genpolicy: add missing default rules for AgentService RPCs

Six AgentService RPC request types were missing default rule entries in
rules.rego, meaning genpolicy-generated policies would not include them
in their output and the entries would be absent from reference policies.
All six already have is_allowed gates in the agent RPC handlers.

Add the missing defaults and set them all to false

Generated-By: IBM Bob
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman
2026-06-25 16:40:33 +01:00
parent f490684636
commit 5c02ef1335

View File

@@ -14,6 +14,7 @@ default GetDiagnosticDataRequest := false
# Default values, returned by OPA when rules cannot be evaluated to true.
default AddARPNeighborsRequest := false
default AddSwapPathRequest := false
default AddSwapRequest := false
default CloseStdinRequest := false
default CopyFileRequest := false
@@ -21,6 +22,8 @@ default CreateContainerRequest := false
default CreateSandboxRequest := false
default DestroySandboxRequest := true
default ExecProcessRequest := false
default GetIPTablesRequest := false
default GetMetricsRequest := false
default GetOOMEventRequest := true
default GuestDetailsRequest := true
default ListInterfacesRequest := false
@@ -34,8 +37,10 @@ default ReadStreamRequest := false
default RemoveContainerRequest := true
default RemoveStaleVirtiofsShareMountsRequest := true
default ReseedRandomDevRequest := false
default ResizeVolumeRequest := false
default ResumeContainerRequest := false
default SetGuestDateTimeRequest := false
default SetIPTablesRequest := false
default SetPolicyRequest := false
default SignalProcessRequest := true
default StartContainerRequest := true
@@ -47,6 +52,7 @@ default UpdateContainerRequest := false
default UpdateEphemeralMountsRequest := false
default UpdateInterfaceRequest := false
default UpdateRoutesRequest := false
default VolumeStatsRequest := false
default WaitProcessRequest := true
default WriteStreamRequest := false