Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
--violations
flag).--json-indent
flag, useful for shrinking output size.targets
set to define the violations they produce, instead of the checkXXX
variables. A policy that defined checkServiceAccounts := true
and checkNodes := true
for example, would now need to replace these with targets := {"serviceAccounts", "nodes"}
. The policy library has been updated. Custom policies can be updated using the ./utils/update_policy_to_use_targets.py
script.--no-XXX-violations
flags have been replaced with a new --violations
flag, see configure-violation-types.