github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/aquacommercial/service_with_externalip_test.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/aquacommercial/service_with_externalip_test.rego (about)

     1  package builtin.kubernetes.KSV0108
     2  
     3  test_service_with_externalip_denied {
     4  	r := deny with input as {
     5  		"apiVersion": "v1",
     6  		"kind": "Service",
     7  		"metadata": {"name": "service_with_externalip"},
     8  		"spec": {
     9  			"ports": [{
    10  				"name": "http",
    11  				"port": 80,
    12  				"protocol": "TCP",
    13  				"targetPort": 9376,
    14  			}],
    15  			"selector": {"app.kubernetes.io/name": "MyApp"},
    16  			"externalIPs": ["192.168.0.106"],
    17  		},
    18  	}
    19  
    20  	count(r) == 1
    21  	r[_].msg == "Service 'service_with_externalip' in 'default' namespace should not set external IPs or external Name"
    22  }
    23  
    24  test_service_with_externalip_allowed {
    25  	r := deny with input as {
    26  		"apiVersion": "v1",
    27  		"kind": "Service",
    28  		"metadata": {"name": "service_with_externalip"},
    29  		"spec": {
    30  			"ports": [{
    31  				"name": "http",
    32  				"port": 80,
    33  				"protocol": "TCP",
    34  				"targetPort": 9376,
    35  			}],
    36  			"selector": {"app.kubernetes.io/name": "MyApp"},
    37  		},
    38  	}
    39  
    40  	count(r) == 0
    41  }