sibling of d0a442d

other-cel/prevent-cr8escape/.chainsaw-test/pods-good.yaml

@@ -18,11 +18,11 @@ kind: Pod
 metadata:
   name: goodpod02
 spec:
+  securityContext:
+    allowPrivilegeEscalation: false
   containers:
   - name: busybox
     image: ghcr.io/kyverno/test-busybox:1.35
-    securityContext:
-      allowPrivilegeEscalation: false
 ---
 apiVersion: v1
 kind: Pod
@@ -31,4 +31,5 @@ metadata:
 spec:
   containers:
   - name: busybox
-    image: ghcr.io/kyverno/test-busybox:1.35
+    image: ghcr.io/kyverno/test-busybox:1.35
+

other-cel/require-ingress-https/.chainsaw-test/ingress-good.yaml

@@ -9,7 +9,7 @@ spec:
   ingressClassName: someingress
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - backend:
           service:
@@ -33,7 +33,7 @@ spec:
   ingressClassName: nginx-int
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -43,7 +43,7 @@ spec:
             port:
               number: 80
   - host: endpoint02
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -55,4 +55,5 @@ spec:
   tls:
   - hosts:
     - endpoint01
-    - endpoint02
+    - endpoint02
+

other-cel/require-ingress-https/.kyverno-test/resource.yaml

@@ -32,7 +32,7 @@ spec:
   ingressClassName: nginx-int
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -64,7 +64,7 @@ spec:
   ingressClassName: nginx-int
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -99,7 +99,7 @@ spec:
   ingressClassName: nginx-int
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -130,7 +130,7 @@ spec:
   ingressClassName: someingress
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - backend:
           service:
@@ -154,7 +154,7 @@ spec:
   ingressClassName: nginx-int
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -164,7 +164,7 @@ spec:
             port:
               number: 80
   - host: endpoint02
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix

other-cel/restrict-ingress-classes/.chainsaw-test/ingress-bad.yaml

@@ -7,7 +7,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - backend:
           service:
@@ -27,7 +27,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix

other-cel/restrict-ingress-classes/.chainsaw-test/ingress-good.yaml

@@ -8,7 +8,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - backend:
           service:
@@ -28,7 +28,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix

other-cel/restrict-ingress-defaultbackend/.chainsaw-test/ingress-good.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - backend:
           service:
@@ -22,7 +22,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix

other-cel/restrict-ingress-wildcard/.chainsaw-test/ingress-bad.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   rules:
   - host: "*.foo.bar"
-    http:
+    https:
       paths:
       - backend:
           service:
@@ -22,7 +22,7 @@ metadata:
 spec:
   rules:
   - host: foo-bar
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -32,7 +32,7 @@ spec:
             port:
               number: 80
   - host: "*.example.com"
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -49,7 +49,7 @@ metadata:
 spec:
   rules:
   - host: "*.bar"
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -59,7 +59,7 @@ spec:
             port:
               number: 80
   - host: foo-bar
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix

other-cel/restrict-ingress-wildcard/.chainsaw-test/ingress-good.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    http:
+    https:
       paths:
       - backend:
           service:
@@ -22,7 +22,7 @@ metadata:
 spec:
   rules:
   - host: endpoint02
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -32,7 +32,7 @@ spec:
             port:
               number: 80
   - host: endpoint01
-    http:
+    https:
       paths:
       - path: /testpath
         pathType: Prefix

other-cel/restrict-node-affinity/.chainsaw-test/pod-good.yaml

@@ -14,16 +14,14 @@ metadata:
 spec:
   affinity:
     podAffinity:
-      preferredDuringSchedulingIgnoredDuringExecution:
-      - weight: 100
-        podAffinityTerm:
-          labelSelector:
-            matchExpressions:
-            - key: bar
-              operator: In
-              values:
-              - bar
-          topologyKey: topology.kubernetes.io/zone
+      prefferedDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+          - key: bar
+            operator: In
+            values:
+            - bar
+        topologyKey: topology.kubernetes.io/zone
     podAntiAffinity:
       preferredDuringSchedulingIgnoredDuringExecution:
       - weight: 100
@@ -37,4 +35,5 @@ spec:
           topologyKey: topology.kubernetes.io/zone
   containers:
     - name: busybox
-      image: ghcr.io/kyverno/test-busybox:1.35
+      image: ghcr.io/kyverno/test-busybox:1.35
+

other-cel/restrict-node-affinity/.chainsaw-test/podcontroller-bad.yaml

@@ -52,4 +52,5 @@ spec:
           containers:
           - name: busybox
             image: ghcr.io/kyverno/test-busybox:1.35
-          restartPolicy: OnFailure
+          restartPolicy: OnFailure
+

other-cel/restrict-node-affinity/.chainsaw-test/podcontroller-good.yaml

@@ -17,16 +17,14 @@ spec:
     spec:
       affinity:
         podAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 100
-            podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                - key: bar
-                  operator: In
-                  values:
-                  - bar
-              topologyKey: topology.kubernetes.io/zone
+          prefferedDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: bar
+                operator: In
+                values:
+                - bar
+            topologyKey: topology.kubernetes.io/zone
       containers:
       - name: busybox
         image: ghcr.io/kyverno/test-busybox:1.35
@@ -44,4 +42,5 @@ spec:
           containers:
           - name: busybox
             image: ghcr.io/kyverno/test-busybox:1.35
-          restartPolicy: OnFailure
+          restartPolicy: OnFailure
+

other-cel/restrict-node-affinity/.kyverno-test/resource.yaml

@@ -88,4 +88,5 @@ spec:
               cpu: "500m"
             limits:
               memory: "256Mi"
-              cpu: "500m"
+              cpu: "500m"
+

tekton-cel/require-tekton-bundle/artifacthub-pkg.yml

@@ -19,5 +19,5 @@ annotations:
   kyverno/category: "Tekton in CEL"
   kyverno/kubernetesVersion: "1.26-1.27"
   kyverno/subject: "TaskRun, PipelineRun"
-digest: 040ff6442dff95a14000ef7ac2a4f953659997d19654a8a959c0b59427ac4ee9
+digest: d1031e87d2d3e9496022593cac502bd8382863247803e4bd06a1badbe782ae48
 createdAt: "2024-05-24T04:26:34Z"

tekton-cel/require-tekton-bundle/require-tekton-bundle.yaml

@@ -36,9 +36,6 @@ spec:
       - resources:
           kinds:
           - TaskRun
-          operations:
-          - CREATE
-          - UPDATE
     validate:
       cel:
         expressions: