update best-practice run as non-root uesr

2025-03-29 10:55:05 +00:00 · 2019-09-17 18:36:24 -07:00 · 2019-09-17 18:36:24 -07:00 · f4eee4b30a
commit f4eee4b30a
parent 5e0415911a
3 changed files with 10 additions and 9 deletions
--- a/examples/best_practices/policy_validate_deny_runasrootuser.yaml
+++ b/examples/best_practices/policy_validate_deny_runasrootuser.yaml
@ -20,9 +20,8 @@ spec:
      - spec:
          securityContext:
            runAsNonRoot: true
-      # pattern:
-      #   spec:
-      #     containers:
-      #     - name: "*"
-      #       securityContext:
-      #         runAsNonRoot: true
+      - spec:
+          containers:
+          - name: "*"
+            securityContext:
+              runAsNonRoot: true
--- a/examples/best_practices/resources/resource_validate_deny_runasrootuser.yaml
+++ b/examples/best_practices/resources/resource_validate_deny_runasrootuser.yaml
@ -3,8 +3,10 @@ kind: Pod
 metadata:
  name: check-root-user
 spec:
-  securityContext:
-    runAsNonRoot: true
+  # securityContext:
+  #   runAsNonRoot: true
  containers:
  - name: check-root-user
    image: nginxinc/nginx-unprivileged
+    securityContext:
+      runAsNonRoot: true
--- a/test/scenarios/test/scenario_validate_deny_runasrootuser.yaml
+++ b/test/scenarios/test/scenario_validate_deny_runasrootuser.yaml
@ -14,6 +14,6 @@ expected:
      rules:
        - name: deny-runasrootuser
          type: Validation
-          message: "Validation rule 'deny-runasrootuser' anyPattern[0] succesfully validated"
+          message: "Validation rule 'deny-runasrootuser' anyPattern[1] succesfully validated"
          success: true