Tag 0.1.6

Fix artifacthub-pkg.yml. Also add questions-ui.yml Fix the release action on GH This is done to fix rancher/kubewarden-ui#207 Signed-off-by: Flavio Castelli <fcastelli@suse.com>
kubewarden · Jan 19, 2023 · efa2c21 · efa2c21
1 parent 9c6518f
commit efa2c21
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 6 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -26,5 +26,3 @@ jobs:
     uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-go.yml@v1
     with:
       oci-target: ghcr.io/${{ github.repository_owner }}/policies/hostpaths-psp
-    secrets:
-      workflow-pat: ${{ secrets.WORKFLOW_PAT }}
diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml
@@ -1,5 +1,5 @@
 ---
-version: 0.1.5
+version: 0.1.6
 name: hostpaths-psp
 displayName: Hostpaths PSP
 createdAt: '2022-07-19T16:00:23+02:00'
@@ -8,20 +8,20 @@ license: Apache-2.0
 homeURL: https://github.com/kubewarden/hostpaths-psp-policy
 containersImages:
 - name: policy
-  image: ghcr.io/kubewarden/policies/hostpaths-psp:v0.1.5
+  image: ghcr.io/kubewarden/policies/hostpaths-psp:v0.1.6
 install: |
   The policy can be obtained using [`kwctl`](https://github.com/kubewarden/kwctl/):
 
   ```console
-  kwctl pull ghcr.io/kubewarden/policies/hostpaths-psp:v0.1.5
+  kwctl pull ghcr.io/kubewarden/policies/hostpaths-psp:v0.1.6
   ```
 keywords:
 - psp
 - hostpaths
 - pod
 links:
 - name: policy
-  url: https://github.com/kubewarden/hostpaths-psp-policy/releases/download/v0.1.5/policy.wasm
+  url: https://github.com/kubewarden/hostpaths-psp-policy/releases/download/v0.1.6/policy.wasm
 - name: source
   url: https://github.com/kubewarden/hostpaths-psp-policy
 provider:
@@ -32,3 +32,43 @@ annotations:
   kubewarden/resources: Pod
   kubewarden/mutation: false
   kubewarden/contextAware: false
+  kubewarden/rules: |
+    rules:
+    - apiGroups: [""]
+      apiVersions: ["v1"]
+      resources: ["pods"]
+      operations: ["CREATE"]
+  kubewarden/questions-ui: |
+    questions:
+    - default: []
+      description: >-
+        This policy is a replacement for the Kubernetes Pod Security Policy that
+        controls the usage of `hostPath` volumes. The policy inspects both the
+        containers and the init containers that are using `hostPath` volumes.
+        `allowedHostPaths` is a list of host paths that are allowed to be used by
+        hostPath volumes. An empty `allowedHostPaths` list means there is no
+        restriction on host paths used. Each entry of `allowedHostPaths` must have:
+        a `pathPrefix` field, which allows hostPath volumes to mount a path that
+        begins with an allowed prefix, and a `readOnly` field indicating it must be
+        mounted read-only.
+      tooltip: A list of host paths that are allowed to be used by hostPath volumes.
+      group: Settings
+      label: Allow host path
+      hide_input: true
+      type: map[
+      variable: allowedHostPaths
+      subquestions:
+        - default: ''
+          description: >-
+            Allows hostPath volumes to mount a path that begins with an allowed
+            prefix.
+          group: Settings
+          label: Path prefix
+          type: string
+          variable: allowedHostPaths.pathPrefix
+        - default: false
+          tooltip: Indicates if the volume must be mounted read-only.
+          group: Settings
+          label: Read only
+          type: boolean
+          variable: allowedHostPaths.readOnly
diff --git a/questions-ui.yml b/questions-ui.yml
@@ -0,0 +1,33 @@
+questions:
+- default: []
+  description: >-
+    This policy is a replacement for the Kubernetes Pod Security Policy that
+    controls the usage of `hostPath` volumes. The policy inspects both the
+    containers and the init containers that are using `hostPath` volumes.
+    `allowedHostPaths` is a list of host paths that are allowed to be used by
+    hostPath volumes. An empty `allowedHostPaths` list means there is no
+    restriction on host paths used. Each entry of `allowedHostPaths` must have:
+    a `pathPrefix` field, which allows hostPath volumes to mount a path that
+    begins with an allowed prefix, and a `readOnly` field indicating it must be
+    mounted read-only.
+  tooltip: A list of host paths that are allowed to be used by hostPath volumes.
+  group: Settings
+  label: Allow host path
+  hide_input: true
+  type: map[
+  variable: allowedHostPaths
+  subquestions:
+    - default: ''
+      description: >-
+        Allows hostPath volumes to mount a path that begins with an allowed
+        prefix.
+      group: Settings
+      label: Path prefix
+      type: string
+      variable: allowedHostPaths.pathPrefix
+    - default: false
+      tooltip: Indicates if the volume must be mounted read-only.
+      group: Settings
+      label: Read only
+      type: boolean
+      variable: allowedHostPaths.readOnly