1
0
mirror of https://github.com/sharkdp/bat.git synced 2025-01-19 12:24:17 +00:00

182 lines
24 KiB
Rego
Raw Normal View History

2021-05-30 08:49:42 +02:00
package k8sazureprocmount
test_input_container_not_proc_mount_allowed {
 input := { "review": input_review, "parameters": input_parameters_default}
 results := violation with input as input
 count(results) == 0
}
test_input_container_proc_mount_not_allowed {
 input := { "review": input_review_unmasked, "parameters": input_parameters_default}
 results := violation with input as input
 count(results) == 1
}
test_input_container_proc_mount_not_allowed_null_param {
 input := { "review": input_review_unmasked, "parameters": null }
 results := violation with input as input
 count(results) == 1
}
test_input_container_proc_mount_not_allowed_missing_param {
 input := { "review": input_review_unmasked }
 results := violation with input as input
 count(results) == 1
}
test_input_container_many_not_proc_mount_allowed {
 input := { "review": input_review_many, "parameters": input_parameters_default}
 results := violation with input as input
 count(results) == 0
}
test_input_container_many_mixed_proc_mount_not_allowed {
 input := { "review": input_review_many_mixed, "parameters": input_parameters_default}
 results := violation with input as input
 count(results) == 1
}
test_input_container_many_mixed_proc_mount_not_allowed_two {
 input := { "review": input_review_many_mixed_two, "parameters": input_parameters_default}
 results := violation with input as input
 count(results) == 2
}
test_input_container_proc_mount_case_insensitive {
 input := { "review": input_review, "parameters": input_parameters_default_lower}
 results := violation with input as input
 count(results) == 0
}
test_input_container_not_proc_mount_unmasked {
 input := { "review": input_review, "parameters": input_parameters_unmasked}
 results := violation with input as input
 count(results) == 0
}
test_input_container_proc_mount_unmasked {
 input := { "review": input_review_unmasked, "parameters": input_parameters_unmasked}
 results := violation with input as input
 count(results) == 0
}
test_input_container_many_mixed_proc_mount_allowed_two {
 input := { "review": input_review_many_mixed_two, "parameters": input_parameters_unmasked}
 results := violation with input as input
 count(results) == 0
}
input_review = {
 "object": {
 "metadata": {
 "name": "nginx"
 },
 "spec": {
 "containers": input_containers_one
 }
 }
}
input_review_unmasked = {
 "object": {
 "metadata": {
 "name": "nginx"
 },
 "spec": {
 "containers": input_containers_one_unmasked
 }
 }
}
input_review_many = {
 "object": {
 "metadata": {
 "name": "nginx"
 },
 "spec": {
 "containers": input_containers_many,
 "initContainers": input_containers_one
 }
 }
}
input_review_many_mixed = {
 "object": {
 "metadata": {
 "name": "nginx"
 },
 "spec": {
 "containers": input_containers_many,
 "initContainers": input_containers_one_unmasked
 }
 }
}
input_review_many_mixed_two = {
 "object": {
 "metadata": {
 "name": "nginx"
 },
 "spec": {
 "containers": input_containers_many_mixed,
 "initContainers": input_containers_one_unmasked
 }
 }
}
input_containers_one = [
{
 "name": "nginx",
 "image": "nginx",
 "securityContext": {
 "procMount": "Default"
 }
}]
input_containers_one_unmasked = [
{
 "name": "nginx",
 "image": "nginx",
 "securityContext": {
 "procMount": "Unmasked"
 }
}]
input_containers_many = [
{
 "name": "nginx",
 "image": "nginx",
 "securityContext": {
 "procMount": "Default"
 }
},
{
 "name": "nginx1",
 "image": "nginx"
},
{
 "name": "nginx2",
 "image": "nginx",
 "securityContext": {
 "runAsUser": "1000"
 }
}]
input_containers_many_mixed = [
{
 "name": "nginx",
 "image": "nginx",
 "securityContext": {
 "procMount": "Default"
 }
},
{
 "name": "nginx1",
 "image": "nginx",
 "securityContext": {
 "procMount": "Unmasked"
 }
}]
input_parameters_default = {
 "procMount": "Default"
}
input_parameters_default_lower = {
 "procMount": "default"
}
input_parameters_unmasked = {
 "procMount": "Unmasked"
}