Feature: audit-scanner should create synthetic requests for subresources

Question

Feature: audit-scanner should create synthetic requests for subresources

Opened this issue 5 months ago · 0 comments

From kubewarden/allowed-proc-mount-types-psp-policy#58 (comment):

When looking into policies that have subresources as targets, things get complicated... because we have to generate a different request. See the 1st example here: the scale sub-resource of a Deployment has been changed, the policy is going not going to receive the whole Deployment inside of admissionreview.request.object, but the Scale object.

Acceptance criteria

Check that audit-scanner can create admissionReviewRequests for subresources and treat thet as any other request. If not,
Ensure that https://github.com/kubewarden/audit-scanner/blob/main/internal/scanner/admission_request.go can deal with subresources.
Add a test with a subresource.