From 39f0bf27cafd52bfa2a0181dc164fc743f814667 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9goire=20Martini?=
 <greg5813@users.noreply.github.com>
Date: Mon, 7 Oct 2024 17:58:46 +0200
Subject: [PATCH] Fix: rolebindingClusterAdminRole check

Fix additionalSchemaStrings templating
---
 pkg/config/checks/rolebindingClusterAdminRole.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/config/checks/rolebindingClusterAdminRole.yaml b/pkg/config/checks/rolebindingClusterAdminRole.yaml
index 2e5af37e0..16487ac0e 100644
--- a/pkg/config/checks/rolebindingClusterAdminRole.yaml
+++ b/pkg/config/checks/rolebindingClusterAdminRole.yaml
@@ -43,10 +43,10 @@ schemaString: |
               minLength: 1
 additionalSchemaStrings:
   rbac.authorization.k8s.io/Role: |
-    type: object
-    # This schema is validated for all roleBindings, regardless of their roleRef.
     {{ if eq .roleRef.kind "Role" }}
     {{ if and (not (hasPrefix .metadata.name "system:")) (ne .metadata.name "gce:podsecuritypolicy:calico-sa") }}
+    # This schema is validated for all roleBindings, regardless of their roleRef.
+    type: object
     required: ["metadata", "rules"]
     allOf:
       - properties: