github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_client_ca_file_argument_test.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_client_ca_file_argument_test.rego (about)

     1  package builtin.kubernetes.KCV0081
     2  
     3  test_validate_kubelet_anonymous_auth_set_true {
     4  	r := deny with input as {
     5  		"apiVersion": "v1",
     6  		"kind": "NodeInfo",
     7  		"type": "master",
     8  		"info": {"kubeletClientCaFileArgumentSet": {"values": [""]}},
     9  	}
    10  
    11  	count(r) == 1
    12  }
    13  
    14  test_validate_kubelet_anonymous_auth_not_set {
    15  	r := deny with input as {
    16  		"apiVersion": "v1",
    17  		"kind": "NodeInfo",
    18  		"type": "master",
    19  		"info": {"kubeletClientCaFileArgumentSet": {"values": []}},
    20  	}
    21  
    22  	count(r) == 1
    23  }
    24  
    25  test_validate_kubelet_anonymous_auth_set_false {
    26  	r := deny with input as {
    27  		"apiVersion": "v1",
    28  		"kind": "NodeInfo",
    29  		"type": "worker",
    30  		"info": {"kubeletClientCaFileArgumentSet": {"values": ["/temp/file/ca"]}},
    31  	}
    32  
    33  	count(r) == 0
    34  }