github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/advanced/optional/use_resource_quota_test.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/advanced/optional/use_resource_quota_test.rego (about)

     1  package builtin.kubernetes.KSV040
     2  
     3  test_use_resource_quota_configure {
     4  	r := deny with input as {
     5  		"apiVersion": "v1",
     6  		"kind": "ResourceQuota",
     7  		"metadata": {"name": "mem-cpu-demo"},
     8  		"spec": {"hard": {
     9  			"requests.cpu": "1",
    10  			"requests.memory": "1Gi",
    11  			"limits.cpu": "2",
    12  			"limits.memory": "2Gi",
    13  		}},
    14  	}
    15  
    16  	count(r) == 0
    17  }
    18  
    19  test_use_resource_quota_configure_no_hard {
    20  	r := deny with input as {
    21  		"apiVersion": "v1",
    22  		"kind": "ResourceQuota",
    23  		"metadata": {"name": "mem-cpu-demo"},
    24  		"spec": {},
    25  	}
    26  
    27  	r[_].msg == "resource quota policy with hard memory and cpu quota per namespace should be configure"
    28  }
    29  
    30  test_use_resource_quota_configure_no_request_cpu {
    31  	r := deny with input as {
    32  		"apiVersion": "v1",
    33  		"kind": "ResourceQuota",
    34  		"metadata": {"name": "mem-cpu-demo"},
    35  		"spec": {"hard": {
    36  			"requests.memory": "1Gi",
    37  			"limits.cpu": "2",
    38  			"limits.memory": "2Gi",
    39  		}},
    40  	}
    41  
    42  	r[_].msg == "resource quota policy with hard memory and cpu quota per namespace should be configure"
    43  }
    44  
    45  test_use_resource_quota_configure_no_request_memory {
    46  	r := deny with input as {
    47  		"apiVersion": "v1",
    48  		"kind": "ResourceQuota",
    49  		"metadata": {"name": "mem-cpu-demo"},
    50  		"spec": {"hard": {
    51  			"requests.cpu": "1",
    52  			"limits.cpu": "2",
    53  			"limits.memory": "2Gi",
    54  		}},
    55  	}
    56  
    57  	r[_].msg == "resource quota policy with hard memory and cpu quota per namespace should be configure"
    58  }
    59  
    60  test_use_resource_quota_configure_no_limits_cpu {
    61  	r := deny with input as {
    62  		"apiVersion": "v1",
    63  		"kind": "ResourceQuota",
    64  		"metadata": {"name": "mem-cpu-demo"},
    65  		"spec": {"hard": {
    66  			"requests.cpu": "1",
    67  			"requests.memory": "1Gi",
    68  			"limits.memory": "2Gi",
    69  		}},
    70  	}
    71  
    72  	r[_].msg == "resource quota policy with hard memory and cpu quota per namespace should be configure"
    73  }
    74  
    75  test_use_resource_quota_configure_no_limits_memory {
    76  	r := deny with input as {
    77  		"apiVersion": "v1",
    78  		"kind": "ResourceQuota",
    79  		"metadata": {"name": "mem-cpu-demo"},
    80  		"spec": {"hard": {
    81  			"requests.cpu": "1",
    82  			"requests.memory": "1Gi",
    83  			"limits.cpu": "2",
    84  		}},
    85  	}
    86  
    87  	r[_].msg == "resource quota policy with hard memory and cpu quota per namespace should be configure"
    88  }