Fixing reviews and tests

Signed-off-by: Amit Schendel <[email protected]>
kubescape · Jul 16, 2024 · 3f59097 · 3f59097
1 parent 4f49212
commit 3f59097
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 12 deletions.
diff --git a/rules/unauthenticated-service/raw.rego b/rules/unauthenticated-service/raw.rego
@@ -17,18 +17,19 @@ deny contains msga if {
 	service_name := service.metadata.name
 	has_unauthenticated_service(service_name, service.metadata.namespace, service_scan_result)
 
-	# Path to the workload spec.
+	# Path to the service object
 	path := "spec"
 
 	msga := {
 		"alertMessage": sprintf("Unauthenticated service %v exposes %v", [service_name, wl.metadata.name]),
 		"alertScore": 7,
 		"fixPaths": [],
 		"reviewPaths": [path],
-		"failedPaths": [path],
+		"failedPaths": [],
 		"packagename": "armo_builtins",
-		"alertObject": {"k8sApiObjects": [wl]},
+		"alertObject": {"k8sApiObjects": [service]},
 		"relatedObjects": [
+			{"object": wl},
 			{"object": service},
 			{"object": service_scan_result},
 		],

diff --git a/rules/unauthenticated-service/test/fail_service/expected.json b/rules/unauthenticated-service/test/fail_service/expected.json
@@ -1,25 +1,59 @@
-[{
+[
+  {
     "alertMessage": "Unauthenticated service operator exposes operator",
     "alertObject": {
       "k8sApiObjects": [
         {
           "apiVersion": "v1",
-          "kind": "Pod",
+          "kind": "Service",
           "metadata": {
-            "name": "operator",
-            "labels": {
-              "app": "operator"
-            }
+            "name": "operator"
           }
         }
       ]
     },
     "alertScore": 7,
     "deletePaths": null,
-    "failedPaths": ["spec"],
+    "failedPaths": [],
     "fixPaths": [],
     "packagename": "armo_builtins",
     "relatedObjects": [
+      {
+        "deletePaths": null,
+        "failedPaths": null,
+        "fixPaths": null,
+        "object": {
+          "apiVersion": "v1",
+          "kind": "Pod",
+          "metadata": {
+            "labels": {
+              "app": "operator"
+            },
+            "name": "operator",
+            "namespace": "kubescape"
+          },
+          "spec": {
+            "containers": [
+              {
+                "image": "your-operator-image:latest",
+                "name": "operator-container",
+                "ports": [
+                  {
+                    "containerPort": 8080
+                  }
+                ],
+                "resources": {
+                  "limits": {
+                    "cpu": "1",
+                    "memory": "1Gi"
+                  }
+                }
+              }
+            ]
+          }
+        },
+        "reviewPaths": null
+      },
       {
         "deletePaths": null,
         "failedPaths": null,
@@ -80,5 +114,5 @@
     ],
     "reviewPaths": ["spec"],
     "ruleStatus": ""
-}
-]
+  }
+]