From de341e7fd1e49e48dd16f29699b7ccd760822e23 Mon Sep 17 00:00:00 2001 From: Gareth Healy Date: Wed, 11 Sep 2024 12:50:28 +0100 Subject: [PATCH] first batch of renames due to regal linting --- .pre-commit-config.yaml | 1 + .regal/config.yaml | 2 - POLICIES.md | 176 +++++------ TESTING.md | 2 +- _test/conftest-unittests.sh | 216 +++++++------- _test/deploy-gatekeeper.sh | 13 +- _test/gatekeeper-integrationtests.sh | 116 ++++---- _test/gatekeeper-k8s-integrationtests.sh | 88 +++--- _test/opa-profile.sh | 276 +++++++++--------- .../src.rego | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/unit/list.yml | 0 .../konstraint/{core.rego => core/src.rego} | 0 .../konstraint/{pods.rego => pods/src.rego} | 0 .../{kubernetes.rego => kubernetes/src.rego} | 0 policy/lib/{memory.rego => memory/src.rego} | 0 .../{openshift.rego => openshift/src.rego} | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/example.yml | 0 .../src.rego | 0 .../test_data/unit/example.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/unit/example.yml | 0 .../src.rego | 0 .../test_data/unit/example.yml | 0 .../src.rego | 0 .../test_data/integration/example.yml | 0 .../test_data/unit/example.yml | 0 .../buildconfig_v1}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../deploymentconfig_v1}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../imagestream_v1}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../projectrequest_v1}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../rolebinding_v1}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../route-v1 => ocp3_11/route_v1}/src.rego | 2 +- .../route_v1}/test_data/unit/example.yml | 0 .../securitycontextconstraints_v1}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../template_v1}/src.rego | 2 +- .../template_v1}/test_data/unit/example.yml | 0 .../buildconfig_custom_strategy}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../authorization_openshift}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../automationbroker_v1alpha1}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../catalogsourceconfigs_v1}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../catalogsourceconfigs_v2}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../operatorsources_v1}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../{4_2/osb-v1 => ocp4_2/osb_v1}/src.rego | 2 +- .../osb_v1}/test_data/unit/example.yml | 0 .../servicecatalog_v1beta1}/src.rego | 2 +- .../test_data/unit/example.yml | 0 .../src.rego | 2 +- .../test_data/unit/example.yml | 0 policy/ocp/requiresinventory/README.md | 2 +- .../ocp/requiresinventory/data_inventory.rego | 1 + .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 0 .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 .../src.rego | 2 +- .../test_data/integration/list.yml | 0 .../test_data/unit/list.yml | 0 policy/podman/data_parameters.rego | 5 +- .../src.rego | 0 .../test_data/unit/jenkins-base.json | 0 .../test_data/unit/jenkins-python-mising.json | 0 .../test_data/unit/jenkins-python.json | 0 .../src.rego | 0 .../test_data/unit/jenkins-base.json | 0 policy/tekton/README.md | 2 - 155 files changed, 470 insertions(+), 466 deletions(-) rename policy/combine/{namespace-has-networkpolicy => namespace_has_networkpolicy}/src.rego (100%) rename policy/combine/{namespace-has-networkpolicy => namespace_has_networkpolicy}/test_data/unit/list.yml (100%) rename policy/combine/{namespace-has-resourcequota => namespace_has_resourcequota}/src.rego (100%) rename policy/combine/{namespace-has-resourcequota => namespace_has_resourcequota}/test_data/unit/list.yml (100%) rename policy/lib/konstraint/{core.rego => core/src.rego} (100%) rename policy/lib/konstraint/{pods.rego => pods/src.rego} (100%) rename policy/lib/{kubernetes.rego => kubernetes/src.rego} (100%) rename policy/lib/{memory.rego => memory/src.rego} (100%) rename policy/lib/{openshift.rego => openshift/src.rego} (100%) rename policy/ocp/bestpractices/{common-k8s-labels-notset => common_k8s_labels_notset}/src.rego (100%) rename policy/ocp/bestpractices/{common-k8s-labels-notset => common_k8s_labels_notset}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{common-k8s-labels-notset => common_k8s_labels_notset}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-env-maxmemory-notset => container_env_maxmemory_notset}/src.rego (100%) rename policy/ocp/bestpractices/{container-env-maxmemory-notset => container_env_maxmemory_notset}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-env-maxmemory-notset => container_env_maxmemory_notset}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-image-latest => container_image_latest}/src.rego (100%) rename policy/ocp/bestpractices/{container-image-latest => container_image_latest}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-image-latest => container_image_latest}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-image-unknownregistries => container_image_unknownregistries}/src.rego (100%) rename policy/ocp/bestpractices/{container-image-unknownregistries => container_image_unknownregistries}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-image-unknownregistries => container_image_unknownregistries}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-java-xmx-set => container_java_xmx_set}/src.rego (100%) rename policy/ocp/bestpractices/{container-java-xmx-set => container_java_xmx_set}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-java-xmx-set => container_java_xmx_set}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-labelkey-inconsistent => container_labelkey_inconsistent}/src.rego (100%) rename policy/ocp/bestpractices/{container-labelkey-inconsistent => container_labelkey_inconsistent}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-labelkey-inconsistent => container_labelkey_inconsistent}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-liveness-readinessprobe-equal => container_liveness_readinessprobe_equal}/src.rego (100%) rename policy/ocp/bestpractices/{container-liveness-readinessprobe-equal => container_liveness_readinessprobe_equal}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-liveness-readinessprobe-equal => container_liveness_readinessprobe_equal}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-livenessprobe-notset => container_livenessprobe_notset}/src.rego (100%) rename policy/ocp/bestpractices/{container-livenessprobe-notset => container_livenessprobe_notset}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-livenessprobe-notset => container_livenessprobe_notset}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-readinessprobe-notset => container_readinessprobe_notset}/src.rego (100%) rename policy/ocp/bestpractices/{container-readinessprobe-notset => container_readinessprobe_notset}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-readinessprobe-notset => container_readinessprobe_notset}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-resources-limits-cpu-set => container_resources_limits_cpu_set}/src.rego (100%) rename policy/ocp/bestpractices/{container-resources-limits-cpu-set => container_resources_limits_cpu_set}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-resources-limits-cpu-set => container_resources_limits_cpu_set}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-resources-limits-memory-greater-than => container_resources_limits_memory_greater_than}/src.rego (100%) rename policy/ocp/bestpractices/{container-resources-limits-memory-greater-than => container_resources_limits_memory_greater_than}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-resources-limits-memory-greater-than => container_resources_limits_memory_greater_than}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-resources-limits-memory-notset => container_resources_limits_memory_notset}/src.rego (100%) rename policy/ocp/bestpractices/{container-resources-limits-memory-notset => container_resources_limits_memory_notset}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-resources-limits-memory-notset => container_resources_limits_memory_notset}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-resources-memoryunit-incorrect => container_resources_memoryunit_incorrect}/src.rego (100%) rename policy/ocp/bestpractices/{container-resources-memoryunit-incorrect => container_resources_memoryunit_incorrect}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-resources-memoryunit-incorrect => container_resources_memoryunit_incorrect}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-resources-requests-cpuunit-incorrect => container_resources_requests_cpuunit_incorrect}/src.rego (100%) rename policy/ocp/bestpractices/{container-resources-requests-cpuunit-incorrect => container_resources_requests_cpuunit_incorrect}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-resources-requests-cpuunit-incorrect => container_resources_requests_cpuunit_incorrect}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-resources-requests-memory-greater-than => container_resources_requests_memory_greater_than}/src.rego (100%) rename policy/ocp/bestpractices/{container-resources-requests-memory-greater-than => container_resources_requests_memory_greater_than}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-resources-requests-memory-greater-than => container_resources_requests_memory_greater_than}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-secret-mounted-envs => container_secret_mounted_envs}/src.rego (100%) rename policy/ocp/bestpractices/{container-secret-mounted-envs => container_secret_mounted_envs}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-secret-mounted-envs => container_secret_mounted_envs}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-volumemount-inconsistent-path => container_volumemount_inconsistent_path}/src.rego (100%) rename policy/ocp/bestpractices/{container-volumemount-inconsistent-path => container_volumemount_inconsistent_path}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-volumemount-inconsistent-path => container_volumemount_inconsistent_path}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{container-volumemount-missing => container_volumemount_missing}/src.rego (100%) rename policy/ocp/bestpractices/{container-volumemount-missing => container_volumemount_missing}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{container-volumemount-missing => container_volumemount_missing}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{deploymentconfig-triggers-containername => deploymentconfig_triggers_containername}/src.rego (100%) rename policy/ocp/bestpractices/{deploymentconfig-triggers-containername => deploymentconfig_triggers_containername}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{deploymentconfig-triggers-containername => deploymentconfig_triggers_containername}/test_data/unit/example.yml (100%) rename policy/ocp/bestpractices/{deploymentconfig-triggers-notset => deploymentconfig_triggers_notset}/src.rego (100%) rename policy/ocp/bestpractices/{deploymentconfig-triggers-notset => deploymentconfig_triggers_notset}/test_data/unit/example.yml (100%) rename policy/ocp/bestpractices/{pod-antiaffinity-notset => pod_antiaffinity_notset}/src.rego (100%) rename policy/ocp/bestpractices/{pod-antiaffinity-notset => pod_antiaffinity_notset}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{pod-antiaffinity-notset => pod_antiaffinity_notset}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{pod-hostnetwork => pod_hostnetwork}/src.rego (100%) rename policy/ocp/bestpractices/{pod-hostnetwork => pod_hostnetwork}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{pod-hostnetwork => pod_hostnetwork}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{pod-replicas-below-one => pod_replicas_below_one}/src.rego (100%) rename policy/ocp/bestpractices/{pod-replicas-below-one => pod_replicas_below_one}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{pod-replicas-below-one => pod_replicas_below_one}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{pod-replicas-not-odd => pod_replicas_not_odd}/src.rego (100%) rename policy/ocp/bestpractices/{pod-replicas-not-odd => pod_replicas_not_odd}/test_data/integration/list.yml (100%) rename policy/ocp/bestpractices/{pod-replicas-not-odd => pod_replicas_not_odd}/test_data/unit/list.yml (100%) rename policy/ocp/bestpractices/{rolebinding-roleref-apigroup-notset => rolebinding_roleref_apigroup_notset}/src.rego (100%) rename policy/ocp/bestpractices/{rolebinding-roleref-apigroup-notset => rolebinding_roleref_apigroup_notset}/test_data/unit/example.yml (100%) rename policy/ocp/bestpractices/{rolebinding-roleref-kind-notset => rolebinding_roleref_kind_notset}/src.rego (100%) rename policy/ocp/bestpractices/{rolebinding-roleref-kind-notset => rolebinding_roleref_kind_notset}/test_data/unit/example.yml (100%) rename policy/ocp/bestpractices/{route-tls-termination-notset => route_tls_termination_notset}/src.rego (100%) rename policy/ocp/bestpractices/{route-tls-termination-notset => route_tls_termination_notset}/test_data/integration/example.yml (100%) rename policy/ocp/bestpractices/{route-tls-termination-notset => route_tls_termination_notset}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{3_11/buildconfig-v1 => ocp3_11/buildconfig_v1}/src.rego (88%) rename policy/ocp/deprecated/{3_11/buildconfig-v1 => ocp3_11/buildconfig_v1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{3_11/deploymentconfig-v1 => ocp3_11/deploymentconfig_v1}/src.rego (88%) rename policy/ocp/deprecated/{3_11/deploymentconfig-v1 => ocp3_11/deploymentconfig_v1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{3_11/imagestream-v1 => ocp3_11/imagestream_v1}/src.rego (88%) rename policy/ocp/deprecated/{3_11/imagestream-v1 => ocp3_11/imagestream_v1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{3_11/projectrequest-v1 => ocp3_11/projectrequest_v1}/src.rego (88%) rename policy/ocp/deprecated/{3_11/projectrequest-v1 => ocp3_11/projectrequest_v1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{3_11/rolebinding-v1 => ocp3_11/rolebinding_v1}/src.rego (88%) rename policy/ocp/deprecated/{3_11/rolebinding-v1 => ocp3_11/rolebinding_v1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{3_11/route-v1 => ocp3_11/route_v1}/src.rego (88%) rename policy/ocp/deprecated/{3_11/route-v1 => ocp3_11/route_v1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{3_11/securitycontextconstraints-v1 => ocp3_11/securitycontextconstraints_v1}/src.rego (88%) rename policy/ocp/deprecated/{3_11/securitycontextconstraints-v1 => ocp3_11/securitycontextconstraints_v1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{3_11/template-v1 => ocp3_11/template_v1}/src.rego (88%) rename policy/ocp/deprecated/{3_11/template-v1 => ocp3_11/template_v1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{4_1/buildconfig-custom-strategy => ocp4_1/buildconfig_custom_strategy}/src.rego (92%) rename policy/ocp/deprecated/{4_1/buildconfig-custom-strategy => ocp4_1/buildconfig_custom_strategy}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{4_2/authorization-openshift => ocp4_2/authorization_openshift}/src.rego (91%) rename policy/ocp/deprecated/{4_2/authorization-openshift => ocp4_2/authorization_openshift}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{4_2/automationbroker-v1alpha1 => ocp4_2/automationbroker_v1alpha1}/src.rego (91%) rename policy/ocp/deprecated/{4_2/automationbroker-v1alpha1 => ocp4_2/automationbroker_v1alpha1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{4_2/catalogsourceconfigs-v1 => ocp4_2/catalogsourceconfigs_v1}/src.rego (91%) rename policy/ocp/deprecated/{4_2/catalogsourceconfigs-v1 => ocp4_2/catalogsourceconfigs_v1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{4_2/catalogsourceconfigs-v2 => ocp4_2/catalogsourceconfigs_v2}/src.rego (91%) rename policy/ocp/deprecated/{4_2/catalogsourceconfigs-v2 => ocp4_2/catalogsourceconfigs_v2}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{4_2/operatorsources-v1 => ocp4_2/operatorsources_v1}/src.rego (90%) rename policy/ocp/deprecated/{4_2/operatorsources-v1 => ocp4_2/operatorsources_v1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{4_2/osb-v1 => ocp4_2/osb_v1}/src.rego (91%) rename policy/ocp/deprecated/{4_2/osb-v1 => ocp4_2/osb_v1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{4_2/servicecatalog-v1beta1 => ocp4_2/servicecatalog_v1beta1}/src.rego (91%) rename policy/ocp/deprecated/{4_2/servicecatalog-v1beta1 => ocp4_2/servicecatalog_v1beta1}/test_data/unit/example.yml (100%) rename policy/ocp/deprecated/{4_3/buildconfig-jenkinspipeline-strategy => ocp4_3/buildconfig_jenkinspipeline_strategy}/src.rego (90%) rename policy/ocp/deprecated/{4_3/buildconfig-jenkinspipeline-strategy => ocp4_3/buildconfig_jenkinspipeline_strategy}/test_data/unit/example.yml (100%) rename policy/ocp/requiresinventory/{deployment-has-matching-poddisruptionbudget => deployment_has_matching_poddisruptionbudget}/src.rego (100%) rename policy/ocp/requiresinventory/{deployment-has-matching-poddisruptionbudget => deployment_has_matching_poddisruptionbudget}/test_data/integration/list.yml (100%) rename policy/ocp/requiresinventory/{deployment-has-matching-poddisruptionbudget => deployment_has_matching_poddisruptionbudget}/test_data/unit/list.yml (100%) rename policy/ocp/requiresinventory/{deployment-has-matching-pvc => deployment_has_matching_pvc}/src.rego (100%) rename policy/ocp/requiresinventory/{deployment-has-matching-pvc => deployment_has_matching_pvc}/test_data/integration/list.yml (100%) rename policy/ocp/requiresinventory/{deployment-has-matching-pvc => deployment_has_matching_pvc}/test_data/unit/list.yml (100%) rename policy/ocp/requiresinventory/{deployment-has-matching-service => deployment_has_matching_service}/src.rego (100%) rename policy/ocp/requiresinventory/{deployment-has-matching-service => deployment_has_matching_service}/test_data/integration/list.yml (100%) rename policy/ocp/requiresinventory/{deployment-has-matching-service => deployment_has_matching_service}/test_data/unit/list.yml (100%) rename policy/ocp/requiresinventory/{deployment-has-matching-serviceaccount => deployment_has_matching_serviceaccount}/src.rego (100%) rename policy/ocp/requiresinventory/{deployment-has-matching-serviceaccount => deployment_has_matching_serviceaccount}/test_data/integration/list.yml (100%) rename policy/ocp/requiresinventory/{deployment-has-matching-serviceaccount => deployment_has_matching_serviceaccount}/test_data/unit/list.yml (100%) rename policy/ocp/requiresinventory/{service-has-matching-servicemonitor => service_has_matching_servicemonitor}/src.rego (95%) rename policy/ocp/requiresinventory/{service-has-matching-servicemonitor => service_has_matching_servicemonitor}/test_data/integration/list.yml (100%) rename policy/ocp/requiresinventory/{service-has-matching-servicemonitor => service_has_matching_servicemonitor}/test_data/unit/list.yml (100%) rename policy/podman/history/{contains-layer => contains_layer}/src.rego (100%) rename policy/podman/history/{contains-layer => contains_layer}/test_data/unit/jenkins-base.json (100%) rename policy/podman/history/{contains-layer => contains_layer}/test_data/unit/jenkins-python-mising.json (100%) rename policy/podman/history/{contains-layer => contains_layer}/test_data/unit/jenkins-python.json (100%) rename policy/podman/images/{image-size-not-greater-than => image_size_not_greater_than}/src.rego (100%) rename policy/podman/images/{image-size-not-greater-than => image_size_not_greater_than}/test_data/unit/jenkins-base.json (100%) delete mode 100644 policy/tekton/README.md diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index dfac1681..1832cc0e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -13,6 +13,7 @@ repos: description: Formats Rego policy using opa fmt entry: opa fmt args: [ '--write', 'policy' ] + pass_filenames: false language: system - id: regal-lint name: regal lint diff --git a/.regal/config.yaml b/.regal/config.yaml index 214bd05d..6f2c41ab 100644 --- a/.regal/config.yaml +++ b/.regal/config.yaml @@ -1,7 +1,5 @@ rules: idiomatic: - directory-package-mismatch: - level: ignore no-defined-entrypoint: level: ignore use-contains: diff --git a/POLICIES.md b/POLICIES.md index 3ef8b0cc..cdb84ad0 100755 --- a/POLICIES.md +++ b/POLICIES.md @@ -31,23 +31,23 @@ * [RHCOP-OCP_BESTPRACT-00025: Route has TLS Termination Defined](#rhcop-ocp_bestpract-00025-route-has-tls-termination-defined) * [RHCOP-OCP_BESTPRACT-00026: Pod anti-affinity not set](#rhcop-ocp_bestpract-00026-pod-anti-affinity-not-set) * [RHCOP-OCP_BESTPRACT-00027: DeploymentConfig triggers container name miss match](#rhcop-ocp_bestpract-00027-deploymentconfig-triggers-container-name-miss-match) -* [RHCOP-OCP_DEPRECATED-3_11-00001: BuildConfig no longer served by v1](#rhcop-ocp_deprecated-3_11-00001-buildconfig-no-longer-served-by-v1) -* [RHCOP-OCP_DEPRECATED-3_11-00002: DeploymentConfig no longer served by v1](#rhcop-ocp_deprecated-3_11-00002-deploymentconfig-no-longer-served-by-v1) -* [RHCOP-OCP_DEPRECATED-3_11-00003: ImageStream no longer served by v1](#rhcop-ocp_deprecated-3_11-00003-imagestream-no-longer-served-by-v1) -* [RHCOP-OCP_DEPRECATED-3_11-00004: ProjectRequest no longer served by v1](#rhcop-ocp_deprecated-3_11-00004-projectrequest-no-longer-served-by-v1) -* [RHCOP-OCP_DEPRECATED-3_11-00005: RoleBinding no longer served by v1](#rhcop-ocp_deprecated-3_11-00005-rolebinding-no-longer-served-by-v1) -* [RHCOP-OCP_DEPRECATED-3_11-00006: Route no longer served by v1](#rhcop-ocp_deprecated-3_11-00006-route-no-longer-served-by-v1) -* [RHCOP-OCP_DEPRECATED-3_11-00007: SecurityContextConstraints no longer served by v1](#rhcop-ocp_deprecated-3_11-00007-securitycontextconstraints-no-longer-served-by-v1) -* [RHCOP-OCP_DEPRECATED-3_11-00008: Template no longer served by v1](#rhcop-ocp_deprecated-3_11-00008-template-no-longer-served-by-v1) -* [RHCOP-OCP_DEPRECATED-4_1-00001: BuildConfig exposeDockerSocket deprecated](#rhcop-ocp_deprecated-4_1-00001-buildconfig-exposedockersocket-deprecated) -* [RHCOP-OCP_DEPRECATED-4_2-00001: authorization openshift io is deprecated](#rhcop-ocp_deprecated-4_2-00001-authorization-openshift-io-is-deprecated) -* [RHCOP-OCP_DEPRECATED-4_2-00002: automationbroker io v1alpha1 is deprecated](#rhcop-ocp_deprecated-4_2-00002-automationbroker-io-v1alpha1-is-deprecated) -* [RHCOP-OCP_DEPRECATED-4_2-00003: operators coreos com v1 CatalogSourceConfigs is deprecated](#rhcop-ocp_deprecated-4_2-00003-operators-coreos-com-v1-catalogsourceconfigs-is-deprecated) -* [RHCOP-OCP_DEPRECATED-4_2-00004: operators coreos com v2 CatalogSourceConfigs is deprecated](#rhcop-ocp_deprecated-4_2-00004-operators-coreos-com-v2-catalogsourceconfigs-is-deprecated) -* [RHCOP-OCP_DEPRECATED-4_2-00005: operators coreos com v1 OperatorSource is deprecated](#rhcop-ocp_deprecated-4_2-00005-operators-coreos-com-v1-operatorsource-is-deprecated) -* [RHCOP-OCP_DEPRECATED-4_2-00006: osb openshift io v1 is deprecated](#rhcop-ocp_deprecated-4_2-00006-osb-openshift-io-v1-is-deprecated) -* [RHCOP-OCP_DEPRECATED-4_2-00007: servicecatalog k8s io v1beta1 is deprecated](#rhcop-ocp_deprecated-4_2-00007-servicecatalog-k8s-io-v1beta1-is-deprecated) -* [RHCOP-OCP_DEPRECATED-4_3-00001: BuildConfig jenkinsPipelineStrategy is deprecated](#rhcop-ocp_deprecated-4_3-00001-buildconfig-jenkinspipelinestrategy-is-deprecated) +* [RHCOP-OCP_DEPRECATED-ocp3_11-00001: BuildConfig no longer served by v1](#rhcop-ocp_deprecated-ocp3_11-00001-buildconfig-no-longer-served-by-v1) +* [RHCOP-OCP_DEPRECATED-ocp3_11-00002: DeploymentConfig no longer served by v1](#rhcop-ocp_deprecated-ocp3_11-00002-deploymentconfig-no-longer-served-by-v1) +* [RHCOP-OCP_DEPRECATED-ocp3_11-00003: ImageStream no longer served by v1](#rhcop-ocp_deprecated-ocp3_11-00003-imagestream-no-longer-served-by-v1) +* [RHCOP-OCP_DEPRECATED-ocp3_11-00004: ProjectRequest no longer served by v1](#rhcop-ocp_deprecated-ocp3_11-00004-projectrequest-no-longer-served-by-v1) +* [RHCOP-OCP_DEPRECATED-ocp3_11-00005: RoleBinding no longer served by v1](#rhcop-ocp_deprecated-ocp3_11-00005-rolebinding-no-longer-served-by-v1) +* [RHCOP-OCP_DEPRECATED-ocp3_11-00006: Route no longer served by v1](#rhcop-ocp_deprecated-ocp3_11-00006-route-no-longer-served-by-v1) +* [RHCOP-OCP_DEPRECATED-ocp3_11-00007: SecurityContextConstraints no longer served by v1](#rhcop-ocp_deprecated-ocp3_11-00007-securitycontextconstraints-no-longer-served-by-v1) +* [RHCOP-OCP_DEPRECATED-ocp3_11-00008: Template no longer served by v1](#rhcop-ocp_deprecated-ocp3_11-00008-template-no-longer-served-by-v1) +* [RHCOP-OCP_DEPRECATED-ocp4_1-00001: BuildConfig exposeDockerSocket deprecated](#rhcop-ocp_deprecated-ocp4_1-00001-buildconfig-exposedockersocket-deprecated) +* [RHCOP-OCP_DEPRECATED-ocp4_2-00001: authorization openshift io is deprecated](#rhcop-ocp_deprecated-ocp4_2-00001-authorization-openshift-io-is-deprecated) +* [RHCOP-OCP_DEPRECATED-ocp4_2-00002: automationbroker io v1alpha1 is deprecated](#rhcop-ocp_deprecated-ocp4_2-00002-automationbroker-io-v1alpha1-is-deprecated) +* [RHCOP-OCP_DEPRECATED-ocp4_2-00003: operators coreos com v1 CatalogSourceConfigs is deprecated](#rhcop-ocp_deprecated-ocp4_2-00003-operators-coreos-com-v1-catalogsourceconfigs-is-deprecated) +* [RHCOP-OCP_DEPRECATED-ocp4_2-00004: operators coreos com v2 CatalogSourceConfigs is deprecated](#rhcop-ocp_deprecated-ocp4_2-00004-operators-coreos-com-v2-catalogsourceconfigs-is-deprecated) +* [RHCOP-OCP_DEPRECATED-ocp4_2-00005: operators coreos com v1 OperatorSource is deprecated](#rhcop-ocp_deprecated-ocp4_2-00005-operators-coreos-com-v1-operatorsource-is-deprecated) +* [RHCOP-OCP_DEPRECATED-ocp4_2-00006: osb openshift io v1 is deprecated](#rhcop-ocp_deprecated-ocp4_2-00006-osb-openshift-io-v1-is-deprecated) +* [RHCOP-OCP_DEPRECATED-ocp4_2-00007: servicecatalog k8s io v1beta1 is deprecated](#rhcop-ocp_deprecated-ocp4_2-00007-servicecatalog-k8s-io-v1beta1-is-deprecated) +* [RHCOP-OCP_DEPRECATED-ocp4_3-00001: BuildConfig jenkinsPipelineStrategy is deprecated](#rhcop-ocp_deprecated-ocp4_3-00001-buildconfig-jenkinspipelinestrategy-is-deprecated) * [RHCOP-OCP_REQ_INV-00001: Deployment has a matching PodDisruptionBudget](#rhcop-ocp_req_inv-00001-deployment-has-a-matching-poddisruptionbudget) * [RHCOP-OCP_REQ_INV-00002: Deployment has matching PersistentVolumeClaim](#rhcop-ocp_req_inv-00002-deployment-has-matching-persistentvolumeclaim) * [RHCOP-OCP_REQ_INV-00003: Deployment has a matching Service](#rhcop-ocp_req_inv-00003-deployment-has-a-matching-service) @@ -96,7 +96,7 @@ _has_networkpolicy(manifests) { } ``` -_source: [policy/combine/namespace-has-networkpolicy](policy/combine/namespace-has-networkpolicy)_ +_source: [policy/combine/namespace_has_networkpolicy](policy/combine/namespace_has_networkpolicy)_ ## RHCOP-COMBINE-00002: Namespace has a ResourceQuota @@ -139,7 +139,7 @@ _has_resourcequota(manifests) { } ``` -_source: [policy/combine/namespace-has-resourcequota](policy/combine/namespace-has-resourcequota)_ +_source: [policy/combine/namespace_has_resourcequota](policy/combine/namespace_has_resourcequota)_ ## RHCOP-OCP_BESTPRACT-00001: Common k8s labels are set @@ -177,7 +177,7 @@ _is_common_labels_set(metadata) { } ``` -_source: [policy/ocp/bestpractices/common-k8s-labels-notset](policy/ocp/bestpractices/common-k8s-labels-notset)_ +_source: [policy/ocp/bestpractices/common_k8s_labels_notset](policy/ocp/bestpractices/common_k8s_labels_notset)_ ## RHCOP-OCP_BESTPRACT-00002: Container env has CONTAINER_MAX_MEMORY set @@ -216,7 +216,7 @@ _is_env_max_memory_set(container) { } ``` -_source: [policy/ocp/bestpractices/container-env-maxmemory-notset](policy/ocp/bestpractices/container-env-maxmemory-notset)_ +_source: [policy/ocp/bestpractices/container_env_maxmemory_notset](policy/ocp/bestpractices/container_env_maxmemory_notset)_ ## RHCOP-OCP_BESTPRACT-00003: Container image is not set as latest @@ -246,7 +246,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/container-image-latest](policy/ocp/bestpractices/container-image-latest)_ +_source: [policy/ocp/bestpractices/container_image_latest](policy/ocp/bestpractices/container_image_latest)_ ## RHCOP-OCP_BESTPRACT-00004: Container image is not from a known registry @@ -290,7 +290,7 @@ _known_registry(registry) { } ``` -_source: [policy/ocp/bestpractices/container-image-unknownregistries](policy/ocp/bestpractices/container-image-unknownregistries)_ +_source: [policy/ocp/bestpractices/container_image_unknownregistries](policy/ocp/bestpractices/container_image_unknownregistries)_ ## RHCOP-OCP_BESTPRACT-00005: Container does not set Java Xmx option @@ -337,7 +337,7 @@ _container_opts_contains_xmx(container) { } ``` -_source: [policy/ocp/bestpractices/container-java-xmx-set](policy/ocp/bestpractices/container-java-xmx-set)_ +_source: [policy/ocp/bestpractices/container_java_xmx_set](policy/ocp/bestpractices/container_java_xmx_set)_ ## RHCOP-OCP_BESTPRACT-00006: Label key is consistent @@ -378,7 +378,7 @@ _label_key_starts_with_expected(key) { } ``` -_source: [policy/ocp/bestpractices/container-labelkey-inconsistent](policy/ocp/bestpractices/container-labelkey-inconsistent)_ +_source: [policy/ocp/bestpractices/container_labelkey_inconsistent](policy/ocp/bestpractices/container_labelkey_inconsistent)_ ## RHCOP-OCP_BESTPRACT-00007: Container liveness and readiness probes are equal @@ -412,7 +412,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/container-liveness-readinessprobe-equal](policy/ocp/bestpractices/container-liveness-readinessprobe-equal)_ +_source: [policy/ocp/bestpractices/container_liveness_readinessprobe_equal](policy/ocp/bestpractices/container_liveness_readinessprobe_equal)_ ## RHCOP-OCP_BESTPRACT-00008: Container liveness prob is not set @@ -444,7 +444,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/container-livenessprobe-notset](policy/ocp/bestpractices/container-livenessprobe-notset)_ +_source: [policy/ocp/bestpractices/container_livenessprobe_notset](policy/ocp/bestpractices/container_livenessprobe_notset)_ ## RHCOP-OCP_BESTPRACT-00009: Container readiness prob is not set @@ -477,7 +477,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/container-readinessprobe-notset](policy/ocp/bestpractices/container-readinessprobe-notset)_ +_source: [policy/ocp/bestpractices/container_readinessprobe_notset](policy/ocp/bestpractices/container_readinessprobe_notset)_ ## RHCOP-OCP_BESTPRACT-00010: Container resource limits CPU not set @@ -509,7 +509,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/container-resources-limits-cpu-set](policy/ocp/bestpractices/container-resources-limits-cpu-set)_ +_source: [policy/ocp/bestpractices/container_resources_limits_cpu_set](policy/ocp/bestpractices/container_resources_limits_cpu_set)_ ## RHCOP-OCP_BESTPRACT-00011: Container resource limits memory not greater than @@ -548,7 +548,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/container-resources-limits-memory-greater-than](policy/ocp/bestpractices/container-resources-limits-memory-greater-than)_ +_source: [policy/ocp/bestpractices/container_resources_limits_memory_greater_than](policy/ocp/bestpractices/container_resources_limits_memory_greater_than)_ ## RHCOP-OCP_BESTPRACT-00012: Container resource limits memory not set @@ -581,7 +581,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/container-resources-limits-memory-notset](policy/ocp/bestpractices/container-resources-limits-memory-notset)_ +_source: [policy/ocp/bestpractices/container_resources_limits_memory_notset](policy/ocp/bestpractices/container_resources_limits_memory_notset)_ ## RHCOP-OCP_BESTPRACT-00013: Container resources limit memory has incorrect unit @@ -625,7 +625,7 @@ _is_resource_memory_units_valid(container) { } ``` -_source: [policy/ocp/bestpractices/container-resources-memoryunit-incorrect](policy/ocp/bestpractices/container-resources-memoryunit-incorrect)_ +_source: [policy/ocp/bestpractices/container_resources_memoryunit_incorrect](policy/ocp/bestpractices/container_resources_memoryunit_incorrect)_ ## RHCOP-OCP_BESTPRACT-00014: Container resources requests cpu has incorrect unit @@ -675,7 +675,7 @@ is_resource_requests_cpu_units_valid(container) { } ``` -_source: [policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect](policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect)_ +_source: [policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect](policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect)_ ## RHCOP-OCP_BESTPRACT-00015: Container resource requests memory not greater than @@ -714,7 +714,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/container-resources-requests-memory-greater-than](policy/ocp/bestpractices/container-resources-requests-memory-greater-than)_ +_source: [policy/ocp/bestpractices/container_resources_requests_memory_greater_than](policy/ocp/bestpractices/container_resources_requests_memory_greater_than)_ ## RHCOP-OCP_BESTPRACT-00016: Container secret not mounted as envs @@ -748,7 +748,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/container-secret-mounted-envs](policy/ocp/bestpractices/container-secret-mounted-envs)_ +_source: [policy/ocp/bestpractices/container_secret_mounted_envs](policy/ocp/bestpractices/container_secret_mounted_envs)_ ## RHCOP-OCP_BESTPRACT-00017: Container volume mount path is consistent @@ -779,7 +779,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/container-volumemount-inconsistent-path](policy/ocp/bestpractices/container-volumemount-inconsistent-path)_ +_source: [policy/ocp/bestpractices/container_volumemount_inconsistent_path](policy/ocp/bestpractices/container_volumemount_inconsistent_path)_ ## RHCOP-OCP_BESTPRACT-00018: Container volume mount not set @@ -813,7 +813,7 @@ _containers_volumemounts_contains_volume(containers, volume) { } ``` -_source: [policy/ocp/bestpractices/container-volumemount-missing](policy/ocp/bestpractices/container-volumemount-missing)_ +_source: [policy/ocp/bestpractices/container_volumemount_missing](policy/ocp/bestpractices/container_volumemount_missing)_ ## RHCOP-OCP_BESTPRACT-00019: DeploymentConfig triggers not set @@ -840,7 +840,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/deploymentconfig-triggers-notset](policy/ocp/bestpractices/deploymentconfig-triggers-notset)_ +_source: [policy/ocp/bestpractices/deploymentconfig_triggers_notset](policy/ocp/bestpractices/deploymentconfig_triggers_notset)_ ## RHCOP-OCP_BESTPRACT-00020: Pod hostnetwork not set @@ -866,7 +866,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/pod-hostnetwork](policy/ocp/bestpractices/pod-hostnetwork)_ +_source: [policy/ocp/bestpractices/pod_hostnetwork](policy/ocp/bestpractices/pod_hostnetwork)_ ## RHCOP-OCP_BESTPRACT-00021: Pod replica below 1 @@ -896,7 +896,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/pod-replicas-below-one](policy/ocp/bestpractices/pod-replicas-below-one)_ +_source: [policy/ocp/bestpractices/pod_replicas_below_one](policy/ocp/bestpractices/pod_replicas_below_one)_ ## RHCOP-OCP_BESTPRACT-00022: Pod replica is not odd @@ -926,7 +926,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/pod-replicas-not-odd](policy/ocp/bestpractices/pod-replicas-not-odd)_ +_source: [policy/ocp/bestpractices/pod_replicas_not_odd](policy/ocp/bestpractices/pod_replicas_not_odd)_ ## RHCOP-OCP_BESTPRACT-00023: RoleBinding has apiGroup set @@ -953,7 +953,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/rolebinding-roleref-apigroup-notset](policy/ocp/bestpractices/rolebinding-roleref-apigroup-notset)_ +_source: [policy/ocp/bestpractices/rolebinding_roleref_apigroup_notset](policy/ocp/bestpractices/rolebinding_roleref_apigroup_notset)_ ## RHCOP-OCP_BESTPRACT-00024: RoleBinding has kind set @@ -980,7 +980,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/rolebinding-roleref-kind-notset](policy/ocp/bestpractices/rolebinding-roleref-kind-notset)_ +_source: [policy/ocp/bestpractices/rolebinding_roleref_kind_notset](policy/ocp/bestpractices/rolebinding_roleref_kind_notset)_ ## RHCOP-OCP_BESTPRACT-00025: Route has TLS Termination Defined @@ -1008,7 +1008,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/route-tls-termination-notset](policy/ocp/bestpractices/route-tls-termination-notset)_ +_source: [policy/ocp/bestpractices/route_tls_termination_notset](policy/ocp/bestpractices/route_tls_termination_notset)_ ## RHCOP-OCP_BESTPRACT-00026: Pod anti-affinity not set @@ -1039,7 +1039,7 @@ violation[msg] { } ``` -_source: [policy/ocp/bestpractices/pod-antiaffinity-notset](policy/ocp/bestpractices/pod-antiaffinity-notset)_ +_source: [policy/ocp/bestpractices/pod_antiaffinity_notset](policy/ocp/bestpractices/pod_antiaffinity_notset)_ ## RHCOP-OCP_BESTPRACT-00027: