Policy rules are not working for AdmissionPolicy

We can `kwctl scaffold` admission policy yaml, but result it's not accepted by kubectl.
We have the same yaml in UI, where rules are disabled so user won't edit them manually (but still possible in YAML editor)

```
~ kwctl scaffold manifest -t AdmissionPolicy registry://ghcr.io/kubewarden/policies/safe-labels:v1.0.9
apiVersion: policies.kubewarden.io/v1
kind: AdmissionPolicy
metadata:
  annotations:
    io.kubewarden.policy.category: Resource validation
    io.kubewarden.policy.severity: low
  name: safe-labels
spec:
  module: registry://ghcr.io/kubewarden/policies/safe-labels:v1.0.9
  settings: {}
  rules:
  - apiGroups:
    - '*'
    apiVersions:
    - '*'
    resources:
    - '*'
    operations:
    - CREATE
    - UPDATE
  mutating: false
  backgroundAudit: false

~ kwctl scaffold manifest -t AdmissionPolicy registry://ghcr.io/kubewarden/policies/safe-labels:v1.0.9 | kubectl apply -f -
The AdmissionPolicy "safe-labels" is invalid: 
* spec.rules.apiGroups[0]: Forbidden: apiGroups cannot use wildcards when using AdmissionPolicy or AdmissionPolicyGroup
* spec.rules.resources[0]: Forbidden: resources cannot use wildcards when using AdmissionPolicy or AdmissionPolicyGroup
* spec.rules: Forbidden: {APIGroup: wgpolicyk8s.io, Resource: policyreports} resources cannot be targeted by AdmissionPolicy or AdmissionPolicyGroup
```

This is also na issue on safe-annotations policy (and I guess others as well)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Policy rules are not working for AdmissionPolicy #396

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Policy rules are not working for AdmissionPolicy #396

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions