diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d161e346b..bc958b5ec 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -27,7 +27,7 @@ jobs: - name: v1.28 version: v1.28.0 tests: - - argo + # - argo - aws - best-practices - castai @@ -102,7 +102,7 @@ jobs: - name: v1.28 version: v1.28.0 tests: - # - argo + - argo # - aws # - best-practices # - castai diff --git a/argo/application-field-validation/bad-application.yaml b/argo/application-field-validation/.chainsaw-test/bad-application.yaml similarity index 100% rename from argo/application-field-validation/bad-application.yaml rename to argo/application-field-validation/.chainsaw-test/bad-application.yaml diff --git a/argo/application-field-validation/01-assert.yaml b/argo/application-field-validation/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from argo/application-field-validation/01-assert.yaml rename to argo/application-field-validation/.chainsaw-test/chainsaw-step-01-assert-1.yaml diff --git a/argo/application-field-validation/02-assert.yaml b/argo/application-field-validation/.chainsaw-test/chainsaw-step-02-assert-1.yaml old mode 100644 new mode 100755 similarity index 87% rename from argo/application-field-validation/02-assert.yaml rename to argo/application-field-validation/.chainsaw-test/chainsaw-step-02-assert-1.yaml index 07d2843f8..4f0ddbf67 --- a/argo/application-field-validation/02-assert.yaml +++ b/argo/application-field-validation/.chainsaw-test/chainsaw-step-02-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: application-field-validation status: - ready: true \ No newline at end of file + ready: true diff --git a/argo/application-field-validation/.chainsaw-test/chainsaw-test.yaml b/argo/application-field-validation/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..90db2b6dc --- /dev/null +++ b/argo/application-field-validation/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,34 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: application-field-validation +spec: + steps: + - name: step-01 + try: + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../application-field-validation.yaml | kubectl create -f - + - assert: + file: chainsaw-step-02-assert-1.yaml + - name: step-03 + try: + - apply: + file: good-application.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-application.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: application-field-validation diff --git a/argo/application-field-validation/good-application.yaml b/argo/application-field-validation/.chainsaw-test/good-application.yaml similarity index 100% rename from argo/application-field-validation/good-application.yaml rename to argo/application-field-validation/.chainsaw-test/good-application.yaml diff --git a/argo/application-field-validation/02-enforce.yaml b/argo/application-field-validation/02-enforce.yaml deleted file mode 100644 index 5406a47b6..000000000 --- a/argo/application-field-validation/02-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' application-field-validation.yaml | kubectl create -f - \ No newline at end of file diff --git a/argo/application-field-validation/03-applications.yaml b/argo/application-field-validation/03-applications.yaml deleted file mode 100644 index 31b1cfcd6..000000000 --- a/argo/application-field-validation/03-applications.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-application.yaml - shouldFail: false -- file: bad-application.yaml - shouldFail: true \ No newline at end of file diff --git a/argo/application-field-validation/99-delete.yaml b/argo/application-field-validation/99-delete.yaml deleted file mode 100644 index b135354b2..000000000 --- a/argo/application-field-validation/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: application-field-validation \ No newline at end of file diff --git a/argo/application-field-validation/report.yaml b/argo/application-field-validation/report.yaml deleted file mode 100644 index dca37de13..000000000 --- a/argo/application-field-validation/report.