From c8f611093d092036ba1ae32730b9fade8bbca34b Mon Sep 17 00:00:00 2001
From: Makarii Balashov <me@ya-makariy.com>
Date: Mon, 8 Jul 2024 18:41:48 +0200
Subject: [PATCH] added a check for the absence of a tag at all

Signed-off-by: Makarii Balashov <me@ya-makariy.com>
---
 .../dockerfile-deny-latest-image.yaml         | 28 +++++++++++--------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/catalog/dockerfile/dockerfile-deny-latest-image.yaml b/catalog/dockerfile/dockerfile-deny-latest-image.yaml
index c5c687bb0..66758b07d 100644
--- a/catalog/dockerfile/dockerfile-deny-latest-image.yaml
+++ b/catalog/dockerfile/dockerfile-deny-latest-image.yaml
@@ -1,18 +1,24 @@
 apiVersion: json.kyverno.io/v1alpha1
 kind: ValidatingPolicy
 metadata:
-  name: dockerfile-deny-latest-image-tag
-  labels:
-    dockerfile.tags.kyverno.io: 'dockerfile'
   annotations:
+    description.policy.kyverno.io: This Policy ensures that no image uses the latest
+      tag in Dockerfile or not use tag at all.
     title.policy.kyverno.io: Dockerfile latest image tag not allowed
-    description.policy.kyverno.io: This Policy ensures that no image uses the latest tag in Dockerfile.
+  creationTimestamp: null
+  labels:
+    dockerfile.tags.kyverno.io: dockerfile
+  name: dockerfile-deny-latest-image-tag
 spec:
   rules:
-    - name: check-latest-tag
-      assert:
-        all:
-        - message: "Latest tag is not allowed"
-          check:
-            ~.(Stages[].From.Image):
-              (contains(@, ':latest')): false
\ No newline at end of file
+  - assert:
+      all:
+      - check:
+          ~.(Stages[].From.Image):
+            (contains(@, ':latest')): false
+        message: Latest tag is not allowed
+      - check:
+          ~.(Stages[].From.Image):
+            (!contains(@, ':')): false
+        message: Image without tag is not allowed
+    name: check-latest-tag
\ No newline at end of file