Which issue(s) does this PR fix(optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):
Fixes #541
Special notes for your reviewer:
Rego policy nehavior is -
filed in below list is reference to securityContext fields - [ runAsUser, runAsGroup, fsGroup, supplementalGroup ]
What this PR does / why we need it:
Which issue(s) does this PR fix (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when the PR gets merged): Fixes #541Special notes for your reviewer:
Rego policy nehavior is -
filed
in below list is reference to securityContext fields -[ runAsUser, runAsGroup, fsGroup, supplementalGroup ]
Behavior: if
field
is missing from object then throw missing violation, else throw violation isfield
is not in required rangeBehavior: if
runAsUser
andrunAsNonRoot
both are missing from object then throw missing violation, else throw violation isrunAsUser == 0
Behavior: No missing field violation, but is field is present and violating the range then throw the violation