Improve ACR (azurecr.io) example regex

[SimonAlling]

The old version, ^.+azurecr.io/.+$, has four problems:

• Strings like evil.com/contoso.azurecr.io/foo match.
• Strings like evilazurecr.io/foo match.
• Strings like contoso.azurecraio/foo match.
• "Unescaped forward slash. This may cause issues if copying/pasting this expression into code." — RegExr

The new version, ^[^/]+\.azurecr\.io\/.+$, has four fixes, respectively:

• A literal / is not allowed before azurecr (in the subdomain).
• A literal . is required directly before azurecr.
• A literal . is required between azurecr and io.
• The / is escaped with a backslash.

Useful command for viewing this commit:

git show --color-words=.

[pilor]

Thanks for the contribution. As mentioned here commits are not taken to built-ins in this repo but we will get the right internal folks to take a look at this. @RamyasreeChakka can you handle next steps since this is kubernetes related?

[RamyasreeChakka]

• @Azure/azure-policy-kubernetes-contributors - FYI

[lindhe]

FYI that's a 404.

[RamyasreeChakka]

Thanks for the contribution. As mentioned here commits are not taken to built-ins in this repo but we will get the right internal folks to take a look at this. @RamyasreeChakka Ramyasree Chakka FTE can you handle next steps since this is kubernetes related?

@pilor and @SimonAlling - Thank you, AKS policy team will review the PR and incorporate the changes in built-ins if fitting.

[SimonAlling]

Status, @RamyasreeChakka?

[RamyasreeChakka]

Status, @RamyasreeChakka?

@Amirzadehm @feruilob @nreisch - can you take a look at this PR?

[fseldow]

@RamyasreeChakka I think I already pick up this change in internal repo https://github.com/Azure/azure-policy/blob/914cf50c1bb326c0540b4b06df3f6d762b11a88c/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedImages.json#L108