github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/cisbenchmarks/cni/pod_spec_permission_ownership_test.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/cisbenchmarks/cni/pod_spec_permission_ownership_test.rego (about)

     1  package builtin.kubernetes.KCV0057
     2  
     3  test_validate_spec_ownership_equal_root_root {
     4  	r := deny with input as {
     5  		"apiVersion": "v1",
     6  		"kind": "NodeInfo",
     7  		"type": "master",
     8  		"info": {"containerNetworkInterfaceFileOwnership": {"values": ["root:root"]}},
     9  	}
    10  
    11  	count(r) == 0
    12  }
    13  
    14  test_validate_spec_ownership_equal_user {
    15  	r := deny with input as {
    16  		"apiVersion": "v1",
    17  		"kind": "NodeInfo",
    18  		"type": "master",
    19  		"info": {"containerNetworkInterfaceFileOwnership": {"values": ["user:user"]}},
    20  	}
    21  
    22  	count(r) == 1
    23  }