chore: update metadata

Fix README.md, artifacthub-pkg.yml and metadata.yml.
Also add questions-ui.yml

This is done to fix rancher/kubewarden-ui#207

Signed-off-by: Flavio Castelli <fcastelli@suse.com>

README.md

@@ -1,13 +1,3 @@
-
- Continuous integration | License
- -----------------------|--------
-![Continuous integration](https://github.com/kubewarden/allow-privilege-escalation-psp-policy/workflows/Continuous%20integration/badge.svg) | [![License: Apache 2.0](https://img.shields.io/badge/License-Apache2.0-brightgreen.svg)](https://opensource.org/licenses/Apache-2.0)
-
-This Kubewarden Policy is a replacement for the Kubernetes Pod Security Policy
-that limits the usage of the [`allowPrivilegeEscalation`](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).
-
-# How the policy works
-
 This policy rejects all the Pods that have at least one container or
 init container with the `allowPrivilegeEscalation` security context
 enabled.
@@ -17,7 +7,7 @@ set to `false` whenever the user is not explicit about that.
 This is a replacement of the `DefaultAllowPrivilegeEscalation` configuration
 option of the original Kubernetes PSP.
 
-# Configuration
+## Settings
 
 The policy can be configured in this way:
 
@@ -51,7 +41,7 @@ There are pros and cons to both approaches:
   chance that some non compliant pods are created by another high level resource
   (be it native to Kubernetes, or a CRD).
 
-# Examples
+## Examples
 
 The following Pod will be rejected because the nginx container has
 `allowPrivilegeEscalation` enabled:
@@ -91,13 +81,3 @@ spec:
     securityContext:
       allowPrivilegeEscalation: true
 ```
-
-# Obtain policy
-
-The policy is automatically published as an OCI artifact inside of
-[this](https://github.com/orgs/kubewarden/packages/container/package/policies%2Fpsp-allow-privilege-escalation)
-container registry.
-
-# Using the policy
-
-The easiest way to use this policy is through the [kubewarden-controller](https://github.com/kubewarden/kubewarden-controller).

artifacthub-pkg.yml

@@ -1,8 +1,8 @@
 ---
-version: 0.2.0
+version: 0.2.1
 name: allow-privilege-escalation-psp
 displayName: Allow Privilege Escalation PSP
-createdAt: '2022-07-19T14:46:21+02:00'
+createdAt: '2023-01-19T14:46:21+02:00'
 description: A Pod Security Policy that controls usage of `allowPrivilegeEscalation`
 license: Apache-2.0
 homeURL: https://github.com/kubewarden/allow-privilege-escalation-psp-policy
@@ -26,3 +26,24 @@ annotations:
   kubewarden/resources: Pod
   kubewarden/mutation: true
   kubewarden/contextAware: false
+  kubewarden/rules: |
+    rules:
+      - apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["deployment","replicaset","statefulset","daemonset","replicationcontroller","job","cronjob","pod"]
+        operations: ["CREATE", "UPDATE"]
+  kubewarden/questions-ui: |
+    questions:
+    - default: true
+      description: >-
+        This policy works by inspecting the containers and init containers of a Pod.
+        If any of these containers have `allowPrivilegeEscalation` enabled, the Pod
+        will be rejected.
+      tooltip: >-
+        Used to default to disallow, while still permitting pods to request
+        allowPrivilegeEscalation explicitly.
+      group: Settings
+      label: Allow privilege escalation
+      required: false
+      type: boolean
+      variable: default_allow_privilege_escalation

metadata.yml

@@ -13,11 +13,6 @@ annotations:
   io.kubewarden.policy.source: https://github.com/kubewarden/allow-privilege-escalation-psp-policy
   io.kubewarden.policy.license: Apache-2.0
   io.kubewarden.policy.usage: |
-    This Kubewarden Policy is a replacement for the Kubernetes Pod Security Policy
-    that limits the usage of the [`allowPrivilegeEscalation`](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).
-
-    # How the policy works
-
     This policy rejects all the Pods that have at least one container or
     init container with the `allowPrivilegeEscalation` security context
     enabled.
@@ -27,7 +22,7 @@ annotations:
     This is a replacement of the `DefaultAllowPrivilegeEscalation` configuration
     option of the original Kubernetes PSP.
 
-    # Configuration
+    ## Settings
 
     The policy can be configured in this way:
 
@@ -61,7 +56,7 @@ annotations:
       chance that some non compliant pods are created by another high level resource
       (be it native to Kubernetes, or a CRD).
 
-    # Examples
+    ## Examples
 
     The following Pod will be rejected because the nginx container has
     `allowPrivilegeEscalation` enabled:
@@ -101,13 +96,3 @@ annotations:
         securityContext:
           allowPrivilegeEscalation: true
     ```
-
-    # Obtain policy
-
-    The policy is automatically published as an OCI artifact inside of
-    [this](https://github.com/orgs/kubewarden/packages/container/package/policies%2Fpsp-allow-privilege-escalation)
-    container registry.
-
-    # Using the policy
-
-    The easiest way to use this policy is through the [kubewarden-controller](https://github.com/kubewarden/kubewarden-controller).

questions-ui.yml

@@ -0,0 +1,14 @@
+questions:
+- default: true
+  description: >-
+    This policy works by inspecting the containers and init containers of a Pod.
+    If any of these containers have `allowPrivilegeEscalation` enabled, the Pod
+    will be rejected.
+  tooltip: >-
+    Used to default to disallow, while still permitting pods to request
+    allowPrivilegeEscalation explicitly.
+  group: Settings
+  label: Allow privilege escalation
+  required: false
+  type: boolean
+  variable: default_allow_privilege_escalation