refactor(misconf): Remove support for WARN in rego (#2317)

pkg/policy/policy_test.go

@@ -301,144 +301,6 @@ func TestPolicies_Eval(t *testing.T) {
 				},
 			},
 		},
-		{
-			name: "Should eval warn rule with invalid resource as failed check",
-			resource: &appsv1.Deployment{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Deployment",
-					APIVersion: "appsv1",
-				},
-				Spec: appsv1.DeploymentSpec{
-					Template: corev1.PodTemplateSpec{
-						Spec: corev1.PodSpec{
-							Containers: []corev1.Container{
-								{
-									Name:  "nginx",
-									Image: "nginx:1.16",
-								},
-							},
-						},
-					},
-				},
-			},
-			useBuiltInPolicies: false,
-			policies: map[string]string{
-				"library.utils.rego": `package lib.utils
-
-		has_key(x, k) {
-		  _ = x[k]
-		}`,
-				"policy.policy1.kinds": "Workload",
-				"policy.policy1.rego": `package appshield.kubernetes.KSV014
-
-		__rego_metadata__ := {
-			"id": "KSV014",
-			"title": "Root file system is not read-only",
-			"description": "An immutable root file system prevents applications from writing to their local disk",
-			"severity": "MEDIUM",
-			"type": "Kubernetes Security Check"
-		}
-
-		warn[res] {
-			input.kind == "Deployment"
-			not input.spec.template.spec.securityContext.runAsNonRoot
-
-			msg := "Containers must not run as root"
-
-			res := {
-				"id": __rego_metadata__.id,
-				"title": __rego_metadata__.title,
-				"severity": __rego_metadata__.severity,
-				"type": __rego_metadata__.type,
-				"msg": msg
-			}
-		}
-		`,
-			},
-			results: []Result{
-				{
-					Success: false,
-					Metadata: Metadata{
-						ID:          "KSV014",
-						Title:       "Root file system is not read-only",
-						Description: "An immutable root file system prevents applications from writing to their local disk",
-						Severity:    v1alpha1.SeverityMedium,
-						Type:        "Kubernetes Security Check",
-					},
-					Messages: []string{"Containers must not run as root"},
-				},
-			},
-		},
-		{
-			name: "Should eval warn rule with valid resource as successful check",
-			resource: &appsv1.Deployment{
-				TypeMeta: metav1.TypeMeta{
-					Kind:       "Deployment",
-					APIVersion: "appsv1",
-				},
-				Spec: appsv1.DeploymentSpec{
-					Template: corev1.PodTemplateSpec{
-						Spec: corev1.PodSpec{
-							SecurityContext: &corev1.PodSecurityContext{
-								RunAsNonRoot: ptr.To[bool](true),
-							},
-							Containers: []corev1.Container{
-								{
-									Name:  "nginx",
-									Image: "nginx:1.16",
-								},
-							},
-						},
-					},
-				},
-			},
-			useBuiltInPolicies: false,
-			policies: map[string]string{
-				"library.utils.rego": `package lib.utils
-
-		has_key(x, k) {
-		  _ = x[k]
-		}`,
-				"policy.policy1.kinds": "Workload",
-				"policy.policy1.rego": `package appshield.kubernetes.KSV014
-
-		__rego_metadata__ := {
-			"id": "KSV014",
-			"title": "Root file system is not read-only",
-			"description": "An immutable root file system prevents applications from writing to their local disk",
-			"severity": "LOW",
-			"type": "Kubernetes Security Check"
-		}
-
-		warn[res] {
-			input.kind == "Deployment"
-			not input.spec.template.spec.securityContext.runAsNonRoot
-
-			msg := "Containers must not run as root"
-
-			res := {
-				"id": __rego_metadata__.id,
-				"title": __rego_metadata__.title,
-				"severity": __rego_metadata__.severity,
-				"type": __rego_metadata__.type,
-				"msg": msg
-			}
-		}
-		`,
-			},
-			results: []Result{
-				{
-					Success: true,
-					Metadata: Metadata{
-						ID:          "KSV014",
-						Severity:    v1alpha1.SeverityLow,
-						Title:       "Root file system is not read-only",
-						Description: "An immutable root file system prevents applications from writing to their local disk",
-						Type:        "Kubernetes Security Check",
-					},
-				},
-			},
-		},
 		{
 			name: "Should return error when policy cannot be parsed",
 			resource: &appsv1.Deployment{