mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-01 22:50:54 +00:00
genpolicy: add missing default rules for AgentService RPCs
Six AgentService RPC request types were missing default rule entries in rules.rego, meaning genpolicy-generated policies would not include them in their output and the entries would be absent from reference policies. All six already have is_allowed gates in the agent RPC handlers. Add the missing defaults and set them all to false Generated-By: IBM Bob Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
@@ -14,6 +14,7 @@ default GetDiagnosticDataRequest := false
|
||||
|
||||
# Default values, returned by OPA when rules cannot be evaluated to true.
|
||||
default AddARPNeighborsRequest := false
|
||||
default AddSwapPathRequest := false
|
||||
default AddSwapRequest := false
|
||||
default CloseStdinRequest := false
|
||||
default CopyFileRequest := false
|
||||
@@ -21,6 +22,8 @@ default CreateContainerRequest := false
|
||||
default CreateSandboxRequest := false
|
||||
default DestroySandboxRequest := true
|
||||
default ExecProcessRequest := false
|
||||
default GetIPTablesRequest := false
|
||||
default GetMetricsRequest := false
|
||||
default GetOOMEventRequest := true
|
||||
default GuestDetailsRequest := true
|
||||
default ListInterfacesRequest := false
|
||||
@@ -34,8 +37,10 @@ default ReadStreamRequest := false
|
||||
default RemoveContainerRequest := true
|
||||
default RemoveStaleVirtiofsShareMountsRequest := true
|
||||
default ReseedRandomDevRequest := false
|
||||
default ResizeVolumeRequest := false
|
||||
default ResumeContainerRequest := false
|
||||
default SetGuestDateTimeRequest := false
|
||||
default SetIPTablesRequest := false
|
||||
default SetPolicyRequest := false
|
||||
default SignalProcessRequest := true
|
||||
default StartContainerRequest := true
|
||||
@@ -47,6 +52,7 @@ default UpdateContainerRequest := false
|
||||
default UpdateEphemeralMountsRequest := false
|
||||
default UpdateInterfaceRequest := false
|
||||
default UpdateRoutesRequest := false
|
||||
default VolumeStatsRequest := false
|
||||
default WaitProcessRequest := true
|
||||
default WriteStreamRequest := false
|
||||
|
||||
|
||||
Reference in New Issue
Block a user