diff --git a/e2e.bats b/e2e.bats index 072a3cd..fb9d3a5 100644 --- a/e2e.bats +++ b/e2e.bats @@ -2,15 +2,21 @@ @test "Accept a valid signature" { run kwctl run --request-path test_data/pod_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ] } @test "Reject invalid signature" { run kwctl run --request-path test_data/pod_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ] [ $(expr "$output" : '.*"message":"Pod invalid-pod-name is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ] } @@ -18,115 +24,155 @@ @test "Mutate Pod definition" { # Need to run the command inside of `bash -c` because of a bats # limitation: https://bats-core.readthedocs.io/en/stable/gotchas.html?highlight=pipe#my-piped-command-does-not-work-under-run - run bash -c 'kwctl run \ --request-path test_data/pod_creation_signed.json \ --settings-path test_data/settings-mutation-enabled.yaml \ annotated-policy.wasm 2>/dev/null | jq -er ".patch | @base64d"' + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*ghcr.io/kubewarden/test-verify-image-signatures:signed@sha256:1d9d3da4c60d27b77bb96bba738319c1c4424853fdd10f65982f9f2ca2422a72.*') -ne 0 ] } @test "Do not mutate Pod definition" { # Need to run the command inside of `bash -c` because of a bats # limitation: https://bats-core.readthedocs.io/en/stable/gotchas.html?highlight=pipe#my-piped-command-does-not-work-under-run - run bash -c 'kwctl run \ --request-path test_data/pod_creation_signed.json \ --settings-path test_data/settings-mutation-disabled.yaml \ annotated-policy.wasm 2>/dev/null | jq -er ".patch"' + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 1 ] - echo "$output" [ $(expr "$output" : 'null') -ne 0 ] } @test "Accept a valid signature in a Deployment" { run kwctl run --request-path test_data/deployment_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ] } @test "Reject invalid signature in a Deployment" { run kwctl run --request-path test_data/deployment_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ] [ $(expr "$output" : '.*is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ] } @test "Accept a valid signature in a StatefulSet" { run kwctl run --request-path test_data/statefulset_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ] } @test "Reject invalid signature in a StatefulSet" { run kwctl run --request-path test_data/statefulset_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ] [ $(expr "$output" : '.*is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ] } @test "Accept a valid signature in a ReplicaSet" { run kwctl run --request-path test_data/replicaset_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ] } @test "Reject invalid signature in a ReplicaSet" { run kwctl run --request-path test_data/replicaset_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ] [ $(expr "$output" : '.*is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ] } @test "Accept a valid signature in a ReplicationController" { run kwctl run --request-path test_data/replicationcontroller_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ] } @test "Reject invalid signature in a ReplicationController" { run kwctl run --request-path test_data/replicationcontroller_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ] [ $(expr "$output" : '.*is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ] } @test "Accept a valid signature in a Job" { run kwctl run --request-path test_data/job_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ] } @test "Reject invalid signature in a Job" { run kwctl run --request-path test_data/job_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ] [ $(expr "$output" : '.*is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ] } @test "Accept a valid signature in a CronJob" { run kwctl run --request-path test_data/cronjob_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ] } @test "Reject invalid signature in a CronJob" { run kwctl run --request-path test_data/cronjob_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ] [ $(expr "$output" : '.*is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ] } @@ -139,8 +185,11 @@ --request-path test_data/pod_creation_signed_with_certificate.json \ --settings-path test_data/settings-pod_signed_with_cert_and_rekor.yaml \ annotated-policy.wasm | jq -r ".patch | @base64d"' + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 0 ] - echo "$output" [ $(expr "$output" : '.*ghcr.io/kubewarden/tests/pod-privileged:v0.2.1@sha256:db48aecd83c2826eba154a84c4fbabe0977f96b3360b4c6098578eae5c2d2882.