Skip to content

Commit

Permalink
fix: use correct metadata
Browse files Browse the repository at this point in the history 
Tag a new release of the policy that has the correct `rules` values
inside of its metadata.

Signed-off-by: Flavio Castelli <[email protected]>
  • Loading branch information
@flavio @jvanz
flavio authored and jvanz committed Feb 6, 2023
1 parent b837343 commit 91a9704
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 14 deletions.
2 changes: 1 addition & 1 deletion Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "env-variable-secrets-scanner-policy"
version = "0.1.4"
version = "0.1.5"
authors = ["raulcabello <[email protected]>"]
edition = "2018"

Expand Down
28 changes: 20 additions & 8 deletions artifacthub-pkg.yml
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
---
version: 0.1.4
version: 0.1.5
name: env-variable-secrets-scanner
displayName: Environment Variable Secrets Scanner
createdAt: '2023-01-20T16:46:21+02:00'
createdAt: '2023-02-06T16:46:21+02:00'
description: Reject Pods that contain secrets in an environment variable
license: Apache-2.0
homeURL: https://github.com/kubewarden/env-variable-secrets-scanner-policy
containersImages:
- name: policy
image: "ghcr.io/kubewarden/policies/env-variable-secrets-scanner:v0.1.4"
image: "ghcr.io/kubewarden/policies/env-variable-secrets-scanner:v0.1.5"
keywords:
- secrets
- api keys
Expand All @@ -18,7 +18,7 @@ keywords:
- confidential data leak
links:
- name: policy
url: https://github.com/kubewarden/env-variable-secrets-scanner-policy/releases/download/v0.1.4/policy.wasm
url: https://github.com/kubewarden/env-variable-secrets-scanner-policy/releases/download/v0.1.5/policy.wasm
- name: source
url: https://github.com/kubewarden/env-variable-secrets-scanner-policy
provider:
Expand All @@ -31,7 +31,19 @@ annotations:
kubewarden/contextAware: false
kubewarden/rules: |
rules:
- apiGroups: [""]
apiVersions: ["v1"]
resources: ["deployment","replicaset","statefulset","daemonset","replicationcontroller","job","cronjob","pod"]
operations: ["CREATE", "UPDATE"]
- apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
operations: ["CREATE"] # kubernetes doesn't allow to add/remove privileged containers to an already running pod
- apiGroups: [""]
apiVersions: ["v1"]
resources: ["replicationcontrollers"]
operations: ["CREATE", "UPDATE"]
- apiGroups: ["apps"]
apiVersions: ["v1"]
resources: ["deployments","replicasets","statefulsets","daemonsets"]
operations: ["CREATE", "UPDATE"]
- apiGroups: ["batch"]
apiVersions: ["v1"]
resources: ["jobs","cronjobs"]
operations: ["CREATE", "UPDATE"]
20 changes: 16 additions & 4 deletions metadata.yml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,20 @@
rules:
- apiGroups: [""]
apiVersions: ["v1"]
resources: ["deployment","replicaset","statefulset","daemonset","replicationcontroller","job","cronjob","pod"]
operations: ["CREATE", "UPDATE"]
- apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
operations: ["CREATE"] # kubernetes doesn't allow to add/remove privileged containers to an already running pod
- apiGroups: [""]
apiVersions: ["v1"]
resources: ["replicationcontrollers"]
operations: ["CREATE", "UPDATE"]
- apiGroups: ["apps"]
apiVersions: ["v1"]
resources: ["deployments","replicasets","statefulsets","daemonsets"]
operations: ["CREATE", "UPDATE"]
- apiGroups: ["batch"]
apiVersions: ["v1"]
resources: ["jobs","cronjobs"]
operations: ["CREATE", "UPDATE"]
mutating: false
contextAware: false
executionMode: kubewarden-wapc
Expand Down

0 comments on commit 91a9704

Please sign in to comment.