feat: background audit config, severity and category annotations.

Updates policy metadata.yml file adding the new configuration to enabled background audit checks and adds two new annotations used by the audit scanner in its reports. Signed-off-by: José Guilherme Vanz <[email protected]>
kubewarden · Jul 7, 2023 · f32900d · f32900d
1 parent 95be276
commit f32900d
Showing 1 changed file with 16 additions and 6 deletions.
diff --git a/metadata.yml b/metadata.yml
@@ -1,19 +1,29 @@
 rules:
-- apiGroups: [""]
-  apiVersions: ["v1"]
-  resources: ["pods"]
-  operations: ["CREATE", "UPDATE"]
+  - apiGroups:
+      - ''
+    apiVersions:
+      - v1
+    resources:
+      - pods
+    operations:
+      - CREATE
+      - UPDATE
 mutating: true
 contextAware: false
 executionMode: kubewarden-wapc
 annotations:
+  # artifacthub specific
   io.kubewarden.policy.title: allowed-fsgroups-psp
   io.artifacthub.displayName: Allowed Fs Groups PSP
   io.artifacthub.resources: Pod
   io.artifacthub.keywords: psp, container, runtime
-  io.kubewarden.policy.description: Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroups in the pod security context
-  io.kubewarden.policy.author: "Kubewarden developers <[email protected]>"
+  # kubewarden specific
+  io.kubewarden.policy.description: Replacement for the Kubernetes Pod Security Policy
+    that controls the usage of fsGroups in the pod security context
+  io.kubewarden.policy.author: Kubewarden developers <[email protected]>
   io.kubewarden.policy.ociUrl: ghcr.io/kubewarden/policies/allowed-fsgroups-psp
   io.kubewarden.policy.url: https://github.com/kubewarden/allowed-fsgroups-psp-policy
   io.kubewarden.policy.source: https://github.com/kubewarden/allowed-fsgroups-psp-policy
   io.kubewarden.policy.license: Apache-2.0
+  io.kubewarden.policy.severity: medium
+  io.kubewarden.policy.category: PSP