*') -ne 0 ] } @@ -149,8 +198,11 @@ --request-path test_data/pod_creation_signed_with_certificate.json \ --settings-path test_data/settings-cert-verification-wrong-cert-chain.yaml \ annotated-policy.wasm + + # this prints the output when one the checks below fails + echo "output = ${output}" + [ "$status" -eq 1 ] - echo "$output" [ $(expr "$output" : '.*Provided settings are not valid.*') -ne 0 ] [ $(expr "$output" : '.*Certificate not trusted: Certificate is not trusted by the provided cert chain.*') -ne 0 ] } diff --git a/test_data/cronjob_creation_signed.json b/test_data/cronjob_creation_signed.json index 39c2f37..869e699 100644 --- a/test_data/cronjob_creation_signed.json +++ b/test_data/cronjob_creation_signed.json @@ -1,9 +1,28 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { + "group": "batch", "kind": "CronJob", "version": "v1" }, + "resource": { + "group": "batch", + "version": "v1", + "resource": "cronjobs" + }, + "requestKind": { + "group": "batch", + "version": "v1", + "kind": "CronJob" + }, + "userInfo": { + "username": "alice", + "uid": "alice-uid", + "groups": [ + "system:authenticated" + ] + }, + "operation": "CREATE", "object": { "metadata": { "name": "nginx" @@ -25,17 +44,5 @@ } } } - }, - "operation": "CREATE", - "requestKind": { - "version": "v1", - "kind": "Job" - }, - "userInfo": { - "username": "alice", - "uid": "alice-uid", - "groups": [ - "system:authenticated" - ] } -} \ No newline at end of file +} diff --git a/test_data/cronjob_creation_unsigned.json b/test_data/cronjob_creation_unsigned.json index 2b0e9b6..5a9e191 100644 --- a/test_data/cronjob_creation_unsigned.json +++ b/test_data/cronjob_creation_unsigned.json @@ -1,9 +1,28 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { + "group": "batch", "kind": "CronJob", "version": "v1" }, + "resource": { + "group": "batch", + "version": "v1", + "resource": "cronjobs" + }, + "operation": "CREATE", + "requestKind": { + "group": "batch", + "version": "v1", + "kind": "CronJob" + }, + "userInfo": { + "username": "alice", + "uid": "alice-uid", + "groups": [ + "system:authenticated" + ] + }, "object": { "metadata": { "name": "nginx" @@ -25,17 +44,5 @@ } } } - }, - "operation": "CREATE", - "requestKind": { - "version": "v1", - "kind": "Job" - }, - "userInfo": { - "username": "alice", - "uid": "alice-uid", - "groups": [ - "system:authenticated" - ] } -} \ No newline at end of file +} diff --git a/test_data/daemonset_creation_signed.json b/test_data/daemonset_creation_signed.json index c77bed0..8a65b1f 100644 --- a/test_data/daemonset_creation_signed.json +++ b/test_data/daemonset_creation_signed.json @@ -1,9 +1,28 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { + "group": "apps", "kind": "DaemonSet", "version": "v1" }, + "resource": { + "group": "apps", + "version": "v1", + "resource": "daemonsets" + }, + "operation": "CREATE", + "requestKind": { + "group": "apps", + "version": "v1", + "kind": "DaemonSet" + }, + "userInfo": { + "username": "alice", + "uid": "alice-uid", + "groups": [ + "system:authenticated" + ] + }, "object": { "metadata": { "name": "nginx" @@ -20,17 +39,5 @@ } } } - }, - "operation": "CREATE", - "requestKind": { - "version": "v1", - "kind": "DaemonSet" - }, - "userInfo": { - "username": "alice", - "uid": "alice-uid", - "groups": [ - "system:authenticated" - ] } -} \ No newline at end of file +} diff --git a/test_data/daemonset_creation_unsigned.json b/test_data/daemonset_creation_unsigned.json index 1c82a67..8d8810e 100644 --- a/test_data/daemonset_creation_unsigned.json +++ b/test_data/daemonset_creation_unsigned.json @@ -1,9 +1,28 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { + "group": "apps", "kind": "DaemonSet", "version": "v1" }, + "resource": { + "group": "apps", + "version": "v1", + "resource": "daemonsets" + }, + "operation": "CREATE", + "requestKind": { + "group": "apps", + "version": "v1", + "kind": "DaemonSet" + }, + "userInfo": { + "username": "alice", + "uid": "alice-uid", + "groups": [ + "system:authenticated" + ] + }, "object": { "metadata": { "name": "nginx" @@ -20,17 +39,5 @@ } } } - }, - "operation": "CREATE", - "requestKind": { - "version": "v1", - "kind": "DaemonSet" - }, - "userInfo": { - "username": "alice", - "uid": "alice-uid", - "groups": [ - "system:authenticated" - ] } -} \ No newline at end of file +} diff --git a/test_data/deployment_creation_signed.json b/test_data/deployment_creation_signed.json index 52ad5a5..ea3d7dc 100644 --- a/test_data/deployment_creation_signed.json +++ b/test_data/deployment_creation_signed.json @@ -1,9 +1,15 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { + "group": "apps", "kind": "Deployment", "version": "v1" }, + "resource": { + "group": "apps", + "version": "v1", + "resource": "deployments" + }, "object": { "metadata": { "name": "nginx" @@ -23,6 +29,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "apps", "version": "v1", "kind": "Deployment" }, @@ -33,4 +40,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/deployment_creation_unsigned.json b/test_data/deployment_creation_unsigned.json index b80cb14..8661c5c 100644 --- a/test_data/deployment_creation_unsigned.json +++ b/test_data/deployment_creation_unsigned.json @@ -1,9 +1,15 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { + "group": "apps", "kind": "Deployment", "version": "v1" }, + "resource": { + "group": "apps", + "version": "v1", + "resource": "deployments" + }, "object": { "metadata": { "name": "nginx" @@ -23,6 +29,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "apps", "version": "v1", "kind": "Deployment" }, @@ -33,4 +40,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/job_creation_signed.json b/test_data/job_creation_signed.json index aafc3d0..24e7a4b 100644 --- a/test_data/job_creation_signed.json +++ b/test_data/job_creation_signed.json @@ -1,8 +1,14 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { - "kind": "Job", - "version": "v1" + "group": "batch", + "version": "v1", + "kind": "Job" + }, + "resource": { + "group": "batch", + "version": "v1", + "resource": "jobs" }, "object": { "metadata": { @@ -23,6 +29,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "batch", "version": "v1", "kind": "Job" }, @@ -33,4 +40,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/job_creation_unsigned.json b/test_data/job_creation_unsigned.json index 9ca1acc..8bf3b95 100644 --- a/test_data/job_creation_unsigned.json +++ b/test_data/job_creation_unsigned.json @@ -1,8 +1,14 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { - "kind": "Job", - "version": "v1" + "group": "batch", + "version": "v1", + "kind": "Job" + }, + "resource": { + "group": "batch", + "version": "v1", + "resource": "jobs" }, "object": { "metadata": { @@ -23,6 +29,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "batch", "version": "v1", "kind": "Job" }, @@ -33,4 +40,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/pod_creation_signed.json b/test_data/pod_creation_signed.json index 2b7ad76..0683d06 100644 --- a/test_data/pod_creation_signed.json +++ b/test_data/pod_creation_signed.json @@ -1,9 +1,15 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { + "group": "", "kind": "Pod", "version": "v1" }, + "resource": { + "group": "", + "version": "v1", + "resource": "pods" + }, "object": { "metadata": { "name": "nginx" @@ -19,6 +25,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "", "version": "v1", "kind": "Pod" }, @@ -29,4 +36,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/pod_creation_signed_with_certificate.json b/test_data/pod_creation_signed_with_certificate.json index 77bcd4e..03a2608 100644 --- a/test_data/pod_creation_signed_with_certificate.json +++ b/test_data/pod_creation_signed_with_certificate.json @@ -1,9 +1,15 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { + "group": "", "kind": "Pod", "version": "v1" }, + "resource": { + "group": "", + "version": "v1", + "resource": "pods" + }, "object": { "metadata": { "name": "nginx" @@ -19,6 +25,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "", "version": "v1", "kind": "Pod" }, diff --git a/test_data/pod_creation_unsigned.json b/test_data/pod_creation_unsigned.json index eaba9bf..eae3597 100644 --- a/test_data/pod_creation_unsigned.json +++ b/test_data/pod_creation_unsigned.json @@ -1,9 +1,15 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { + "group": "", "kind": "Pod", "version": "v1" }, + "resource": { + "group": "", + "version": "v1", + "resource": "pods" + }, "object": { "metadata": { "name": "invalid-pod-name" @@ -19,6 +25,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "", "version": "v1", "kind": "Pod" }, @@ -29,4 +36,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/pod_creation_with_digest.json b/test_data/pod_creation_with_digest.json index de88ec9..79cd38b 100644 --- a/test_data/pod_creation_with_digest.json +++ b/test_data/pod_creation_with_digest.json @@ -1,9 +1,15 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { + "group": "", "kind": "Pod", "version": "v1" }, + "resource": { + "group": "", + "version": "v1", + "resource": "pods" + }, "object": { "metadata": { "name": "nginx" @@ -19,6 +25,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "", "version": "v1", "kind": "Pod" }, @@ -29,4 +36,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/pod_creation_with_init_container.json b/test_data/pod_creation_with_init_container.json index 9458905..adce89f 100644 --- a/test_data/pod_creation_with_init_container.json +++ b/test_data/pod_creation_with_init_container.json @@ -1,9 +1,15 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { + "group": "", "kind": "Pod", "version": "v1" }, + "resource": { + "group": "", + "version": "v1", + "resource": "pods" + }, "object": { "metadata": { "name": "nginx" @@ -25,6 +31,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "", "version": "v1", "kind": "Pod" }, @@ -35,4 +42,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/replicaset_creation_signed.json b/test_data/replicaset_creation_signed.json index be2551d..fc56175 100644 --- a/test_data/replicaset_creation_signed.json +++ b/test_data/replicaset_creation_signed.json @@ -1,8 +1,14 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { - "kind": "ReplicaSet", - "version": "v1" + "group": "apps", + "version": "v1", + "kind": "ReplicaSet" + }, + "resource": { + "group": "apps", + "version": "v1", + "resource": "replicasets" }, "object": { "metadata": { @@ -23,6 +29,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "apps", "version": "v1", "kind": "ReplicaSet" }, @@ -33,4 +40,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/replicaset_creation_unsigned.json b/test_data/replicaset_creation_unsigned.json index 5ba51b2..9a6ec51 100644 --- a/test_data/replicaset_creation_unsigned.json +++ b/test_data/replicaset_creation_unsigned.json @@ -1,8 +1,14 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { - "kind": "ReplicaSet", - "version": "v1" + "group": "apps", + "version": "v1", + "kind": "ReplicaSet" + }, + "resource": { + "group": "apps", + "version": "v1", + "resource": "replicasets" }, "object": { "metadata": { @@ -23,6 +29,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "apps", "version": "v1", "kind": "ReplicaSet" }, @@ -33,4 +40,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/replicationcontroller_creation_signed.json b/test_data/replicationcontroller_creation_signed.json index 4469d33..8428437 100644 --- a/test_data/replicationcontroller_creation_signed.json +++ b/test_data/replicationcontroller_creation_signed.json @@ -1,8 +1,14 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { - "kind": "ReplicationController", - "version": "v1" + "group": "", + "version": "v1", + "kind": "ReplicationController" + }, + "resource": { + "group": "", + "version": "v1", + "resource": "replicationcontrollers" }, "object": { "metadata": { @@ -23,6 +29,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "", "version": "v1", "kind": "ReplicationController" }, @@ -33,4 +40,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/replicationcontroller_creation_unsigned.json b/test_data/replicationcontroller_creation_unsigned.json index ecf8683..9b37760 100644 --- a/test_data/replicationcontroller_creation_unsigned.json +++ b/test_data/replicationcontroller_creation_unsigned.json @@ -1,9 +1,15 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { + "group": "", "kind": "ReplicationController", "version": "v1" }, + "resource": { + "group": "", + "version": "v1", + "resource": "replicationcontrollers" + }, "object": { "metadata": { "name": "nginx" @@ -23,6 +29,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "", "version": "v1", "kind": "ReplicationController" }, @@ -33,4 +40,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/statefulset_creation_signed.json b/test_data/statefulset_creation_signed.json index f89178e..90ffe3f 100644 --- a/test_data/statefulset_creation_signed.json +++ b/test_data/statefulset_creation_signed.json @@ -1,8 +1,14 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { - "kind": "StatefulSet", - "version": "v1" + "group": "apps", + "version": "v1", + "kind": "StatefulSet" + }, + "resource": { + "group": "apps", + "version": "v1", + "resource": "statefulsets" }, "object": { "metadata": { @@ -23,6 +29,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "apps", "version": "v1", "kind": "StatefulSet" }, @@ -33,4 +40,4 @@ "system:authenticated" ] } -} \ No newline at end of file +} diff --git a/test_data/statefulset_creation_unsigned.json b/test_data/statefulset_creation_unsigned.json index 025d518..af9ddff 100644 --- a/test_data/statefulset_creation_unsigned.json +++ b/test_data/statefulset_creation_unsigned.json @@ -1,8 +1,14 @@ { "uid": "1299d386-525b-4032-98ae-1949f69f9cfc", "kind": { - "kind": "StatefulSet", - "version": "v1" + "group": "apps", + "version": "v1", + "kind": "StatefulSet" + }, + "resource": { + "group": "apps", + "version": "v1", + "resource": "statefulsets" }, "object": { "metadata": { @@ -23,6 +29,7 @@ }, "operation": "CREATE", "requestKind": { + "group": "apps", "version": "v1", "kind": "StatefulSet" }, @@ -33,4 +40,4 @@ "system:authenticated" ] } -} \ No newline at end of file +}