first batch of renames due to regal linting

redhat-cop · Nov 5, 2024 · de341e7 · de341e7
1 parent c31248f
commit de341e7
Show file tree

Hide file tree

Showing 155 changed files with 470 additions and 466 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -13,6 +13,7 @@ repos:
         description: Formats Rego policy using opa fmt
         entry: opa fmt
         args: [ '--write', 'policy' ]
+        pass_filenames: false
         language: system
       - id: regal-lint
         name: regal lint

diff --git a/.regal/config.yaml b/.regal/config.yaml
@@ -1,7 +1,5 @@
 rules:
   idiomatic:
-    directory-package-mismatch:
-      level: ignore
     no-defined-entrypoint:
       level: ignore
     use-contains:

diff --git a/POLICIES.md b/POLICIES.md
diff --git a/TESTING.md b/TESTING.md
@@ -3,7 +3,7 @@ This repo uses as a combination of [bats](https://github.com/bats-core/bats-core
 [gatekeeper](https://github.com/open-policy-agent/gatekeeper) to validate the rego policies.
 
 ## How do I write a policy?
-Each policy lives under its own directory, i.e.: [policy/ocp/bestpractices/common-k8s-labels-notset](policy/ocp/bestpractices/common-k8s-labels-notset).
+Each policy lives under its own directory, i.e.: [policy/ocp/bestpractices/common_k8s_labels_notset](policy/ocp/bestpractices/common_k8s_labels_notset).
 Every policy must have a test_data directory; within that directory, there should be:
 - unit: should contain only the YAML needed to execute the policy, i.e.: a cut down version
 - integration: should contain valid YAML which can be deployed to a cluster which only triggers the policy under-test

diff --git a/_test/conftest-unittests.sh b/_test/conftest-unittests.sh
diff --git a/_test/deploy-gatekeeper.sh b/_test/deploy-gatekeeper.sh
@@ -100,9 +100,14 @@ restart_gatekeeper() {
 }
 
 generate_constraints() {
+  # TEMP FIX
+  wget https://github.com/garethahealy/konstraint/releases/download/v0.38.0-PR/konstraint
+  chmod +x konstraint
+  mv konstraint konstraint_tmp
+
   echo "Creating ConstraintTemplates via konstraint..."
   konstraint doc -o POLICIES.md
-  konstraint create --constraint-template-version v1
+  ./konstraint_tmp create --constraint-template-version v1
 
   # shellcheck disable=SC2038
   for file in $(find policy/* \( -name "template.yaml" \) -type f | xargs); do
@@ -112,13 +117,13 @@ generate_constraints() {
     elif [[ "${file}" == *"/ocp/deprecated/"* ]]; then
       # tests cant be deployed to a 4.x cluster so cant be tested against gatekeeper
       rm -f "${file}"
-    elif [[ "${file}" == *"/ocp/bestpractices/deploymentconfig-triggers-notset/"* ]]; then
+    elif [[ "${file}" == *"/ocp/bestpractices/deploymentconfig_triggers_notset/"* ]]; then
       # OCP API-Server adds a default ConfigChange trigger by default so cant be tested against gatekeeper
       rm -f "${file}"
-    elif [[ "${file}" == *"/ocp/bestpractices/rolebinding-roleref-apigroup-notset/"* ]]; then
+    elif [[ "${file}" == *"/ocp/bestpractices/rolebinding_roleref_apigroup_notset/"* ]]; then
       # OCP API-Server does not accept data matching this criteria but they are good for conftest when people are moving from 3.11 to 4.x
       rm -f "${file}"
-    elif [[ "${file}" == *"/ocp/bestpractices/rolebinding-roleref-kind-notset/"* ]]; then
+    elif [[ "${file}" == *"/ocp/bestpractices/rolebinding_roleref_kind_notset/"* ]]; then
       # OCP API-Server does not accept data matching this criteria but they are good for conftest when people are moving from 3.11 to 4.x
       rm -f "${file}"
     elif [[ "${file}" == *"/podman/"* ]]; then

diff --git a/_test/gatekeeper-integrationtests.sh b/_test/gatekeeper-integrationtests.sh
@@ -41,8 +41,8 @@ teardown() {
 # ocp/bestpractices
 ####################
 
-@test "policy/ocp/bestpractices/common-k8s-labels-notset" {
-  tmp=$(split_files "policy/ocp/bestpractices/common-k8s-labels-notset/test_data/integration")
+@test "policy/ocp/bestpractices/common_k8s_labels_notset" {
+  tmp=$(split_files "policy/ocp/bestpractices/common_k8s_labels_notset/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -54,8 +54,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-env-maxmemory-notset" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-env-maxmemory-notset/test_data/integration")
+@test "policy/ocp/bestpractices/container_env_maxmemory_notset" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_env_maxmemory_notset/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -67,8 +67,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-image-latest" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-image-latest/test_data/integration")
+@test "policy/ocp/bestpractices/container_image_latest" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_image_latest/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -80,8 +80,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-image-unknownregistries" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-image-unknownregistries/test_data/integration")
+@test "policy/ocp/bestpractices/container_image_unknownregistries" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_image_unknownregistries/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -93,8 +93,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-java-xmx-set" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-java-xmx-set/test_data/integration")
+@test "policy/ocp/bestpractices/container_java_xmx_set" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_java_xmx_set/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -110,8 +110,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 7 ]]
 }
 
-@test "policy/ocp/bestpractices/container-labelkey-inconsistent" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-labelkey-inconsistent/test_data/integration")
+@test "policy/ocp/bestpractices/container_labelkey_inconsistent" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_labelkey_inconsistent/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -123,8 +123,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-liveness-readinessprobe-equal" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-liveness-readinessprobe-equal/test_data/integration")
+@test "policy/ocp/bestpractices/container_liveness_readinessprobe_equal" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_liveness_readinessprobe_equal/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -136,8 +136,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-livenessprobe-notset" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-livenessprobe-notset/test_data/integration")
+@test "policy/ocp/bestpractices/container_livenessprobe_notset" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_livenessprobe_notset/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -149,8 +149,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-readinessprobe-notset" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-readinessprobe-notset/test_data/integration")
+@test "policy/ocp/bestpractices/container_readinessprobe_notset" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_readinessprobe_notset/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -162,8 +162,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-resources-limits-cpu-set" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-cpu-set/test_data/integration")
+@test "policy/ocp/bestpractices/container_resources_limits_cpu_set" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_cpu_set/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -175,8 +175,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-resources-limits-memory-greater-than" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-memory-greater-than/test_data/integration")
+@test "policy/ocp/bestpractices/container_resources_limits_memory_greater_than" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_memory_greater_than/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -188,8 +188,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-resources-limits-memory-notset" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-memory-notset/test_data/integration")
+@test "policy/ocp/bestpractices/container_resources_limits_memory_notset" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_memory_notset/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -201,8 +201,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-resources-memoryunit-incorrect" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-resources-memoryunit-incorrect/test_data/integration")
+@test "policy/ocp/bestpractices/container_resources_memoryunit_incorrect" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_resources_memoryunit_incorrect/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -216,8 +216,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 7 ]]
 }
 
-@test "policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect/test_data/integration")
+@test "policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -229,8 +229,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-resources-requests-memory-greater-than" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-resources-requests-memory-greater-than/test_data/integration")
+@test "policy/ocp/bestpractices/container_resources_requests_memory_greater_than" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_resources_requests_memory_greater_than/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -242,8 +242,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-secret-mounted-envs" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-secret-mounted-envs/test_data/integration")
+@test "policy/ocp/bestpractices/container_secret_mounted_envs" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_secret_mounted_envs/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -255,8 +255,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-volumemount-inconsistent-path" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-volumemount-inconsistent-path/test_data/integration")
+@test "policy/ocp/bestpractices/container_volumemount_inconsistent_path" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_volumemount_inconsistent_path/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -268,8 +268,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/container-volumemount-missing" {
-  tmp=$(split_files "policy/ocp/bestpractices/container-volumemount-missing/test_data/integration")
+@test "policy/ocp/bestpractices/container_volumemount_missing" {
+  tmp=$(split_files "policy/ocp/bestpractices/container_volumemount_missing/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -281,8 +281,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/deploymentconfig-triggers-containername" {
-  tmp=$(split_files "policy/ocp/bestpractices/deploymentconfig-triggers-containername/test_data/integration")
+@test "policy/ocp/bestpractices/deploymentconfig_triggers_containername" {
+  tmp=$(split_files "policy/ocp/bestpractices/deploymentconfig_triggers_containername/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -293,8 +293,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 2 ]]
 }
 
-@test "policy/ocp/bestpractices/pod-hostnetwork" {
-  tmp=$(split_files "policy/ocp/bestpractices/pod-hostnetwork/test_data/integration")
+@test "policy/ocp/bestpractices/pod_hostnetwork" {
+  tmp=$(split_files "policy/ocp/bestpractices/pod_hostnetwork/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -306,8 +306,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 4 ]]
 }
 
-@test "policy/ocp/bestpractices/pod-replicas-below-one" {
-  tmp=$(split_files "policy/ocp/bestpractices/pod-replicas-below-one/test_data/integration")
+@test "policy/ocp/bestpractices/pod_replicas_below_one" {
+  tmp=$(split_files "policy/ocp/bestpractices/pod_replicas_below_one/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -319,8 +319,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/pod-replicas-not-odd" {
-  tmp=$(split_files "policy/ocp/bestpractices/pod-replicas-not-odd/test_data/integration")
+@test "policy/ocp/bestpractices/pod_replicas_not_odd" {
+  tmp=$(split_files "policy/ocp/bestpractices/pod_replicas_not_odd/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -332,8 +332,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 3 ]]
 }
 
-@test "policy/ocp/bestpractices/route-tls-termination-notset" {
-  tmp=$(split_files "policy/ocp/bestpractices/route-tls-termination-notset/test_data/integration")
+@test "policy/ocp/bestpractices/route_tls_termination_notset" {
+  tmp=$(split_files "policy/ocp/bestpractices/route_tls_termination_notset/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -358,8 +358,8 @@ teardown() {
   [ "$status" -eq 0 ]
 }
 
-@test "policy/ocp/bestpractices/common-k8s-labels-notset - disabled policy label" {
-  tmp=$(split_files "policy/ocp/bestpractices/common-k8s-labels-notset/test_data/integration")
+@test "policy/ocp/bestpractices/common_k8s_labels_notset - disabled policy label" {
+  tmp=$(split_files "policy/ocp/bestpractices/common_k8s_labels_notset/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name_disabled}"
   run ${cmd}
@@ -376,8 +376,8 @@ teardown() {
 # ocp/requiresinventory
 ####################
 
-@test "policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget" {
-  tmp=$(split_files "policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget/test_data/integration")
+@test "policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget" {
+  tmp=$(split_files "policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -389,8 +389,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 1 ]]
 }
 
-@test "policy/ocp/requiresinventory/deployment-has-matching-pvc" {
-  tmp=$(split_files "policy/ocp/requiresinventory/deployment-has-matching-pvc/test_data/integration")
+@test "policy/ocp/requiresinventory/deployment_has_matching_pvc" {
+  tmp=$(split_files "policy/ocp/requiresinventory/deployment_has_matching_pvc/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -401,8 +401,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 1 ]]
 }
 
-@test "policy/ocp/requiresinventory/deployment-has-matching-service" {
-  tmp=$(split_files "policy/ocp/requiresinventory/deployment-has-matching-service/test_data/integration")
+@test "policy/ocp/requiresinventory/deployment_has_matching_service" {
+  tmp=$(split_files "policy/ocp/requiresinventory/deployment_has_matching_service/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -413,8 +413,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 1 ]]
 }
 
-@test "policy/ocp/requiresinventory/deployment-has-matching-serviceaccount" {
-  tmp=$(split_files "policy/ocp/requiresinventory/deployment-has-matching-serviceaccount/test_data/integration")
+@test "policy/ocp/requiresinventory/deployment_has_matching_serviceaccount" {
+  tmp=$(split_files "policy/ocp/requiresinventory/deployment_has_matching_serviceaccount/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}
@@ -425,8 +425,8 @@ teardown() {
   [[ "${#lines[@]}" -eq 1 ]]
 }
 
-@test "policy/ocp/requiresinventory/service-has-matching-servicemonitor" {
-  tmp=$(split_files "policy/ocp/requiresinventory/service-has-matching-servicemonitor/test_data/integration")
+@test "policy/ocp/requiresinventory/service_has_matching_servicemonitor" {
+  tmp=$(split_files "policy/ocp/requiresinventory/service_has_matching_servicemonitor/test_data/integration")
 
   cmd="oc create -f ${tmp} -n ${project_name}"
   run ${cmd}