1
0
mirror of https://github.com/sharkdp/bat.git synced 2025-01-19 04:21:06 +00:00
2021-06-01 22:36:56 +02:00

182 lines
24 KiB
Rego
Vendored
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package k8sazureprocmount
test_input_container_not_proc_mount_allowed {
 input := { "review": input_review, "parameters": input_parameters_default}
 results := violation with input as input
 count(results) == 0
}
test_input_container_proc_mount_not_allowed {
 input := { "review": input_review_unmasked, "parameters": input_parameters_default}
 results := violation with input as input
 count(results) == 1
}
test_input_container_proc_mount_not_allowed_null_param {
 input := { "review": input_review_unmasked, "parameters": null }
 results := violation with input as input
 count(results) == 1
}
test_input_container_proc_mount_not_allowed_missing_param {
 input := { "review": input_review_unmasked }
 results := violation with input as input
 count(results) == 1
}
test_input_container_many_not_proc_mount_allowed {
 input := { "review": input_review_many, "parameters": input_parameters_default}
 results := violation with input as input
 count(results) == 0
}
test_input_container_many_mixed_proc_mount_not_allowed {
 input := { "review": input_review_many_mixed, "parameters": input_parameters_default}
 results := violation with input as input
 count(results) == 1
}
test_input_container_many_mixed_proc_mount_not_allowed_two {
 input := { "review": input_review_many_mixed_two, "parameters": input_parameters_default}
 results := violation with input as input
 count(results) == 2
}
test_input_container_proc_mount_case_insensitive {
 input := { "review": input_review, "parameters": input_parameters_default_lower}
 results := violation with input as input
 count(results) == 0
}
test_input_container_not_proc_mount_unmasked {
 input := { "review": input_review, "parameters": input_parameters_unmasked}
 results := violation with input as input
 count(results) == 0
}
test_input_container_proc_mount_unmasked {
 input := { "review": input_review_unmasked, "parameters": input_parameters_unmasked}
 results := violation with input as input
 count(results) == 0
}
test_input_container_many_mixed_proc_mount_allowed_two {
 input := { "review": input_review_many_mixed_two, "parameters": input_parameters_unmasked}
 results := violation with input as input
 count(results) == 0
}
input_review = {
 "object": {
 "metadata": {
 "name": "nginx"
 },
 "spec": {
 "containers": input_containers_one
 }
 }
}
input_review_unmasked = {
 "object": {
 "metadata": {
 "name": "nginx"
 },
 "spec": {
 "containers": input_containers_one_unmasked
 }
 }
}
input_review_many = {
 "object": {
 "metadata": {
 "name": "nginx"
 },
 "spec": {
 "containers": input_containers_many,
 "initContainers": input_containers_one
 }
 }
}
input_review_many_mixed = {
 "object": {
 "metadata": {
 "name": "nginx"
 },
 "spec": {
 "containers": input_containers_many,
 "initContainers": input_containers_one_unmasked
 }
 }
}
input_review_many_mixed_two = {
 "object": {
 "metadata": {
 "name": "nginx"
 },
 "spec": {
 "containers": input_containers_many_mixed,
 "initContainers": input_containers_one_unmasked
 }
 }
}
input_containers_one = [
{
 "name": "nginx",
 "image": "nginx",
 "securityContext": {
 "procMount": "Default"
 }
}]
input_containers_one_unmasked = [
{
 "name": "nginx",
 "image": "nginx",
 "securityContext": {
 "procMount": "Unmasked"
 }
}]
input_containers_many = [
{
 "name": "nginx",
 "image": "nginx",
 "securityContext": {
 "procMount": "Default"
 }
},
{
 "name": "nginx1",
 "image": "nginx"
},
{
 "name": "nginx2",
 "image": "nginx",
 "securityContext": {
 "runAsUser": "1000"
 }
}]
input_containers_many_mixed = [
{
 "name": "nginx",
 "image": "nginx",
 "securityContext": {
 "procMount": "Default"
 }
},
{
 "name": "nginx1",
 "image": "nginx",
 "securityContext": {
 "procMount": "Unmasked"
 }
}]
input_parameters_default = {
 "procMount": "Default"
}
input_parameters_default_lower = {
 "procMount": "default"
}
input_parameters_unmasked = {
 "procMount": "Unmasked"
}