkerd.io/proxy-await: disabled + linkerd.io/inject: disabled + name: lmi-ns03 diff --git a/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-4.yaml b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-4.yaml new file mode 100755 index 000000000..fe1bb4680 --- /dev/null +++ b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-4.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + config.linkerd.io/proxy-await: disabled + linkerd.io/inject: enabled + name: lmi-ns04 diff --git a/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-5.yaml b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-5.yaml new file mode 100755 index 000000000..65d4db868 --- /dev/null +++ b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-02-assert-5.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + config.linkerd.io/proxy-await: enabled + linkerd.io/inject: disabled + name: lmi-ns05 diff --git a/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-test.yaml b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..a258912b3 --- /dev/null +++ b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: add-linkerd-mesh-injection +spec: + steps: + - name: step-01 + try: + - apply: + file: ../add-linkerd-mesh-injection.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1.yaml + - apply: + file: chainsaw-step-02-apply-2.yaml + - apply: + file: chainsaw-step-02-apply-3.yaml + - apply: + file: chainsaw-step-02-apply-4.yaml + - apply: + file: chainsaw-step-02-apply-5.yaml + - assert: + file: chainsaw-step-02-assert-1.yaml + - assert: + file: chainsaw-step-02-assert-2.yaml + - assert: + file: chainsaw-step-02-assert-3.yaml + - assert: + file: chainsaw-step-02-assert-4.yaml + - assert: + file: chainsaw-step-02-assert-5.yaml diff --git a/linkerd/add-linkerd-mesh-injection/policy-ready.yaml b/linkerd/add-linkerd-mesh-injection/.chainsaw-test/policy-ready.yaml similarity index 100% rename from linkerd/add-linkerd-mesh-injection/policy-ready.yaml rename to linkerd/add-linkerd-mesh-injection/.chainsaw-test/policy-ready.yaml diff --git a/linkerd/add-linkerd-mesh-injection/01-policy.yaml b/linkerd/add-linkerd-mesh-injection/01-policy.yaml deleted file mode 100644 index 02efc94a2..000000000 --- a/linkerd/add-linkerd-mesh-injection/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- add-linkerd-mesh-injection.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/linkerd/add-linkerd-mesh-injection/02-assert.yaml b/linkerd/add-linkerd-mesh-injection/02-assert.yaml deleted file mode 100644 index 519ddbccc..000000000 --- a/linkerd/add-linkerd-mesh-injection/02-assert.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - annotations: - foo: bar - config.linkerd.io/proxy-await: enabled - linkerd.io/inject: enabled - name: lmi-ns01 ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - config.linkerd.io/proxy-await: enabled - linkerd.io/inject: enabled - name: lmi-ns02 ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - config.linkerd.io/proxy-await: disabled - linkerd.io/inject: disabled - name: lmi-ns03 ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - config.linkerd.io/proxy-await: disabled - linkerd.io/inject: enabled - name: lmi-ns04 ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - linkerd.io/inject: disabled - config.linkerd.io/proxy-await: enabled - name: lmi-ns05 \ No newline at end of file diff --git a/linkerd/add-linkerd-mesh-injection/02-resources.yaml b/linkerd/add-linkerd-mesh-injection/02-resources.yaml deleted file mode 100644 index 1086a238d..000000000 --- a/linkerd/add-linkerd-mesh-injection/02-resources.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - annotations: - foo: bar - name: lmi-ns01 ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - config.linkerd.io/proxy-await: enabled - linkerd.io/inject: enabled - name: lmi-ns02 ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - config.linkerd.io/proxy-await: disabled - linkerd.io/inject: disabled - name: lmi-ns03 ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - config.linkerd.io/proxy-await: disabled - name: lmi-ns04 ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - linkerd.io/inject: disabled - name: lmi-ns05 \ No newline at end of file diff --git a/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-step-02-apply-1.yaml b/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-step-02-apply-1.yaml new file mode 100755 index 000000000..51a64d5d2 --- /dev/null +++ b/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-step-02-apply-1.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + foo: bar + name: lpa-ns01 diff --git a/linkerd/add-linkerd-policy-annotation/02-resources.yaml b/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-step-02-apply-2.yaml old mode 100644 new mode 100755 similarity index 50% rename from linkerd/add-linkerd-policy-annotation/02-resources.yaml rename to linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-step-02-apply-2.yaml index 3312b47c6..4c5f8a6a0 --- a/linkerd/add-linkerd-policy-annotation/02-resources.yaml +++ b/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-step-02-apply-2.yaml @@ -1,13 +1,6 @@ apiVersion: v1 kind: Namespace -metadata: - annotations: - foo: bar - name: lpa-ns01 ---- -apiVersion: v1 -kind: Namespace metadata: annotations: config.linkerd.io/default-inbound-policy: allow - name: lpa-ns02 \ No newline at end of file + name: lpa-ns02 diff --git a/linkerd/add-linkerd-policy-annotation/02-assert.yaml b/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-step-02-assert-1.yaml old mode 100644 new mode 100755 similarity index 51% rename from linkerd/add-linkerd-policy-annotation/02-assert.yaml rename to linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-step-02-assert-1.yaml index c69807efa..614bef125 --- a/linkerd/add-linkerd-policy-annotation/02-assert.yaml +++ b/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-step-02-assert-1.yaml @@ -2,13 +2,6 @@ apiVersion: v1 kind: Namespace metadata: annotations: - foo: bar config.linkerd.io/default-inbound-policy: deny + foo: bar name: lpa-ns01 ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - config.linkerd.io/default-inbound-policy: allow - name: lpa-ns02 \ No newline at end of file diff --git a/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-step-02-assert-2.yaml b/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-step-02-assert-2.yaml new file mode 100755 index 000000000..4c5f8a6a0 --- /dev/null +++ b/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-step-02-assert-2.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + config.linkerd.io/default-inbound-policy: allow + name: lpa-ns02 diff --git a/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-test.yaml b/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..9046c7994 --- /dev/null +++ b/linkerd/add-linkerd-policy-annotation/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,23 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: add-linkerd-policy-annotation +spec: + steps: + - name: step-01 + try: + - apply: + file: ../add-linkerd-policy-annotation.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1.yaml + - apply: + file: chainsaw-step-02-apply-2.yaml + - assert: + file: chainsaw-step-02-assert-1.yaml + - assert: + file: chainsaw-step-02-assert-2.yaml diff --git a/linkerd/add-linkerd-policy-annotation/policy-ready.yaml b/linkerd/add-linkerd-policy-annotation/.chainsaw-test/policy-ready.yaml similarity index 100% rename from linkerd/add-linkerd-policy-annotation/policy-ready.yaml rename to linkerd/add-linkerd-policy-annotation/.chainsaw-test/policy-ready.yaml diff --git a/linkerd/add-linkerd-policy-annotation/01-policy.yaml b/linkerd/add-linkerd-policy-annotation/01-policy.yaml deleted file mode 100644 index 8e3447935..000000000 --- a/linkerd/add-linkerd-policy-annotation/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- add-linkerd-policy-annotation.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/linkerd/check-linkerd-authorizationpolicy/bad-authz.yaml b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/bad-authz.yaml similarity index 100% rename from linkerd/check-linkerd-authorizationpolicy/bad-authz.yaml rename to linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/bad-authz.yaml diff --git a/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-step-00-assert-1.yaml b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-step-00-assert-1.yaml new file mode 100755 index 000000000..5b13347df --- /dev/null +++ b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-step-00-assert-1.yaml @@ -0,0 +1,11 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: authorizationpolicies.policy.linkerd.io +status: + acceptedNames: + kind: AuthorizationPolicy + plural: authorizationpolicies + singular: authorizationpolicy + storedVersions: + - v1alpha1 diff --git a/linkerd/require-linkerd-server/00-assert.yaml b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-step-00-assert-2.yaml old mode 100644 new mode 100755 similarity index 94% rename from linkerd/require-linkerd-server/00-assert.yaml rename to linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-step-00-assert-2.yaml index 6db3212bf..26b297ad9 --- a/linkerd/require-linkerd-server/00-assert.yaml +++ b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-step-00-assert-2.yaml @@ -8,4 +8,4 @@ status: plural: servers singular: server storedVersions: - - v1beta1 \ No newline at end of file + - v1beta1 diff --git a/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-step-00-assert-3.yaml b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-step-00-assert-3.yaml new file mode 100755 index 000000000..ac4024dc1 --- /dev/null +++ b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-step-00-assert-3.