From 6820c0ae9e3f0b57ab80c5b47f3e340b48149f16 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@tobru.ch>
Date: Mon, 4 May 2020 21:15:38 +0200
Subject: [PATCH] only warn for some policies

---
 .drone.yml                     | 1 -
 _test/policies/deployment.rego | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index e287490..39d7a75 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -4,7 +4,6 @@ name: conftest
 steps:
 - name: policies
   image: instrumenta/conftest:latest
-  failure: ignore
   commands:
   - conftest test -p ./_test/policies ./
 - name: deprek8
diff --git a/_test/policies/deployment.rego b/_test/policies/deployment.rego
index 024424b..b1c4d36 100644
--- a/_test/policies/deployment.rego
+++ b/_test/policies/deployment.rego
@@ -1,12 +1,12 @@
 package main
 
-deny[msg] {
+warn[msg] {
   input.kind = "Deployment"
   not input.spec.template.spec.securityContext.runAsNonRoot = true
   msg = "Containers must not run as root"
 }
 
-deny[msg] {
+warn[msg] {
   input.kind = "Deployment"
   not input.spec.selector.matchLabels.app
   msg = "Containers must provide app label for pod selectors"