From 7f0d8c79e337ca27387965a5c761eb0c5b731ccc Mon Sep 17 00:00:00 2001
From: Micah Nagel <micah.nagel@defenseunicorns.com>
Date: Fri, 3 May 2024 08:27:03 -0600
Subject: [PATCH] fix: mismatched exemption/policy for DropAllCapabilities
 (#384)

## Description

Fixes a mismatched check.

## Type of change

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request)
followed
---
 src/pepr/policies/security.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/pepr/policies/security.ts b/src/pepr/policies/security.ts
index 779c2ba35..a87a4af34 100644
--- a/src/pepr/policies/security.ts
+++ b/src/pepr/policies/security.ts
@@ -314,7 +314,9 @@ When(a.Pod)
   .IsCreatedOrUpdated()
   .Mutate(request => {
     markExemption(Policy.DropAllCapabilities)(request);
-    if (request.HasAnnotation(`uds-core.pepr.dev/uds-core-policies.${Policy.RequireNonRootUser}`)) {
+    if (
+      request.HasAnnotation(`uds-core.pepr.dev/uds-core-policies.${Policy.DropAllCapabilities}`)
+    ) {
       return;
     }