appvia · renovate · Aug 3, 2023 · Aug 2, 2023 · Aug 3, 2023 · Aug 3, 2023
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -229,7 +229,7 @@ jobs:
       - if: matrix.system == 'gatekeeper'
         name: Install gatekeeper
         run: |
-          kubectl apply --wait -f https://raw.github.com/open-policy-agent/gatekeeper/release-3.7/deploy/gatekeeper.yaml
+          kubectl apply --wait -f https://raw.github.com/open-policy-agent/gatekeeper/release-3.12/deploy/gatekeeper.yaml
           kubectl wait --for=condition=available --timeout=600s  -n gatekeeper-system \
             deployment/gatekeeper-audit \
             deployment/gatekeeper-controller-manager

diff --git a/tests/allowPrivilegeEscalation/kyverno.yaml b/tests/allowPrivilegeEscalation/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-allowprivilegeescalation
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
   - name: psp-allowprivilegeescalation
     match:

diff --git a/tests/allowedCapabilities/kyverno.yaml b/tests/allowedCapabilities/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-allowedcapabilities
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
   # Checks initContainers to ensure they don't add anything other than what is permitted.
   - name: psp-allowedcapabilities-initcontainers

diff --git a/tests/allowedFlexVolumes/kyverno.yaml b/tests/allowedFlexVolumes/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-allowedflexvolumes
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: psp-allowedflexvolumes
       match:

diff --git a/tests/allowedHostPaths/kyverno.yaml b/tests/allowedHostPaths/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-allowedhostpaths
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
   - name: host-path
     match:

diff --git a/tests/allowedProcMountTypes/kyverno.yaml b/tests/allowedProcMountTypes/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: pspallowedprocmounttypes
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: check-proc-mount
       match:

diff --git a/tests/allowedUnsafeSysctls/kyverno.yaml b/tests/allowedUnsafeSysctls/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-allowedunsafesysctls
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   background: true
   rules:
     - name: sysctls

diff --git a/tests/apparmor/kyverno.yaml b/tests/apparmor/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-apparmor
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: app-armor
       match:

diff --git a/tests/defaultAddCapabilities/kyverno-helper.yaml b/tests/defaultAddCapabilities/kyverno-helper.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-defaultaddcapabilitiescheck
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
   - name: psp-defaultaddcapabilitiescheck
     match:

diff --git a/tests/defaultAllowPrivilegeEscalation/kyverno.yaml b/tests/defaultAllowPrivilegeEscalation/kyverno.yaml
@@ -21,7 +21,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-allowprivilegeescalation
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
   - name: psp-allowprivilegeescalation
     match:

diff --git a/tests/forbiddenSysctls/kyverno.yaml b/tests/forbiddenSysctls/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-forbiddensysctls
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   background: true
   rules:
     - name: sysctls

diff --git a/tests/fsgroup/kyverno.yaml b/tests/fsgroup/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-fsgroup
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: psp-fsgroup
       match:

diff --git a/tests/hostIPC/kyverno.yaml b/tests/hostIPC/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-host-namespace
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: host-namespaces
       match:

diff --git a/tests/hostNetwork/kyverno.yaml b/tests/hostNetwork/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-host-namespace
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: host-namespaces
       match:

diff --git a/tests/hostPID/kyverno.yaml b/tests/hostPID/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-host-namespace
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: host-namespaces
       match:

diff --git a/tests/hostPorts/kyverno.yaml b/tests/hostPorts/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-hostports
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: host-ports
       match:

diff --git a/tests/kind-config-gatekeeper.yaml b/tests/kind-config-gatekeeper.yaml
@@ -5,4 +5,4 @@ featureGates:
   ProcMountType: true
 nodes:
   - role: control-plane
-    image: kindest/node:v1.24.2
+    image: kindest/node:v1.27.3
diff --git a/tests/kind-config-krail.yaml b/tests/kind-config-krail.yaml
@@ -5,4 +5,4 @@ featureGates:
   SeccompDefault: true
 nodes:
   - role: control-plane
-    image: kindest/node:v1.24.2
+    image: kindest/node:v1.27.3
diff --git a/tests/kind-config-kubewarden.yaml b/tests/kind-config-kubewarden.yaml
@@ -5,4 +5,4 @@ featureGates:
   ProcMountType: true
 nodes:
   - role: control-plane
-    image: kindest/node:v1.24.2
+    image: kindest/node:v1.27.3
diff --git a/tests/kind-config-kyverno.yaml b/tests/kind-config-kyverno.yaml
@@ -5,4 +5,4 @@ featureGates:
   ProcMountType: true
 nodes:
   - role: control-plane
-    image: kindest/node:v1.24.2
+    image: kindest/node:v1.24.3
diff --git a/tests/kind-config-pss.yaml b/tests/kind-config-pss.yaml
@@ -6,4 +6,4 @@ featureGates:
   PodSecurity: true
 nodes:
   - role: control-plane
-    image: kindest/node:v1.24.2
+    image: kindest/node:v1.27.3
diff --git a/tests/privileged/kyverno.yaml b/tests/privileged/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-privileged-container
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: privileged-containers
       match:

diff --git a/tests/readOnlyRootFilesystem/kyverno.yaml b/tests/readOnlyRootFilesystem/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-readonlyrootfilesystem
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: psp-readonlyrootfilesystem
       match:

diff --git a/tests/requiredDropCapabilities/kyverno.yaml b/tests/requiredDropCapabilities/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-requireddropcapabilities
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
   - name: psp-requireddropcapabilities
     match:

diff --git a/tests/runAsGroup/kyverno.yaml b/tests/runAsGroup/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-runasgroup
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: psp-runasgroup
       match:

diff --git a/tests/runAsUser/kyverno.yaml b/tests/runAsUser/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-runasuser
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: psp-runasuser
       match:

diff --git a/tests/seLinux/kyverno.yaml b/tests/seLinux/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-selinux
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
     - name: seLinux
       match:

diff --git a/tests/seccomp/kyverno.yaml b/tests/seccomp/kyverno.yaml
@@ -4,7 +4,7 @@ metadata:
   name: psp-seccomp
 spec:
   background: true
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
   - name: restrict-seccomp
     match:

diff --git a/tests/supplementalGroups/kyverno.yaml b/tests/supplementalGroups/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-supplementalgroups
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   rules:
   - name: psp-supplementalgroup
     match:

diff --git a/tests/tests.bats b/tests/tests.bats
@@ -16,7 +16,7 @@ setup() {
       while [[ $(kubectl get -f tests/${testcase}/${SYSTEM}.yaml -o 'jsonpath={..status.ready}') != *"true"* ]]; do sleep 1; done
     fi
     if [ "${SYSTEM}" == "kubewarden" ]; then
-      kubectl wait --for=condition=PolicyActive --timeout=60s -f tests/${testcase}/${SYSTEM}.yaml
+      kubectl wait --for=condition=PolicyActive --timeout=120s -f tests/${testcase}/${SYSTEM}.yaml
       kubectl -n kubewarden rollout status deployment policy-server-default
       while [[ $(kubectl -n kubewarden get po -l app=kubewarden-policy-server-default | grep "Terminating") ]]; do sleep 1; done
     fi

diff --git a/tests/volumes/kyverno.yaml b/tests/volumes/kyverno.yaml
@@ -3,7 +3,7 @@ kind: ClusterPolicy
 metadata:
   name: psp-volumes
 spec:
-  validationFailureAction: enforce
+  validationFailureAction: Enforce
   background: false
   rules:
   - name: allowed-vols