From 3f59097a5e2027f064408f4fbf1ba96b78e2afa1 Mon Sep 17 00:00:00 2001
From: Amit Schendel <amitschendel@gmail.com>
Date: Tue, 16 Jul 2024 17:50:47 +0300
Subject: [PATCH] Fixing reviews and tests

Signed-off-by: Amit Schendel <amitschendel@gmail.com>
---
 rules/unauthenticated-service/raw.rego        |  7 +--
 .../test/fail_service/expected.json           | 52 +++++++++++++++----
 2 files changed, 47 insertions(+), 12 deletions(-)

diff --git a/rules/unauthenticated-service/raw.rego b/rules/unauthenticated-service/raw.rego
index 9638b898..950b484e 100644
--- a/rules/unauthenticated-service/raw.rego
+++ b/rules/unauthenticated-service/raw.rego
@@ -17,7 +17,7 @@ deny contains msga if {
 	service_name := service.metadata.name
 	has_unauthenticated_service(service_name, service.metadata.namespace, service_scan_result)
 
-	# Path to the workload spec.
+	# Path to the service object
 	path := "spec"
 
 	msga := {
@@ -25,10 +25,11 @@ deny contains msga if {
 		"alertScore": 7,
 		"fixPaths": [],
 		"reviewPaths": [path],
-		"failedPaths": [path],
+		"failedPaths": [],
 		"packagename": "armo_builtins",
-		"alertObject": {"k8sApiObjects": [wl]},
+		"alertObject": {"k8sApiObjects": [service]},
 		"relatedObjects": [
+			{"object": wl},
 			{"object": service},
 			{"object": service_scan_result},
 		],
diff --git a/rules/unauthenticated-service/test/fail_service/expected.json b/rules/unauthenticated-service/test/fail_service/expected.json
index 033ae1ea..bd3170cf 100644
--- a/rules/unauthenticated-service/test/fail_service/expected.json
+++ b/rules/unauthenticated-service/test/fail_service/expected.json
@@ -1,25 +1,59 @@
-[{
+[
+  {
     "alertMessage": "Unauthenticated service operator exposes operator",
     "alertObject": {
       "k8sApiObjects": [
         {
           "apiVersion": "v1",
-          "kind": "Pod",
+          "kind": "Service",
           "metadata": {
-            "name": "operator",
-            "labels": {
-              "app": "operator"
-            }
+            "name": "operator"
           }
         }
       ]
     },
     "alertScore": 7,
     "deletePaths": null,
-    "failedPaths": ["spec"],
+    "failedPaths": [],
     "fixPaths": [],
     "packagename": "armo_builtins",
     "relatedObjects": [
+      {
+        "deletePaths": null,
+        "failedPaths": null,
+        "fixPaths": null,
+        "object": {
+          "apiVersion": "v1",
+          "kind": "Pod",
+          "metadata": {
+            "labels": {
+              "app": "operator"
+            },
+            "name": "operator",
+            "namespace": "kubescape"
+          },
+          "spec": {
+            "containers": [
+              {
+                "image": "your-operator-image:latest",
+                "name": "operator-container",
+                "ports": [
+                  {
+                    "containerPort": 8080
+                  }
+                ],
+                "resources": {
+                  "limits": {
+                    "cpu": "1",
+                    "memory": "1Gi"
+                  }
+                }
+              }
+            ]
+          }
+        },
+        "reviewPaths": null
+      },
       {
         "deletePaths": null,
         "failedPaths": null,
@@ -80,5 +114,5 @@
     ],
     "reviewPaths": ["spec"],
     "ruleStatus": ""
-}
-]
\ No newline at end of file
+  }
+]