admission-control/manager: 2025/02/17 21:35:20.733920 evaluate_deploytime.go:106: Debug: Evaluating request &AdmissionRequest{UID:3a469625-7ae3-429f-8de3-8c67890ea279,Kind:autoscaling/v1, Kind=Scale,Resource:{apps v1 deployments},SubResource:scale,Name:nginx,Namespace:default,Operation:UPDATE,UserInfo:{kube:admin  [system:cluster-admins system:authenticated] .......,RequestKind:autoscaling/v1, Kind=Scale,RequestResource:apps/v1, Resource=deployments,RequestSubResource:scale,}
admission-control/manager: 2025/02/17 21:35:20.733970 evaluate_deploytime.go:112: Debug: Not bypassing UPDATE request on default/nginx [autoscaling/v1, Kind=Scale]
admission-control/manager: 2025/02/17 21:35:20.734106 evaluate_deploytime.go:137: Debug: Evaluating policies on id:"6a25ee4b-564c-4998-838f-9f884ca3aeba"  name:"nginx"  hash:1732657809438660397  type:"Deployment"  namespace:"default"  namespace_id:"51c8c679-0899-428a-bc64-c2dfbce24588"  replicas:3  labels:{key:"app"  value:"nginx"}  pod_labels:{key:"app"  value:"nginx"}  label_selector:{match_labels:{key:"app"  value:"nginx"}}  created:{seconds:1739825295}  cluster_id:"f3319a39-884e-4465-ac3c-a003136f5f4e"  containers:{id:"6a25ee4b-564c-4998-838f-9f884ca3aeba:nginx"  config:{}  image:{id:"sha256:088eea90c3d0a540ee5686e7d7471acbd4063b6e97eaf49b5e651665eb7f4dc7"  name:{registry:"docker.io"  remote:"library/nginx"  tag:"latest"  full_name:"docker.io/library/nginx:latest"}}  security_context:{}  resources:{}  name:"nginx"  liveness_probe:{}  readiness_probe:{}}  service_account:"default"  service_account_permission_level:NONE  automount_service_account_token:true  state_timestamp:1739827889595449
admission-control/manager: 2025/02/17 21:35:20.734376 evaluate_deploytime.go:176: Debug: Violated policies: 1, rejecting UPDATE request on default/nginx [autoscaling/v1, Kind=Scale]
admission-control/service: 2025/02/17 21:35:20.734486 service.go:125: Debug: Sending admission review: {"kind":"AdmissionReview","apiVersion":"admission.k8s.io/v1","response":{"uid":"3a469625-7ae3-429f-8de3-8c67890ea279","allowed":false,"status":{"metadata":{},"status":"Failure","message":"\nThe attempted operation violated 1 enforced policy, described below:\n\nPolicy: Boo Test policy\n- Description:\n    ↳ \n- Rationale:\n    ↳ \n- Remediation:\n    ↳ \n- Violations:\n    - Container 'nginx' has image with tag 'latest'\n\n\nIn case of emergency, add the annotation {\"admission.stackrox.io/break-glass\": \"ticket-1234\"} to your deployment with an updated ticket number\n\n","reason":"Failed currently enforced policies from StackRox"}}}
admission-control/alerts: 2025/02/17 21:35:20.734667 sender.go:113: Debug: Sending 1 alert results to Sensor

ksanchet@ksanchet-mac:~/go/src/github.com/stackrox/stackrox/deploy/openshift$ oc -n default scale deploy/nginx --replicas=5
Error from server (Failed currently enforced policies from StackRox): admission webhook "policyeval.stackrox.io" denied the request: 
The attempted operation violated 1 enforced policy, described below:

Policy: Boo Test policy
- Description:
   ↳ 
- Rationale:
   ↳ 
- Remediation:
   ↳ 
- Violations:
   - Container 'nginx' has image with tag 'latest'


In case of emergency, add the annotation {"admission.stackrox.io/break-glass": "ticket-1234"} to your deployment with an updated ticket number

ksanchet@ksanchet-mac:~/go/src/github.com/stackrox/stackrox/deploy/openshift$ kubectl -n default edit deploy/nginx
error: deployments.apps "nginx" could not be patched: admission webhook "policyeval.stackrox.io" denied the request: 
The attempted operation violated 1 enforced policy, described below:

Policy: Boo Test policy
- Description:
    ↳ 
- Rationale:
    ↳ 
- Remediation:
    ↳ 
- Violations:
    - Container 'nginx' has image with tag 'latest'


In case of emergency, add the annotation {"admission.stackrox.io/break-glass": "ticket-1234"} to your deployment with an updated ticket number


You can run `kubectl replace -f /var/folders/f2/mx8qpbtd0fs_23ln92y_d7m40000gn/T/kubectl-edit-7uary.yaml` to try this update again.