Multiple property paths

Sometimes, a property (key/value) that you want to test against will be located in multiple places. For example, if you want to create a custom rule that ensures all container images have a pinned version, you can avoid creating a rule logic that declares all possible paths because checking the value of the image property in two locations can be complex.

  • When kind is Deployment, the value of the property spec.template.spec.containers[].image should have a pinned version
  • When kind is Pod, the value of the property spec.containers[].image should have a pinned version

To avoid this complexity, you can write a JSON Schema with a rule logic that will define the common path and disregard all prefixes:

  • The value of the property **.spec.containers[].image should have a pinned version

Here is an example of what that would look like:

YAML

The above rule is enforcing the same logic as our built-in rule - ☑️ Ensure each container image has a pinned (tag) version