From f1f08291fc121a82789d9d2bbc2b5eda14d34514 Mon Sep 17 00:00:00 2001
From: YiscahLevySilas1 <yiscahls@armosec.io>
Date: Mon, 28 Aug 2023 16:19:50 +0300
Subject: [PATCH] validate sa kind

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>
---
 rules/serviceaccount-token-mount/raw.rego | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/serviceaccount-token-mount/raw.rego b/rules/serviceaccount-token-mount/raw.rego
index 7b5e6a47e..69b028120 100644
--- a/rules/serviceaccount-token-mount/raw.rego
+++ b/rules/serviceaccount-token-mount/raw.rego
@@ -6,6 +6,7 @@ deny[msga] {
     spec := object.get(wl, beggining_of_path, [])
 
     sa := input[_]
+    sa.kind == "ServiceAccount"
     is_same_sa(spec, sa.metadata.name)
     is_same_namespace(sa.metadata , wl.metadata)
     has_service_account_binding(sa)