genpolicy: ignore SeccompProfile in PodSpec

Ignore SeccompProfile in PodSpec Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
2025-07-19 09:51:29 +00:00 · 2024-01-26 10:52:25 -08:00 · 2024-01-26 10:52:25 -08:00 · 44afb4aa5f
commit 44afb4aa5f
parent 7aeaf2502a
2 changed files with 17 additions and 0 deletions
--- a/src/tools/genpolicy/src/pod.rs
+++ b/src/tools/genpolicy/src/pod.rs
@ -283,6 +283,19 @@ struct SecurityContext {

    #[serde(skip_serializing_if = "Option::is_none")]
    runAsUser: Option<i64>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    seccompProfile: Option<SeccompProfile>,
+}
+
+/// See Reference / Kubernetes API / Workload Resources / Pod.
+#[derive(Clone, Debug, Serialize, Deserialize)]
+struct SeccompProfile {
+    #[serde(rename = "type")]
+    profile_type: String,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    localhostProfile: Option<String>,
 }

 /// See Reference / Kubernetes API / Workload Resources / Pod.
@ -860,6 +873,7 @@ pub async fn add_pause_container(containers: &mut Vec<Container>, config: &Confi
            privileged: None,
            capabilities: None,
            runAsUser: None,
+            seccompProfile: None,
        }),
        ..Default::default()
    };
--- a/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml
+++ b/tests/integration/kubernetes/runtimeclass_workloads/k8s-policy-pod.yaml
@ -24,3 +24,6 @@ spec:
            configMapKeyRef:
              name: policy-configmap
              key: data-2
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault