update best_practice Disallow privileged and privilege escalation

2025-03-29 10:55:05 +00:00 · 2019-09-17 18:42:08 -07:00 · 2019-09-17 18:42:08 -07:00 · 658fb84e91
commit 658fb84e91
parent f4eee4b30a
2 changed files with 7 additions and 8 deletions
--- a/examples/best_practices/policy_validate_container_disallow_priviledgedprivelegesecalation.yaml
+++ b/examples/best_practices/policy_validate_container_disallow_priviledgedprivelegesecalation.yaml
@ -16,13 +16,12 @@ spec:
        - Pod
    validate:
      message: "Privileged mode is not allowed. Set allowPrivilegeEscalatin and privileged to false"
-      # anyPattern:
-      # - spec:
-      #   securityContext:
-      #     allowPrivilegeEscalation: false
-      #     privileged: false
-      pattern:
-        spec:
+      anyPattern:
+      - spec:
+          securityContext:
+            allowPrivilegeEscalation: false
+            privileged: false
+      - spec:
          containers:
          - name: "*"
            securityContext:
--- a/test/scenarios/test/scenario_validate_container_disallow_priviledgedprivelegesecalation.yaml
+++ b/test/scenarios/test/scenario_validate_container_disallow_priviledgedprivelegesecalation.yaml
@ -14,6 +14,6 @@ expected:
      rules:
        - name: deny-privileged-disallowpriviligedescalation
          type: Validation
-          message: "Validation rule 'deny-privileged-disallowpriviligedescalation' failed at '/spec/containers/0/securityContext/allowPrivilegeEscalation/' for resource Pod//check-privileged-cfg. Privileged mode is not allowed. Set allowPrivilegeEscalatin and privileged to false"
+          message: "Validation rule 'deny-privileged-disallowpriviligedescalation' failed to validate patterns defined in anyPattern. Privileged mode is not allowed. Set allowPrivilegeEscalatin and privileged to false; anyPattern[0] failed at path /spec/securityContext/; anyPattern[1] failed at path /spec/containers/0/securityContext/allowPrivilegeEscalation/"
          success: false