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: httproutes.policy.linkerd.io +status: + acceptedNames: + kind: HTTPRoute + listKind: HTTPRouteList + plural: httproutes + singular: httproute + storedVersions: + - v1beta3 diff --git a/linkerd/check-linkerd-authorizationpolicy/01-assert.yaml b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from linkerd/check-linkerd-authorizationpolicy/01-assert.yaml rename to linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-step-01-assert-1.yaml index 9c75f4072..ad356330a --- a/linkerd/check-linkerd-authorizationpolicy/01-assert.yaml +++ b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: check-linkerd-authorizationpolicy status: - ready: true \ No newline at end of file + ready: true diff --git a/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-test.yaml b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..307a9a3fa --- /dev/null +++ b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,44 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: check-linkerd-authorizationpolicy +spec: + steps: + - name: step-00 + try: + - assert: + file: chainsaw-step-00-assert-1.yaml + - assert: + file: chainsaw-step-00-assert-2.yaml + - assert: + file: chainsaw-step-00-assert-3.yaml + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../check-linkerd-authorizationpolicy.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: server.yaml + - apply: + file: http-route.yaml + - name: step-03 + try: + - apply: + file: good-authz.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-authz.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: check-linkerd-authorizationpolicy diff --git a/linkerd/check-linkerd-authorizationpolicy/good-authz.yaml b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/good-authz.yaml similarity index 100% rename from linkerd/check-linkerd-authorizationpolicy/good-authz.yaml rename to linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/good-authz.yaml diff --git a/linkerd/check-linkerd-authorizationpolicy/http-route.yaml b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/http-route.yaml similarity index 100% rename from linkerd/check-linkerd-authorizationpolicy/http-route.yaml rename to linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/http-route.yaml diff --git a/linkerd/check-linkerd-authorizationpolicy/server.yaml b/linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/server.yaml similarity index 100% rename from linkerd/check-linkerd-authorizationpolicy/server.yaml rename to linkerd/check-linkerd-authorizationpolicy/.chainsaw-test/server.yaml diff --git a/linkerd/check-linkerd-authorizationpolicy/00-assert.yaml b/linkerd/check-linkerd-authorizationpolicy/00-assert.yaml deleted file mode 100644 index 056f00732..000000000 --- a/linkerd/check-linkerd-authorizationpolicy/00-assert.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: authorizationpolicies.policy.linkerd.io -status: - acceptedNames: - kind: AuthorizationPolicy - plural: authorizationpolicies - singular: authorizationpolicy - storedVersions: - - v1alpha1 ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: servers.policy.linkerd.io -status: - acceptedNames: - kind: Server - plural: servers - singular: server - storedVersions: - - v1beta1 ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: httproutes.policy.linkerd.io -status: - acceptedNames: - kind: HTTPRoute - listKind: HTTPRouteList - plural: httproutes - singular: httproute - storedVersions: - - v1beta3 diff --git a/linkerd/check-linkerd-authorizationpolicy/01-enforce.yaml b/linkerd/check-linkerd-authorizationpolicy/01-enforce.yaml deleted file mode 100644 index 01738594a..000000000 --- a/linkerd/check-linkerd-authorizationpolicy/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' check-linkerd-authorizationpolicy.yaml | kubectl create -f - \ No newline at end of file diff --git a/linkerd/check-linkerd-authorizationpolicy/02-setup.yaml b/linkerd/check-linkerd-authorizationpolicy/02-setup.yaml deleted file mode 100644 index 6c8cff037..000000000 --- a/linkerd/check-linkerd-authorizationpolicy/02-setup.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- server.yaml -- http-route.yaml \ No newline at end of file diff --git a/linkerd/check-linkerd-authorizationpolicy/03-manifests.yaml b/linkerd/check-linkerd-authorizationpolicy/03-manifests.yaml deleted file mode 100644 index f0432ea8d..000000000 --- a/linkerd/check-linkerd-authorizationpolicy/03-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-authz.yaml - shouldFail: false -- file: bad-authz.yaml - shouldFail: true \ No newline at end of file diff --git a/linkerd/check-linkerd-authorizationpolicy/99-delete.yaml b/linkerd/check-linkerd-authorizationpolicy/99-delete.yaml deleted file mode 100644 index b6d600482..000000000 --- a/linkerd/check-linkerd-authorizationpolicy/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: check-linkerd-authorizationpolicy \ No newline at end of file diff --git a/linkerd/prevent-linkerd-pod-injection-override/bad-pod.yaml b/linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/bad-pod.yaml similarity index 100% rename from linkerd/prevent-linkerd-pod-injection-override/bad-pod.yaml rename to linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/bad-pod.yaml diff --git a/linkerd/prevent-linkerd-pod-injection-override/bad-podcontrollers.yaml b/linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/bad-podcontrollers.yaml similarity index 100% rename from linkerd/prevent-linkerd-pod-injection-override/bad-podcontrollers.yaml rename to linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/bad-podcontrollers.yaml diff --git a/linkerd/prevent-linkerd-pod-injection-override/01-assert.yaml b/linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from linkerd/prevent-linkerd-pod-injection-override/01-assert.yaml rename to linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/chainsaw-step-01-assert-1.yaml index 3e85b6100..2d21edf25 --- a/linkerd/prevent-linkerd-pod-injection-override/01-assert.yaml +++ b/linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: prevent-linkerd-pod-injection-override status: - ready: true \ No newline at end of file + ready: true diff --git a/linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/chainsaw-test.yaml b/linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..06c0314b2 --- /dev/null +++ b/linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: prevent-linkerd-pod-injection-override +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../prevent-linkerd-pod-injection-override.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: good-pod.yaml + - apply: + file: good-podcontrollers.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-pod.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-podcontrollers.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: prevent-linkerd-pod-injection-override diff --git a/linkerd/prevent-linkerd-pod-injection-override/good-pod.yaml b/linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/good-pod.yaml similarity index 100% rename from linkerd/prevent-linkerd-pod-injection-override/good-pod.yaml rename to linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/good-pod.yaml diff --git a/linkerd/prevent-linkerd-pod-injection-override/good-podcontrollers.yaml b/linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/good-podcontrollers.yaml similarity index 100% rename from linkerd/prevent-linkerd-pod-injection-override/good-podcontrollers.yaml rename to linkerd/prevent-linkerd-pod-injection-override/.chainsaw-test/good-podcontrollers.yaml diff --git a/linkerd/prevent-linkerd-pod-injection-override/01-enforce.yaml b/linkerd/prevent-linkerd-pod-injection-override/01-enforce.yaml deleted file mode 100644 index 696eff6ad..000000000 --- a/linkerd/prevent-linkerd-pod-injection-override/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' prevent-linkerd-pod-injection-override.yaml | kubectl create -f - \ No newline at end of file diff --git a/linkerd/prevent-linkerd-pod-injection-override/02-manifests.yaml b/linkerd/prevent-linkerd-pod-injection-override/02-manifests.yaml deleted file mode 100644 index 38ca22ba4..000000000 --- a/linkerd/prevent-linkerd-pod-injection-override/02-manifests.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-pod.yaml - shouldFail: false -- file: good-podcontrollers.yaml - shouldFail: false -- file: bad-pod.yaml - shouldFail: true -- file: bad-podcontrollers.yaml - shouldFail: true \ No newline at end of file diff --git a/linkerd/prevent-linkerd-pod-injection-override/99-delete.yaml b/linkerd/prevent-linkerd-pod-injection-override/99-delete.yaml deleted file mode 100644 index 3212c381f..000000000 --- a/linkerd/prevent-linkerd-pod-injection-override/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: prevent-linkerd-pod-injection-override \ No newline at end of file diff --git a/linkerd/prevent-linkerd-port-skipping/bad-pod.yaml b/linkerd/prevent-linkerd-port-skipping/.chainsaw-test/bad-pod.yaml similarity index 100% rename from linkerd/prevent-linkerd-port-skipping/bad-pod.yaml rename to linkerd/prevent-linkerd-port-skipping/.chainsaw-test/bad-pod.yaml diff --git a/linkerd/prevent-linkerd-port-skipping/bad-podcontrollers.yaml b/linkerd/prevent-linkerd-port-skipping/.chainsaw-test/bad-podcontrollers.yaml similarity index 100% rename from linkerd/prevent-linkerd-port-skipping/bad-podcontrollers.yaml rename to linkerd/prevent-linkerd-port-skipping/.chainsaw-test/bad-podcontrollers.yaml diff --git a/linkerd/prevent-linkerd-port-skipping/01-assert.yaml b/linkerd/prevent-linkerd-port-skipping/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from linkerd/prevent-linkerd-port-skipping/01-assert.yaml rename to linkerd/prevent-linkerd-port-skipping/.chainsaw-test/chainsaw-step-01-assert-1.yaml index 3db639736..538df5440 --- a/linkerd/prevent-linkerd-port-skipping/01-assert.yaml +++ b/linkerd/prevent-linkerd-port-skipping/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: prevent-linkerd-port-skipping status: - ready: true \ No newline at end of file + ready: true diff --git a/linkerd/prevent-linkerd-port-skipping/.chainsaw-test/chainsaw-test.yaml b/linkerd/prevent-linkerd-port-skipping/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..a91b8d540 --- /dev/null +++ b/linkerd/prevent-linkerd-port-skipping/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: prevent-linkerd-port-skipping +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../prevent-linkerd-port-skipping.