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: wgpolicyk8s.io/v1alpha2 -kind: PolicyReport -metadata: - name: cpol-application-field-validation - namespace: default -results: -- category: Argo - message: validation rule 'destination-server-name' anyPattern[0] passed. - policy: application-field-validation - resources: - - apiVersion: argoproj.io/v1alpha1 - kind: Application - name: badapp01 - namespace: default - result: pass - rule: destination-server-name - scored: true - severity: medium - source: kyverno -- category: Argo - message: validation rule 'destination-server-name' anyPattern[0] passed. - policy: application-field-validation - resources: - - apiVersion: argoproj.io/v1alpha1 - kind: Application - name: goodapp01 - namespace: default - result: pass - rule: destination-server-name - scored: true - severity: medium - source: kyverno -- category: Argo - message: 'validation error: `spec.destination.server` OR `spec.destination.name` - should be specified but never both. rule destination-server-name[0] failed at - path /spec/destination/name/ rule destination-server-name[1] failed at path /spec/destination/server/' - policy: application-field-validation - resources: - - apiVersion: argoproj.io/v1alpha1 - kind: Application - name: badapp02 - namespace: default - result: fail - rule: destination-server-name - scored: true - severity: medium - source: kyverno -- category: Argo - message: 'validation error: `spec.source.path` OR `spec.source.chart` should be - specified but never both. rule source-path-chart[0] failed at path /spec/source/chart/ - rule source-path-chart[1] failed at path /spec/source/path/' - policy: application-field-validation - resources: - - apiVersion: argoproj.io/v1alpha1 - kind: Application - name: badapp01 - namespace: default - result: fail - rule: source-path-chart - scored: true - severity: medium - source: kyverno -- category: Argo - message: validation rule 'source-path-chart' anyPattern[0] passed. - policy: application-field-validation - resources: - - apiVersion: argoproj.io/v1alpha1 - kind: Application - name: goodapp01 - namespace: default - result: pass - rule: source-path-chart - scored: true - severity: medium - source: kyverno -- category: Argo - message: validation rule 'source-path-chart' anyPattern[0] passed. - policy: application-field-validation - resources: - - apiVersion: argoproj.io/v1alpha1 - kind: Application - name: badapp02 - namespace: default - result: pass - rule: source-path-chart - scored: true - severity: medium - source: kyverno -summary: - error: 0 - fail: 2 - pass: 4 - skip: 0 - warn: 0 \ No newline at end of file diff --git a/argo/application-prevent-default-project/bad-application.yaml b/argo/application-prevent-default-project/.chainsaw-test/bad-application.yaml similarity index 100% rename from argo/application-prevent-default-project/bad-application.yaml rename to argo/application-prevent-default-project/.chainsaw-test/bad-application.yaml diff --git a/argo/application-prevent-default-project/01-assert.yaml b/argo/application-prevent-default-project/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from argo/application-prevent-default-project/01-assert.yaml rename to argo/application-prevent-default-project/.chainsaw-test/chainsaw-step-01-assert-1.yaml diff --git a/argo/application-prevent-default-project/02-assert.yaml b/argo/application-prevent-default-project/.chainsaw-test/chainsaw-step-02-assert-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from argo/application-prevent-default-project/02-assert.yaml rename to argo/application-prevent-default-project/.chainsaw-test/chainsaw-step-02-assert-1.yaml index e975d79e7..0edbc929b --- a/argo/application-prevent-default-project/02-assert.yaml +++ b/argo/application-prevent-default-project/.chainsaw-test/chainsaw-step-02-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: application-prevent-default-project status: - ready: true \ No newline at end of file + ready: true diff --git a/argo/application-prevent-default-project/.chainsaw-test/chainsaw-test.yaml b/argo/application-prevent-default-project/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..d66d69e6d --- /dev/null +++ b/argo/application-prevent-default-project/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,34 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: application-prevent-default-project +spec: + steps: + - name: step-01 + try: + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../application-prevent-default-project.yaml | kubectl create -f - + - assert: + file: chainsaw-step-02-assert-1.yaml + - name: step-03 + try: + - apply: + file: good-application.