From 2daed99957eb4c432a007ebc22b00eeaa08ccc82 Mon Sep 17 00:00:00 2001
From: Mathieu Parent <math.parent@gmail.com>
Date: Thu, 19 Sep 2024 13:49:50 +0200
Subject: [PATCH] fix: use newer seccompProfile spec in mutation

Older is ignored

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
---
 .../seccomp/samples/mutation.yaml             | 19 +++++++++++--------
 website/docs/mutation-examples/seccomp.md     | 19 +++++++++++--------
 2 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/mutation/pod-security-policy/seccomp/samples/mutation.yaml b/mutation/pod-security-policy/seccomp/samples/mutation.yaml
index 2f28058ab..fb45aba83 100644
--- a/mutation/pod-security-policy/seccomp/samples/mutation.yaml
+++ b/mutation/pod-security-policy/seccomp/samples/mutation.yaml
@@ -1,14 +1,17 @@
 apiVersion: mutations.gatekeeper.sh/v1
-kind: AssignMetadata
+kind: Assign
 metadata:
   name: k8spspseccomp
 spec:
-  match:
-    scope: Namespaced
-    kinds:
-    - apiGroups: [""]
-      kinds: ["Pod"]
-  location: metadata.annotations."seccomp.security.alpha.kubernetes.io/pod"
+  applyTo:
+  - groups: [""]
+    kinds: ["Pod"]
+    versions: ["v1"]
+  location: spec.securityContext.seccompProfile
   parameters:
+    pathTests:
+    - subPath: spec.securityContext.seccompProfile
+      condition: MustNotExist
     assign:
-      value: runtime/default
+      value:
+        type: RuntimeDefault
diff --git a/website/docs/mutation-examples/seccomp.md b/website/docs/mutation-examples/seccomp.md
index b6cfd7591..3719850b2 100644
--- a/website/docs/mutation-examples/seccomp.md
+++ b/website/docs/mutation-examples/seccomp.md
@@ -12,18 +12,21 @@ kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-
 ## Mutation Examples
 ```yaml
 apiVersion: mutations.gatekeeper.sh/v1
-kind: AssignMetadata
+kind: Assign
 metadata:
   name: k8spspseccomp
 spec:
-  match:
-    scope: Namespaced
-    kinds:
-    - apiGroups: [""]
-      kinds: ["Pod"]
-  location: metadata.annotations."seccomp.security.alpha.kubernetes.io/pod"
+  applyTo:
+  - groups: [""]
+    kinds: ["Pod"]
+    versions: ["v1"]
+  location: spec.securityContext.seccompProfile
   parameters:
+    pathTests:
+    - subPath: spec.securityContext.seccompProfile
+      condition: MustNotExist
     assign:
-      value: runtime/default
+      value:
+        type: RuntimeDefault
 
 ```
\ No newline at end of file