From e8d93647fa7660be0dc688cba47d3ea1148624b4 Mon Sep 17 00:00:00 2001
From: Don Browne <don@stacklok.com>
Date: Fri, 26 Jul 2024 10:49:48 +0100
Subject: [PATCH] Remove `enabled` setting from secret_push_protection

This option is causing confusion, and it is unlikely that someone would
want to set up this rule type to check that secret push protection is
disabled.
---
 rule-types/github/secret_push_protection.yaml | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/rule-types/github/secret_push_protection.yaml b/rule-types/github/secret_push_protection.yaml
index 09614a9..8b440b4 100644
--- a/rule-types/github/secret_push_protection.yaml
+++ b/rule-types/github/secret_push_protection.yaml
@@ -27,9 +27,6 @@ def:
   # Defines the schema for writing a rule with this rule being checked
   rule_schema:
     properties:
-      enabled:
-        type: boolean
-        default: true
       skip_private_repos:
         type: boolean
         default: true
@@ -60,15 +57,9 @@ def:
         default skip := false
 
         allow if {
-          input.profile.enabled
           input.ingested.security_and_analysis.secret_scanning_push_protection.status == "enabled"
         }
 
-        allow if {
-          not input.profile.enabled
-          input.ingested.security_and_analysis.secret_scanning_push_protection.status == "disabled"
-        }
-
         skip if {
           input.profile.skip_private_repos == true
           input.ingested.private == true
@@ -79,11 +70,7 @@ def:
       method: PATCH
       endpoint: "/repos/{{.Entity.Owner}}/{{.Entity.Name}}"
       body: |
-        {{- if .Profile.enabled }}
         { "security_and_analysis": {"secret_scanning_push_protection": { "status": "enabled" } } }
-        {{- else }}
-        { "security_and_analysis": {"secret_scanning_push_protection": { "status": "disabled" } } }
-        {{- end }}
   # Defines the configuration for alerting on the rule
   alert:
     type: security_advisory