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: good-pod.yaml + - apply: + file: good-podcontrollers.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-pod.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-podcontrollers.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: prevent-linkerd-port-skipping diff --git a/linkerd/prevent-linkerd-port-skipping/good-pod.yaml b/linkerd/prevent-linkerd-port-skipping/.chainsaw-test/good-pod.yaml similarity index 100% rename from linkerd/prevent-linkerd-port-skipping/good-pod.yaml rename to linkerd/prevent-linkerd-port-skipping/.chainsaw-test/good-pod.yaml diff --git a/linkerd/prevent-linkerd-port-skipping/good-podcontrollers.yaml b/linkerd/prevent-linkerd-port-skipping/.chainsaw-test/good-podcontrollers.yaml similarity index 100% rename from linkerd/prevent-linkerd-port-skipping/good-podcontrollers.yaml rename to linkerd/prevent-linkerd-port-skipping/.chainsaw-test/good-podcontrollers.yaml diff --git a/linkerd/prevent-linkerd-port-skipping/01-enforce.yaml b/linkerd/prevent-linkerd-port-skipping/01-enforce.yaml deleted file mode 100644 index b647a033b..000000000 --- a/linkerd/prevent-linkerd-port-skipping/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' prevent-linkerd-port-skipping.yaml | kubectl create -f - \ No newline at end of file diff --git a/linkerd/prevent-linkerd-port-skipping/02-manifests.yaml b/linkerd/prevent-linkerd-port-skipping/02-manifests.yaml deleted file mode 100644 index 38ca22ba4..000000000 --- a/linkerd/prevent-linkerd-port-skipping/02-manifests.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-pod.yaml - shouldFail: false -- file: good-podcontrollers.yaml - shouldFail: false -- file: bad-pod.yaml - shouldFail: true -- file: bad-podcontrollers.yaml - shouldFail: true \ No newline at end of file diff --git a/linkerd/prevent-linkerd-port-skipping/99-delete.yaml b/linkerd/prevent-linkerd-port-skipping/99-delete.yaml deleted file mode 100644 index 85713e4bc..000000000 --- a/linkerd/prevent-linkerd-port-skipping/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: prevent-linkerd-port-skipping \ No newline at end of file diff --git a/linkerd/require-linkerd-mesh-injection/bad-ns.yaml b/linkerd/require-linkerd-mesh-injection/.chainsaw-test/bad-ns.yaml similarity index 100% rename from linkerd/require-linkerd-mesh-injection/bad-ns.yaml rename to linkerd/require-linkerd-mesh-injection/.chainsaw-test/bad-ns.yaml diff --git a/linkerd/require-linkerd-mesh-injection/01-assert.yaml b/linkerd/require-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from linkerd/require-linkerd-mesh-injection/01-assert.yaml rename to linkerd/require-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-01-assert-1.yaml index daa541e3a..0a6966bd9 --- a/linkerd/require-linkerd-mesh-injection/01-assert.yaml +++ b/linkerd/require-linkerd-mesh-injection/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: require-linkerd-mesh-injection status: - ready: true \ No newline at end of file + ready: true diff --git a/linkerd/require-linkerd-mesh-injection/.chainsaw-test/chainsaw-test.yaml b/linkerd/require-linkerd-mesh-injection/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..c8227a2a0 --- /dev/null +++ b/linkerd/require-linkerd-mesh-injection/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,30 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: require-linkerd-mesh-injection +spec: + steps: + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../require-linkerd-mesh-injection.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: good-ns.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-ns.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: require-linkerd-mesh-injection diff --git a/linkerd/require-linkerd-mesh-injection/good-ns.yaml b/linkerd/require-linkerd-mesh-injection/.chainsaw-test/good-ns.yaml similarity index 100% rename from linkerd/require-linkerd-mesh-injection/good-ns.yaml rename to linkerd/require-linkerd-mesh-injection/.chainsaw-test/good-ns.yaml diff --git a/linkerd/require-linkerd-mesh-injection/01-enforce.yaml b/linkerd/require-linkerd-mesh-injection/01-enforce.yaml deleted file mode 100644 index 895d354a1..000000000 --- a/linkerd/require-linkerd-mesh-injection/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' require-linkerd-mesh-injection.yaml | kubectl create -f - \ No newline at end of file diff --git a/linkerd/require-linkerd-mesh-injection/02-manifests.yaml b/linkerd/require-linkerd-mesh-injection/02-manifests.yaml deleted file mode 100644 index 4e0b80ec6..000000000 --- a/linkerd/require-linkerd-mesh-injection/02-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-ns.yaml - shouldFail: false -- file: bad-ns.yaml - shouldFail: true \ No newline at end of file diff --git a/linkerd/require-linkerd-mesh-injection/99-delete.yaml b/linkerd/require-linkerd-mesh-injection/99-delete.yaml deleted file mode 100644 index cbbaf3fd3..000000000 --- a/linkerd/require-linkerd-mesh-injection/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: require-linkerd-mesh-injection \ No newline at end of file diff --git a/linkerd/require-linkerd-server/bad-deploy.yaml b/linkerd/require-linkerd-server/.chainsaw-test/bad-deploy.yaml similarity index 100% rename from linkerd/require-linkerd-server/bad-deploy.yaml rename to linkerd/require-linkerd-server/.chainsaw-test/bad-deploy.yaml diff --git a/linkerd/require-linkerd-server/bad-svc.yaml b/linkerd/require-linkerd-server/.chainsaw-test/bad-svc.yaml similarity index 100% rename from linkerd/require-linkerd-server/bad-svc.yaml rename to linkerd/require-linkerd-server/.chainsaw-test/bad-svc.yaml diff --git a/linkerd/require-linkerd-server/.chainsaw-test/chainsaw-step-00-assert-1.yaml b/linkerd/require-linkerd-server/.chainsaw-test/chainsaw-step-00-assert-1.yaml new file mode 100755 index 000000000..26b297ad9 --- /dev/null +++ b/linkerd/require-linkerd-server/.chainsaw-test/chainsaw-step-00-assert-1.yaml @@ -0,0 +1,11 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: servers.policy.linkerd.io +status: + acceptedNames: + kind: Server + plural: servers + singular: server + storedVersions: + - v1beta1 diff --git a/linkerd/require-linkerd-server/01-assert.yaml b/linkerd/require-linkerd-server/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from linkerd/require-linkerd-server/01-assert.yaml rename to linkerd/require-linkerd-server/.chainsaw-test/chainsaw-step-01-assert-1.yaml index bd631c418..f23d8af71 --- a/linkerd/require-linkerd-server/01-assert.yaml +++ b/linkerd/require-linkerd-server/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: require-linkerd-server status: - ready: true \ No newline at end of file + ready: true diff --git a/linkerd/require-linkerd-server/.chainsaw-test/chainsaw-test.yaml b/linkerd/require-linkerd-server/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..5fe62a4b8 --- /dev/null +++ b/linkerd/require-linkerd-server/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,45 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: require-linkerd-server +spec: + steps: + - name: step-00 + try: + - assert: + file: chainsaw-step-00-assert-1.yaml + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../require-linkerd-server.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: server.yaml + - name: step-03 + try: + - apply: + file: good-deploy.yaml + - apply: + file: good-svc.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-deploy.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-svc.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: require-linkerd-server diff --git a/linkerd/require-linkerd-server/good-deploy.yaml b/linkerd/require-linkerd-server/.chainsaw-test/good-deploy.yaml similarity index 100% rename from linkerd/require-linkerd-server/good-deploy.yaml rename to linkerd/require-linkerd-server/.chainsaw-test/good-deploy.yaml diff --git a/linkerd/require-linkerd-server/good-svc.yaml b/linkerd/require-linkerd-server/.chainsaw-test/good-svc.yaml similarity index 100% rename from linkerd/require-linkerd-server/good-svc.yaml rename to linkerd/require-linkerd-server/.chainsaw-test/good-svc.yaml diff --git a/linkerd/require-linkerd-server/server.yaml b/linkerd/require-linkerd-server/.chainsaw-test/server.yaml similarity index 100% rename from linkerd/require-linkerd-server/server.yaml rename to linkerd/require-linkerd-server/.chainsaw-test/server.yaml diff --git a/linkerd/require-linkerd-server/01-enforce.yaml b/linkerd/require-linkerd-server/01-enforce.yaml deleted file mode 100644 index 4af6d09ec..000000000 --- a/linkerd/require-linkerd-server/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' require-linkerd-server.yaml | kubectl create -f - \ No newline at end of file diff --git a/linkerd/require-linkerd-server/02-manifests.yaml b/linkerd/require-linkerd-server/02-manifests.yaml deleted file mode 100644 index 468625299..000000000 --- a/linkerd/require-linkerd-server/02-manifests.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- server.yaml \ No newline at end of file diff --git a/linkerd/require-linkerd-server/03-manifests.yaml b/linkerd/require-linkerd-server/03-manifests.yaml deleted file mode 100644 index a03809a07..000000000 --- a/linkerd/require-linkerd-server/03-manifests.