Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added the chainsaw tests for pod security and rbac policies #106

Merged
merged 8 commits into from
Feb 21, 2024
Merged

Added the chainsaw tests for pod security and rbac policies #106

merged 8 commits into from
Feb 21, 2024

Conversation

nsathyaseelan
Copy link
Contributor

  • The Chainsaw test has been incorporated for the default curated policies of Nirmata Kyverno, and the existing KUTTL test suite has been eliminated.

  • These Chainsaw tests are designed to execute with released versions of all Nirmata Kyverno instances across all supported Kubernetes versions.

  • Each Chainsaw test is responsible for validating the following policy aspects:

    1. Creating the policy and verifying its status
    2. Creating the remediate/mutate policy and checking its status (if applicable)
    3. Generating a resource in the presence of the mutate policy
    4. Verifying that the report does not contain any error or fail summaries
    5. Removing the remediate policy
    6. Transitioning the policy from Audit to Enforce mode
    7. Creating a resource that adheres to the policy rule and confirming its successful creation
    8. Attempting to create a resource that violates the policy and confirming that the resource creation is blocked.

@nsathyaseelan nsathyaseelan self-assigned this Dec 18, 2023
anusha94
anusha94 reviewed Feb 14, 2024
View reviewed changes
.github/workflows/chainsaw-e2e.yaml Outdated
strategy:
fail-fast: false
matrix:
k8s-version: [v1.28.0, v1.27.3, v1.26.3, v1.25.8, v1.24.12, v1.23.17]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update to the latest patch in 1.28 series and add support for 1.29

.github/workflows/chainsaw-e2e.yaml Outdated
fail-fast: false
matrix:
k8s-version: [v1.28.0, v1.27.3, v1.26.3, v1.25.8, v1.24.12, v1.23.17]
n4k-chart-version: [1.6.11, 3.0.9]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this include n4k 1.11?

.github/workflows/chainsaw-e2e.yaml Outdated
run: make wait-for-kyverno

- name: Install chainsaw
uses: kyverno/action-install-chainsaw@6ab03ccb2c8309b5f494fcbc78ec3a2d80cfabee # v0.1.0
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update to latest release v0.1.4

@anusha94 anusha94 mentioned this pull request Feb 15, 2024
Closed
@anusha94 anusha94 merged commit 106d05d into main Feb 21, 2024
8 checks passed
@nsathyaseelan nsathyaseelan deleted the chainsaw-test branch February 21, 2024 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anusha94 anusha94 anusha94 approved these changes

Assignees

@nsathyaseelan nsathyaseelan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nsathyaseelan @anusha94