diff --git a/examples/best_practices/policy_validate_container_disallow_priviledgedprivelegesecalation.yaml b/examples/best_practices/policy_validate_container_disallow_priviledgedprivelegesecalation.yaml index a051ba25d2..1c631e88b1 100644 --- a/examples/best_practices/policy_validate_container_disallow_priviledgedprivelegesecalation.yaml +++ b/examples/best_practices/policy_validate_container_disallow_priviledgedprivelegesecalation.yaml @@ -16,13 +16,12 @@ spec: - Pod validate: message: "Privileged mode is not allowed. Set allowPrivilegeEscalatin and privileged to false" - # anyPattern: - # - spec: - # securityContext: - # allowPrivilegeEscalation: false - # privileged: false - pattern: - spec: + anyPattern: + - spec: + securityContext: + allowPrivilegeEscalation: false + privileged: false + - spec: containers: - name: "*" securityContext: diff --git a/test/scenarios/test/scenario_validate_container_disallow_priviledgedprivelegesecalation.yaml b/test/scenarios/test/scenario_validate_container_disallow_priviledgedprivelegesecalation.yaml index 0b822fc98b..caffb74bde 100644 --- a/test/scenarios/test/scenario_validate_container_disallow_priviledgedprivelegesecalation.yaml +++ b/test/scenarios/test/scenario_validate_container_disallow_priviledgedprivelegesecalation.yaml @@ -14,6 +14,6 @@ expected: rules: - name: deny-privileged-disallowpriviligedescalation type: Validation - message: "Validation rule 'deny-privileged-disallowpriviligedescalation' failed at '/spec/containers/0/securityContext/allowPrivilegeEscalation/' for resource Pod//check-privileged-cfg. Privileged mode is not allowed. Set allowPrivilegeEscalatin and privileged to false" + message: "Validation rule 'deny-privileged-disallowpriviligedescalation' failed to validate patterns defined in anyPattern. Privileged mode is not allowed. Set allowPrivilegeEscalatin and privileged to false; anyPattern[0] failed at path /spec/securityContext/; anyPattern[1] failed at path /spec/containers/0/securityContext/allowPrivilegeEscalation/" success: false