-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmetadata.yml
More file actions
29 lines (29 loc) · 1.49 KB
/
metadata.yml
File metadata and controls
29 lines (29 loc) · 1.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
rules:
- apiGroups: ["k8s.cni.cncf.io"]
apiVersions: ["v1"]
resources: ["network-attachment-definitions"]
operations: ["CREATE", "UPDATE"]
mutating: false
contextAware: false
executionMode: kubewarden-wapc
# Consider the policy for the background audit scans. Default is true. Note the
# intrinsic limitations of the background audit feature on docs.kubewarden.io;
# If your policy hits any limitations, set to false for the audit feature to
# skip this policy and not generate false positives.
backgroundAudit: true
annotations:
# artifacthub specific
io.artifacthub.displayName: Harvester Restricted Network
io.artifacthub.resources: NetworkAttachmentDefinition
io.artifacthub.keywords: harvester, network
# kubewarden specific:
io.kubewarden.policy.title: harvester-restricted-network
io.kubewarden.policy.version: 0.1.1
io.kubewarden.policy.description: Prevents harvester from creating a network for a restricted VLAN in unauthorized namespaces.
io.kubewarden.policy.author: "ITPE CORE Team <itpe-core-maintenance@suse.com>"
io.kubewarden.policy.url: https://github.com/SUSE/openplatform-kubewarden-policies
io.kubewarden.policy.source: https://github.com/SUSE/openplatform-kubewarden-policies/tree/main/policies/harvester-restricted-network
io.kubewarden.policy.ociUrl: ghcr.io/suse/openplatform-kubewarden-policies/harvester-restricted-network-vm
io.kubewarden.policy.license: Apache-2.0
io.kubewarden.policy.severity: critical
io.kubewarden.policy.category: Resource validation