From 9fd08ce3e47159c37abc2abda6654b200b50f5c9 Mon Sep 17 00:00:00 2001
From: Vicente Herrera <vicenteherrera@vicenteherrera.com>
Date: Tue, 7 Apr 2020 19:19:18 +0200
Subject: [PATCH] Introduce missing allowed_full_admin_users macro so its
 corresponding rule is disabled by default

Signed-off-by: Vicente Herrera <vicenteherrera@vicenteherrera.com>
---
 rules/k8s_audit_rules.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rules/k8s_audit_rules.yaml b/rules/k8s_audit_rules.yaml
index 8313991c..ebf18e34 100644
--- a/rules/k8s_audit_rules.yaml
+++ b/rules/k8s_audit_rules.yaml
@@ -420,6 +420,10 @@
   tags: [k8s]
 
 
+# This macro disables following rule, change to k8s_audit_never_true to enable it
+- macro: allowed_full_admin_users
+  condition: (k8s_audit_always_true)
+
 # This list includes some of the default user names for an administrator in several K8s installations
 - list: full_admin_k8s_users
   items: ["admin", "kubernetes-admin",  "kubernetes-admin@kubernetes", "kubernetes-admin@cluster.local", "minikube-user"]