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-deploy.yaml - shouldFail: false -- file: good-svc.yaml - shouldFail: false -- file: bad-deploy.yaml - shouldFail: true -- file: bad-svc.yaml - shouldFail: true \ No newline at end of file diff --git a/linkerd/require-linkerd-server/99-delete.yaml b/linkerd/require-linkerd-server/99-delete.yaml deleted file mode 100644 index 0f8cb90c9..000000000 --- a/linkerd/require-linkerd-server/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: require-linkerd-server \ No newline at end of file diff --git a/nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/chainsaw-test.yaml b/nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..18634115c --- /dev/null +++ b/nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,29 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: disallow-ingress-nginx-custom-snippets +spec: + steps: + - name: step-01 + try: + - apply: + file: ../disallow-ingress-nginx-custom-snippets.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: cm-good.yaml + - apply: + file: ig-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: cm-bad.yaml + - apply: + expect: + - check: + ($error != null): true + file: ig-bad.yaml diff --git a/nginx-ingress/disallow-ingress-nginx-custom-snippets/cm-bad.yaml b/nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/cm-bad.yaml similarity index 100% rename from nginx-ingress/disallow-ingress-nginx-custom-snippets/cm-bad.yaml rename to nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/cm-bad.yaml diff --git a/nginx-ingress/disallow-ingress-nginx-custom-snippets/cm-good.yaml b/nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/cm-good.yaml similarity index 100% rename from nginx-ingress/disallow-ingress-nginx-custom-snippets/cm-good.yaml rename to nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/cm-good.yaml diff --git a/nginx-ingress/disallow-ingress-nginx-custom-snippets/ig-bad.yaml b/nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/ig-bad.yaml similarity index 100% rename from nginx-ingress/disallow-ingress-nginx-custom-snippets/ig-bad.yaml rename to nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/ig-bad.yaml diff --git a/nginx-ingress/disallow-ingress-nginx-custom-snippets/ig-good.yaml b/nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/ig-good.yaml similarity index 100% rename from nginx-ingress/disallow-ingress-nginx-custom-snippets/ig-good.yaml rename to nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/ig-good.yaml diff --git a/nginx-ingress/disallow-ingress-nginx-custom-snippets/policy-ready.yaml b/nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/policy-ready.yaml similarity index 100% rename from nginx-ingress/disallow-ingress-nginx-custom-snippets/policy-ready.yaml rename to nginx-ingress/disallow-ingress-nginx-custom-snippets/.chainsaw-test/policy-ready.yaml diff --git a/nginx-ingress/disallow-ingress-nginx-custom-snippets/01-policy.yaml b/nginx-ingress/disallow-ingress-nginx-custom-snippets/01-policy.yaml deleted file mode 100644 index 89dde49fd..000000000 --- a/nginx-ingress/disallow-ingress-nginx-custom-snippets/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- disallow-ingress-nginx-custom-snippets.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/nginx-ingress/disallow-ingress-nginx-custom-snippets/02-resources.yaml b/nginx-ingress/disallow-ingress-nginx-custom-snippets/02-resources.yaml deleted file mode 100644 index 04597c01d..000000000 --- a/nginx-ingress/disallow-ingress-nginx-custom-snippets/02-resources.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: cm-good.yaml - shouldFail: false -- file: ig-good.yaml - shouldFail: false -- file: cm-bad.yaml - shouldFail: true -- file: ig-bad.yaml - shouldFail: true \ No newline at end of file diff --git a/nginx-ingress/restrict-annotations/.chainsaw-test/chainsaw-test.yaml b/nginx-ingress/restrict-annotations/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..a2b4c1a1d --- /dev/null +++ b/nginx-ingress/restrict-annotations/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,22 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: restrict-annotations +spec: + steps: + - name: step-01 + try: + - apply: + file: ../restrict-annotations.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ig-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: ig-bad.yaml diff --git a/nginx-ingress/restrict-annotations/ig-bad.yaml b/nginx-ingress/restrict-annotations/.chainsaw-test/ig-bad.yaml similarity index 100% rename from nginx-ingress/restrict-annotations/ig-bad.yaml rename to nginx-ingress/restrict-annotations/.chainsaw-test/ig-bad.yaml diff --git a/nginx-ingress/restrict-annotations/ig-good.yaml b/nginx-ingress/restrict-annotations/.chainsaw-test/ig-good.yaml similarity index 100% rename from nginx-ingress/restrict-annotations/ig-good.yaml rename to nginx-ingress/restrict-annotations/.chainsaw-test/ig-good.yaml diff --git a/nginx-ingress/restrict-annotations/policy-ready.yaml b/nginx-ingress/restrict-annotations/.chainsaw-test/policy-ready.yaml similarity index 100% rename from nginx-ingress/restrict-annotations/policy-ready.yaml rename to nginx-ingress/restrict-annotations/.chainsaw-test/policy-ready.yaml diff --git a/nginx-ingress/restrict-annotations/01-policy.yaml b/nginx-ingress/restrict-annotations/01-policy.yaml deleted file mode 100644 index 892136f0b..000000000 --- a/nginx-ingress/restrict-annotations/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- restrict-annotations.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/nginx-ingress/restrict-annotations/02-resources.yaml b/nginx-ingress/restrict-annotations/02-resources.yaml deleted file mode 100644 index d863fd00b..000000000 --- a/nginx-ingress/restrict-annotations/02-resources.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: ig-good.yaml - shouldFail: false -- file: ig-bad.yaml - shouldFail: true \ No newline at end of file diff --git a/nginx-ingress/restrict-ingress-paths/.chainsaw-test/chainsaw-test.yaml b/nginx-ingress/restrict-ingress-paths/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..ba47ef589 --- /dev/null +++ b/nginx-ingress/restrict-ingress-paths/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,22 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: restrict-ingress-paths +spec: + steps: + - name: step-01 + try: + - apply: + file: ../restrict-ingress-paths.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: ig-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: ig-bad.yaml diff --git a/nginx-ingress/restrict-ingress-paths/ig-bad.yaml b/nginx-ingress/restrict-ingress-paths/.chainsaw-test/ig-bad.yaml similarity index 100% rename from nginx-ingress/restrict-ingress-paths/ig-bad.yaml rename to nginx-ingress/restrict-ingress-paths/.chainsaw-test/ig-bad.yaml diff --git a/nginx-ingress/restrict-ingress-paths/ig-good.yaml b/nginx-ingress/restrict-ingress-paths/.chainsaw-test/ig-good.yaml similarity index 100% rename from nginx-ingress/restrict-ingress-paths/ig-good.yaml rename to nginx-ingress/restrict-ingress-paths/.chainsaw-test/ig-good.yaml diff --git a/nginx-ingress/restrict-ingress-paths/policy-ready.yaml b/nginx-ingress/restrict-ingress-paths/.chainsaw-test/policy-ready.yaml similarity index 100% rename from nginx-ingress/restrict-ingress-paths/policy-ready.yaml rename to nginx-ingress/restrict-ingress-paths/.chainsaw-test/policy-ready.yaml diff --git a/nginx-ingress/restrict-ingress-paths/01-policy.yaml b/nginx-ingress/restrict-ingress-paths/01-policy.yaml deleted file mode 100644 index 2a5e6c691..000000000 --- a/nginx-ingress/restrict-ingress-paths/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- restrict-ingress-paths.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/nginx-ingress/restrict-ingress-paths/02-resources.yaml b/nginx-ingress/restrict-ingress-paths/02-resources.yaml deleted file mode 100644 index d863fd00b..000000000 --- a/nginx-ingress/restrict-ingress-paths/02-resources.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: ig-good.yaml - shouldFail: false -- file: ig-bad.yaml - shouldFail: true \ No newline at end of file diff --git a/openshift/check-routes/.chainsaw-test/chainsaw-test.yaml b/openshift/check-routes/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..c724e4638 --- /dev/null +++ b/openshift/check-routes/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,22 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: check-routes +spec: + steps: + - name: step-01 + try: + - apply: + file: ../check-routes.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: route-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: route-bad.yaml diff --git a/openshift/check-routes/policy-ready.yaml b/openshift/check-routes/.chainsaw-test/policy-ready.yaml similarity index 100% rename from openshift/check-routes/policy-ready.yaml rename to openshift/check-routes/.chainsaw-test/policy-ready.yaml diff --git a/openshift/check-routes/route-bad.yaml b/openshift/check-routes/.chainsaw-test/route-bad.yaml similarity index 100% rename from openshift/check-routes/route-bad.yaml rename to openshift/check-routes/.chainsaw-test/route-bad.yaml diff --git a/openshift/check-routes/route-good.yaml b/openshift/check-routes/.chainsaw-test/route-good.yaml similarity index 100% rename from openshift/check-routes/route-good.yaml rename to openshift/check-routes/.chainsaw-test/route-good.yaml diff --git a/openshift/check-routes/01-policy.yaml b/openshift/check-routes/01-policy.yaml deleted file mode 100644 index db512370e..000000000 --- a/openshift/check-routes/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- check-routes.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/openshift/check-routes/02-resources.yaml b/openshift/check-routes/02-resources.yaml deleted file mode 100644 index 31492c42b..000000000 --- a/openshift/check-routes/02-resources.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: route-good.yaml - shouldFail: false -- file: route-bad.yaml - shouldFail: true \ No newline at end of file diff --git a/openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/chainsaw-test.yaml b/openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..31ed64659 --- /dev/null +++ b/openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: disallow-security-context-constraint-anyuid +spec: + steps: + - name: step-01 + try: + - apply: + file: ../disallow-security-context-constraint-anyuid.