diff --git a/definitions/install.yaml b/definitions/install.yaml index f076a730c7..6b979d87c4 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -26,8 +26,8 @@ spec: validationFailureAction: type: string enum: - - block - - report + - enforce # blocks the resorce api-reques if a rule fails. Default behavior + - audit # allows resource creationg and reports the failed validation rules as violations rules: type: array items: diff --git a/pkg/webhooks/utils.go b/pkg/webhooks/utils.go index 10bad0b693..f3ac818f58 100644 --- a/pkg/webhooks/utils.go +++ b/pkg/webhooks/utils.go @@ -92,8 +92,8 @@ func getApplicableKindsForPolicy(p *v1alpha1.Policy) []string { // Policy Reporting Modes const ( - BlockChanges = "block" - ReportViolation = "report" + BlockChanges = "enforce" + ReportViolation = "audit" ) // returns true -> if there is even one policy that blocks resource requst diff --git a/pkg/webhooks/validation.go b/pkg/webhooks/validation.go index 7a335402ff..eaf3ffd3aa 100644 --- a/pkg/webhooks/validation.go +++ b/pkg/webhooks/validation.go @@ -101,7 +101,7 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1 if len(policyInfos) > 0 && len(policyInfos[0].Rules) != 0 { eventsInfo, violations := newEventInfoFromPolicyInfo(policyInfos, (request.Operation == v1beta1.Update), info.Validation) - // If the validationFailureAction flag is set "report", + // If the validationFailureAction flag is set "audit", // then we dont block the request and report the violations ws.violationBuilder.Add(violations...) ws.eventController.Add(eventsInfo...) @@ -112,7 +112,7 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1 } // If Validation fails then reject the request ok, msg := isAdmSuccesful(policyInfos) - // violations are created if "report" flag is set + // violations are created if "audit" flag is set // and if there are any then we dont bock the resource creation // Even if one the policy being applied