From f32900d336f2dbb0fd684ef733751415c8ea4fe2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Guilherme=20Vanz?= Date: Wed, 5 Jul 2023 14:10:18 -0300 Subject: [PATCH] feat: background audit config, severity and category annotations. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates policy metadata.yml file adding the new configuration to enabled background audit checks and adds two new annotations used by the audit scanner in its reports. Signed-off-by: José Guilherme Vanz --- metadata.yml | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/metadata.yml b/metadata.yml index 9223fe5..e9f478b 100644 --- a/metadata.yml +++ b/metadata.yml @@ -1,19 +1,29 @@ rules: -- apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - operations: ["CREATE", "UPDATE"] + - apiGroups: + - '' + apiVersions: + - v1 + resources: + - pods + operations: + - CREATE + - UPDATE mutating: true contextAware: false executionMode: kubewarden-wapc annotations: + # artifacthub specific io.kubewarden.policy.title: allowed-fsgroups-psp io.artifacthub.displayName: Allowed Fs Groups PSP io.artifacthub.resources: Pod io.artifacthub.keywords: psp, container, runtime - io.kubewarden.policy.description: Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroups in the pod security context - io.kubewarden.policy.author: "Kubewarden developers " + # kubewarden specific + io.kubewarden.policy.description: Replacement for the Kubernetes Pod Security Policy + that controls the usage of fsGroups in the pod security context + io.kubewarden.policy.author: Kubewarden developers io.kubewarden.policy.ociUrl: ghcr.io/kubewarden/policies/allowed-fsgroups-psp io.kubewarden.policy.url: https://github.com/kubewarden/allowed-fsgroups-psp-policy io.kubewarden.policy.source: https://github.com/kubewarden/allowed-fsgroups-psp-policy io.kubewarden.policy.license: Apache-2.0 + io.kubewarden.policy.severity: medium + io.kubewarden.policy.category: PSP