Skip to content

Commit

Permalink
updated policy to actually work as expected
Browse files Browse the repository at this point in the history
  • Loading branch information
@cartyc
cartyc committed Jul 6, 2020
1 parent 906c1cb commit d0977d9
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 7 deletions.
6 changes: 3 additions & 3 deletions latest-tag/constraint.yaml
View file
Expand Up @@ -7,6 +7,6 @@ spec:
kinds:
- apiGroups: [""]
kinds: ["Pod"]
parameters:
tags:
- "latest"
parameters:
tags:
- "latest"
7 changes: 3 additions & 4 deletions latest-tag/template.yaml
View file
Expand Up @@ -23,11 +23,10 @@ spec:
violation[{"msg":msg}] {
container := input.review.object.spec.containers[_]
tag := split(container.image, ":")[1]
not tag != "latest"
msg := sprintf("container <%v> uses '%v' tag", [container.name, tag])
satisfied := [good | tags = input.parameters.tags[_] ; good = endswith(container.image, tags)]
any(satisfied)
msg := sprintf("container <%v> uses '%v' tag. Disallowed tags '%v'", [container.name, container.image, input.parameters.tags])
}
Expand Down

0 comments on commit d0977d9

Please sign in to comment.