removed validationFailureAction and replaced by failureAction in folder argo,argo-cel,aws,best-practices

Signed-off-by: Rino Rondan <[email protected]>

Author: Rino Rondan

README.md

@@ -25,7 +25,7 @@ Anyone and everyone is welcome to write and contribute Kyverno policies! We have
 
 * Provide test resources (where possible) which allow your policy to be validated using the Kyverno CLI. See an example of a complete policy, resource, and test [here](https://github.com/kyverno/policies/tree/main/pod-security/baseline/disallow-capabilities). If unfamiliar with the Kyverno CLI and its test ability, please see the documentation [here](https://kyverno.io/docs/testing-policies/).
 
-* For `validate` rules, please set `validationFailureAction: Audit` so that should a user download and apply the policy without having a yet full understanding of Kyverno, it will not cause unintended harm to their environment by blocking resources.
+* For `validate` rules, please set `failureAction: Audit` so that should a user download and apply the policy without having a yet full understanding of Kyverno, it will not cause unintended harm to their environment by blocking resources.
 
 * String values do not need to be quoted nor do values which contain JMESPath expressions such as `{{request.operation}}`. The exception is if a field's value is *only* such an expression. In those cases, the JMESPath expression needs to be double quoted.
 
@@ -59,10 +59,11 @@ metadata:
     policies.kyverno.io/description: >-
       Adding capabilities beyond those listed in the policy must be disallowed.
 spec:
-  validationFailureAction: Audit
   background: true
   rules:
   - name: my-rule-name
+    validate:
+       failureAction: Audit
     match:
       any:
       - resources:

argo-cel/application-field-validation/application-field-validation.yaml

@@ -15,7 +15,6 @@ metadata:
       Path or chart must be specified but never both. And destination.name or
       destination.server must be specified but never both.
 spec:
-  validationFailureAction: Audit
   background: true
   rules:
     - name: source-path-chart
@@ -28,6 +27,7 @@ spec:
             - CREATE
             - UPDATE
       validate:
+        failureAction: Audit
         cel:
           expressions:
             - expression: >-
@@ -48,6 +48,7 @@ spec:
             - CREATE
             - UPDATE
       validate:
+        failureAction: Audit
         cel:
           expressions:
             - expression: >-

argo-cel/application-prevent-default-project/application-prevent-default-project.yaml

@@ -13,7 +13,6 @@ metadata:
     policies.kyverno.io/description: >-
       This policy prevents the use of the default project in an Application.
 spec:
-  validationFailureAction: Audit
   background: true
   rules:
     - name: default-project
@@ -26,6 +25,7 @@ spec:
             - CREATE
             - UPDATE
       validate:
+        failureAction: Audit
         cel:
           expressions:
             - expression: "object.spec.?project.orValue('') != 'default'"

argo-cel/application-prevent-updates-project/application-prevent-updates-project.yaml

@@ -12,7 +12,6 @@ metadata:
     policies.kyverno.io/description: >-
       This policy prevents updates to the project field after an Application is created.
 spec:
-  validationFailureAction: Audit
   background: true
   rules:
     - name: project-updates
@@ -25,6 +24,7 @@ spec:
         - name: "operation-should-be-update"
           expression: "request.operation == 'UPDATE'"
       validate:
+        failureAction: Audit
         cel:  
           expressions:
             - expression: "object.spec.project == oldObject.spec.project"

argo-cel/applicationset-name-matches-project/applicationset-name-matches-project.yaml

@@ -14,7 +14,6 @@ metadata:
       This policy ensures that the name of the ApplicationSet is the
       same value provided in the project.
 spec:
-  validationFailureAction: Audit
   background: true
   rules:
     - name: match-name
@@ -27,6 +26,7 @@ spec:
             - CREATE
             - UPDATE
       validate:
+        failureAction: Audit
         cel:
           expressions:
             - expression: "object.spec.template.spec.project == object.metadata.name"

argo-cel/appproject-clusterresourceblacklist/appproject-clusterresourceblacklist.yaml

@@ -17,7 +17,6 @@ metadata:
       enforce that all AppProjects specify clusterResourceBlacklist and that their group
       and kind have wildcards as values.
 spec:
-  validationFailureAction: Audit
   background: true
   rules:
     - name: has-wildcard-and-validate-clusterresourceblacklist
@@ -30,6 +29,7 @@ spec:
             - CREATE
             - UPDATE
       validate:
+        failureAction: Audit
         cel:
           expressions:
             - expression: "has(object.spec.clusterResourceBlacklist)"

argo/application-field-validation/application-field-validation.yaml

@@ -15,7 +15,6 @@ metadata:
       Path or chart must be specified but never both. And destination.name or
       destination.server must be specified but never both.
 spec:
-  validationFailureAction: Audit
   background: true
   rules:
     - name: source-path-chart
@@ -25,6 +24,7 @@ spec:
             kinds:
             - Application
       validate:
+        failureAction: Audit
         message: >-
           `spec.source.path` OR `spec.source.chart` should be specified but never both.
         anyPattern:
@@ -43,6 +43,7 @@ spec:
             kinds:
             - Application
       validate:
+        failureAction: Audit
         message: >-
           `spec.destination.server` OR `spec.destination.name` should be specified but never both.
         anyPattern:

argo/application-prevent-default-project/application-prevent-default-project.yaml

@@ -13,7 +13,6 @@ metadata:
     policies.kyverno.io/description: >-
       This policy prevents the use of the default project in an Application.
 spec:
-  validationFailureAction: Audit
   background: true
   rules:
     - name: default-project
@@ -28,6 +27,7 @@ spec:
           operator: NotEquals
           value: DELETE
       validate:
+        failureAction: Audit
         message: "The default project may not be used in an Application."
         pattern:
           spec:

argo/application-prevent-updates-project/application-prevent-updates-project.yaml

@@ -13,7 +13,6 @@ metadata:
     policies.kyverno.io/description: >-
       This policy prevents updates to the project field after an Application is created.
 spec:
-  validationFailureAction: Audit
   background: true
   rules:
     - name: project-updates
@@ -28,6 +27,7 @@ spec:
           operator: Equals
           value: UPDATE
       validate:
+        failureAction: Audit
         message: "The spec.project cannot be changed once the Application is created."
         deny:
           conditions:

argo/applicationset-name-matches-project/applicationset-name-matches-project.yaml

@@ -14,7 +14,6 @@ metadata:
       This policy ensures that the name of the ApplicationSet is the
       same value provided in the project.
 spec:
-  validationFailureAction: Audit
   background: true
   rules:
     - name: match-name
@@ -29,6 +28,7 @@ spec:
           operator: NotEquals
           value: DELETE
       validate:
+        failureAction: Audit
         message: "The name must match the project."
         pattern:
           spec: