Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: test VAPs generated by pod security cel policies #1006

Draft
wants to merge 28 commits into
base: main
Choose a base branch
from

Conversation

Chandan-DK
Copy link
Contributor

@Chandan-DK Chandan-DK commented May 14, 2024

Related Issue(s)

Closes #1003

Description

This PR adds tests for VAPs generated by policies in the pod-security-cel folder

Checklist

  • I have read the policy contribution guidelines.
  • I have added test manifests and resources covering both positive and negative tests that prove this policy works as intended.
  • [] I have added the artifacthub-pkg.yml file and have verified it is complete and correct.

@Chandan-DK Chandan-DK marked this pull request as ready for review May 17, 2024 13:41
@chipzoller
Copy link
Contributor

@MariamFahmy98 and @Chandan-DK, please help get this in shape and accepted as it has been outstanding for a few months.

@chipzoller
Copy link
Contributor

Conflicts here now.

@Chandan-DK Chandan-DK marked this pull request as draft August 1, 2024 06:08
@chipzoller
Copy link
Contributor

Please bring out of draft mode when ready for final review.

@chipzoller
Copy link
Contributor

Status?

@Chandan-DK
Copy link
Contributor Author

I will try to get this PR in shape by next week

…stProcess set to true and if any container has hostProcess set to true all the containers must have it too (see comment for the error that would be generated otherwise)

[spec: Invalid value: "": If pod contains any hostProcess containers then all containers must be HostProcess containers, spec.hostNetwork: Invalid value: false: hostNetwork must be true if pod contains any hostProcess containers]

Signed-off-by: Chandan-DK <[email protected]>
… spec.initContainers[0].ports[0].containerPort: Required value) in disallow-host-ports

Signed-off-by: Chandan-DK <[email protected]>
@Chandan-DK Chandan-DK force-pushed the pod-security-cel-test-generated-vaps branch from 8785188 to 2d79945 Compare August 24, 2024 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: No status
Development

Successfully merging this pull request may close these issues.

[Chainsaw Tests] Test generated VAPs of pod security cel policies with Chainsaw
3 participants