metadata.yml

rules:
  - apiGroups: [""]
    apiVersions: ["v1"]
    resources: ["deployments"]
    operations: ["CREATE", "UPDATE"]
mutating: false
contextAwareResources:
  - apiVersion: v1
    kind: Namespace
  - apiVersion: apps/v1
    kind: Deployment
  - apiVersion: v1
    kind: Service
executionMode: kubewarden-wapc
# Consider the policy for the background audit scans. Default is true. Note the
# intrinsic limitations of the background audit feature on docs.kubewarden.io;
# If your policy hits any limitations, set to false for the audit feature to
# skip this policy and not generate false positives.
backgroundAudit: true
annotations:
  # artifacthub specific:
  io.kubewarden.policy.ociUrl: ghcr.io/kubewarden/tests/context-aware-test-policy
  # kubewarden specific:
  io.kubewarden.policy.title: context-aware-test-policy
  io.kubewarden.policy.description: A test policy that uses context-aware capabilities
  io.kubewarden.policy.author: Kubewarden developers <cncf-kubewarden-maintainers@lists.cncf.io>
  io.kubewarden.policy.url: https://github.com/kubewarden/context-aware-test-policy
  io.kubewarden.policy.source: https://github.com/kubewarden/context-aware-test-policy
  io.kubewarden.policy.license: Apache-2.0
  # The next two annotations are used in the policy report generated by the
  # Audit scanner. Severity indicates policy check result criticality and
  # Category indicates policy category. See more here at docs.kubewarden.io
  io.kubewarden.policy.severity: info # one of info, low, medium, high, critical. See docs.
  io.kubewarden.policy.category: test