Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Chainsaw Tests] Add Chainsaw Test for Pod Security Sub-rule Baseline Cluster Policy #1063

Conversation

mohamedawnallah
Copy link

@mohamedawnallah mohamedawnallah commented Jul 6, 2024

Related Issue(s)

Partial Fix for Issue #950

Description

Chainsaw test the podsecurity-subrule-baseline.yaml Cluster Policy with privileged and non-privileged pods as test manifests.

Additional Context

Kubernetes Pod Security Standards Docs:
https://kubernetes.io/docs/concepts/security/pod-security-standards/

Checklist

  • I have read the policy contribution guidelines.
  • I have added test manifests and resources covering both positive and negative tests that prove this policy works as intended.
  • I have added the artifacthub-pkg.yml file and have verified it is complete and correct.

Copy link
Contributor

@chipzoller chipzoller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Appreciate adding this, but we really want more comprehensive tests here. Because the subrule encompasses an entire profile (baseline in this case), we really want to test ALL the controls in that profile. Take a look at all the separate policies here. We really want to incorporate all of these test resources (check the .kyverno-test folders) as input test resources into this Chainsaw test. Because they are so extensive in number, in this case it may be OK to just reference them rather than copy-and-paste.

@chipzoller
Copy link
Contributor

Any update?

@mohamedawnallah
Copy link
Author

I apologize, but I thought I would have time to work on this. Feel free, anyone, to build upon my work here. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants