StepAction Policy
These rules are applied to Tekton StepAction definitions.
1. Tekton StepAction images policies
This package ensures that a StepAction definition contains a valid and allowed value for the image reference.
-
Package name:
image
1.1. Image comes from permitted registry
Confirm the StepAction uses a container image with a URL that matches one of the prefixes in the provided list of allowed step image registry prefixes. The list is customizeable via the allowed_step_image_registry_prefixes rule data key.
Solution: Make sure the container image used comes from an approved registry.
-
Rule type: FAILURE
-
FAILURE message:
Image ref %q is disallowed -
Code:
image.permitted
1.2. Image is accessible
Confirm the container image used in the StepTemplate is accessible.
Solution: Make sure the container image used in the StepTemplate is pushed to the registry and that it can be fetched.
-
Rule type: FAILURE
-
FAILURE message:
Image ref %q is inaccessible -
Code:
image.accessible
1.3. Rule data provided
Confirm the allowed_step_image_registry_prefixes rule data is provided.
Solution: Make sure the data sources contains a key 'allowed_step_image_registry_prefixes' that contains a list of approved registries.
-
Rule type: FAILURE
-
FAILURE message:
%s -
Code:
image.rule_data
2. Tekton StepAction kind checks
Policies to verify that a Tekton StepAction definition has the expected value for kind.
-
Package name:
kind
2.1. StepAction definition has expected kind
Confirm the StepAction definition has the kind "StepAction".
-
Rule type: FAILURE
-
FAILURE message:
Unexpected kind %q for StepAction definition -
Code:
kind.valid