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-application.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: application-prevent-default-project diff --git a/argo/application-prevent-default-project/good-application.yaml b/argo/application-prevent-default-project/.chainsaw-test/good-application.yaml similarity index 100% rename from argo/application-prevent-default-project/good-application.yaml rename to argo/application-prevent-default-project/.chainsaw-test/good-application.yaml diff --git a/argo/application-prevent-default-project/02-enforce.yaml b/argo/application-prevent-default-project/02-enforce.yaml deleted file mode 100644 index 93fb783e5..000000000 --- a/argo/application-prevent-default-project/02-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' application-prevent-default-project.yaml | kubectl create -f - \ No newline at end of file diff --git a/argo/application-prevent-default-project/03-applications.yaml b/argo/application-prevent-default-project/03-applications.yaml deleted file mode 100644 index 31b1cfcd6..000000000 --- a/argo/application-prevent-default-project/03-applications.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-application.yaml - shouldFail: false -- file: bad-application.yaml - shouldFail: true \ No newline at end of file diff --git a/argo/application-prevent-default-project/99-delete.yaml b/argo/application-prevent-default-project/99-delete.yaml deleted file mode 100644 index cd4f4b8ef..000000000 --- a/argo/application-prevent-default-project/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: application-prevent-default-project \ No newline at end of file diff --git a/argo/application-prevent-updates-project/application-bad-update.yaml b/argo/application-prevent-updates-project/.chainsaw-test/application-bad-update.yaml similarity index 100% rename from argo/application-prevent-updates-project/application-bad-update.yaml rename to argo/application-prevent-updates-project/.chainsaw-test/application-bad-update.yaml diff --git a/argo/application-prevent-updates-project/application-update.yaml b/argo/application-prevent-updates-project/.chainsaw-test/application-update.yaml similarity index 100% rename from argo/application-prevent-updates-project/application-update.yaml rename to argo/application-prevent-updates-project/.chainsaw-test/application-update.yaml diff --git a/argo/application-prevent-updates-project/application.yaml b/argo/application-prevent-updates-project/.chainsaw-test/application.yaml similarity index 100% rename from argo/application-prevent-updates-project/application.yaml rename to argo/application-prevent-updates-project/.chainsaw-test/application.yaml diff --git a/argo/application-prevent-updates-project/01-assert.yaml b/argo/application-prevent-updates-project/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from argo/application-prevent-updates-project/01-assert.yaml rename to argo/application-prevent-updates-project/.chainsaw-test/chainsaw-step-01-assert-1.yaml diff --git a/argo/application-prevent-updates-project/02-assert.yaml b/argo/application-prevent-updates-project/.chainsaw-test/chainsaw-step-02-assert-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from argo/application-prevent-updates-project/02-assert.yaml rename to argo/application-prevent-updates-project/.chainsaw-test/chainsaw-step-02-assert-1.yaml index 4732d1582..820069362 --- a/argo/application-prevent-updates-project/02-assert.yaml +++ b/argo/application-prevent-updates-project/.chainsaw-test/chainsaw-step-02-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: application-prevent-updates-project status: - ready: true \ No newline at end of file + ready: true diff --git a/argo/application-prevent-updates-project/.chainsaw-test/chainsaw-test.yaml