Policy can't be started without all settings

[kravciak]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Policy requires all the settings to start.

When I fill settings only partially policy server won't start it with following errors:

# I don't fill any settings:
settings are not valid: Some("Invalid run_as_user settings: invalid rule.")

# I fill only run_as_user:
settings are not valid: Some("Invalid run_as_group settings: Invalid rule.")

# I fill run_as_user and run_as_group:
settings are not valid: Some("Invalid supplemental_groups settings: Invalid rule.")

To compare with original PSP - yaml copied from kubernetes.io docs: It defines only runAsUser settings.

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-2
spec:
  securityContext:
    runAsUser: 1000
  containers:
  - name: sec-ctx-demo-2
    image: gcr.io/google-samples/node-hello:1.0
    securityContext:
      runAsUser: 2000
      allowPrivilegeEscalation: false

Expected Behavior

Policy should require only some setting to start (or none of them).

To Reproduce

Start policy with following settings:

  settings:
    run_as_group:
      rule: RunAsAny