From 464802557d0f3754becb004e537987ee9b3e2aa8 Mon Sep 17 00:00:00 2001
From: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Date: Mon, 10 Jul 2023 23:15:45 +0530
Subject: [PATCH] fix: update kyverno policy

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
---
 configs/samples/kyverno-policy.yaml | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/configs/samples/kyverno-policy.yaml b/configs/samples/kyverno-policy.yaml
index b0ca735..c3455f1 100644
--- a/configs/samples/kyverno-policy.yaml
+++ b/configs/samples/kyverno-policy.yaml
@@ -5,6 +5,7 @@ metadata:
 spec:
   validationFailureAction: Enforce
   webhookTimeoutSeconds: 30
+  schemaValidation: false
   rules:
   - name: call-aws-signer-extension
     match:
@@ -15,12 +16,12 @@ spec:
           kinds:
           - Pod
     context:
-    - name: result
+    - name: response
       apiCall:
         method: POST
         data:
         - key: images
-          value: "{{ request.object.spec.[ephemeralContainers, initContainers, containers][].image }}"
+          value: "{{images}}"
         service:
           url: https://svc.kyverno-notation-aws/checkimages
           caBundle: |-
@@ -50,11 +51,18 @@ spec:
             ZzAbiSUwCgYIKoZIzj0EAwIDRwAwRAIgU3O7Qnk9PGCV4aXgZAXp0h4Iz2O7XUnP
             Ufv4SgD7neECIHLb+BDvRFPJ77FpfIYxBO70AHB7Kp0nWKCqyv3FK4aT
             -----END CERTIFICATE-----
-    validate:
-      message: "not allowed"
-      deny:
-        conditions:
-          all:
-          - key: "{{ result.verified }}"
-            operator: EQUALS
-            value: false
\ No newline at end of file
+    # validate:
+    #   message: "not allowed"
+    #   deny:
+    #     conditions:
+    #       all:
+    #       - key: "{{ response.verified }}"
+    #         operator: EQUALS
+    #         value: false
+    mutate:
+      foreach:
+      - list: "response.results"
+        patchesJson6902: |-
+            - path: {{ element.path }}
+              op: replace
+              value: {{ element.image }}
\ No newline at end of file