flavio
commented
1 year ago I think we have to add also:
GetTitleGetSubJectGetDescription
See https://github.com/kubewarden/audit-scanner/pull/47/files#r1221739092
Closed viccuad closed 1 year ago
flavio
commented
1 year ago I think we have to add also:
GetTitleGetSubJectGetDescriptionSee https://github.com/kubewarden/audit-scanner/pull/47/files#r1221739092
viccuad
commented
1 year ago I can implement a GetTitle that returns metadata.annotation io.artifacthub.displayName if present.
I can also implement GetDescription that returns metadata annotation io.kubewarden.policy.description if present.
I still don't see the need for a GetSubject. The UI shows the type of the ObjectReference that the policy evaluated. If we want to show all GVK the policy could evaluate, we could compute this from the rules, and indeed provide a GetSubject of sorts. But this is not shown by policy-reporter, and the Subject in policy-reporter is hardcoded to the GVK of the ObjectReference passed in the result.
flavio
commented
1 year ago I still don't see the need for a GetSubject. The UI shows the type of the ObjectReference that the policy evaluated. If we want to show all GVK the policy could evaluate, we could compute this from the rules, and indeed provide a GetSubject of sorts. But this is not shown by policy-reporter, and the Subject in policy-reporter is hardcoded to the GVK of the ObjectReference passed in the result.
Yes, that's the right approach. Scratch what I've said about the need to have a GetSubject
Acceptance criteria:
GetSeverity(),GetCategory()to policies.v1 in kubewarden-controller: https://github.com/kubewarden/kubewarden-controller/pull/462 https://github.com/kubewarden/kubewarden-controller/pull/464GetSeverity(),GetCategory()in audit-scanner, and fill the PolicyReportResult with them: https://github.com/kubewarden/audit-scanner/pull/50These changes should be done against the
feat-auditbranch.