github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/aquacommercial/configMap_with_secrets_test.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/aquacommercial/configMap_with_secrets_test.rego (about)

     1  package builtin.kubernetes.KSV0109
     2  
     3  test_configMap_with_secrets_denied {
     4  	r := deny with input as {
     5  		"apiVersion": "v1",
     6  		"kind": "ConfigMap",
     7  		"metadata": {"name": "cm-with-secrets"},
     8  		"data": {
     9  			"password": "password123",
    10  			"secretkey": "test",
    11  		},
    12  	}
    13  
    14  	count(r) == 1
    15  	r[_].msg == "ConfigMap 'cm-with-secrets' in 'default' namespace stores secrets in key(s) or value(s) '{\"password\", \"secretkey\"}'"
    16  }
    17  
    18  test_configMap_with_secrets_allowed {
    19  	r := deny with input as {
    20  		"apiVersion": "v1",
    21  		"kind": "ConfigMap",
    22  		"metadata": {"name": "cm-with-secrets"},
    23  		"data": {
    24  			"color.good": "blue",
    25  			"color.bad": "yellow",
    26  		},
    27  	}
    28  
    29  	count(r) == 0
    30  }