b/argo/application-prevent-updates-project/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..afe5b7b2e --- /dev/null +++ b/argo/application-prevent-updates-project/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,36 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: application-prevent-updates-project +spec: + steps: + - name: step-01 + try: + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../application-prevent-updates-project.yaml | kubectl create -f - + - assert: + file: chainsaw-step-02-assert-1.yaml + - name: step-03 + try: + - apply: + file: application.yaml + - apply: + file: application-update.yaml + - apply: + expect: + - check: + ($error != null): true + file: application-bad-update.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: application-prevent-updates-project diff --git a/argo/application-prevent-updates-project/02-enforce.yaml b/argo/application-prevent-updates-project/02-enforce.yaml deleted file mode 100644 index 76d2f5563..000000000 --- a/argo/application-prevent-updates-project/02-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' application-prevent-updates-project.yaml | kubectl create -f - \ No newline at end of file diff --git a/argo/application-prevent-updates-project/03-applications.yaml b/argo/application-prevent-updates-project/03-applications.yaml deleted file mode 100644 index d5926197b..000000000 --- a/argo/application-prevent-updates-project/03-applications.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: application.yaml - shouldFail: false -- file: application-update.yaml - shouldFail: false -- file: application-bad-update.yaml - shouldFail: true \ No newline at end of file diff --git a/argo/application-prevent-updates-project/99-delete.yaml b/argo/application-prevent-updates-project/99-delete.yaml deleted file mode 100644 index cffd4daa6..000000000 --- a/argo/application-prevent-updates-project/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: application-prevent-updates-project \ No newline at end of file diff --git a/argo/applicationset-name-matches-project/bad-appset.yaml b/argo/applicationset-name-matches-project/.chainsaw-test/bad-appset.yaml similarity index 100% rename from argo/applicationset-name-matches-project/bad-appset.yaml rename to argo/applicationset-name-matches-project/.chainsaw-test/bad-appset.yaml diff --git a/argo/applicationset-name-matches-project/01-assert.yaml b/argo/applicationset-name-matches-project/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from argo/applicationset-name-matches-project/01-assert.yaml rename to argo/applicationset-name-matches-project/.chainsaw-test/chainsaw-step-01-assert-1.yaml diff --git a/argo/applicationset-name-matches-project/02-assert.yaml b/argo/applicationset-name-matches-project/.chainsaw-test/chainsaw-step-02-assert-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from argo/applicationset-name-matches-project/02-assert.yaml rename to argo/applicationset-name-matches-project/.chainsaw-test/chainsaw-step-02-assert-1.yaml index fff817d70..5e891f2a0 --- a/argo/applicationset-name-matches-project/02-assert.yaml +++ b/argo/applicationset-name-matches-project/.chainsaw-test/chainsaw-step-02-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: applicationset-name-matches-project status: - ready: true \ No newline at end of file + ready: true diff --git a/argo/applicationset-name-matches-project/.chainsaw-test/chainsaw-test.yaml b/argo/applicationset-name-matches-project/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..c5e531940 --- /dev/null +++ b/argo/applicationset-name-matches-project/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,34 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: applicationset-name-matches-project +spec: + steps: + - name: step-01 + try: + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../applicationset-name-matches-project.yaml | kubectl create -f - + - assert: + file: chainsaw-step-02-assert-1.yaml + - name: step-03 + try: + - apply: + file: good-appset.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-appset.