Skip to content

Commit

Permalink
use 1st value of recommended labels for label key
Browse files Browse the repository at this point in the history
Signed-off-by: Meital Rudnitsky <[email protected]>
  • Loading branch information
itsmeital committed Oct 8, 2023
1 parent 5d71bf3 commit 662926e
Show file tree
Hide file tree
Showing 12 changed files with 56 additions and 13 deletions.
12 changes: 9 additions & 3 deletions rules/k8s-common-labels-usage/raw.rego
Original file line number Diff line number Diff line change
Expand Up @@ -86,23 +86,29 @@ no_K8s_label_usage(wl, podSpec, beggining_of_pod_path) = path{

no_K8s_label_or_no_K8s_label_usage(wl, beggining_of_path) = path{
not wl.metadata.labels
path = [{"path": sprintf("%vmetadata.labels.YOUR_KEY", [beggining_of_path]), "value": "YOUR_VALUE"}]
path = [{"path": sprintf("%vmetadata.labels.%v", [beggining_of_path, get_label_key()]), "value": "YOUR_VALUE"}]
}

no_K8s_label_or_no_K8s_label_usage(wl, beggining_of_path) = path{
metadata := wl.metadata
not metadata.labels
path = [{"path": sprintf("%vmetadata.labels.YOUR_KEY", [beggining_of_path]), "value": "YOUR_VALUE"}]
path = [{"path": sprintf("%vmetadata.labels.%v", [beggining_of_path, get_label_key()]), "value": "YOUR_VALUE"}]
}

no_K8s_label_or_no_K8s_label_usage(wl, beggining_of_path) = path{
labels := wl.metadata.labels
not all_kubernetes_labels(labels)
path = [{"path": sprintf("%vmetadata.labels.YOUR_KEY", [beggining_of_path]), "value": "YOUR_VALUE"}]
path = [{"path": sprintf("%vmetadata.labels.%v", [beggining_of_path, get_label_key()]), "value": "YOUR_VALUE"}]
}

all_kubernetes_labels(labels){
recommended_labels := data.postureControlInputs.k8sRecommendedLabels
recommended_label := recommended_labels[_]
labels[recommended_label]
}

get_label_key() = key {
recommended_labels := data.postureControlInputs.k8sRecommendedLabels
count(recommended_labels) > 0
key := recommended_labels[0]
} else = "YOUR_LABEL"
8 changes: 8 additions & 0 deletions rules/k8s-common-labels-usage/test/cronjob/data.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"postureControlInputs": {
"k8sRecommendedLabels": [
"app.kubernetes.io/name",
"app.kubernetes.io/instance"
]
}
}
2 changes: 1 addition & 1 deletion rules/k8s-common-labels-usage/test/cronjob/expected.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"alertMessage": "the following cronjobs the kubernetes common labels are not defined: hello",
"failedPaths": [],
"fixPaths": [{
"path": "spec.jobTemplate.spec.template.metadata.labels.YOUR_KEY",
"path": "spec.jobTemplate.spec.template.metadata.labels.app.kubernetes.io/name",
"value": "YOUR_VALUE"
}],
"ruleStatus": "",
Expand Down
2 changes: 1 addition & 1 deletion rules/k8s-common-labels-usage/test/pod/expected.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"alertMessage": "in the following pod the kubernetes common labels are not defined: command-demo",
"failedPaths": [],
"fixPaths": [{
"path": "metadata.labels.YOUR_KEY",
"path": "metadata.labels.YOUR_LABEL",
"value": "YOUR_VALUE"
}],
"ruleStatus": "",
Expand Down
8 changes: 8 additions & 0 deletions rules/k8s-common-labels-usage/test/workload-fail/data.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"postureControlInputs": {
"k8sRecommendedLabels": [
"app.kubernetes.io/name",
"app.kubernetes.io/instance"
]
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"alertMessage": "Deployment: kubernetes-dashboard the kubernetes common labels are is not defined:",
"failedPaths": [],
"fixPaths": [{
"path": "spec.template.metadata.labels.YOUR_KEY",
"path": "spec.template.metadata.labels.app.kubernetes.io/name",
"value": "YOUR_VALUE"
}],
"ruleStatus": "",
Expand Down
11 changes: 8 additions & 3 deletions rules/label-usage-for-resources/raw.rego
Original file line number Diff line number Diff line change
Expand Up @@ -84,19 +84,19 @@ no_label_usage(wl, podSpec, beggining_of_pod_path) = path{