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: roles-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: roles-bad.yaml + - apply: + file: clusterroles-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: clusterroles-bad.yaml + - apply: + file: rb-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: rb-bad.yaml + - apply: + file: crb-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: crb-bad.yaml diff --git a/openshift/disallow-security-context-constraint-anyuid/clusterroles-bad.yaml b/openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/clusterroles-bad.yaml similarity index 100% rename from openshift/disallow-security-context-constraint-anyuid/clusterroles-bad.yaml rename to openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/clusterroles-bad.yaml diff --git a/openshift/disallow-security-context-constraint-anyuid/clusterroles-good.yaml b/openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/clusterroles-good.yaml similarity index 100% rename from openshift/disallow-security-context-constraint-anyuid/clusterroles-good.yaml rename to openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/clusterroles-good.yaml diff --git a/openshift/disallow-security-context-constraint-anyuid/crb-bad.yaml b/openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/crb-bad.yaml similarity index 100% rename from openshift/disallow-security-context-constraint-anyuid/crb-bad.yaml rename to openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/crb-bad.yaml diff --git a/openshift/disallow-security-context-constraint-anyuid/crb-good.yaml b/openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/crb-good.yaml similarity index 100% rename from openshift/disallow-security-context-constraint-anyuid/crb-good.yaml rename to openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/crb-good.yaml diff --git a/openshift/disallow-security-context-constraint-anyuid/policy-ready.yaml b/openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/policy-ready.yaml similarity index 100% rename from openshift/disallow-security-context-constraint-anyuid/policy-ready.yaml rename to openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/policy-ready.yaml diff --git a/openshift/disallow-security-context-constraint-anyuid/rb-bad.yaml b/openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/rb-bad.yaml similarity index 100% rename from openshift/disallow-security-context-constraint-anyuid/rb-bad.yaml rename to openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/rb-bad.yaml diff --git a/openshift/disallow-security-context-constraint-anyuid/rb-good.yaml b/openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/rb-good.yaml similarity index 100% rename from openshift/disallow-security-context-constraint-anyuid/rb-good.yaml rename to openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/rb-good.yaml diff --git a/openshift/disallow-security-context-constraint-anyuid/roles-bad.yaml b/openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/roles-bad.yaml similarity index 100% rename from openshift/disallow-security-context-constraint-anyuid/roles-bad.yaml rename to openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/roles-bad.yaml diff --git a/openshift/disallow-security-context-constraint-anyuid/roles-good.yaml b/openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/roles-good.yaml similarity index 100% rename from openshift/disallow-security-context-constraint-anyuid/roles-good.yaml rename to openshift/disallow-security-context-constraint-anyuid/.chainsaw-test/roles-good.yaml diff --git a/openshift/disallow-security-context-constraint-anyuid/01-policy.yaml b/openshift/disallow-security-context-constraint-anyuid/01-policy.yaml deleted file mode 100644 index 774a2f512..000000000 --- a/openshift/disallow-security-context-constraint-anyuid/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- disallow-security-context-constraint-anyuid.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/openshift/disallow-security-context-constraint-anyuid/02-resources.yaml b/openshift/disallow-security-context-constraint-anyuid/02-resources.yaml deleted file mode 100644 index 8c430c2c1..000000000 --- a/openshift/disallow-security-context-constraint-anyuid/02-resources.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: roles-good.yaml - shouldFail: false -- file: roles-bad.yaml - shouldFail: true -- file: clusterroles-good.yaml - shouldFail: false -- file: clusterroles-bad.yaml - shouldFail: true -- file: rb-good.yaml - shouldFail: false -- file: rb-bad.yaml - shouldFail: true -- file: crb-good.yaml - shouldFail: false -- file: crb-bad.yaml - shouldFail: true \ No newline at end of file diff --git a/openshift/disallow-self-provisioner-binding/02-crb.yaml b/openshift/disallow-self-provisioner-binding/.chainsaw-test/chainsaw-step-02-apply-1.yaml old mode 100644 new mode 100755 similarity index 92% rename from openshift/disallow-self-provisioner-binding/02-crb.yaml rename to openshift/disallow-self-provisioner-binding/.chainsaw-test/chainsaw-step-02-apply-1.yaml index d843c94a5..68def7523 --- a/openshift/disallow-self-provisioner-binding/02-crb.yaml +++ b/openshift/disallow-self-provisioner-binding/.chainsaw-test/chainsaw-step-02-apply-1.yaml @@ -11,4 +11,4 @@ roleRef: subjects: - kind: ServiceAccount name: test-kyverno - namespace: test-kyverno \ No newline at end of file + namespace: test-kyverno diff --git a/openshift/disallow-self-provisioner-binding/.chainsaw-test/chainsaw-test.yaml b/openshift/disallow-self-provisioner-binding/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..541db5110 --- /dev/null +++ b/openshift/disallow-self-provisioner-binding/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,31 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: disallow-self-provisioner-binding +spec: + steps: + - name: step-01 + try: + - apply: + file: ../disallow-self-provisioner-binding.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: chainsaw-step-02-apply-1.yaml + - name: step-03 + try: + - apply: + file: crb-good.yaml + - apply: + expect: + - check: + ($error != null): true + file: crb-bad-roleref.yaml + - apply: + expect: + - check: + ($error != null): true + file: crb-bad-sub-update.yaml diff --git a/openshift/disallow-self-provisioner-binding/crb-bad-roleref.yaml b/openshift/disallow-self-provisioner-binding/.chainsaw-test/crb-bad-roleref.yaml similarity index 100% rename from openshift/disallow-self-provisioner-binding/crb-bad-roleref.yaml rename to openshift/disallow-self-provisioner-binding/.chainsaw-test/crb-bad-roleref.yaml diff --git a/openshift/disallow-self-provisioner-binding/crb-bad-sub-update.yaml b/openshift/disallow-self-provisioner-binding/.chainsaw-test/crb-bad-sub-update.yaml similarity index 100% rename from openshift/disallow-self-provisioner-binding/crb-bad-sub-update.yaml rename to openshift/disallow-self-provisioner-binding/.chainsaw-test/crb-bad-sub-update.yaml diff --git a/openshift/disallow-self-provisioner-binding/crb-good.yaml b/openshift/disallow-self-provisioner-binding/.chainsaw-test/crb-good.yaml similarity index 100% rename from openshift/disallow-self-provisioner-binding/crb-good.yaml rename to openshift/disallow-self-provisioner-binding/.chainsaw-test/crb-good.yaml diff --git a/openshift/disallow-self-provisioner-binding/policy-ready.yaml b/openshift/disallow-self-provisioner-binding/.chainsaw-test/policy-ready.yaml similarity index 100% rename from openshift/disallow-self-provisioner-binding/policy-ready.yaml rename to openshift/disallow-self-provisioner-binding/.chainsaw-test/policy-ready.yaml diff --git a/openshift/disallow-self-provisioner-binding/01-policy.yaml b/openshift/disallow-self-provisioner-binding/01-policy.yaml deleted file mode 100644 index 1817d7ed5..000000000 --- a/openshift/disallow-self-provisioner-binding/01-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- disallow-self-provisioner-binding.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/openshift/disallow-self-provisioner-binding/03-resources.yaml b/openshift/disallow-self-provisioner-binding/03-resources.yaml deleted file mode 100644 index 2da99c8a9..000000000 --- a/openshift/disallow-self-provisioner-binding/03-resources.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: crb-good.yaml - shouldFail: false -- file: crb-bad-roleref.yaml - shouldFail: true -- file: crb-bad-sub-update.yaml - shouldFail: true \ No newline at end of file diff --git a/tekton/block-tekton-task-runs/00-assert.yaml b/tekton/block-tekton-task-runs/.chainsaw-test/chainsaw-step-00-assert-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from tekton/block-tekton-task-runs/00-assert.yaml rename to tekton/block-tekton-task-runs/.chainsaw-test/chainsaw-step-00-assert-1.yaml diff --git a/tekton/block-tekton-task-runs/01-assert.yaml b/tekton/block-tekton-task-runs/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from tekton/block-tekton-task-runs/01-assert.yaml rename to tekton/block-tekton-task-runs/.chainsaw-test/chainsaw-step-01-assert-1.yaml index cecb12ca1..ca24ce66c --- a/tekton/block-tekton-task-runs/01-assert.yaml +++ b/tekton/block-tekton-task-runs/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: block-tekton-task-runs status: - ready: true \ No newline at end of file + ready: true diff --git a/tekton/block-tekton-task-runs/.chainsaw-test/chainsaw-test.yaml b/tekton/block-tekton-task-runs/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..d81f338eb --- /dev/null +++ b/tekton/block-tekton-task-runs/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,34 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: block-tekton-task-runs +spec: + steps: + - name: step-00 + try: + - assert: + file: chainsaw-step-00-assert-1.yaml + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../block-tekton-task-runs.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + expect: + - check: + ($error != null): true + file: taskrun.yaml + - apply: + file: not-taskrun.