From f4eee4b30ad811792ffa00475a742cc90a9aef89 Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Tue, 17 Sep 2019 18:36:24 -0700
Subject: [PATCH] update best-practice run as non-root uesr

---
 .../policy_validate_deny_runasrootuser.yaml           | 11 +++++------
 .../resource_validate_deny_runasrootuser.yaml         |  6 ++++--
 .../test/scenario_validate_deny_runasrootuser.yaml    |  2 +-
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/examples/best_practices/policy_validate_deny_runasrootuser.yaml b/examples/best_practices/policy_validate_deny_runasrootuser.yaml
index 1dc6796f80..384adb10da 100644
--- a/examples/best_practices/policy_validate_deny_runasrootuser.yaml
+++ b/examples/best_practices/policy_validate_deny_runasrootuser.yaml
@@ -20,9 +20,8 @@ spec:
       - spec:
           securityContext:
             runAsNonRoot: true
-      # pattern:
-      #   spec:
-      #     containers:
-      #     - name: "*"
-      #       securityContext:
-      #         runAsNonRoot: true
\ No newline at end of file
+      - spec:
+          containers:
+          - name: "*"
+            securityContext:
+              runAsNonRoot: true
\ No newline at end of file
diff --git a/examples/best_practices/resources/resource_validate_deny_runasrootuser.yaml b/examples/best_practices/resources/resource_validate_deny_runasrootuser.yaml
index 0ff2b164a6..842a73b689 100644
--- a/examples/best_practices/resources/resource_validate_deny_runasrootuser.yaml
+++ b/examples/best_practices/resources/resource_validate_deny_runasrootuser.yaml
@@ -3,8 +3,10 @@ kind: Pod
 metadata:
   name: check-root-user
 spec:
-  securityContext:
-    runAsNonRoot: true
+  # securityContext:
+  #   runAsNonRoot: true
   containers:
   - name: check-root-user
     image: nginxinc/nginx-unprivileged
+    securityContext:
+      runAsNonRoot: true
diff --git a/test/scenarios/test/scenario_validate_deny_runasrootuser.yaml b/test/scenarios/test/scenario_validate_deny_runasrootuser.yaml
index 7d7fce137c..580e2f001d 100644
--- a/test/scenarios/test/scenario_validate_deny_runasrootuser.yaml
+++ b/test/scenarios/test/scenario_validate_deny_runasrootuser.yaml
@@ -14,6 +14,6 @@ expected:
       rules:
         - name: deny-runasrootuser
           type: Validation
-          message: "Validation rule 'deny-runasrootuser' anyPattern[0] succesfully validated"
+          message: "Validation rule 'deny-runasrootuser' anyPattern[1] succesfully validated"
           success: true