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: applicationset-name-matches-project diff --git a/argo/applicationset-name-matches-project/good-appset.yaml b/argo/applicationset-name-matches-project/.chainsaw-test/good-appset.yaml similarity index 100% rename from argo/applicationset-name-matches-project/good-appset.yaml rename to argo/applicationset-name-matches-project/.chainsaw-test/good-appset.yaml diff --git a/argo/applicationset-name-matches-project/02-enforce.yaml b/argo/applicationset-name-matches-project/02-enforce.yaml deleted file mode 100644 index 3dc1d4fb4..000000000 --- a/argo/applicationset-name-matches-project/02-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' applicationset-name-matches-project.yaml | kubectl create -f - \ No newline at end of file diff --git a/argo/applicationset-name-matches-project/03-applicationset.yaml b/argo/applicationset-name-matches-project/03-applicationset.yaml deleted file mode 100644 index 8b3bf7a42..000000000 --- a/argo/applicationset-name-matches-project/03-applicationset.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good-appset.yaml - shouldFail: false -- file: bad-appset.yaml - shouldFail: true \ No newline at end of file diff --git a/argo/applicationset-name-matches-project/99-delete.yaml b/argo/applicationset-name-matches-project/99-delete.yaml deleted file mode 100644 index 14a301a22..000000000 --- a/argo/applicationset-name-matches-project/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: applicationset-name-matches-project \ No newline at end of file diff --git a/argo/appproject-clusterresourceblacklist/bad-both-wildcard.yaml b/argo/appproject-clusterresourceblacklist/.chainsaw-test/bad-both-wildcard.yaml similarity index 100% rename from argo/appproject-clusterresourceblacklist/bad-both-wildcard.yaml rename to argo/appproject-clusterresourceblacklist/.chainsaw-test/bad-both-wildcard.yaml diff --git a/argo/appproject-clusterresourceblacklist/bad-group-wildcard.yaml b/argo/appproject-clusterresourceblacklist/.chainsaw-test/bad-group-wildcard.yaml similarity index 100% rename from argo/appproject-clusterresourceblacklist/bad-group-wildcard.yaml rename to argo/appproject-clusterresourceblacklist/.chainsaw-test/bad-group-wildcard.yaml diff --git a/argo/appproject-clusterresourceblacklist/bad-kind-wildcard.yaml b/argo/appproject-clusterresourceblacklist/.chainsaw-test/bad-kind-wildcard.yaml similarity index 100% rename from argo/appproject-clusterresourceblacklist/bad-kind-wildcard.yaml rename to argo/appproject-clusterresourceblacklist/.chainsaw-test/bad-kind-wildcard.yaml diff --git a/argo/appproject-clusterresourceblacklist/bad-no-blacklist.yaml b/argo/appproject-clusterresourceblacklist/.chainsaw-test/bad-no-blacklist.yaml similarity index 100% rename from argo/appproject-clusterresourceblacklist/bad-no-blacklist.yaml rename to argo/appproject-clusterresourceblacklist/.chainsaw-test/bad-no-blacklist.yaml diff --git a/argo/appproject-clusterresourceblacklist/01-assert.yaml b/argo/appproject-clusterresourceblacklist/.chainsaw-test/chainsaw-step-01-assert-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from argo/appproject-clusterresourceblacklist/01-assert.yaml rename to argo/appproject-clusterresourceblacklist/.chainsaw-test/chainsaw-step-01-assert-1.yaml diff --git a/argo/appproject-clusterresourceblacklist/02-assert.yaml b/argo/appproject-clusterresourceblacklist/.chainsaw-test/chainsaw-step-02-assert-1.yaml old mode 100644 new mode 100755 similarity index 88% rename from argo/appproject-clusterresourceblacklist/02-assert.yaml rename to argo/appproject-clusterresourceblacklist/.chainsaw-test/chainsaw-step-02-assert-1.yaml index 17e19e9b5..745e7b98b --- a/argo/appproject-clusterresourceblacklist/02-assert.yaml +++ b/argo/appproject-clusterresourceblacklist/.chainsaw-test/chainsaw-step-02-assert-1.yaml @@ -3,4 +3,4 @@ kind: ClusterPolicy metadata: name: appproject-clusterresourceblacklist status: - ready: true \ No newline at end of file + ready: true diff --git a/argo/appproject-clusterresourceblacklist/.chainsaw-test/chainsaw-test.yaml b/argo/appproject-clusterresourceblacklist/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..2748f7e2b --- /dev/null +++ b/argo/appproject-clusterresourceblacklist/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,49 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: appproject-clusterresourceblacklist +spec: + steps: + - name: step-01 + try: + - assert: + file: chainsaw-step-01-assert-1.yaml + - name: step-02 + try: + - script: + content: | + sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' ../appproject-clusterresourceblacklist.yaml | kubectl create -f - + - assert: + file: chainsaw-step-02-assert-1.yaml + - name: step-03 + try: + - apply: + file: good.