From 281bc7279b6f91bacf76e8775f7293d8f0dae144 Mon Sep 17 00:00:00 2001
From: sathyaseelan <sathyaseelan@nirmata.com>
Date: Fri, 9 Aug 2024 11:04:11 +0530
Subject: [PATCH] Updated the kyverno cel policies

Signed-off-by: sathyaseelan <sathyaseelan@nirmata.com>
---
 .github/workflows/chainsaw-e2e.yaml                       | 8 ++++----
 .../restrict-binding-system-groups.yaml                   | 3 +++
 .../restrict-clusterrole-nodesproxy.yaml                  | 3 +++
 .../restrict-escalation-verbs-roles.yaml                  | 3 +++
 .../restrict-wildcard-resources.yaml                      | 3 +++
 5 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/chainsaw-e2e.yaml b/.github/workflows/chainsaw-e2e.yaml
index 09c810d4..2f85c850 100644
--- a/.github/workflows/chainsaw-e2e.yaml
+++ b/.github/workflows/chainsaw-e2e.yaml
@@ -16,7 +16,7 @@ jobs:
       fail-fast: false    
       matrix:
         k8s-version: [v1.30.0, v1.29.4, v1.28.9]
-        n4k-chart-version: [3.0.30]
+        n4k-chart-version: [3.0.31]
 
     steps:
       - name: Checkout
@@ -54,7 +54,7 @@ jobs:
       fail-fast: false    
       matrix:
         k8s-version: [v1.30.0, v1.29.4, v1.28.9]
-        n4k-chart-version: [3.1.18, 3.2.2-rc3]
+        n4k-chart-version: [3.1.18, 3.2.2]
 
     steps:
       - name: Checkout
@@ -92,7 +92,7 @@ jobs:
       fail-fast: false    
       matrix:
         k8s-version: [v1.27.3, v1.26.3]
-        n4k-chart-version: [3.1.18, 3.2.1]
+        n4k-chart-version: [3.1.18, 3.2.2]
 
     steps:
       - name: Checkout
@@ -125,7 +125,7 @@ jobs:
       fail-fast: false    
       matrix:
         k8s-version: [v1.30.0, v1.29.4, v1.28.9]
-        n4k-chart-version: [3.1.18, 3.2.1]
+        n4k-chart-version: [3.1.18, 3.2.2]
 
     steps:
       - name: Checkout
diff --git a/rbac-best-practices-cel/restrict-binding-system-groups/restrict-binding-system-groups.yaml b/rbac-best-practices-cel/restrict-binding-system-groups/restrict-binding-system-groups.yaml
index b73bc50d..802a4aac 100644
--- a/rbac-best-practices-cel/restrict-binding-system-groups/restrict-binding-system-groups.yaml
+++ b/rbac-best-practices-cel/restrict-binding-system-groups/restrict-binding-system-groups.yaml
@@ -24,6 +24,9 @@ spec:
             kinds:
               - RoleBinding
               - ClusterRoleBinding
+            operations:
+              - CREATE
+              - UPDATE
       validate:
         cel:
           expressions:
diff --git a/rbac-best-practices-cel/restrict-clusterrole-nodesproxy/restrict-clusterrole-nodesproxy.yaml b/rbac-best-practices-cel/restrict-clusterrole-nodesproxy/restrict-clusterrole-nodesproxy.yaml
index 169bade9..76b2b5cf 100644
--- a/rbac-best-practices-cel/restrict-clusterrole-nodesproxy/restrict-clusterrole-nodesproxy.yaml
+++ b/rbac-best-practices-cel/restrict-clusterrole-nodesproxy/restrict-clusterrole-nodesproxy.yaml
@@ -26,6 +26,9 @@ spec:
         - resources:
             kinds:
               - ClusterRole
+            operations:
+              - CREATE
+              - UPDATE
       validate:
         cel:
           expressions:
diff --git a/rbac-best-practices-cel/restrict-escalation-verbs-roles/restrict-escalation-verbs-roles.yaml b/rbac-best-practices-cel/restrict-escalation-verbs-roles/restrict-escalation-verbs-roles.yaml
index af1ca304..61d8c56c 100644
--- a/rbac-best-practices-cel/restrict-escalation-verbs-roles/restrict-escalation-verbs-roles.yaml
+++ b/rbac-best-practices-cel/restrict-escalation-verbs-roles/restrict-escalation-verbs-roles.yaml
@@ -24,6 +24,9 @@ spec:
             kinds:
               - Role
               - ClusterRole
+            operations:
+              - CREATE
+              - UPDATE
       validate:
         cel:
           expressions:
diff --git a/rbac-best-practices-cel/restrict-wildcard-resources/restrict-wildcard-resources.yaml b/rbac-best-practices-cel/restrict-wildcard-resources/restrict-wildcard-resources.yaml
index b22943a4..469ad577 100644
--- a/rbac-best-practices-cel/restrict-wildcard-resources/restrict-wildcard-resources.yaml
+++ b/rbac-best-practices-cel/restrict-wildcard-resources/restrict-wildcard-resources.yaml
@@ -26,6 +26,9 @@ spec:
             kinds:
               - Role
               - ClusterRole
+            operations:
+              - CREATE
+              - UPDATE
       validate:
         cel:
           expressions: