-
Notifications
You must be signed in to change notification settings - Fork 16
/
test.rego
42 lines (32 loc) · 1.5 KB
/
test.rego
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package compliance.cis_eks.rules.cis_3_2_9
import data.compliance.cis_eks.data_adapter
import data.kubernetes_common.test_data
import data.lib.test
test_violation {
eval_fail with input as rule_input("--event-qps 10")
eval_fail with input as rule_input_with_external("--event-qps 10", create_process_config(0))
eval_fail with input as rule_input_with_external("--event-qps 10", create_process_config(10))
eval_fail with input as rule_input_with_external("", create_process_config(10))
eval_fail with input as rule_input("")
}
test_pass {
eval_pass with input as rule_input("--event-qps 0")
eval_pass with input as rule_input_with_external("--event-qps 0", create_process_config(0))
eval_pass with input as rule_input_with_external("--event-qps 0", create_process_config(10))
eval_pass with input as rule_input_with_external("", create_process_config(0))
}
test_not_evaluated {
not_eval with input as test_data.process_input("some_process", [])
}
rule_input(argument) = test_data.process_input_with_external_data("kubelet", [argument], {})
rule_input_with_external(argument, external_data) = test_data.process_input_with_external_data("kubelet", [argument], external_data)
create_process_config(eventRecordQPS) = {"config": {"eventRecordQPS": eventRecordQPS}}
eval_fail {
test.assert_fail(finding) with data.benchmark_data_adapter as data_adapter
}
eval_pass {
test.assert_pass(finding) with data.benchmark_data_adapter as data_adapter
}
not_eval {
not finding with data.benchmark_data_adapter as data_adapter
}