Closed jvanz closed 2 years ago
The rule from NueVector that refers to "user group" check which user group from the user info in the admission request. It's not related to the user group in the containers. Therefore, if we want a feature like that, we need to write a policy to do the same thing.
I suspected that was about the user and group info inside of the admission request object. Can you please elaborate more how the final policy would behave?
@kubewarden/kubewarden-developers , I cannot think an a big benefit in adding a policy similar to the Neuvector one in the Kubewarden ecosystem now. So, I'm closing this.
However, if we decided to do it, it's possible. Our SDK already has the data needed
Compare the admission controller from Neuvector checking how its policy to control user groups works. The goal if to figure out if there is a Kubewarden policy equivalent to it.