no_label_or_no_label_usage(wl, beggining_of_path) = path{
not wl.metadata
path = [{"path": sprintf("%vmetadata.labels.YOUR_KEY", [beggining_of_path]), "value": "YOUR_VALUE"}]
path = [{"path": sprintf("%vmetadata.labels.%v", [beggining_of_path, get_label_key()]), "value": "YOUR_VALUE"}]
}

no_label_or_no_label_usage(wl, beggining_of_path) = path{
metadata := wl.metadata
not metadata.labels
path = [{"path": sprintf("%vmetadata.labels.YOUR_KEY", [beggining_of_path]), "value": "YOUR_VALUE"}]
path = [{"path": sprintf("%vmetadata.labels.%v", [beggining_of_path, get_label_key()]), "value": "YOUR_VALUE"}]
}

no_label_or_no_label_usage(wl, beggining_of_path) = path{
labels := wl.metadata.labels
not is_desired_label(labels)
path = [{"path": sprintf("%vmetadata.labels.YOUR_KEY", [beggining_of_path]), "value": "YOUR_VALUE"}]
path = [{"path": sprintf("%vmetadata.labels.%v", [beggining_of_path, get_label_key()]), "value": "YOUR_VALUE"}]
}

is_desired_label(labels) {
Expand All @@ -105,3 +105,8 @@ is_desired_label(labels) {
labels[recommended_label]
}

get_label_key() = key {
recommended_labels := data.postureControlInputs.recommendedLabels
count(recommended_labels) > 0
key := recommended_labels[0]
} else = "YOUR_LABEL"
4 changes: 2 additions & 2 deletions rules/label-usage-for-resources/test/cronjob/expected.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"alertMessage": "the following cronjobs a certain set of labels is not defined: hello",
"failedPaths": [],
"fixPaths": [{
"path": "metadata.labels.YOUR_KEY",
"path": "metadata.labels.YOUR_LABEL",
"value": "YOUR_VALUE"
}, {
"path": "spec.jobTemplate.spec.template.metadata.labels.YOUR_KEY",
"path": "spec.jobTemplate.spec.template.metadata.labels.YOUR_LABEL",
"value": "YOUR_VALUE"
}],
"ruleStatus": "",
Expand Down
8 changes: 8 additions & 0 deletions rules/label-usage-for-resources/test/pod/data.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"postureControlInputs": {
"recommendedLabels": [
"app",
"tier"
]
}
}
2 changes: 1 addition & 1 deletion rules/label-usage-for-resources/test/pod/expected.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"alertMessage": "in the following pods a certain set of labels is not defined: command-demo",
"failedPaths": [],
"fixPaths": [{
"path": "metadata.labels.YOUR_KEY",
"path": "metadata.labels.app",
"value": "YOUR_VALUE"
}],
"ruleStatus": "",
Expand Down
8 changes: 8 additions & 0 deletions rules/label-usage-for-resources/test/workload-fail/data.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"postureControlInputs": {
"recommendedLabels": [
"app",
"tier"
]
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"alertMessage": "Deployment: kubernetes-dashboard a certain set of labels is not defined:",
"failedPaths": [],
"fixPaths": [{
"path": "spec.template.metadata.labels.YOUR_KEY",
"path": "spec.template.metadata.labels.app",
"value": "YOUR_VALUE"
}],
"ruleStatus": "",
Expand Down

0 comments on commit 662926e

Please sign in to comment.