fix background-false

Signed-off-by: ShutingZhao <[email protected]>

test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-step-01-apply-1-1.yaml

@@ -1,36 +1,4 @@
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
+apiVersion: v1
+kind: Namespace
 metadata:
-  annotations:
-    kyverno.io/kubernetes-version: "1.24"
-    kyverno.io/kyverno-version: 1.8.0
-    policies.kyverno.io/category: Pod Security Admission
-    policies.kyverno.io/description: 'When Pod Security Admission is configured with
-      a cluster-wide AdmissionConfiguration file which sets either baseline or restricted,
-      for example in many PaaS CIS profiles, it may be necessary to relax this to
-      privileged on a per-Namespace basis so that more granular control can be provided.
-      This policy labels new and existing Namespaces, except that of kube-system,
-      with the `pod-security.kubernetes.io/enforce: privileged` label.      '
-    policies.kyverno.io/minversion: 1.7.0
-    policies.kyverno.io/severity: medium
-    policies.kyverno.io/subject: Namespace
-    policies.kyverno.io/title: Add Privileged Label to Existing Namespaces
-  name: add-privileged-existing-namespaces
-spec:
-  background: false
-  mutateExistingOnPolicyUpdate: true
-  rules:
-  - match:
-      any:
-      - resources:
-          kinds:
-          - Namespace
-    mutate:
-      patchStrategicMerge:
-        metadata:
-          labels:
-            foo: bar
-      targets:
-      - apiVersion: v1
-        kind: Namespace
-    name: label-privileged-namespaces
+  name: background-false-ns

test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-step-01-apply-1-2.yaml

@@ -0,0 +1,39 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  annotations:
+    kyverno.io/kubernetes-version: "1.24"
+    kyverno.io/kyverno-version: 1.8.0
+    policies.kyverno.io/category: Pod Security Admission
+    policies.kyverno.io/description: 'When Pod Security Admission is configured with
+      a cluster-wide AdmissionConfiguration file which sets either baseline or restricted,
+      for example in many PaaS CIS profiles, it may be necessary to relax this to
+      privileged on a per-Namespace basis so that more granular control can be provided.
+      This policy labels new and existing Namespaces, except that of kube-system,
+      with the `pod-security.kubernetes.io/enforce: privileged` label.      '
+    policies.kyverno.io/minversion: 1.7.0
+    policies.kyverno.io/severity: medium
+    policies.kyverno.io/subject: Namespace
+    policies.kyverno.io/title: Add Privileged Label to Existing Namespaces
+  name: add-privileged-existing-namespaces
+spec:
+  background: false
+  mutateExistingOnPolicyUpdate: true
+  rules:
+  - match:
+      any:
+      - resources:
+          kinds:
+          - Namespace
+          names:
+          - background-false-ns
+    mutate:
+      patchStrategicMerge:
+        metadata:
+          labels:
+            foo: bar
+      targets:
+      - apiVersion: v1
+        kind: Namespace
+        name: background-false-ns
+    name: label-privileged-namespaces

test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-step-03-assert-1-1.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
+  name: background-false-ns
   labels:
     foo: bar
-  name: default

test/conformance/chainsaw/mutate/clusterpolicy/standard/existing/background-false/chainsaw-test.yaml

@@ -9,9 +9,12 @@ spec:
     try:
     - apply:
         file: chainsaw-step-01-apply-1-1.yaml
+    - apply:
+        file: chainsaw-step-01-apply-1-2.yaml
     - assert:
         file: chainsaw-step-01-assert-1-1.yaml
   - name: step-03
     try:
     - assert:
         file: chainsaw-step-03-assert-1-1.yaml
+        timeout: 1m30s