anderseknert
commented
1 year ago Another example would be "Weaveworks Policy Agent", which makes use of another CRD: https://github.com/weaveworks/policy-agent/blob/dev/policies/ControllerContainerAllowingPrivilegeEscalation.yaml
Given that, perhaps it would make sense to allow configuring where to look for Rego inside of YAML files.
Gatekeeper Rego is embedded in custom resource definitions, i.e. YAML files. While there are tools to allow authoring "normal" .rego files and then have them inserted in CRDs, I suppose there are enough people hacking on Rego inside of YAML that it could be useful to be able to lint Rego found in CRDs. Some things — like accurately reporting location – could be tricky, I suppose.