Fix automountServiceAccountToken to allow SAs to be wildcarded

CHANGELOG.md

@@ -3,6 +3,10 @@
 Format: [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
 ---
+## [3.0.4-bb.20] - 2024-01-25
+### Changed
+- Fixed issue with kyverno policy related to wildcarding serviceAccounts in the automountServiceAccountToken clusterPolicy 
+
 ## [3.0.4-bb.19] - 2024-01-19
 ### Changed
 - ironbank/opensource/kubernetes/kubectl updated from v1.28.4 to v1.28.6

README.md

 # kyverno-policies
 
-![Version: 3.0.4-bb.19](https://img.shields.io/badge/Version-3.0.4--bb.19-informational?style=flat-square) ![AppVersion: v1.11.0](https://img.shields.io/badge/AppVersion-v1.11.0-informational?style=flat-square)
+![Version: 3.0.4-bb.20](https://img.shields.io/badge/Version-3.0.4--bb.20-informational?style=flat-square) ![AppVersion: v1.11.0](https://img.shields.io/badge/AppVersion-v1.11.0-informational?style=flat-square)
 
 Collection of Kyverno security and best-practice policies for Kyverno
 

chart/Chart.yaml

 apiVersion: v2
 name: kyverno-policies
-version: 3.0.4-bb.19
+version: 3.0.4-bb.20
 appVersion: v1.11.0
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
 description: Collection of Kyverno security and best-practice policies for Kyverno

chart/templates/update-automountserviceaccounttokens.yaml

@@ -58,7 +58,6 @@ spec:
     match:
       any:
       {{- range $v := (dig $name "namespaces" nil .Values.policies) }}
-      {{- if (dig "serviceAccounts" false .)  }}
       - resources:
           kinds:
           - ServiceAccount
@@ -69,7 +68,6 @@ spec:
           - {{ . }}
           {{- end }}
       {{- end }}
-      {{- end }}
     mutate:
       patchStrategicMerge:
         automountServiceAccountToken: false
@@ -148,4 +146,4 @@ spec:
     {{- end }}
 {{- end }}
 {{- end }}
-{{- end }}
+{{- end }}
\ No newline at end of file