Introduce missing allowed_full_admin_users macro so its corresponding rule is disabled by default

Signed-off-by: Vicente Herrera <vicenteherrera@vicenteherrera.com>
2025-06-30 16:42:14 +00:00 · 2020-04-07 19:19:18 +02:00 · 2020-04-07 19:19:18 +02:00 · 9fd08ce3e4
commit 9fd08ce3e4
parent 3ce11f093f
1 changed files with 4 additions and 0 deletions
--- a/rules/k8s_audit_rules.yaml
+++ b/rules/k8s_audit_rules.yaml
@ -420,6 +420,10 @@
  tags: [k8s]


+# This macro disables following rule, change to k8s_audit_never_true to enable it
+- macro: allowed_full_admin_users
+  condition: (k8s_audit_always_true)
+
 # This list includes some of the default user names for an administrator in several K8s installations
 - list: full_admin_k8s_users
  items: ["admin", "kubernetes-admin",  "kubernetes-admin@kubernetes", "kubernetes-admin@cluster.local", "minikube-user"]