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: block-tekton-task-runs diff --git a/tekton/block-tekton-task-runs/not-taskrun.yaml b/tekton/block-tekton-task-runs/.chainsaw-test/not-taskrun.yaml similarity index 100% rename from tekton/block-tekton-task-runs/not-taskrun.yaml rename to tekton/block-tekton-task-runs/.chainsaw-test/not-taskrun.yaml diff --git a/tekton/block-tekton-task-runs/taskrun.yaml b/tekton/block-tekton-task-runs/.chainsaw-test/taskrun.yaml similarity index 100% rename from tekton/block-tekton-task-runs/taskrun.yaml rename to tekton/block-tekton-task-runs/.chainsaw-test/taskrun.yaml diff --git a/tekton/block-tekton-task-runs/01-enforce.yaml b/tekton/block-tekton-task-runs/01-enforce.yaml deleted file mode 100644 index 93e7b7745..000000000 --- a/tekton/block-tekton-task-runs/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' block-tekton-task-runs.yaml | kubectl create -f - \ No newline at end of file diff --git a/tekton/block-tekton-task-runs/02-manifests.yaml b/tekton/block-tekton-task-runs/02-manifests.yaml deleted file mode 100644 index b0c0e0ce0..000000000 --- a/tekton/block-tekton-task-runs/02-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: taskrun.yaml - shouldFail: true -- file: not-taskrun.yaml - shouldFail: false \ No newline at end of file diff --git a/tekton/block-tekton-task-runs/99-delete.yaml b/tekton/block-tekton-task-runs/99-delete.yaml deleted file mode 100644 index 6dfa1bebd..000000000 --- a/tekton/block-tekton-task-runs/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: block-tekton-task-runs \ No newline at end of file diff --git a/tekton/require-tekton-bundle/bad-pipelinerun.yaml b/tekton/require-tekton-bundle/.chainsaw-test/bad-pipelinerun.yaml similarity index 100% rename from tekton/require-tekton-bundle/bad-pipelinerun.yaml rename to tekton/require-tekton-bundle/.chainsaw-test/bad-pipelinerun.yaml diff --git a/tekton/require-tekton-bundle/bad-taskrun.yaml b/tekton/require-tekton-bundle/.chainsaw-test/bad-taskrun.yaml similarity index 100% rename from tekton/require-tekton-bundle/bad-taskrun.yaml rename to tekton/require-tekton-bundle/.chainsaw-test/bad-taskrun.yaml diff --git a/tekton/require-tekton-bundle/.chainsaw-test/chainsaw-step-00-assert-1.yaml b/tekton/require-tekton-bundle/.chainsaw-test/chainsaw-step-00-assert-1.yaml new file mode 100755 index 000000000..2934ff501 --- /dev/null +++ b/tekton/require-tekton-bundle/.chainsaw-test/chainsaw-step-00-assert-1.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: taskruns.tekton.dev +spec: {} +status: + acceptedNames: + kind: TaskRun + plural: taskruns + singular: taskrun + storedVersions: + - v1 diff --git a/tekton/require-tekton-namespace-pipelinerun/00-assert.yaml b/tekton/require-tekton-bundle/.chainsaw-test/chainsaw-step-00-assert-2.yaml old mode 100644 new mode 100755 similarity index 97% rename from tekton/require-tekton-namespace-pipelinerun/00-assert.yaml rename to tekton/require-tekton-bundle/.chainsaw-test/chainsaw-step-00-assert-2.yaml index 292676296..81ab957e7 --- a/tekton/require-tekton-namespace-pipelinerun/00-assert.yaml +++ b/tekton/require-tekton-bundle/.chainsaw-test/chainsaw-step-00-assert-2.yaml @@ -9,4 +9,4 @@ status: plural: pipelineruns singular: pipelinerun storedVersions: - - v1 \ No newline at end of file + - v1 diff --git a/tekton/require-tekton-bundle/01-assert.yaml b/tekton/require-tekton-bundle/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from tekton/require-tekton-bundle/01-assert.yaml rename to tekton/require-tekton-bundle/.chainsaw-test/chainsaw-step-01-assert-1.yaml index 49cb3032d..fe3d051fb --- a/tekton/require-tekton-bundle/01-assert.yaml +++ b/tekton/require-tekton-bundle/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: require-tekton-bundle status: - ready: true \ No newline at end of file + ready: true diff --git a/tekton/require-tekton-bundle/.chainsaw-test/chainsaw-test.yaml b/tekton/require-tekton-bundle/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..a801e3c8a --- /dev/null +++ b/tekton/require-tekton-bundle/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,43 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: require-tekton-bundle +spec: + steps: + - name: step-00 + try: + - assert: + file: chainsaw-step-00-assert-1.yaml + - assert: + file: chainsaw-step-00-assert-2.yaml + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../require-tekton-bundle.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: good-taskrun.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-taskrun.yaml + - apply: + file: good-pipelinerun.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-pipelinerun.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: require-tekton-bundle diff --git a/tekton/require-tekton-bundle/good-pipelinerun.yaml b/tekton/require-tekton-bundle/.chainsaw-test/good-pipelinerun.yaml similarity index 100% rename from tekton/require-tekton-bundle/good-pipelinerun.yaml rename to tekton/require-tekton-bundle/.chainsaw-test/good-pipelinerun.yaml diff --git a/tekton/require-tekton-bundle/good-taskrun.yaml b/tekton/require-tekton-bundle/.chainsaw-test/good-taskrun.yaml similarity index 100% rename from tekton/require-tekton-bundle/good-taskrun.yaml rename to tekton/require-tekton-bundle/.chainsaw-test/good-taskrun.yaml diff --git a/tekton/require-tekton-bundle/01-enforce.yaml b/tekton/require-tekton-bundle/01-enforce.yaml deleted file mode 100644 index 60eb245b6..000000000 --- a/tekton/require-tekton-bundle/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' require-tekton-bundle.yaml | kubectl create -f - \ No newline at end of file diff --git a/tekton/require-tekton-bundle/02-manifests.yaml b/tekton/require-tekton-bundle/02-manifests.yaml deleted file mode 100644 index 035d59886..000000000 --- a/tekton/require-tekton-bundle/02-manifests.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-taskrun.yaml - shouldFail: false -- file: bad-taskrun.yaml - shouldFail: true -- file: good-pipelinerun.yaml - shouldFail: false -- file: bad-pipelinerun.yaml - shouldFail: true \ No newline at end of file diff --git a/tekton/require-tekton-bundle/99-delete.yaml b/tekton/require-tekton-bundle/99-delete.yaml deleted file mode 100644 index 02aba41e2..000000000 --- a/tekton/require-tekton-bundle/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: require-tekton-bundle \ No newline at end of file diff --git a/tekton/require-tekton-namespace-pipelinerun/bad-pipelinerun.yaml b/tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/bad-pipelinerun.yaml similarity index 100% rename from tekton/require-tekton-namespace-pipelinerun/bad-pipelinerun.yaml rename to tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/bad-pipelinerun.yaml diff --git a/tekton/require-tekton-bundle/00-assert.yaml b/tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/chainsaw-step-00-assert-1.yaml old mode 100644 new mode 100755 similarity index 51% rename from tekton/require-tekton-bundle/00-assert.yaml rename to tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/chainsaw-step-00-assert-1.yaml index 1f2fb72cb..81ab957e7 --- a/tekton/require-tekton-bundle/00-assert.yaml +++ b/tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/chainsaw-step-00-assert-1.yaml @@ -1,18 +1,5 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - name: taskruns.tekton.dev -spec: {} -status: - acceptedNames: - kind: TaskRun - plural: taskruns - singular: taskrun - storedVersions: - - v1 ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition metadata: name: pipelineruns.tekton.dev spec: {} @@ -22,4 +9,4 @@ status: plural: pipelineruns singular: pipelinerun storedVersions: - - v1 \ No newline at end of file + - v1 diff --git a/tekton/require-tekton-namespace-pipelinerun/01-assert.yaml b/tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from tekton/require-tekton-namespace-pipelinerun/01-assert.yaml rename to tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/chainsaw-step-01-assert-1.yaml index 0e902a206..42c3f3219 --- a/tekton/require-tekton-namespace-pipelinerun/01-assert.yaml +++ b/tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: require-tekton-namespace-pipelinerun status: - ready: true \ No newline at end of file + ready: true diff --git a/tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/chainsaw-test.yaml b/tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..8837e1657 --- /dev/null +++ b/tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,36 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: require-tekton-namespace-pipelinerun +spec: + steps: + - name: step-00 + try: + - assert: + file: chainsaw-step-00-assert-1.yaml + - name: step-01 + try: + - apply: + file: ns.yaml + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../require-tekton-namespace-pipelinerun.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: good-pipelinerun.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-pipelinerun.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: require-tekton-namespace-pipelinerun diff --git a/tekton/require-tekton-namespace-pipelinerun/good-pipelinerun.yaml b/tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/good-pipelinerun.yaml similarity index 100% rename from tekton/require-tekton-namespace-pipelinerun/good-pipelinerun.yaml rename to tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/good-pipelinerun.yaml diff --git a/tekton/require-tekton-namespace-pipelinerun/ns.yaml b/tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/ns.yaml similarity index 100% rename from tekton/require-tekton-namespace-pipelinerun/ns.yaml rename to tekton/require-tekton-namespace-pipelinerun/.chainsaw-test/ns.yaml diff --git a/tekton/require-tekton-namespace-pipelinerun/01-enforce.yaml b/tekton/require-tekton-namespace-pipelinerun/01-enforce.yaml deleted file mode 100644 index a050ab0f4..000000000 --- a/tekton/require-tekton-namespace-pipelinerun/01-enforce.