fix: modify the ingress resource

other-cel/prevent-cr8escape/.chainsaw-test/pods-good.yaml

@@ -18,11 +18,11 @@ kind: Pod
 metadata:
   name: goodpod02
 spec:
-  securityContext:
-    allowPrivilegeEscalation: false
   containers:
   - name: busybox
     image: ghcr.io/kyverno/test-busybox:1.35
+    securityContext:
+      allowPrivilegeEscalation: false
 ---
 apiVersion: v1
 kind: Pod
@@ -31,5 +31,4 @@ metadata:
 spec:
   containers:
   - name: busybox
-    image: ghcr.io/kyverno/test-busybox:1.35
-
+    image: ghcr.io/kyverno/test-busybox:1.35

other-cel/require-ingress-https/.chainsaw-test/ingress-good.yaml

@@ -9,7 +9,7 @@ spec:
   ingressClassName: someingress
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - backend:
           service:
@@ -33,7 +33,7 @@ spec:
   ingressClassName: nginx-int
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -43,7 +43,7 @@ spec:
             port:
               number: 80
   - host: endpoint02
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -55,5 +55,4 @@ spec:
   tls:
   - hosts:
     - endpoint01
-    - endpoint02
-
+    - endpoint02

other-cel/require-ingress-https/.kyverno-test/resource.yaml

@@ -32,7 +32,7 @@ spec:
   ingressClassName: nginx-int
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -64,7 +64,7 @@ spec:
   ingressClassName: nginx-int
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -99,7 +99,7 @@ spec:
   ingressClassName: nginx-int
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -130,7 +130,7 @@ spec:
   ingressClassName: someingress
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - backend:
           service:
@@ -154,7 +154,7 @@ spec:
   ingressClassName: nginx-int
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -164,7 +164,7 @@ spec:
             port:
               number: 80
   - host: endpoint02
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix

other-cel/restrict-ingress-classes/.chainsaw-test/ingress-bad.yaml

@@ -7,7 +7,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - backend:
           service:
@@ -27,7 +27,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix

other-cel/restrict-ingress-classes/.chainsaw-test/ingress-good.yaml

@@ -8,7 +8,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - backend:
           service:
@@ -28,7 +28,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix

other-cel/restrict-ingress-defaultbackend/.chainsaw-test/ingress-good.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - backend:
           service:
@@ -22,7 +22,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix

other-cel/restrict-ingress-wildcard/.chainsaw-test/ingress-bad.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   rules:
   - host: "*.foo.bar"
-    https:
+    http:
       paths:
       - backend:
           service:
@@ -22,7 +22,7 @@ metadata:
 spec:
   rules:
   - host: foo-bar
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -32,7 +32,7 @@ spec:
             port:
               number: 80
   - host: "*.example.com"
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -49,7 +49,7 @@ metadata:
 spec:
   rules:
   - host: "*.bar"
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -59,7 +59,7 @@ spec:
             port:
               number: 80
   - host: foo-bar
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix

other-cel/restrict-ingress-wildcard/.chainsaw-test/ingress-good.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   rules:
   - host: endpoint01
-    https:
+    http:
       paths:
       - backend:
           service:
@@ -22,7 +22,7 @@ metadata:
 spec:
   rules:
   - host: endpoint02
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix
@@ -32,7 +32,7 @@ spec:
             port:
               number: 80
   - host: endpoint01
-    https:
+    http:
       paths:
       - path: /testpath
         pathType: Prefix

other-cel/restrict-node-affinity/.chainsaw-test/pod-good.yaml

@@ -14,14 +14,16 @@ metadata:
 spec:
   affinity:
     podAffinity:
-      prefferedDuringSchedulingIgnoredDuringExecution:
-      - labelSelector:
-          matchExpressions:
-          - key: bar
-            operator: In
-            values:
-            - bar
-        topologyKey: topology.kubernetes.io/zone
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+            - key: bar
+              operator: In
+              values:
+              - bar
+          topologyKey: topology.kubernetes.io/zone
     podAntiAffinity:
       preferredDuringSchedulingIgnoredDuringExecution:
       - weight: 100
@@ -35,5 +37,4 @@ spec:
           topologyKey: topology.kubernetes.io/zone
   containers:
     - name: busybox
-      image: ghcr.io/kyverno/test-busybox:1.35
-
+      image: ghcr.io/kyverno/test-busybox:1.35

other-cel/restrict-node-affinity/.chainsaw-test/podcontroller-bad.yaml

@@ -52,5 +52,4 @@ spec:
           containers:
           - name: busybox
             image: ghcr.io/kyverno/test-busybox:1.35
-          restartPolicy: OnFailure
-
+          restartPolicy: OnFailure

other-cel/restrict-node-affinity/.chainsaw-test/podcontroller-good.yaml

@@ -17,14 +17,16 @@ spec:
     spec:
       affinity:
         podAffinity:
-          prefferedDuringSchedulingIgnoredDuringExecution:
-          - labelSelector:
-              matchExpressions:
-              - key: bar
-                operator: In
-                values:
-                - bar
-            topologyKey: topology.kubernetes.io/zone
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: bar
+                  operator: In
+                  values:
+                  - bar
+              topologyKey: topology.kubernetes.io/zone
       containers:
       - name: busybox
         image: ghcr.io/kyverno/test-busybox:1.35
@@ -42,5 +44,4 @@ spec:
           containers:
           - name: busybox
             image: ghcr.io/kyverno/test-busybox:1.35
-          restartPolicy: OnFailure
-
+          restartPolicy: OnFailure

other-cel/restrict-node-affinity/.kyverno-test/resource.yaml

@@ -88,5 +88,4 @@ spec:
               cpu: "500m"
             limits:
               memory: "256Mi"
-              cpu: "500m"
-
+              cpu: "500m"

tekton-cel/require-tekton-bundle/artifacthub-pkg.yml

@@ -19,5 +19,5 @@ annotations:
   kyverno/category: "Tekton in CEL"
   kyverno/kubernetesVersion: "1.26-1.27"
   kyverno/subject: "TaskRun, PipelineRun"
-digest: d1031e87d2d3e9496022593cac502bd8382863247803e4bd06a1badbe782ae48
+digest: 040ff6442dff95a14000ef7ac2a4f953659997d19654a8a959c0b59427ac4ee9
 createdAt: "2024-05-24T04:26:34Z"

tekton-cel/require-tekton-bundle/require-tekton-bundle.yaml

@@ -36,6 +36,9 @@ spec:
       - resources:
           kinds:
           - TaskRun
+          operations:
+          - CREATE
+          - UPDATE
     validate:
       cel:
         expressions: