From 623251bba4061baaf9184b33ecf3e65fbeebe3a9 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 18 Jun 2024 15:27:27 +0400 Subject: [PATCH] fixed lint error --- cloud/kubernetes/deployments/k8s-seccomp-profile-set.yaml | 2 +- .../kubernetes/network-policies/k8s-netpol-egress-rules.yaml | 4 ++-- .../network-policies/k8s-network-ingress-rules.yaml | 4 ++-- cloud/kubernetes/pods/k8s-allow-privilege-escalation-set.yaml | 2 +- cloud/kubernetes/pods/k8s-readonly-rootfs.yaml | 2 +- cloud/kubernetes/pods/k8s-root-user-id.yaml | 2 +- .../security-compliance/k8s-svc-acct-issuer-set.yaml | 4 ++-- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/cloud/kubernetes/deployments/k8s-seccomp-profile-set.yaml b/cloud/kubernetes/deployments/k8s-seccomp-profile-set.yaml index ca1b3adbbb..b59ecb43f6 100644 --- a/cloud/kubernetes/deployments/k8s-seccomp-profile-set.yaml +++ b/cloud/kubernetes/deployments/k8s-seccomp-profile-set.yaml @@ -37,7 +37,7 @@ javascript: - code: | deployment = JSON.parse(template.deployment); deployment.spec.template.spec.containers.forEach(container => { - if (container.securityContext && container.securityContext.seccompProfile && + if (container.securityContext && container.securityContext.seccompProfile && (container.securityContext.seccompProfile.type === 'RuntimeDefault' || container.securityContext.seccompProfile.type === 'DockerDefault')) { // No action needed, configured properly } else { diff --git a/cloud/kubernetes/network-policies/k8s-netpol-egress-rules.yaml b/cloud/kubernetes/network-policies/k8s-netpol-egress-rules.yaml index b8f6316dbb..f08f42535b 100644 --- a/cloud/kubernetes/network-policies/k8s-netpol-egress-rules.yaml +++ b/cloud/kubernetes/network-policies/k8s-netpol-egress-rules.yaml @@ -1,4 +1,4 @@ -id: netpol-egress-rules +id: k8s-netpol-egress-rules info: name: Network policies define egress rules @@ -34,7 +34,7 @@ code: javascript: - code: | - let policyData = JSON.parse(template.policy); + let policyData = JSON.parse(template.policy); if (!policyData.egress || policyData.egress.length === 0) { let result = (`Network policy '${policyData.policy}' does not define egress rules.`); Export(result); diff --git a/cloud/kubernetes/network-policies/k8s-network-ingress-rules.yaml b/cloud/kubernetes/network-policies/k8s-network-ingress-rules.yaml index 0d8070c784..f0d245847d 100644 --- a/cloud/kubernetes/network-policies/k8s-network-ingress-rules.yaml +++ b/cloud/kubernetes/network-policies/k8s-network-ingress-rules.yaml @@ -1,4 +1,4 @@ -id: k8s-ingress-rules +id: k8s-network-ingress-rules info: name: Define network ingress rules @@ -35,7 +35,7 @@ code: javascript: - code: | - let policyData = JSON.parse(template.policy); + let policyData = JSON.parse(template.policy); if (!policyData.ingress || policyData.ingress.length === 0) { let result = `Network policy '${policyData.policy}' does not define any ingress rules.`; Export(result); diff --git a/cloud/kubernetes/pods/k8s-allow-privilege-escalation-set.yaml b/cloud/kubernetes/pods/k8s-allow-privilege-escalation-set.yaml index d85b30b78d..aaef1e10e3 100644 --- a/cloud/kubernetes/pods/k8s-allow-privilege-escalation-set.yaml +++ b/cloud/kubernetes/pods/k8s-allow-privilege-escalation-set.yaml @@ -34,7 +34,7 @@ code: javascript: - code: | - let podData = JSON.parse(template.container); + let podData = JSON.parse(template.container); podData.containers.forEach(container => { if (container.securityContext && container.securityContext.allowPrivilegeEscalation === true) { let result = (`Container '${container.name}' in pod '${podData.pod}' running with allowPrivilegeEscalation enabled.`); diff --git a/cloud/kubernetes/pods/k8s-readonly-rootfs.yaml b/cloud/kubernetes/pods/k8s-readonly-rootfs.yaml index 2937a1f1b1..8f59478b73 100644 --- a/cloud/kubernetes/pods/k8s-readonly-rootfs.yaml +++ b/cloud/kubernetes/pods/k8s-readonly-rootfs.yaml @@ -35,7 +35,7 @@ code: javascript: - code: | - let podData = JSON.parse(template.pod); + let podData = JSON.parse(template.pod); podData.containers.forEach(container => { if (container.securityContext && container.securityContext.readOnlyRootFilesystem !== true) { let result = (`Container '${container.name}' in pod '${podData.pod}' is not running with a read-only root filesystem.`); diff --git a/cloud/kubernetes/pods/k8s-root-user-id.yaml b/cloud/kubernetes/pods/k8s-root-user-id.yaml index 24185e320b..e2cd9a2db3 100644 --- a/cloud/kubernetes/pods/k8s-root-user-id.yaml +++ b/cloud/kubernetes/pods/k8s-root-user-id.yaml @@ -34,7 +34,7 @@ code: javascript: - code: | - let podData = JSON.parse(template.pod); + let podData = JSON.parse(template.pod); podData.containers.forEach(container => { if (container.securityContext && container.securityContext.runAsUser === 0) { let result = (`Container '${container.name}' in pod '${podData.pod}' is running with root user ID.`); diff --git a/cloud/kubernetes/security-compliance/k8s-svc-acct-issuer-set.yaml b/cloud/kubernetes/security-compliance/k8s-svc-acct-issuer-set.yaml index 2ef75035b1..ac65cadc8e 100644 --- a/cloud/kubernetes/security-compliance/k8s-svc-acct-issuer-set.yaml +++ b/cloud/kubernetes/security-compliance/k8s-svc-acct-issuer-set.yaml @@ -23,13 +23,13 @@ code: - bash source: | kubectl get pods -n kube-system -l component=kube-apiserver -o jsonpath="{.items[*].spec.containers[*].command}" - + matchers-condition: and matchers: - type: word words: - 'kube-apiserver' - + - type: word words: - "service-account-issuer"