github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_yaml_ownership_test.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/cisbenchmarks/kubelet/kubelet_config_yaml_ownership_test.rego (about)

     1  package builtin.kubernetes.KCV0078
     2  
     3  test_validate_kubelet_config_yaml_ownership_equal_root_root {
     4  	r := deny with input as {
     5  		"apiVersion": "v1",
     6  		"kind": "NodeInfo",
     7  		"type": "master",
     8  		"info": {"kubeletConfigYamlConfigurationFileOwnership": {"values": ["root:root"]}},
     9  	}
    10  
    11  	count(r) == 0
    12  }
    13  
    14  test_validate_kubelet_config_yaml_ownership_no_results {
    15  	r := deny with input as {
    16  		"apiVersion": "v1",
    17  		"kind": "NodeInfo",
    18  		"type": "master",
    19  		"info": {"kubeletConfigYamlConfigurationFileOwnership": {"values": []}},
    20  	}
    21  
    22  	count(r) == 0
    23  }
    24  
    25  test_validate_kubelet_config_yaml_ownership_equal_user {
    26  	r := deny with input as {
    27  		"apiVersion": "v1",
    28  		"kind": "NodeInfo",
    29  		"type": "worker",
    30  		"info": {"kubeletConfigYamlConfigurationFileOwnership": {"values": ["user:user"]}},
    31  	}
    32  
    33  	count(r) == 1
    34  }