Updates from Max's comments

open-policy-agent · Sep 16, 2021 · 63a047c · 63a047c
1 parent e6d2113
commit 63a047c
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 7 deletions.
diff --git a/library/pod-security-policy/apparmor/template.yaml b/library/pod-security-policy/apparmor/template.yaml
@@ -15,7 +15,7 @@ spec:
           type: object
           properties:
             allowedProfiles:
-              description: "An array of AppArmor profiles. Examples: runtime/default, unconfined."
+              description: "An array of AppArmor profiles. Examples: `runtime/default`, `unconfined`."
               type: array
               items:
                 type: string

diff --git a/library/pod-security-policy/capabilities/template.yaml b/library/pod-security-policy/capabilities/template.yaml
@@ -16,12 +16,12 @@ spec:
           properties:
             allowedCapabilities:
               type: array
-              description: "An allow-list of Linux capabilities."
+              description: "An list of Linux capabilities that can be added to a container."
               items:
                 type: string
             requiredDropCapabilities:
               type: array
-              description: "A disallow-list of Linux capabilities."
+              description: "A list of Linux capabilities that are required to be dropped from a container."
               items:
                 type: string
   targets:

diff --git a/library/pod-security-policy/flexvolume-drivers/template.yaml b/library/pod-security-policy/flexvolume-drivers/template.yaml
@@ -16,7 +16,7 @@ spec:
           properties:
             allowedFlexVolumes:
               type: array
-              description: "An array of AllowedFlexVolume objects with the single field: 'driver'."
+              description: "An array of AllowedFlexVolume objects."
               items:
                 type: object
                 properties:

diff --git a/library/pod-security-policy/fsgroup/template.yaml b/library/pod-security-policy/fsgroup/template.yaml
@@ -28,8 +28,10 @@ spec:
                 type: object
                 properties:
                   min:
+                    description: "The minimum GID in the range, inclusive."
                     type: integer
                   max:
+                    description: "The maximum GID in the range, inclusive."
                     type: integer
   targets:
     - target: admission.k8s.gatekeeper.sh

diff --git a/library/pod-security-policy/host-filesystem/template.yaml b/library/pod-security-policy/host-filesystem/template.yaml
@@ -20,12 +20,12 @@ spec:
               items:
                 type: object
                 properties:
-                  readOnly:
-                    type: boolean
-                    description: "when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly."
                   pathPrefix:
                     type: string
                     description: "The path prefix that the host volume must match."
+                  readOnly:
+                    type: boolean
+                    description: "when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly."
   targets:
     - target: admission.k8s.gatekeeper.sh
       rego: |