github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/dynamic/outdated_api_test.rego (about) 1 package defsec.kubernetes.KSV107 2 3 recommendedVersions_mock_data = {"batch/v1": {"Job": { 4 "deprecation_version": "v1.21", 5 "replacement_version": "batch.v1.CronJobList", 6 "removed_version": "v1.25", 7 "ref": "https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/api/batch/v1beta1/zz_generated.prerelease-lifecycle.go", 8 }}} 9 10 test_eval_k8s_api_with_data_match { 11 r := deny with input as { 12 "apiVersion": "batch/v1", 13 "kind": "Job", 14 "metadata": {"name": "pi"}, 15 "spec": { 16 "template": {"spec": { 17 "containers": [{ 18 "name": "pi", 19 "image": "perl:5.34.0", 20 "command": [ 21 "perl", 22 "-Mbignum=bpi", 23 "-wle", 24 "print bpi(2000)", 25 ], 26 }], 27 "restartPolicy": "Never", 28 }}, 29 "backoffLimit": 4, 30 }, 31 } 32 with recommendedVersions as recommendedVersions_mock_data 33 34 count(r) > 0 35 } 36 37 test_eval_k8s_api_with_data_do_not_match { 38 r := deny with input as { 39 "apiVersion": "batch/v2", 40 "kind": "Job", 41 "metadata": {"name": "pi"}, 42 "spec": { 43 "template": {"spec": { 44 "containers": [{ 45 "name": "pi", 46 "image": "perl:5.34.0", 47 "command": [ 48 "perl", 49 "-Mbignum=bpi", 50 "-wle", 51 "print bpi(2000)", 52 ], 53 }], 54 "restartPolicy": "Never", 55 }}, 56 "backoffLimit": 4, 57 }, 58 } 59 with recommendedVersions as recommendedVersions_mock_data 60 61 count(r) == 0 62 }