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' require-tekton-namespace-pipelinerun.yaml | kubectl create -f - -apply: -- ns.yaml \ No newline at end of file diff --git a/tekton/require-tekton-namespace-pipelinerun/02-manifests.yaml b/tekton/require-tekton-namespace-pipelinerun/02-manifests.yaml deleted file mode 100644 index fb9bdb981..000000000 --- a/tekton/require-tekton-namespace-pipelinerun/02-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-pipelinerun.yaml - shouldFail: false -- file: bad-pipelinerun.yaml - shouldFail: true \ No newline at end of file diff --git a/tekton/require-tekton-namespace-pipelinerun/99-delete.yaml b/tekton/require-tekton-namespace-pipelinerun/99-delete.yaml deleted file mode 100644 index 3ede66813..000000000 --- a/tekton/require-tekton-namespace-pipelinerun/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: require-tekton-namespace-pipelinerun \ No newline at end of file diff --git a/traefik/disallow-default-tlsoptions/00-assert.yaml b/traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-step-00-assert-1.yaml old mode 100644 new mode 100755 similarity index 94% rename from traefik/disallow-default-tlsoptions/00-assert.yaml rename to traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-step-00-assert-1.yaml index cfd011080..086d560e0 --- a/traefik/disallow-default-tlsoptions/00-assert.yaml +++ b/traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-step-00-assert-1.yaml @@ -9,4 +9,4 @@ status: plural: tlsoptions singular: tlsoption storedVersions: - - v1alpha1 \ No newline at end of file + - v1alpha1 diff --git a/traefik/disallow-default-tlsoptions/01-assert.yaml b/traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from traefik/disallow-default-tlsoptions/01-assert.yaml rename to traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-step-01-assert-1.yaml index 6a1c21db5..f3e37c449 --- a/traefik/disallow-default-tlsoptions/01-assert.yaml +++ b/traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: disallow-default-tlsoptions status: - ready: true \ No newline at end of file + ready: true diff --git a/traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-step-03-apply-1.yaml b/traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-step-03-apply-1.yaml new file mode 100755 index 000000000..28edd3a9a --- /dev/null +++ b/traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-step-03-apply-1.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tlsoptions-creator +rules: +- apiGroups: + - traefik.containo.us + resources: + - tlsoptions + verbs: + - create diff --git a/traefik/disallow-default-tlsoptions/03-crb.yaml b/traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-step-03-apply-2.yaml old mode 100644 new mode 100755 similarity index 50% rename from traefik/disallow-default-tlsoptions/03-crb.yaml rename to traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-step-03-apply-2.yaml index 594af9ad8..ffcdb7691 --- a/traefik/disallow-default-tlsoptions/03-crb.yaml +++ b/traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-step-03-apply-2.yaml @@ -1,21 +1,12 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tlsoptions-creator -rules: -- apiGroups: ["traefik.containo.us"] - resources: ["tlsoptions"] - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tlsoptions-creator:tlsoptionsuser -subjects: -- kind: User - name: tlsoptionsuser - apiGroup: rbac.authorization.k8s.io roleRef: + apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: tlsoptions-creator - apiGroup: rbac.authorization.k8s.io \ No newline at end of file +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: User + name: tlsoptionsuser diff --git a/traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-test.yaml b/traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..4f3cf50d4 --- /dev/null +++ b/traefik/disallow-default-tlsoptions/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,88 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: disallow-default-tlsoptions +spec: + steps: + - name: step-00 + try: + - assert: + file: chainsaw-step-00-assert-1.yaml + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../disallow-default-tlsoptions.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - script: + content: | + #!/bin/bash + set -eu + export USERNAME=tlsoptionsuser + export CA=ca.crt + #### Get CA certificate from kubeconfig assuming it's the first in the list. + kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' | base64 --decode > ./ca.crt + #### Set CLUSTER_SERVER from kubeconfig assuming it's the first in the list. + CLUSTER_SERVER="$(kubectl config view --raw -o jsonpath='{.clusters[0].cluster.server}')" + #### Set CLUSTER from kubeconfig assuming it's the first in the list. + CLUSTER="$(kubectl config view --raw -o jsonpath='{.clusters[0].name}')" + #### Generate private key + openssl genrsa -out $USERNAME.key 2048 + #### Create CSR + openssl req -new -key $USERNAME.key -out $USERNAME.csr -subj "/O=testorg/CN=$USERNAME" + #### Send CSR to kube-apiserver for approval + cat < $USERNAME.crt + #### + #### Create the credential object and output the new kubeconfig file + kubectl config set-credentials $USERNAME --client-certificate=$USERNAME.crt --client-key=$USERNAME.key --embed-certs + #### Set the context + kubectl config set-context $USERNAME-context --user=$USERNAME --cluster=$CLUSTER + # Delete CSR + kubectl delete csr $USERNAME + - name: step-03 + try: + - apply: + file: chainsaw-step-03-apply-1.yaml + - apply: + file: chainsaw-step-03-apply-2.yaml + - name: step-04 + try: + - script: + content: if kubectl create --context=tlsoptionsuser-context -f tlsoption.yaml; + then exit 1; else exit 0; fi + - command: + args: + - create + - -f + - tlsoption.yaml + entrypoint: kubectl + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: disallow-default-tlsoptions + - script: + content: | + kubectl delete -f tlsoption.yaml + kubectl config unset users.tlsoptionsuser + kubectl config unset contexts.tlsoptionsuser-context diff --git a/traefik/disallow-default-tlsoptions/tlsoption.yaml b/traefik/disallow-default-tlsoptions/.chainsaw-test/tlsoption.yaml similarity index 100% rename from traefik/disallow-default-tlsoptions/tlsoption.yaml rename to traefik/disallow-default-tlsoptions/.chainsaw-test/tlsoption.yaml diff --git a/traefik/disallow-default-tlsoptions/01-enforce.yaml b/traefik/disallow-default-tlsoptions/01-enforce.yaml deleted file mode 100644 index 098a21b6a..000000000 --- a/traefik/disallow-default-tlsoptions/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' disallow-default-tlsoptions.yaml | kubectl create -f - \ No newline at end of file diff --git a/traefik/disallow-default-tlsoptions/02-setup-user.yaml b/traefik/disallow-default-tlsoptions/02-setup-user.yaml deleted file mode 100644 index 5c100e6a3..000000000 --- a/traefik/disallow-default-tlsoptions/02-setup-user.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - #!/bin/bash - set -eu - export USERNAME=tlsoptionsuser - export CA=ca.crt - #### Get CA certificate from kubeconfig assuming it's the first in the list. - kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' | base64 --decode > ./ca.crt - #### Set CLUSTER_SERVER from kubeconfig assuming it's the first in the list. - CLUSTER_SERVER="$(kubectl config view --raw -o jsonpath='{.clusters[0].cluster.server}')" - #### Set CLUSTER from kubeconfig assuming it's the first in the list. - CLUSTER="$(kubectl config view --raw -o jsonpath='{.clusters[0].name}')" - #### Generate private key - openssl genrsa -out $USERNAME.key 2048 - #### Create CSR - openssl req -new -key $USERNAME.key -out $USERNAME.csr -subj "/O=testorg/CN=$USERNAME" - #### Send CSR to kube-apiserver for approval - cat < $USERNAME.crt - #### - #### Create the credential object and output the new kubeconfig file - kubectl config set-credentials $USERNAME --client-certificate=$USERNAME.crt --client-key=$USERNAME.key --embed-certs - #### Set the context - kubectl config set-context $USERNAME-context --user=$USERNAME --cluster=$CLUSTER - # Delete CSR - kubectl delete csr $USERNAME \ No newline at end of file diff --git a/traefik/disallow-default-tlsoptions/04-manifests.yaml b/traefik/disallow-default-tlsoptions/04-manifests.yaml deleted file mode 100644 index eb83381a2..000000000 --- a/traefik/disallow-default-tlsoptions/04-manifests.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: if kubectl create --context=tlsoptionsuser-context -f tlsoption.yaml; then exit 1; else exit 0; fi -- command: kubectl create -f tlsoption.yaml \ No newline at end of file diff --git a/traefik/disallow-default-tlsoptions/99-delete.yaml b/traefik/disallow-default-tlsoptions/99-delete.yaml deleted file mode 100644 index 164742d8c..000000000 --- a/traefik/disallow-default-tlsoptions/99-delete.