Closed viccuad closed 1 year ago
I think we have to add also:
GetTitle
GetSubJect
GetDescription
See https://github.com/kubewarden/audit-scanner/pull/47/files#r1221739092
I can implement a GetTitle
that returns metadata.annotation io.artifacthub.displayName
if present.
I can also implement GetDescription
that returns metadata annotation io.kubewarden.policy.description
if present.
I still don't see the need for a GetSubject
. The UI shows the type of the ObjectReference that the policy evaluated. If we want to show all GVK the policy could evaluate, we could compute this from the rules, and indeed provide a GetSubject
of sorts. But this is not shown by policy-reporter, and the Subject in policy-reporter is hardcoded to the GVK of the ObjectReference passed in the result.
I still don't see the need for a GetSubject. The UI shows the type of the ObjectReference that the policy evaluated. If we want to show all GVK the policy could evaluate, we could compute this from the rules, and indeed provide a GetSubject of sorts. But this is not shown by policy-reporter, and the Subject in policy-reporter is hardcoded to the GVK of the ObjectReference passed in the result.
Yes, that's the right approach. Scratch what I've said about the need to have a GetSubject
Acceptance criteria:
GetSeverity()
,GetCategory()
to policies.v1 in kubewarden-controller: https://github.com/kubewarden/kubewarden-controller/pull/462 https://github.com/kubewarden/kubewarden-controller/pull/464GetSeverity()
,GetCategory()
in audit-scanner, and fill the PolicyReportResult with them: https://github.com/kubewarden/audit-scanner/pull/50These changes should be done against the
feat-audit
branch.