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-both-wildcard.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-group-wildcard.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-kind-wildcard.yaml + - apply: + expect: + - check: + ($error != null): true + file: bad-no-blacklist.yaml + - name: step-99 + try: + - delete: + ref: + apiVersion: kyverno.io/v1 + kind: ClusterPolicy + name: appproject-clusterresourceblacklist diff --git a/argo/appproject-clusterresourceblacklist/good.yaml b/argo/appproject-clusterresourceblacklist/.chainsaw-test/good.yaml similarity index 100% rename from argo/appproject-clusterresourceblacklist/good.yaml rename to argo/appproject-clusterresourceblacklist/.chainsaw-test/good.yaml diff --git a/argo/appproject-clusterresourceblacklist/02-enforce.yaml b/argo/appproject-clusterresourceblacklist/02-enforce.yaml deleted file mode 100644 index dd96aa812..000000000 --- a/argo/appproject-clusterresourceblacklist/02-enforce.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - sed 's/validationFailureAction: audit/validationFailureAction: Enforce/' appproject-clusterresourceblacklist.yaml | kubectl create -f - \ No newline at end of file diff --git a/argo/appproject-clusterresourceblacklist/03-manifests.yaml b/argo/appproject-clusterresourceblacklist/03-manifests.yaml deleted file mode 100644 index 1bd3bfd3e..000000000 --- a/argo/appproject-clusterresourceblacklist/03-manifests.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- file: good.yaml - shouldFail: false -- file: bad-both-wildcard.yaml - shouldFail: true -- file: bad-group-wildcard.yaml - shouldFail: true -- file: bad-kind-wildcard.yaml - shouldFail: true -- file: bad-no-blacklist.yaml - shouldFail: true \ No newline at end of file diff --git a/argo/appproject-clusterresourceblacklist/99-delete.yaml b/argo/appproject-clusterresourceblacklist/99-delete.yaml deleted file mode 100644 index 6a1ce48ef..000000000 --- a/argo/appproject-clusterresourceblacklist/99-delete.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: kyverno.io/v1 - kind: ClusterPolicy - name: appproject-clusterresourceblacklist \ No newline at end of file diff --git a/argo/argo-cluster-generation-from-rancher-capi/00-assert.yaml b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-00-assert-1.yaml old mode 100644 new mode 100755 similarity index 100% rename from argo/argo-cluster-generation-from-rancher-capi/00-assert.yaml rename to argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-00-assert-1.yaml diff --git a/argo/argo-cluster-generation-from-rancher-capi/ns.yaml b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-1.yaml old mode 100644 new mode 100755 similarity index 55% rename from argo/argo-cluster-generation-from-rancher-capi/ns.yaml rename to argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-1.yaml index b2e80e530..d57c8ef98 --- a/argo/argo-cluster-generation-from-rancher-capi/ns.yaml +++ b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-1.yaml @@ -2,8 +2,3 @@ apiVersion: v1 kind: Namespace metadata: name: argo-rancher-cluster-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - name: argocd \ No newline at end of file diff --git a/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-2.yaml b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-2.yaml new file mode 100755 index 000000000..a040f2ba5 --- /dev/null +++ b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-2.