Migrate the kuttl test for workload securty policy to chainsaw

Signed-off-by: nsathyaseelan <[email protected]>
nirmata · Feb 21, 2024 · e8003f8 · e8003f8
1 parent ead7213
commit e8003f8
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 8 deletions.
diff --git a/charts/best-practices-workload-security/templates/e2e/chainsaw-test.yaml b/charts/best-practices-workload-security/templates/e2e/chainsaw-test.yaml
@@ -1,10 +1,10 @@
 apiVersion: chainsaw.kyverno.io/v1alpha1
 kind: Test
 metadata:
-  name: restrict_image_registries-policy
+  name: restrict-image-registries-policy
 spec:
   steps:
-  - name: test-restrict_image_registries
+  - name: test-restrict-image-registries
     try:
     - apply:
         file: ../../pols/restrict_image_registries.yaml
@@ -17,9 +17,11 @@ spec:
           name: restrict-image-registries
     - script:
         content: |
-          sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' ../restrict_image_registries.yaml | kubectl apply -f - 
+          sed 's/validationFailureAction: Audit/validationFailureAction: Enforce/' ../../pols/restrict_image_registries.yaml | kubectl apply -f - 
     - assert:
         file: enforce-policy-assert.yaml
+    - apply:
+        file: good-resource.yaml
     - script:
         content: |
           if kubectl debug -it goodpod02-registry --image=busybox:1.35 --target=k8s-nginx -n ir-pods-namespace; then exit 1; else exit 0; fi;

diff --git a/...ity/baseline/disallow-privileged-containers/remediate-disallow-privileged-containers.yaml b/...ity/baseline/disallow-privileged-containers/remediate-disallow-privileged-containers.yaml
@@ -20,12 +20,12 @@ spec:
                 - Job
                 - DaemonSet
       mutate:
-        foreach: 
+        foreach:
           - list: request.object.spec.template.spec.containers[]
             order: Descending
             preconditions:
               all:
-              - key: "{{ element.securityContext && element.securityContext.privileged }}"
+              - key: "{{ element.securityContext && element.securityContext.privileged || 'false' }}"
                 operator: Equals
                 value: true
             patchesJson6902: |-
@@ -36,7 +36,7 @@ spec:
             order: Descending
             preconditions:
               all:
-              - key: "{{ element.securityContext && element.securityContext.privileged }}"
+              - key: "{{ element.securityContext && element.securityContext.privileged || 'false'  }}"
                 operator: Equals
                 value: true
             patchesJson6902: |-
@@ -47,10 +47,10 @@ spec:
             order: Descending
             preconditions:
               all:
-              - key: "{{ element.securityContext && element.securityContext.privileged }}"
+              - key: "{{ element.securityContext && element.securityContext.privileged || 'false'  }}"
                 operator: Equals
                 value: true
             patchesJson6902: |-
               - path: /spec/template/spec/ephemeralContainers/{{elementIndex}}/securityContext/privileged
                 op: replace
-                value: false
+                value: false