Fix fixpath for controls C-0077 and C-0076 (#523)

* SUB-2185 - improve C-0262

Signed-off-by: YiscahLevySilas1 <[email protected]>

* minor fix

Signed-off-by: YiscahLevySilas1 <[email protected]>

* add [] to fixpath

Signed-off-by: YiscahLevySilas1 <[email protected]>

* add [] to fixpath

Signed-off-by: YiscahLevySilas1 <[email protected]>

* add [] to fixpath

Signed-off-by: YiscahLevySilas1 <[email protected]>

---------

Signed-off-by: YiscahLevySilas1 <[email protected]>

rules/k8s-common-labels-usage/raw.rego

@@ -87,21 +87,21 @@ no_K8s_label_usage(wl, podSpec, beggining_of_pod_path) = path{
 no_K8s_label_or_no_K8s_label_usage(wl, start_of_path) = path{
 	not wl.metadata.labels
 	label_key := get_label_key("")
-	path = [{"path": sprintf("%vmetadata.labels.%v", [start_of_path, label_key]), "value": "YOUR_VALUE"}]
+	path = [{"path": sprintf("%vmetadata.labels[%v]", [start_of_path, label_key]), "value": "YOUR_VALUE"}]
 }
 
 no_K8s_label_or_no_K8s_label_usage(wl, start_of_path) = path{
 	metadata := wl.metadata
 	not metadata.labels
 	label_key := get_label_key("")
-	path = [{"path": sprintf("%vmetadata.labels.%v", [start_of_path, label_key]), "value": "YOUR_VALUE"}]
+	path = [{"path": sprintf("%vmetadata.labels[%v]", [start_of_path, label_key]), "value": "YOUR_VALUE"}]
 }
 
 no_K8s_label_or_no_K8s_label_usage(wl, start_of_path) = path{
 	labels := wl.metadata.labels
 	not all_kubernetes_labels(labels)
 	label_key := get_label_key("")
-	path = [{"path": sprintf("%vmetadata.labels.%v", [start_of_path, label_key]), "value": "YOUR_VALUE"}]
+	path = [{"path": sprintf("%vmetadata.labels[%v]", [start_of_path, label_key]), "value": "YOUR_VALUE"}]
 }
 
 all_kubernetes_labels(labels){

rules/k8s-common-labels-usage/test/cronjob/expected.json

@@ -2,7 +2,7 @@
     "alertMessage": "the following cronjobs the kubernetes common labels are not defined: hello",
     "failedPaths": [],
     "fixPaths": [{
-        "path": "spec.jobTemplate.spec.template.metadata.labels.app.kubernetes.io/name",
+        "path": "spec.jobTemplate.spec.template.metadata.labels[app.kubernetes.io/name]",
         "value": "YOUR_VALUE"
     }],
     "ruleStatus": "",

rules/k8s-common-labels-usage/test/pod/expected.json

@@ -2,7 +2,7 @@
     "alertMessage": "in the following pod the kubernetes common labels are not defined: command-demo",
     "failedPaths": [],
     "fixPaths": [{
-        "path": "metadata.labels.YOUR_LABEL",
+        "path": "metadata.labels[YOUR_LABEL]",
         "value": "YOUR_VALUE"
     }],
     "ruleStatus": "",

rules/k8s-common-labels-usage/test/workload-fail/expected.json

@@ -2,7 +2,7 @@
     "alertMessage": "Deployment: kubernetes-dashboard the kubernetes common labels are is not defined:",
     "failedPaths": [],
     "fixPaths": [{
-        "path": "spec.template.metadata.labels.app.kubernetes.io/name",
+        "path": "spec.template.metadata.labels[app.kubernetes.io/name]",
         "value": "YOUR_VALUE"
     }],
     "ruleStatus": "",

rules/label-usage-for-resources/raw.rego

@@ -85,21 +85,21 @@ no_label_usage(wl, podSpec, beggining_of_pod_path) = path{
 no_label_or_no_label_usage(wl, start_of_path) = path{
 	not wl.metadata
 	label_key := get_label_key("")
-	path = [{"path": sprintf("%vmetadata.labels.%v", [start_of_path, label_key]), "value": "YOUR_VALUE"}]
+	path = [{"path": sprintf("%vmetadata.labels[%v]", [start_of_path, label_key]), "value": "YOUR_VALUE"}]
 }
 
 no_label_or_no_label_usage(wl, start_of_path) = path{
 	metadata := wl.metadata
 	not metadata.labels
 	label_key := get_label_key("")
-	path = [{"path": sprintf("%vmetadata.labels.%v", [start_of_path, label_key]), "value": "YOUR_VALUE"}]
+	path = [{"path": sprintf("%vmetadata.labels[%v]", [start_of_path, label_key]), "value": "YOUR_VALUE"}]
 }
 
 no_label_or_no_label_usage(wl, start_of_path) = path{
 	labels := wl.metadata.labels
 	not is_desired_label(labels)
 	label_key := get_label_key("")
-	path = [{"path": sprintf("%vmetadata.labels.%v", [start_of_path, label_key]), "value": "YOUR_VALUE"}]
+	path = [{"path": sprintf("%vmetadata.labels[%v]", [start_of_path, label_key]), "value": "YOUR_VALUE"}]
 }
 
 is_desired_label(labels) {

rules/label-usage-for-resources/test/cronjob/expected.json

@@ -2,10 +2,10 @@
     "alertMessage": "the following cronjobs a certain set of labels is not defined: hello",
     "failedPaths": [],
     "fixPaths": [{
-        "path": "metadata.labels.YOUR_LABEL",
+        "path": "metadata.labels[YOUR_LABEL]",
         "value": "YOUR_VALUE"
     }, {
-        "path": "spec.jobTemplate.spec.template.metadata.labels.YOUR_LABEL",
+        "path": "spec.jobTemplate.spec.template.metadata.labels[YOUR_LABEL]",
         "value": "YOUR_VALUE"
     }],
     "ruleStatus": "",

rules/label-usage-for-resources/test/pod/expected.json

@@ -2,7 +2,7 @@
     "alertMessage": "in the following pods a certain set of labels is not defined: command-demo",
     "failedPaths": [],
     "fixPaths": [{
-        "path": "metadata.labels.app",
+        "path": "metadata.labels[app]",
         "value": "YOUR_VALUE"
     }],
     "ruleStatus": "",

rules/label-usage-for-resources/test/workload-fail/expected.json

@@ -2,7 +2,7 @@
     "alertMessage": "Deployment: kubernetes-dashboard a certain set of labels is not defined:",
     "failedPaths": [],
     "fixPaths": [{
-        "path": "spec.template.metadata.labels.app",
+        "path": "spec.template.metadata.labels[app]",
         "value": "YOUR_VALUE"
     }],
     "ruleStatus": "",