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: argocd diff --git a/argo/argo-cluster-generation-from-rancher-capi/setup.yaml b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-3.yaml old mode 100644 new mode 100755 similarity index 78% rename from argo/argo-cluster-generation-from-rancher-capi/setup.yaml rename to argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-3.yaml index 6497b9be2..89c56240a --- a/argo/argo-cluster-generation-from-rancher-capi/setup.yaml +++ b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-3.yaml @@ -1,18 +1,8 @@ apiVersion: v1 -kind: Namespace -metadata: - name: argo-rancher-cluster-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - name: argocd ---- -apiVersion: v1 +data: + token: Zm9v + value: Y2x1c3RlcnM6DQotIGNsdXN0ZXI6DQogICAgY2VydGlmaWNhdGUtYXV0aG9yaXR5LWRhdGE6IFltRnlDZz09DQogICAgc2VydmVyOiBodHRwczovLzEyNy4wLjAuMToxMjM0NQ0KICBuYW1lOiBjbHVzdGVyDQpjb250ZXh0czoNCi0gY29udGV4dDoNCiAgICBjbHVzdGVyOiBjbHVzdGVyDQogICAgdXNlcjogdXNlcg0KICBuYW1lOiBjbHVzdGVyDQpjdXJyZW50LWNvbnRleHQ6IGNsdXN0ZXINCnByZWZlcmVuY2VzOiB7fQ0KdXNlcnM6DQotIG5hbWU6IHVzZXINCiAgdXNlcjoNCiAgICBjbGllbnQtY2VydGlmaWNhdGUtZGF0YTogWW1GeUNnPT0= kind: Secret metadata: name: sample-cluster-kubeconfig namespace: argo-rancher-cluster-ns -data: - value: Y2x1c3RlcnM6DQotIGNsdXN0ZXI6DQogICAgY2VydGlmaWNhdGUtYXV0aG9yaXR5LWRhdGE6IFltRnlDZz09DQogICAgc2VydmVyOiBodHRwczovLzEyNy4wLjAuMToxMjM0NQ0KICBuYW1lOiBjbHVzdGVyDQpjb250ZXh0czoNCi0gY29udGV4dDoNCiAgICBjbHVzdGVyOiBjbHVzdGVyDQogICAgdXNlcjogdXNlcg0KICBuYW1lOiBjbHVzdGVyDQpjdXJyZW50LWNvbnRleHQ6IGNsdXN0ZXINCnByZWZlcmVuY2VzOiB7fQ0KdXNlcnM6DQotIG5hbWU6IHVzZXINCiAgdXNlcjoNCiAgICBjbGllbnQtY2VydGlmaWNhdGUtZGF0YTogWW1GeUNnPT0= - token: Zm9v \ No newline at end of file diff --git a/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-4.yaml b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-4.yaml new file mode 100755 index 000000000..cf5a14e91 --- /dev/null +++ b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-4.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + token: Zm9v + value: Y2x1c3RlcnM6DQotIGNsdXN0ZXI6DQogICAgY2VydGlmaWNhdGUtYXV0aG9yaXR5LWRhdGE6IFltRnlDZz09DQogICAgc2VydmVyOiBodHRwczovLzEyNy4wLjAuMToxMjM0NQ0KICBuYW1lOiBjbHVzdGVyDQpjb250ZXh0czoNCi0gY29udGV4dDoNCiAgICBjbHVzdGVyOiBjbHVzdGVyDQogICAgdXNlcjogdXNlcg0KICBuYW1lOiBjbHVzdGVyDQpjdXJyZW50LWNvbnRleHQ6IGNsdXN0ZXINCnByZWZlcmVuY2VzOiB7fQ0KdXNlcnM6DQotIG5hbWU6IHVzZXINCiAgdXNlcjoNCiAgICBjbGllbnQtY2VydGlmaWNhdGUtZGF0YTogWW1GeUNnPT0= +kind: Secret +metadata: + name: rancher-cluster-kubeconfig + namespace: argo-rancher-cluster-ns diff --git a/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-5.yaml b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-5.yaml new file mode 100755 index 000000000..0ca4a23eb --- /dev/null +++ b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-step-01-apply-5.yaml @@ -0,0 +1,15 @@ +apiVersion: provisioning.cattle.io/v1 +kind: Cluster +metadata: + name: rancher-cluster + namespace: argo-rancher-cluster-ns +spec: + rkeConfig: + machinePools: + - controlPlaneRole: true + machineConfigRef: + apiVersion: elemental.cattle.io/v1beta1 + kind: MachineInventorySelectorTemplate + name: configref01 + name: machine01 + quantity: 1 diff --git a/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-test.yaml b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-test.yaml new file mode 100755 index 000000000..6efbc8539 --- /dev/null +++ b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/chainsaw-test.yaml @@ -0,0 +1,37 @@ +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: argo-cluster-generation-from-rancher-capi +spec: + steps: + - name: step-00 + try: + - assert: + file: chainsaw-step-00-assert-1.yaml + - name: step-01 + try: + - apply: + file: chainsaw-step-01-apply-1.yaml + - apply: + file: chainsaw-step-01-apply-2.yaml + - apply: + file: chainsaw-step-01-apply-3.yaml + - apply: + file: chainsaw-step-01-apply-4.yaml + - apply: + file: chainsaw-step-01-apply-5.yaml + - name: step-02 + try: + - apply: + file: ../argo-cluster-generation-from-rancher-capi.yaml + - assert: + file: policy-ready.yaml + - name: step-03 + try: + - apply: + file: cluster.yaml + - assert: + file: secret-generated01.yaml + - assert: + file: