github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_file_permission_test.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_file_permission_test.rego (about)

     1  package builtin.kubernetes.KCV0073
     2  
     3  test_validate_kubelet_config_permission_equal_600 {
     4  	r := deny with input as {
     5  		"apiVersion": "v1",
     6  		"kind": "NodeInfo",
     7  		"type": "master",
     8  		"info": {"kubeletConfFilePermissions": {"values": [600]}},
     9  	}
    10  
    11  	count(r) == 0
    12  }
    13  
    14  test_validate_kublet_config_permission_lower_600 {
    15  	r := deny with input as {
    16  		"apiVersion": "v1",
    17  		"kind": "NodeInfo",
    18  		"type": "worker",
    19  		"info": {"kubeletConfFilePermissions": {"values": [500]}},
    20  	}
    21  
    22  	count(r) == 0
    23  }
    24  
    25  test_validate_kubelet_config_permission_no_result {
    26  	r := deny with input as {
    27  		"apiVersion": "v1",
    28  		"kind": "NodeInfo",
    29  		"type": "worker",
    30  		"info": {"kubeletConfFilePermissions": {"values": []}},
    31  	}
    32  
    33  	count(r) == 0
    34  }
    35  
    36  test_validate_kubelet_config_permission_higher_600 {
    37  	r := deny with input as {
    38  		"apiVersion": "v1",
    39  		"kind": "NodeInfo",
    40  		"type": "master",
    41  		"info": {"kubeletConfFilePermissions": {"values": [700]}},
    42  	}
    43  
    44  	count(r) == 1
    45  }