only warn for some policies

2020-05-04 21:15:38 +02:00 · 2020-05-04 21:15:38 +02:00 · 6820c0ae9e
parent d14fbc6e17
commit 6820c0ae9e
2 changed files with 2 additions and 3 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -4,7 +4,6 @@ name: conftest
 steps:
 - name: policies
  image: instrumenta/conftest:latest
-  failure: ignore
  commands:
  - conftest test -p ./_test/policies ./
 - name: deprek8
--- a/_test/policies/deployment.rego
+++ b/_test/policies/deployment.rego
@ -1,12 +1,12 @@
 package main

-deny[msg] {
+warn[msg] {
  input.kind = "Deployment"
  not input.spec.template.spec.securityContext.runAsNonRoot = true
  msg = "Containers must not run as root"
 }

-deny[msg] {
+warn[msg] {
  input.kind = "Deployment"
  not input.spec.selector.matchLabels.app
  msg = "Containers must provide app label for pod selectors"