secret-generated02.yaml diff --git a/argo/argo-cluster-generation-from-rancher-capi/cluster.yaml b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/cluster.yaml similarity index 100% rename from argo/argo-cluster-generation-from-rancher-capi/cluster.yaml rename to argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/cluster.yaml diff --git a/argo/argo-cluster-generation-from-rancher-capi/policy-ready.yaml b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/policy-ready.yaml similarity index 100% rename from argo/argo-cluster-generation-from-rancher-capi/policy-ready.yaml rename to argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/policy-ready.yaml diff --git a/argo/argo-cluster-generation-from-rancher-capi/secret-generated01.yaml b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/secret-generated01.yaml similarity index 100% rename from argo/argo-cluster-generation-from-rancher-capi/secret-generated01.yaml rename to argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/secret-generated01.yaml diff --git a/argo/argo-cluster-generation-from-rancher-capi/secret-generated02.yaml b/argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/secret-generated02.yaml similarity index 100% rename from argo/argo-cluster-generation-from-rancher-capi/secret-generated02.yaml rename to argo/argo-cluster-generation-from-rancher-capi/.chainsaw-test/secret-generated02.yaml diff --git a/argo/argo-cluster-generation-from-rancher-capi/01-setup.yaml b/argo/argo-cluster-generation-from-rancher-capi/01-setup.yaml deleted file mode 100644 index c40717e6d..000000000 --- a/argo/argo-cluster-generation-from-rancher-capi/01-setup.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: argo-rancher-cluster-ns ---- -apiVersion: v1 -kind: Namespace -metadata: - name: argocd ---- -apiVersion: v1 -kind: Secret -metadata: - name: sample-cluster-kubeconfig - namespace: argo-rancher-cluster-ns -data: - value: Y2x1c3RlcnM6DQotIGNsdXN0ZXI6DQogICAgY2VydGlmaWNhdGUtYXV0aG9yaXR5LWRhdGE6IFltRnlDZz09DQogICAgc2VydmVyOiBodHRwczovLzEyNy4wLjAuMToxMjM0NQ0KICBuYW1lOiBjbHVzdGVyDQpjb250ZXh0czoNCi0gY29udGV4dDoNCiAgICBjbHVzdGVyOiBjbHVzdGVyDQogICAgdXNlcjogdXNlcg0KICBuYW1lOiBjbHVzdGVyDQpjdXJyZW50LWNvbnRleHQ6IGNsdXN0ZXINCnByZWZlcmVuY2VzOiB7fQ0KdXNlcnM6DQotIG5hbWU6IHVzZXINCiAgdXNlcjoNCiAgICBjbGllbnQtY2VydGlmaWNhdGUtZGF0YTogWW1GeUNnPT0= - token: Zm9v ---- -apiVersion: v1 -kind: Secret -metadata: - name: rancher-cluster-kubeconfig - namespace: argo-rancher-cluster-ns -data: - value: Y2x1c3RlcnM6DQotIGNsdXN0ZXI6DQogICAgY2VydGlmaWNhdGUtYXV0aG9yaXR5LWRhdGE6IFltRnlDZz09DQogICAgc2VydmVyOiBodHRwczovLzEyNy4wLjAuMToxMjM0NQ0KICBuYW1lOiBjbHVzdGVyDQpjb250ZXh0czoNCi0gY29udGV4dDoNCiAgICBjbHVzdGVyOiBjbHVzdGVyDQogICAgdXNlcjogdXNlcg0KICBuYW1lOiBjbHVzdGVyDQpjdXJyZW50LWNvbnRleHQ6IGNsdXN0ZXINCnByZWZlcmVuY2VzOiB7fQ0KdXNlcnM6DQotIG5hbWU6IHVzZXINCiAgdXNlcjoNCiAgICBjbGllbnQtY2VydGlmaWNhdGUtZGF0YTogWW1GeUNnPT0= - token: Zm9v ---- -kind: Cluster -apiVersion: provisioning.cattle.io/v1 -metadata: - name: rancher-cluster - namespace: argo-rancher-cluster-ns -spec: - rkeConfig: - machinePools: - - name: machine01 - controlPlaneRole: true - quantity: 1 - machineConfigRef: - apiVersion: elemental.cattle.io/v1beta1 - kind: MachineInventorySelectorTemplate - name: configref01 \ No newline at end of file diff --git a/argo/argo-cluster-generation-from-rancher-capi/02-policy.yaml b/argo/argo-cluster-generation-from-rancher-capi/02-policy.yaml deleted file mode 100644 index 602b35040..000000000 --- a/argo/argo-cluster-generation-from-rancher-capi/02-policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- argo-cluster-generation-from-rancher-capi.yaml -assert: -- policy-ready.yaml \ No newline at end of file diff --git a/argo/argo-cluster-generation-from-rancher-capi/03-manifests.yaml b/argo/argo-cluster-generation-from-rancher-capi/03-manifests.yaml deleted file mode 100644 index 86875ba24..000000000 --- a/argo/argo-cluster-generation-from-rancher-capi/03-manifests.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -apply: -- cluster.yaml -assert: -- secret-generated01.yaml -- secret-generated02.yaml \ No newline at end of file