github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/advanced/default_namespace_should_not_be_used_test.rego (about) 1 package builtin.kubernetes.KSV110 2 3 test_pod_with_default_namespace { 4 r := deny with input as { 5 "apiVersion": "v1", 6 "kind": "Pod", 7 "metadata": { 8 "creationTimestamp": "2022-01-12T10:28:20Z", 9 "labels": { 10 "app": "redis", 11 "role": "master", 12 "tier": "backend", 13 }, 14 "name": "redis-master-85547b7b9-fxnrp", 15 "namespace": "default", 16 "resourceVersion": "443282", 17 }, 18 "spec": {"containers": [{ 19 "image": "redis", 20 "imagePullPolicy": "Always", 21 "name": "master", 22 "terminationMessagePath": "/dev/termination-log", 23 "terminationMessagePolicy": "File", 24 "volumeMounts": [{ 25 "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount", 26 "name": "kube-api-access-85g42", 27 "readOnly": true, 28 }], 29 }]}, 30 } 31 32 count(r) == 1 33 } 34 35 test_pod_non_default_namespace { 36 r := deny with input as { 37 "apiVersion": "v1", 38 "kind": "Pod", 39 "metadata": { 40 "creationTimestamp": "2022-01-12T10:28:20Z", 41 "labels": { 42 "component": "kube-apiserver", 43 "app": "redis", 44 "role": "master", 45 "tier": "control-plane", 46 }, 47 "name": "redis-master-85547b7b9-fxnrp", 48 "namespace": "my-system", 49 "resourceVersion": "443282", 50 }, 51 "spec": { 52 "containers": [{ 53 "image": "redis", 54 "imagePullPolicy": "Always", 55 "name": "master", 56 "terminationMessagePath": "/dev/termination-log", 57 "terminationMessagePolicy": "File", 58 "volumeMounts": [{ 59 "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount", 60 "name": "kube-api-access-85g42", 61 "readOnly": true, 62 }], 63 }], 64 "priorityClassName": "system-node-critical", 65 }, 66 } 67 68 count(r) == 0 69 }