From 38b1f68556e7c8c7a6e6f5e3af0a6d7aee724fde Mon Sep 17 00:00:00 2001
From: hadar-co <hadar@datree.io>
Date: Sun, 9 Jul 2023 15:20:32 +0300
Subject: [PATCH] fix: exclude knative crd from rule constraints (#954)

---
 pkg/defaultRules/defaultRules.yaml    |  6 ++++++
 pkg/policy/tests/7/pass/7-pass-2.yaml | 22 ++++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 pkg/policy/tests/7/pass/7-pass-2.yaml

diff --git a/pkg/defaultRules/defaultRules.yaml b/pkg/defaultRules/defaultRules.yaml
index 88502ad58..3efb5beb6 100644
--- a/pkg/defaultRules/defaultRules.yaml
+++ b/pkg/defaultRules/defaultRules.yaml
@@ -301,6 +301,12 @@ rules:
           kind:
             enum:
               - Service
+        # knative has a CRD with kind "Service", we want this rule to ignore it
+        not:
+          properties:
+            apiVersion:
+              enum:
+                - serving.knative.dev/v1
       then:
         properties:
           spec:
diff --git a/pkg/policy/tests/7/pass/7-pass-2.yaml b/pkg/policy/tests/7/pass/7-pass-2.yaml
new file mode 100644
index 000000000..7a53dc092
--- /dev/null
+++ b/pkg/policy/tests/7/pass/7-pass-2.yaml
@@ -0,0 +1,22 @@
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  name: hadartest
+  namespace: knative-serving-demo-0
+spec:
+  type: NodePort
+  template:
+    metadata:
+      annotations:
+        client.knative.dev/updateTimestamp: "2023-07-06T10:38:55Z"
+        client.knative.dev/user-image: gcr.io/knative-samples/helloworld-go
+      creationTimestamp: null
+    spec:
+      containers:
+        - image: gcr.io/knative-samples/helloworld-go
+          name: ""
+          ports:
+            - containerPort: 8080
+          resources: {}
+status: {}