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: disallow-default-tlsoptions -commands: -- script: | - kubectl delete -f tlsoption.yaml - kubectl config unset users.tlsoptionsuser - kubectl config unset contexts.tlsoptionsuser-context \ No newline at end of file diff --git a/velero/backup-all-volumes/.chainsaw-test/chainsaw-test.yaml b/velero/backup-all-volumes/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..bcf9def8f --- /dev/null +++ b/velero/backup-all-volumes/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,35 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: backup-all-volumes +spec: + steps: + - name: step-01 + try: + - apply: + file: ../backup-all-volumes.yaml + - apply: + file: ns.yaml + - assert: + file: policy-ready.yaml + - name: step-02 + try: + - apply: + file: pods.yaml + - apply: + file: podcontroller.yaml + - name: step-03 + try: + - assert: + file: pod-patched01.yaml + - assert: + file: pod-patched03.yaml + - assert: + file: pod-patched04.yaml + - assert: + file: deploy-patched.yaml + - assert: + file: cronjob-patched.yaml + - error: + file: pod-not-patched02.yaml diff --git a/velero/backup-all-volumes/cronjob-patched.yaml b/velero/backup-all-volumes/.chainsaw-test/cronjob-patched.yaml similarity index 100% rename from velero/backup-all-volumes/cronjob-patched.yaml rename to velero/backup-all-volumes/.chainsaw-test/cronjob-patched.yaml diff --git a/velero/backup-all-volumes/deploy-patched.yaml b/velero/backup-all-volumes/.chainsaw-test/deploy-patched.yaml similarity index 100% rename from velero/backup-all-volumes/deploy-patched.yaml rename to velero/backup-all-volumes/.chainsaw-test/deploy-patched.yaml diff --git a/velero/backup-all-volumes/ns.yaml b/velero/backup-all-volumes/.chainsaw-test/ns.yaml similarity index 100% rename from velero/backup-all-volumes/ns.yaml rename to velero/backup-all-volumes/.chainsaw-test/ns.yaml diff --git a/velero/backup-all-volumes/pod-not-patched02.yaml b/velero/backup-all-volumes/.chainsaw-test/pod-not-patched02.yaml similarity index 100% rename from velero/backup-all-volumes/pod-not-patched02.yaml rename to velero/backup-all-volumes/.chainsaw-test/pod-not-patched02.yaml diff --git a/velero/backup-all-volumes/pod-patched01.yaml b/velero/backup-all-volumes/.chainsaw-test/pod-patched01.yaml similarity index 100% rename from velero/backup-all-volumes/pod-patched01.yaml rename to velero/backup-all-volumes/.chainsaw-test/pod-patched01.yaml diff --git a/velero/backup-all-volumes/pod-patched03.yaml b/velero/backup-all-volumes/.chainsaw-test/pod-patched03.yaml similarity index 100% rename from velero/backup-all-volumes/pod-patched03.yaml rename to velero/backup-all-volumes/.chainsaw-test/pod-patched03.yaml diff --git a/velero/backup-all-volumes/pod-patched04.yaml b/velero/backup-all-volumes/.chainsaw-test/pod-patched04.yaml similarity index 100% rename from velero/backup-all-volumes/pod-patched04.yaml rename to velero/backup-all-volumes/.chainsaw-test/pod-patched04.yaml diff --git a/velero/backup-all-volumes/podcontroller.yaml b/velero/backup-all-volumes/.chainsaw-test/podcontroller.yaml similarity index 100% rename from velero/backup-all-volumes/podcontroller.yaml rename to velero/backup-all-volumes/.chainsaw-test/podcontroller.yaml diff --git a/velero/backup-all-volumes/pods.yaml b/velero/backup-all-volumes/.chainsaw-test/pods.yaml similarity index 100% rename from velero/backup-all-volumes/pods.yaml rename to velero/backup-all-volumes/.chainsaw-test/pods.yaml diff --git a/velero/backup-all-volumes/policy-ready.yaml b/velero/backup-all-volumes/.chainsaw-test/policy-ready.yaml similarity index 100% rename from velero/backup-all-volumes/policy-ready.yaml rename to velero/backup-all-volumes/.chainsaw-test/policy-ready.yaml diff --git a/velero/backup-all-volumes/01-policy.yaml b/velero/backup-all-volumes/01-policy.yaml deleted file mode 100644 index 7eecd0ae7..000000000 --- a/velero/backup-all-volumes/01-policy.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- backup-all-volumes.yaml -- ns.yaml -assert: -- policy-ready.yaml diff --git a/velero/backup-all-volumes/02-resources.yaml b/velero/backup-all-volumes/02-resources.yaml deleted file mode 100644 index 00d096959..000000000 --- a/velero/backup-all-volumes/02-resources.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- pods.yaml -- podcontroller.yaml \ No newline at end of file diff --git a/velero/backup-all-volumes/03-mutated.yaml b/velero/backup-all-volumes/03-mutated.yaml deleted file mode 100644 index e97613c9b..000000000 --- a/velero/backup-all-volumes/03-mutated.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -assert: -- pod-patched01.yaml -- pod-patched03.yaml -- pod-patched04.yaml -- deploy-patched.yaml -- cronjob-patched.yaml -error: -- pod-not-patched02.yaml \ No newline at end of file diff --git a/velero/block-velero-restore/bad-restore.yaml b/velero/block-velero-restore/.chainsaw-test/bad-restore.yaml similarity index 100% rename from velero/block-velero-restore/bad-restore.yaml rename to velero/block-velero-restore/.chainsaw-test/bad-restore.yaml diff --git a/velero/block-velero-restore/00-assert.yaml b/velero/block-velero-restore/.chainsaw-test/chainsaw-step-00-assert-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from velero/block-velero-restore/00-assert.yaml rename to velero/block-velero-restore/.chainsaw-test/chainsaw-step-00-assert-1.yaml diff --git a/velero/block-velero-restore/01-assert.yaml b/velero/block-velero-restore/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 86% rename from velero/block-velero-restore/01-assert.yaml rename to velero/block-velero-restore/.chainsaw-test/chainsaw-step-01-assert-1.yaml index baab8b939..df978e12d --- a/velero/block-velero-restore/01-assert.yaml +++ b/velero/block-velero-restore/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: block-velero-restore status: - ready: true \ No newline at end of file + ready: true diff --git a/velero/block-velero-restore/.chainsaw-test/chainsaw-test.yaml b/velero/block-velero-restore/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..1ce6ed8c7 --- /dev/null +++ b/velero/block-velero-restore/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,34 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: block-velero-restore +spec: + steps: + - name: step-00 + try: + - assert: + file: chainsaw-step-00-assert-1.yaml + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../block-velero-restore.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: good-restore.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-restore.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: block-velero-restore diff --git a/velero/block-velero-restore/good-restore.yaml b/velero/block-velero-restore/.chainsaw-test/good-restore.yaml similarity index 100% rename from velero/block-velero-restore/good-restore.yaml rename to velero/block-velero-restore/.chainsaw-test/good-restore.yaml diff --git a/velero/block-velero-restore/01-enforce.yaml b/velero/block-velero-restore/01-enforce.yaml deleted file mode 100644 index ca2b9e715..000000000 --- a/velero/block-velero-restore/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' block-velero-restore.yaml | kubectl create -f - \ No newline at end of file diff --git a/velero/block-velero-restore/02-manifests.yaml b/velero/block-velero-restore/02-manifests.yaml deleted file mode 100644 index 66286d74a..000000000 --- a/velero/block-velero-restore/02-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-restore.yaml - shouldFail: false -- file: bad-restore.yaml - shouldFail: true \ No newline at end of file diff --git a/velero/block-velero-restore/99-delete.yaml b/velero/block-velero-restore/99-delete.yaml deleted file mode 100644 index ff75eee94..000000000 --- a/velero/block-velero-restore/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: block-velero-restore \ No newline at end of file diff --git a/velero/validate-cron-schedule/bad-schedule.yaml b/velero/validate-cron-schedule/.chainsaw-test/bad-schedule.yaml similarity index 100% rename from velero/validate-cron-schedule/bad-schedule.yaml rename to velero/validate-cron-schedule/.chainsaw-test/bad-schedule.yaml diff --git a/velero/validate-cron-schedule/00-assert.yaml b/velero/validate-cron-schedule/.chainsaw-test/chainsaw-step-00-assert-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from velero/validate-cron-schedule/00-assert.yaml rename to velero/validate-cron-schedule/.chainsaw-test/chainsaw-step-00-assert-1.yaml diff --git a/velero/validate-cron-schedule/01-assert.yaml b/velero/validate-cron-schedule/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from velero/validate-cron-schedule/01-assert.yaml rename to velero/validate-cron-schedule/.chainsaw-test/chainsaw-step-01-assert-1.yaml index ad427c6a4..11afe59c1 --- a/velero/validate-cron-schedule/01-assert.yaml +++ b/velero/validate-cron-schedule/.chainsaw-test/chainsaw-step-01-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: validate-cron-schedule status: - ready: true \ No newline at end of file + ready: true diff --git a/velero/validate-cron-schedule/.chainsaw-test/chainsaw-test.yaml b/velero/validate-cron-schedule/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..e31cb9f91 --- /dev/null +++ b/velero/validate-cron-schedule/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,34 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: validate-cron-schedule +spec: + steps: + - name: step-00 + try: + - assert: + file: chainsaw-step-00-assert-1.yaml + - name: step-01 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../validate-cron-schedule.yaml | kubectl create -f - + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - apply: + file: good-schedule.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-schedule.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: validate-cron-schedule diff --git a/velero/validate-cron-schedule/good-schedule.yaml b/velero/validate-cron-schedule/.chainsaw-test/good-schedule.yaml similarity index 100% rename from velero/validate-cron-schedule/good-schedule.yaml rename to velero/validate-cron-schedule/.chainsaw-test/good-schedule.yaml diff --git a/velero/validate-cron-schedule/01-enforce.yaml b/velero/validate-cron-schedule/01-enforce.yaml deleted file mode 100644 index 0d3f72ce9..000000000 --- a/velero/validate-cron-schedule/01-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' validate-cron-schedule.yaml | kubectl create -f - \ No newline at end of file diff --git a/velero/validate-cron-schedule/02-manifests.yaml b/velero/validate-cron-schedule/02-manifests.yaml deleted file mode 100644 index d58bf8ee0..000000000 --- a/velero/validate-cron-schedule/02-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-schedule.yaml - shouldFail: false -- file: bad-schedule.yaml - shouldFail: true \ No newline at end of file diff --git a/velero/validate-cron-schedule/99-delete.yaml b/velero/validate-cron-schedule/99-delete.yaml deleted file mode 100644 index 0bcac0cad..000000000 --- a/velero/validate-cron-schedule/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: validate-cron-schedule \ No newline at end of file