Tekton StepAction images policies Package
This package ensures that a StepAction definition contains a valid and allowed value for the image reference.
Rules Included
Image comes from permitted registry
Confirm the StepAction uses a container image with a URL that matches one of the prefixes in the provided list of allowed step image registry prefixes. The list is customizeable via the allowed_step_image_registry_prefixes rule data key.
Solution: Make sure the container image used comes from an approved registry.
-
Rule type: FAILURE
-
FAILURE message:
Image ref %q is disallowed -
Code:
image.permitted
Image is accessible
Confirm the container image used in the StepTemplate is accessible.
Solution: Make sure the container image used in the StepTemplate is pushed to the registry and that it can be fetched.
-
Rule type: FAILURE
-
FAILURE message:
Image ref %q is inaccessible -
Code:
image.accessible
Rule data provided
Confirm the allowed_step_image_registry_prefixes rule data is provided.
Solution: Make sure the data sources contains a key 'allowed_step_image_registry_prefixes' that contains a list of approved registries.
-
Rule type: FAILURE
-
FAILURE message:
%s -
Code:
image.rule_data