From a7da61b080ac69fe59d3bdb3a383b4ea07dd95a7 Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Sun, 21 Jul 2024 16:50:08 +0300 Subject: [PATCH 1/2] Changing the alert object Signed-off-by: Amit Schendel --- rules/unauthenticated-service/raw.rego | 3 +- .../test/fail_service/expected.json | 41 ++----------------- 2 files changed, 5 insertions(+), 39 deletions(-) diff --git a/rules/unauthenticated-service/raw.rego b/rules/unauthenticated-service/raw.rego index 950b484e..be289fde 100644 --- a/rules/unauthenticated-service/raw.rego +++ b/rules/unauthenticated-service/raw.rego @@ -27,9 +27,8 @@ deny contains msga if { "reviewPaths": [path], "failedPaths": [], "packagename": "armo_builtins", - "alertObject": {"k8sApiObjects": [service]}, + "alertObject": {"k8sApiObjects": [wl]}, "relatedObjects": [ - {"object": wl}, {"object": service}, {"object": service_scan_result}, ], diff --git a/rules/unauthenticated-service/test/fail_service/expected.json b/rules/unauthenticated-service/test/fail_service/expected.json index bd3170cf..e15ff109 100644 --- a/rules/unauthenticated-service/test/fail_service/expected.json +++ b/rules/unauthenticated-service/test/fail_service/expected.json @@ -5,8 +5,11 @@ "k8sApiObjects": [ { "apiVersion": "v1", - "kind": "Service", + "kind": "Pod", "metadata": { + "labels": { + "app": "operator" + }, "name": "operator" } } @@ -18,42 +21,6 @@ "fixPaths": [], "packagename": "armo_builtins", "relatedObjects": [ - { - "deletePaths": null, - "failedPaths": null, - "fixPaths": null, - "object": { - "apiVersion": "v1", - "kind": "Pod", - "metadata": { - "labels": { - "app": "operator" - }, - "name": "operator", - "namespace": "kubescape" - }, - "spec": { - "containers": [ - { - "image": "your-operator-image:latest", - "name": "operator-container", - "ports": [ - { - "containerPort": 8080 - } - ], - "resources": { - "limits": { - "cpu": "1", - "memory": "1Gi" - } - } - } - ] - } - }, - "reviewPaths": null - }, { "deletePaths": null, "failedPaths": null, From 432ea942a8acf24762eff0d58cc22771e0d83439 Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Sun, 21 Jul 2024 17:05:31 +0300 Subject: [PATCH 2/2] Removing crd from related objects Signed-off-by: Amit Schendel --- rules/unauthenticated-service/raw.rego | 1 - .../test/fail_service/expected.json | 31 ------------------- 2 files changed, 32 deletions(-) diff --git a/rules/unauthenticated-service/raw.rego b/rules/unauthenticated-service/raw.rego index be289fde..cdc4c9cc 100644 --- a/rules/unauthenticated-service/raw.rego +++ b/rules/unauthenticated-service/raw.rego @@ -30,7 +30,6 @@ deny contains msga if { "alertObject": {"k8sApiObjects": [wl]}, "relatedObjects": [ {"object": service}, - {"object": service_scan_result}, ], } } diff --git a/rules/unauthenticated-service/test/fail_service/expected.json b/rules/unauthenticated-service/test/fail_service/expected.json index e15ff109..6a14dcbd 100644 --- a/rules/unauthenticated-service/test/fail_service/expected.json +++ b/rules/unauthenticated-service/test/fail_service/expected.json @@ -46,37 +46,6 @@ } }, "reviewPaths": null - }, - { - "deletePaths": null, - "failedPaths": null, - "fixPaths": null, - "object": { - "apiVersion": "kubescape.io/v1", - "kind": "ServiceScanResult", - "metadata": { - "creationTimestamp": "2024-07-03T04:40:17Z", - "generation": 4, - "name": "operator", - "namespace": "kubescape", - "resourceVersion": "2772", - "uid": "24dc622d-ee78-40c2-8654-2a5604715f95" - }, - "spec": { - "clusterIP": "10.103.207.220", - "ports": [ - { - "applicationLayer": "", - "authenticated": false, - "port": 4002, - "presentationLayer": "http", - "protocol": "TCP", - "sessionLayer": "tcp" - } - ] - } - }, - "reviewPaths": null } ], "reviewPaths": ["spec"],