DeploymentConfig triggers container name miss match @@ -1078,9 +1078,9 @@ _containers_contains_trigger(containers, container_name) { } ``` -_source: [policy/ocp/bestpractices/deploymentconfig-triggers-containername](policy/ocp/bestpractices/deploymentconfig-triggers-containername)_ +_source: [policy/ocp/bestpractices/deploymentconfig_triggers_containername](policy/ocp/bestpractices/deploymentconfig_triggers_containername)_ -## RHCOP-OCP_DEPRECATED-3_11-00001: BuildConfig no longer served by v1 +## RHCOP-OCP_DEPRECATED-ocp3_11-00001: BuildConfig no longer served by v1 **Severity:** Violation @@ -1103,9 +1103,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/3_11/buildconfig-v1](policy/ocp/deprecated/3_11/buildconfig-v1)_ +_source: [policy/ocp/deprecated/ocp3_11/buildconfig_v1](policy/ocp/deprecated/ocp3_11/buildconfig_v1)_ -## RHCOP-OCP_DEPRECATED-3_11-00002: DeploymentConfig no longer served by v1 +## RHCOP-OCP_DEPRECATED-ocp3_11-00002: DeploymentConfig no longer served by v1 **Severity:** Violation @@ -1128,9 +1128,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/3_11/deploymentconfig-v1](policy/ocp/deprecated/3_11/deploymentconfig-v1)_ +_source: [policy/ocp/deprecated/ocp3_11/deploymentconfig_v1](policy/ocp/deprecated/ocp3_11/deploymentconfig_v1)_ -## RHCOP-OCP_DEPRECATED-3_11-00003: ImageStream no longer served by v1 +## RHCOP-OCP_DEPRECATED-ocp3_11-00003: ImageStream no longer served by v1 **Severity:** Violation @@ -1153,9 +1153,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/3_11/imagestream-v1](policy/ocp/deprecated/3_11/imagestream-v1)_ +_source: [policy/ocp/deprecated/ocp3_11/imagestream_v1](policy/ocp/deprecated/ocp3_11/imagestream_v1)_ -## RHCOP-OCP_DEPRECATED-3_11-00004: ProjectRequest no longer served by v1 +## RHCOP-OCP_DEPRECATED-ocp3_11-00004: ProjectRequest no longer served by v1 **Severity:** Violation @@ -1178,9 +1178,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/3_11/projectrequest-v1](policy/ocp/deprecated/3_11/projectrequest-v1)_ +_source: [policy/ocp/deprecated/ocp3_11/projectrequest_v1](policy/ocp/deprecated/ocp3_11/projectrequest_v1)_ -## RHCOP-OCP_DEPRECATED-3_11-00005: RoleBinding no longer served by v1 +## RHCOP-OCP_DEPRECATED-ocp3_11-00005: RoleBinding no longer served by v1 **Severity:** Violation @@ -1203,9 +1203,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/3_11/rolebinding-v1](policy/ocp/deprecated/3_11/rolebinding-v1)_ +_source: [policy/ocp/deprecated/ocp3_11/rolebinding_v1](policy/ocp/deprecated/ocp3_11/rolebinding_v1)_ -## RHCOP-OCP_DEPRECATED-3_11-00006: Route no longer served by v1 +## RHCOP-OCP_DEPRECATED-ocp3_11-00006: Route no longer served by v1 **Severity:** Violation @@ -1228,9 +1228,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/3_11/route-v1](policy/ocp/deprecated/3_11/route-v1)_ +_source: [policy/ocp/deprecated/ocp3_11/route_v1](policy/ocp/deprecated/ocp3_11/route_v1)_ -## RHCOP-OCP_DEPRECATED-3_11-00007: SecurityContextConstraints no longer served by v1 +## RHCOP-OCP_DEPRECATED-ocp3_11-00007: SecurityContextConstraints no longer served by v1 **Severity:** Violation @@ -1253,9 +1253,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/3_11/securitycontextconstraints-v1](policy/ocp/deprecated/3_11/securitycontextconstraints-v1)_ +_source: [policy/ocp/deprecated/ocp3_11/securitycontextconstraints_v1](policy/ocp/deprecated/ocp3_11/securitycontextconstraints_v1)_ -## RHCOP-OCP_DEPRECATED-3_11-00008: Template no longer served by v1 +## RHCOP-OCP_DEPRECATED-ocp3_11-00008: Template no longer served by v1 **Severity:** Violation @@ -1278,9 +1278,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/3_11/template-v1](policy/ocp/deprecated/3_11/template-v1)_ +_source: [policy/ocp/deprecated/ocp3_11/template_v1](policy/ocp/deprecated/ocp3_11/template_v1)_ -## RHCOP-OCP_DEPRECATED-4_1-00001: BuildConfig exposeDockerSocket deprecated +## RHCOP-OCP_DEPRECATED-ocp4_1-00001: BuildConfig exposeDockerSocket deprecated **Severity:** Violation @@ -1306,9 +1306,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/4_1/buildconfig-custom-strategy](policy/ocp/deprecated/4_1/buildconfig-custom-strategy)_ +_source: [policy/ocp/deprecated/ocp4_1/buildconfig_custom_strategy](policy/ocp/deprecated/ocp4_1/buildconfig_custom_strategy)_ -## RHCOP-OCP_DEPRECATED-4_2-00001: authorization openshift io is deprecated +## RHCOP-OCP_DEPRECATED-ocp4_2-00001: authorization openshift io is deprecated **Severity:** Violation @@ -1331,9 +1331,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/4_2/authorization-openshift](policy/ocp/deprecated/4_2/authorization-openshift)_ +_source: [policy/ocp/deprecated/ocp4_2/authorization_openshift](policy/ocp/deprecated/ocp4_2/authorization_openshift)_ -## RHCOP-OCP_DEPRECATED-4_2-00002: automationbroker io v1alpha1 is deprecated +## RHCOP-OCP_DEPRECATED-ocp4_2-00002: automationbroker io v1alpha1 is deprecated **Severity:** Violation @@ -1357,9 +1357,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/4_2/automationbroker-v1alpha1](policy/ocp/deprecated/4_2/automationbroker-v1alpha1)_ +_source: [policy/ocp/deprecated/ocp4_2/automationbroker_v1alpha1](policy/ocp/deprecated/ocp4_2/automationbroker_v1alpha1)_ -## RHCOP-OCP_DEPRECATED-4_2-00003: operators coreos com v1 CatalogSourceConfigs is deprecated +## RHCOP-OCP_DEPRECATED-ocp4_2-00003: operators coreos com v1 CatalogSourceConfigs is deprecated **Severity:** Violation @@ -1384,9 +1384,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/4_2/catalogsourceconfigs-v1](policy/ocp/deprecated/4_2/catalogsourceconfigs-v1)_ +_source: [policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v1](policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v1)_ -## RHCOP-OCP_DEPRECATED-4_2-00004: operators coreos com v2 CatalogSourceConfigs is deprecated +## RHCOP-OCP_DEPRECATED-ocp4_2-00004: operators coreos com v2 CatalogSourceConfigs is deprecated **Severity:** Violation @@ -1411,9 +1411,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/4_2/catalogsourceconfigs-v2](policy/ocp/deprecated/4_2/catalogsourceconfigs-v2)_ +_source: [policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v2](policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v2)_ -## RHCOP-OCP_DEPRECATED-4_2-00005: operators coreos com v1 OperatorSource is deprecated +## RHCOP-OCP_DEPRECATED-ocp4_2-00005: operators coreos com v1 OperatorSource is deprecated **Severity:** Violation @@ -1437,9 +1437,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/4_2/operatorsources-v1](policy/ocp/deprecated/4_2/operatorsources-v1)_ +_source: [policy/ocp/deprecated/ocp4_2/operatorsources_v1](policy/ocp/deprecated/ocp4_2/operatorsources_v1)_ -## RHCOP-OCP_DEPRECATED-4_2-00006: osb openshift io v1 is deprecated +## RHCOP-OCP_DEPRECATED-ocp4_2-00006: osb openshift io v1 is deprecated **Severity:** Violation @@ -1463,9 +1463,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/4_2/osb-v1](policy/ocp/deprecated/4_2/osb-v1)_ +_source: [policy/ocp/deprecated/ocp4_2/osb_v1](policy/ocp/deprecated/ocp4_2/osb_v1)_ -## RHCOP-OCP_DEPRECATED-4_2-00007: servicecatalog k8s io v1beta1 is deprecated +## RHCOP-OCP_DEPRECATED-ocp4_2-00007: servicecatalog k8s io v1beta1 is deprecated **Severity:** Violation @@ -1489,9 +1489,9 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/4_2/servicecatalog-v1beta1](policy/ocp/deprecated/4_2/servicecatalog-v1beta1)_ +_source: [policy/ocp/deprecated/ocp4_2/servicecatalog_v1beta1](policy/ocp/deprecated/ocp4_2/servicecatalog_v1beta1)_ -## RHCOP-OCP_DEPRECATED-4_3-00001: BuildConfig jenkinsPipelineStrategy is deprecated +## RHCOP-OCP_DEPRECATED-ocp4_3-00001: BuildConfig jenkinsPipelineStrategy is deprecated **Severity:** Violation @@ -1517,7 +1517,7 @@ violation[msg] { } ``` -_source: [policy/ocp/deprecated/4_3/buildconfig-jenkinspipeline-strategy](policy/ocp/deprecated/4_3/buildconfig-jenkinspipeline-strategy)_ +_source: [policy/ocp/deprecated/ocp4_3/buildconfig_jenkinspipeline_strategy](policy/ocp/deprecated/ocp4_3/buildconfig_jenkinspipeline_strategy)_ ## RHCOP-OCP_REQ_INV-00001: Deployment has a matching PodDisruptionBudget @@ -1559,7 +1559,7 @@ _has_matching_poddisruptionbudget(deployment, manifests) { } ``` -_source: [policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget](policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget)_ +_source: [policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget](policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget)_ ## RHCOP-OCP_REQ_INV-00002: Deployment has matching PersistentVolumeClaim @@ -1607,7 +1607,7 @@ _has_matching_persistentvolumeclaim(deployment, manifests) { } ``` -_source: [policy/ocp/requiresinventory/deployment-has-matching-pvc](policy/ocp/requiresinventory/deployment-has-matching-pvc)_ +_source: [policy/ocp/requiresinventory/deployment_has_matching_pvc](policy/ocp/requiresinventory/deployment_has_matching_pvc)_ ## RHCOP-OCP_REQ_INV-00003: Deployment has a matching Service @@ -1648,7 +1648,7 @@ _deployment_labels_matches_service_selector(deployment, manifests) { } ``` -_source: [policy/ocp/requiresinventory/deployment-has-matching-service](policy/ocp/requiresinventory/deployment-has-matching-service)_ +_source: [policy/ocp/requiresinventory/deployment_has_matching_service](policy/ocp/requiresinventory/deployment_has_matching_service)_ ## RHCOP-OCP_REQ_INV-00004: Deployment has matching ServiceAccount @@ -1690,7 +1690,7 @@ _has_matching_serviceaccount(deployment, manifests) { } ``` -_source: [policy/ocp/requiresinventory/deployment-has-matching-serviceaccount](policy/ocp/requiresinventory/deployment-has-matching-serviceaccount)_ +_source: [policy/ocp/requiresinventory/deployment_has_matching_serviceaccount](policy/ocp/requiresinventory/deployment_has_matching_serviceaccount)_ ## RHCOP-OCP_REQ_INV-00005: Service has matching ServiceMonitor @@ -1704,7 +1704,7 @@ Service without a ServiceMonitor are not being monitored and should be questione ### Rego ```rego -package ocp.requiresinventory.service_has_matching_servicenonitor +package ocp.requiresinventory.service_has_matching_servicemonitor import future.keywords.in @@ -1731,7 +1731,7 @@ _service_has_matching_servicemonitor(service, manifests) { } ``` -_source: [policy/ocp/requiresinventory/service-has-matching-servicemonitor](policy/ocp/requiresinventory/service-has-matching-servicemonitor)_ +_source: [policy/ocp/requiresinventory/service_has_matching_servicemonitor](policy/ocp/requiresinventory/service_has_matching_servicemonitor)_ ## RHCOP-PODMAN-00001: Image contains expected SHA in history @@ -1769,7 +1769,7 @@ _image_history_contains_layer(layers, expected_layer_ids) { } ``` -_source: [policy/podman/history/contains-layer](policy/podman/history/contains-layer)_ +_source: [policy/podman/history/contains_layer](policy/podman/history/contains_layer)_ ## RHCOP-PODMAN-00002: Image size is not greater than an expected value @@ -1803,5 +1803,5 @@ violation[msg] { } ``` -_source: [policy/podman/images/image-size-not-greater-than](policy/podman/images/image-size-not-greater-than)_ +_source: [policy/podman/images/image_size_not_greater_than](policy/podman/images/image_size_not_greater_than)_ diff --git a/TESTING.md b/TESTING.md index 8300536e..a4cdee35 100644 --- a/TESTING.md +++ b/TESTING.md @@ -3,7 +3,7 @@ This repo uses as a combination of [bats](https://github.com/bats-core/bats-core [gatekeeper](https://github.com/open-policy-agent/gatekeeper) to validate the rego policies. ## How do I write a policy? -Each policy lives under its own directory, i.e.: [policy/ocp/bestpractices/common-k8s-labels-notset](policy/ocp/bestpractices/common-k8s-labels-notset). +Each policy lives under its own directory, i.e.: [policy/ocp/bestpractices/common_k8s_labels_notset](policy/ocp/bestpractices/common_k8s_labels_notset). Every policy must have a test_data directory; within that directory, there should be: - unit: should contain only the YAML needed to execute the policy, i.e.: a cut down version - integration: should contain valid YAML which can be deployed to a cluster which only triggers the policy under-test diff --git a/_test/conftest-unittests.sh b/_test/conftest-unittests.sh index 7b801faa..ef71adb9 100755 --- a/_test/conftest-unittests.sh +++ b/_test/conftest-unittests.sh @@ -26,8 +26,8 @@ setup_file() { # combine #################### -@test "policy/combine/namespace-has-networkpolicy" { - tmp=$(split_files "policy/combine/namespace-has-networkpolicy/test_data/unit") +@test "policy/combine/namespace_has_networkpolicy" { + tmp=$(split_files "policy/combine/namespace_has_networkpolicy/test_data/unit") cmd="conftest test ${tmp} --output tap --combine --namespace combine.namespace_has_networkpolicy" run ${cmd} @@ -39,8 +39,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/combine/namespace-has-resourcequota" { - tmp=$(split_files "policy/combine/namespace-has-resourcequota/test_data/unit") +@test "policy/combine/namespace_has_resourcequota" { + tmp=$(split_files "policy/combine/namespace_has_resourcequota/test_data/unit") cmd="conftest test ${tmp} --output tap --combine --namespace combine.namespace_has_resourcequota" run ${cmd} @@ -56,8 +56,8 @@ setup_file() { # ocp/bestpractices #################### -@test "policy/ocp/bestpractices/common-k8s-labels-notset" { - tmp=$(split_files "policy/ocp/bestpractices/common-k8s-labels-notset/test_data/unit") +@test "policy/ocp/bestpractices/common_k8s_labels_notset" { + tmp=$(split_files "policy/ocp/bestpractices/common_k8s_labels_notset/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.common_k8s_labels_notset" run ${cmd} @@ -70,8 +70,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-env-maxmemory-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-env-maxmemory-notset/test_data/unit") +@test "policy/ocp/bestpractices/container_env_maxmemory_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_env_maxmemory_notset/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_env_maxmemory_notset" run ${cmd} @@ -84,8 +84,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-image-latest" { - tmp=$(split_files "policy/ocp/bestpractices/container-image-latest/test_data/unit") +@test "policy/ocp/bestpractices/container_image_latest" { + tmp=$(split_files "policy/ocp/bestpractices/container_image_latest/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_image_latest" run ${cmd} @@ -97,8 +97,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-image-unknownregistries" { - tmp=$(split_files "policy/ocp/bestpractices/container-image-unknownregistries/test_data/unit") +@test "policy/ocp/bestpractices/container_image_unknownregistries" { + tmp=$(split_files "policy/ocp/bestpractices/container_image_unknownregistries/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_image_unknownregistries" run ${cmd} @@ -111,8 +111,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-java-xmx-set" { - tmp=$(split_files "policy/ocp/bestpractices/container-java-xmx-set/test_data/unit") +@test "policy/ocp/bestpractices/container_java_xmx_set" { + tmp=$(split_files "policy/ocp/bestpractices/container_java_xmx_set/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_java_xmx_set" run ${cmd} @@ -129,8 +129,8 @@ setup_file() { [[ "${#lines[@]}" -eq 7 ]] } -@test "policy/ocp/bestpractices/container-labelkey-inconsistent" { - tmp=$(split_files "policy/ocp/bestpractices/container-labelkey-inconsistent/test_data/unit") +@test "policy/ocp/bestpractices/container_labelkey_inconsistent" { + tmp=$(split_files "policy/ocp/bestpractices/container_labelkey_inconsistent/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_labelkey_inconsistent" run ${cmd} @@ -143,8 +143,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-liveness-readinessprobe-equal" { - tmp=$(split_files "policy/ocp/bestpractices/container-liveness-readinessprobe-equal/test_data/unit") +@test "policy/ocp/bestpractices/container_liveness_readinessprobe_equal" { + tmp=$(split_files "policy/ocp/bestpractices/container_liveness_readinessprobe_equal/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_liveness_readinessprobe_equal" run ${cmd} @@ -157,8 +157,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-livenessprobe-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-livenessprobe-notset/test_data/unit") +@test "policy/ocp/bestpractices/container_livenessprobe_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_livenessprobe_notset/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_livenessprobe_notset" run ${cmd} @@ -171,8 +171,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-readinessprobe-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-readinessprobe-notset/test_data/unit") +@test "policy/ocp/bestpractices/container_readinessprobe_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_readinessprobe_notset/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_readinessprobe_notset" run ${cmd} @@ -185,8 +185,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-resources-limits-cpu-set" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-cpu-set/test_data/unit") +@test "policy/ocp/bestpractices/container_resources_limits_cpu_set" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_cpu_set/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_resources_limits_cpu_set" run ${cmd} @@ -199,8 +199,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-resources-limits-memory-greater-than" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-memory-greater-than/test_data/unit") +@test "policy/ocp/bestpractices/container_resources_limits_memory_greater_than" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_memory_greater_than/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_resources_limits_memory_greater_than" run ${cmd} @@ -213,8 +213,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-resources-limits-memory-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-memory-notset/test_data/unit") +@test "policy/ocp/bestpractices/container_resources_limits_memory_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_memory_notset/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_resources_limits_memory_notset" run ${cmd} @@ -227,8 +227,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-resources-memoryunit-incorrect" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-memoryunit-incorrect/test_data/unit") +@test "policy/ocp/bestpractices/container_resources_memoryunit_incorrect" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_memoryunit_incorrect/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_resources_memoryunit_incorrect" run ${cmd} @@ -243,8 +243,8 @@ setup_file() { [[ "${#lines[@]}" -eq 5 ]] } -@test "policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect/test_data/unit") +@test "policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_resources_requests_cpuunit_incorrect" run ${cmd} @@ -257,8 +257,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-resources-requests-memory-greater-than" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-requests-memory-greater-than/test_data/unit") +@test "policy/ocp/bestpractices/container_resources_requests_memory_greater_than" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_requests_memory_greater_than/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_resources_requests_memory_greater_than" run ${cmd} @@ -271,8 +271,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-secret-mounted-envs" { - tmp=$(split_files "policy/ocp/bestpractices/container-secret-mounted-envs/test_data/unit") +@test "policy/ocp/bestpractices/container_secret_mounted_envs" { + tmp=$(split_files "policy/ocp/bestpractices/container_secret_mounted_envs/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_secret_mounted_envs" run ${cmd} @@ -285,8 +285,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-volumemount-inconsistent-path" { - tmp=$(split_files "policy/ocp/bestpractices/container-volumemount-inconsistent-path/test_data/unit") +@test "policy/ocp/bestpractices/container_volumemount_inconsistent_path" { + tmp=$(split_files "policy/ocp/bestpractices/container_volumemount_inconsistent_path/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_volumemount_inconsistent_path" run ${cmd} @@ -299,8 +299,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-volumemount-missing" { - tmp=$(split_files "policy/ocp/bestpractices/container-volumemount-missing/test_data/unit") +@test "policy/ocp/bestpractices/container_volumemount_missing" { + tmp=$(split_files "policy/ocp/bestpractices/container_volumemount_missing/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.container_volumemount_missing" run ${cmd} @@ -313,8 +313,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/deploymentconfig-triggers-containername" { - tmp=$(split_files "policy/ocp/bestpractices/deploymentconfig-triggers-containername/test_data/unit") +@test "policy/ocp/bestpractices/deploymentconfig_triggers_containername" { + tmp=$(split_files "policy/ocp/bestpractices/deploymentconfig_triggers_containername/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.deploymentconfig_triggers_containername" run ${cmd} @@ -326,8 +326,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/bestpractices/deploymentconfig-triggers-notset" { - tmp=$(split_files "policy/ocp/bestpractices/deploymentconfig-triggers-notset/test_data/unit") +@test "policy/ocp/bestpractices/deploymentconfig_triggers_notset" { + tmp=$(split_files "policy/ocp/bestpractices/deploymentconfig_triggers_notset/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.deploymentconfig_triggers_notset" run ${cmd} @@ -339,8 +339,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/bestpractices/pod-hostnetwork" { - tmp=$(split_files "policy/ocp/bestpractices/pod-hostnetwork/test_data/unit") +@test "policy/ocp/bestpractices/pod_hostnetwork" { + tmp=$(split_files "policy/ocp/bestpractices/pod_hostnetwork/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.pod_hostnetwork" run ${cmd} @@ -353,8 +353,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/pod-replicas-below-one" { - tmp=$(split_files "policy/ocp/bestpractices/pod-replicas-below-one/test_data/unit") +@test "policy/ocp/bestpractices/pod_replicas_below_one" { + tmp=$(split_files "policy/ocp/bestpractices/pod_replicas_below_one/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.pod_replicas_below_one" run ${cmd} @@ -367,8 +367,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/pod-replicas-not-odd" { - tmp=$(split_files "policy/ocp/bestpractices/pod-replicas-not-odd/test_data/unit") +@test "policy/ocp/bestpractices/pod_replicas_not_odd" { + tmp=$(split_files "policy/ocp/bestpractices/pod_replicas_not_odd/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.pod_replicas_not_odd" run ${cmd} @@ -381,8 +381,8 @@ setup_file() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/rolebinding-roleref-apigroup-notset" { - tmp=$(split_files "policy/ocp/bestpractices/rolebinding-roleref-apigroup-notset/test_data/unit") +@test "policy/ocp/bestpractices/rolebinding_roleref_apigroup_notset" { + tmp=$(split_files "policy/ocp/bestpractices/rolebinding_roleref_apigroup_notset/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.rolebinding_roleref_apigroup_notset" run ${cmd} @@ -394,8 +394,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/bestpractices/rolebinding-roleref-kind-notset" { - tmp=$(split_files "policy/ocp/bestpractices/rolebinding-roleref-kind-notset/test_data/unit") +@test "policy/ocp/bestpractices/rolebinding_roleref_kind_notset" { + tmp=$(split_files "policy/ocp/bestpractices/rolebinding_roleref_kind_notset/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.rolebinding_roleref_kind_notset" run ${cmd} @@ -407,8 +407,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/bestpractices/route-tls-termination-notset" { - tmp=$(split_files "policy/ocp/bestpractices/route-tls-termination-notset/test_data/unit") +@test "policy/ocp/bestpractices/route_tls_termination_notset" { + tmp=$(split_files "policy/ocp/bestpractices/route_tls_termination_notset/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.route_tls_termination_notset" run ${cmd} @@ -420,8 +420,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/bestpractices/pod-antiaffinity-notset" { - tmp=$(split_files "policy/ocp/bestpractices/pod-antiaffinity-notset/test_data/unit") +@test "policy/ocp/bestpractices/pod_antiaffinity_notset" { + tmp=$(split_files "policy/ocp/bestpractices/pod_antiaffinity_notset/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.bestpractices.pod_antiaffinity_notset" run ${cmd} @@ -438,8 +438,8 @@ setup_file() { # ocp/deprecated #################### -@test "policy/ocp/deprecated/3_11/buildconfig-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/buildconfig-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/buildconfig_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/buildconfig_v1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp3_11.buildconfig_v1" run ${cmd} @@ -451,8 +451,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/3_11/deploymentconfig-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/deploymentconfig-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/deploymentconfig_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/deploymentconfig_v1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp3_11.deploymentconfig_v1" run ${cmd} @@ -464,8 +464,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/3_11/imagestream-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/imagestream-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/imagestream_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/imagestream_v1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp3_11.imagestream_v1" run ${cmd} @@ -477,8 +477,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/3_11/projectrequest-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/projectrequest-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/projectrequest_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/projectrequest_v1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp3_11.projectrequest_v1" run ${cmd} @@ -490,8 +490,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/3_11/rolebinding-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/rolebinding-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/rolebinding_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/rolebinding_v1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp3_11.rolebinding_v1" run ${cmd} @@ -503,8 +503,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/3_11/route-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/route-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/route_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/route_v1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp3_11.route_v1" run ${cmd} @@ -516,8 +516,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/3_11/securitycontextconstraints-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/securitycontextconstraints-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/securitycontextconstraints_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/securitycontextconstraints_v1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp3_11.securitycontextconstraints_v1" run ${cmd} @@ -529,8 +529,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/3_11/template-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/template-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/template_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/template_v1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp3_11.template_v1" run ${cmd} @@ -542,8 +542,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/4_1/buildconfig-custom-strategy" { - tmp=$(split_files "policy/ocp/deprecated/4_1/buildconfig-custom-strategy/test_data/unit") +@test "policy/ocp/deprecated/ocp4_1/buildconfig_custom_strategy" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_1/buildconfig_custom_strategy/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp4_1.buildconfig_custom_strategy" run ${cmd} @@ -555,8 +555,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/4_2/authorization-openshift" { - tmp=$(split_files "policy/ocp/deprecated/4_2/authorization-openshift/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/authorization_openshift" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/authorization_openshift/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp4_2.authorization_openshift" run ${cmd} @@ -568,8 +568,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/4_2/automationbroker-v1alpha1" { - tmp=$(split_files "policy/ocp/deprecated/4_2/automationbroker-v1alpha1/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/automationbroker_v1alpha1" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/automationbroker_v1alpha1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp4_2.automationbroker_v1alpha1" run ${cmd} @@ -581,8 +581,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/4_2/catalogsourceconfigs-v1" { - tmp=$(split_files "policy/ocp/deprecated/4_2/catalogsourceconfigs-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp4_2.catalogsourceconfigs_v1" run ${cmd} @@ -594,8 +594,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/4_2/catalogsourceconfigs-v2" { - tmp=$(split_files "policy/ocp/deprecated/4_2/catalogsourceconfigs-v2/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v2" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v2/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp4_2.catalogsourceconfigs_v2" run ${cmd} @@ -607,8 +607,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/4_2/operatorsources-v1" { - tmp=$(split_files "policy/ocp/deprecated/4_2/operatorsources-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/operatorsources_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/operatorsources_v1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp4_2.operatorsources_v1" run ${cmd} @@ -620,8 +620,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/4_2/osb-v1" { - tmp=$(split_files "policy/ocp/deprecated/4_2/osb-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/osb_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/osb_v1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp4_2.osb_v1" run ${cmd} @@ -633,8 +633,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/4_2/servicecatalog-v1beta1" { - tmp=$(split_files "policy/ocp/deprecated/4_2/servicecatalog-v1beta1/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/servicecatalog_v1beta1" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/servicecatalog_v1beta1/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp4_2.servicecatalog_v1beta1" run ${cmd} @@ -646,8 +646,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/deprecated/4_3/buildconfig-jenkinspipeline-strategy" { - tmp=$(split_files "policy/ocp/deprecated/4_3/buildconfig-jenkinspipeline-strategy/test_data/unit") +@test "policy/ocp/deprecated/ocp4_3/buildconfig_jenkinspipeline_strategy" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_3/buildconfig_jenkinspipeline_strategy/test_data/unit") cmd="conftest test ${tmp} --output tap --namespace ocp.deprecated.ocp4_3.buildconfig_jenkinspipeline_strategy" run ${cmd} @@ -663,8 +663,8 @@ setup_file() { # ocp/requiresinventory #################### -@test "policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget" { - tmp=$(split_files "policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget/test_data/unit") +@test "policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget" { + tmp=$(split_files "policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget/test_data/unit") inventory="policy/ocp/requiresinventory/data_inventory.rego" cmd="conftest test ${tmp} --output tap --namespace ocp.requiresinventory.deployment_has_matching_poddisruptionbudget --data ${inventory}" @@ -677,8 +677,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/requiresinventory/deployment-has-matching-pvc" { - tmp=$(split_files "policy/ocp/requiresinventory/deployment-has-matching-pvc/test_data/unit") +@test "policy/ocp/requiresinventory/deployment_has_matching_pvc" { + tmp=$(split_files "policy/ocp/requiresinventory/deployment_has_matching_pvc/test_data/unit") inventory="policy/ocp/requiresinventory/data_inventory.rego" cmd="conftest test ${tmp} --output tap --namespace ocp.requiresinventory.deployment_has_matching_pvc --data ${inventory}" @@ -691,8 +691,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/requiresinventory/deployment-has-matching-service" { - tmp=$(split_files "policy/ocp/requiresinventory/deployment-has-matching-service/test_data/unit") +@test "policy/ocp/requiresinventory/deployment_has_matching_service" { + tmp=$(split_files "policy/ocp/requiresinventory/deployment_has_matching_service/test_data/unit") inventory="policy/ocp/requiresinventory/data_inventory.rego" cmd="conftest test ${tmp} --output tap --namespace ocp.requiresinventory.deployment_has_matching_service --data ${inventory}" @@ -705,8 +705,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/requiresinventory/deployment-has-matching-serviceaccount" { - tmp=$(split_files "policy/ocp/requiresinventory/deployment-has-matching-serviceaccount/test_data/unit") +@test "policy/ocp/requiresinventory/deployment_has_matching_serviceaccount" { + tmp=$(split_files "policy/ocp/requiresinventory/deployment_has_matching_serviceaccount/test_data/unit") inventory="policy/ocp/requiresinventory/data_inventory.rego" cmd="conftest test ${tmp} --output tap --namespace ocp.requiresinventory.deployment_has_matching_serviceaccount --data ${inventory}" @@ -719,17 +719,17 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/requiresinventory/service-has-matching-servicemonitor" { - tmp=$(split_files "policy/ocp/requiresinventory/service-has-matching-servicemonitor/test_data/unit") +@test "policy/ocp/requiresinventory/service_has_matching_servicemonitor" { + tmp=$(split_files "policy/ocp/requiresinventory/service_has_matching_servicemonitor/test_data/unit") inventory="policy/ocp/requiresinventory/data_inventory.rego" - cmd="conftest test ${tmp} --output tap --namespace ocp.requiresinventory.service_has_matching_servicenonitor --data ${inventory}" + cmd="conftest test ${tmp} --output tap --namespace ocp.requiresinventory.service_has_matching_servicemonitor --data ${inventory}" run ${cmd} print_info "${status}" "${output}" "${cmd}" "${tmp}" [ "$status" -eq 1 ] [ "${lines[0]}" = "1..1" ] - [ "${lines[1]}" = "not ok 1 - ${tmp}/list.yml - ocp.requiresinventory.service_has_matching_servicenonitor - RHCOP-OCP_REQ_INV-00005: Service/hasmissingsvcmon does not have a monitoring.coreos.com/v1:ServiceMonitor or its selector labels dont match. See: https://docs.openshift.com/container-platform/4.6/monitoring/enabling-monitoring-for-user-defined-projects.html" ] + [ "${lines[1]}" = "not ok 1 - ${tmp}/list.yml - ocp.requiresinventory.service_has_matching_servicemonitor - RHCOP-OCP_REQ_INV-00005: Service/hasmissingsvcmon does not have a monitoring.coreos.com/v1:ServiceMonitor or its selector labels dont match. See: https://docs.openshift.com/container-platform/4.6/monitoring/enabling-monitoring-for-user-defined-projects.html" ] [[ "${#lines[@]}" -eq 2 ]] } @@ -737,8 +737,8 @@ setup_file() { # podman #################### -@test "policy/podman/history/contains-layer" { - tmp=$(split_files "policy/podman/history/contains-layer/test_data/unit/jenkins-python-mising.json" "true") +@test "policy/podman/history/contains_layer" { + tmp=$(split_files "policy/podman/history/contains_layer/test_data/unit/jenkins-python-mising.json" "true") parameters="policy/podman/data_parameters.rego" cmd="conftest test ${tmp}/jenkins-python-mising.json --output tap --namespace podman.history.contains_layer --data ${parameters}" @@ -751,8 +751,8 @@ setup_file() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/podman/images/image-size-not-greater-than" { - tmp=$(split_files "policy/podman/images/image-size-not-greater-than/test_data/unit" "true") +@test "policy/podman/images/image_size_not_greater_than" { + tmp=$(split_files "policy/podman/images/image_size_not_greater_than/test_data/unit" "true") parameters="policy/podman/data_parameters.rego" cmd="conftest test ${tmp} --output tap --namespace podman.images.image_size_not_greater_than --data ${parameters}" diff --git a/_test/deploy-gatekeeper.sh b/_test/deploy-gatekeeper.sh index 7f8e9e83..b3f8426a 100755 --- a/_test/deploy-gatekeeper.sh +++ b/_test/deploy-gatekeeper.sh @@ -100,9 +100,14 @@ restart_gatekeeper() { } generate_constraints() { + # TEMP FIX + wget https://github.com/garethahealy/konstraint/releases/download/v0.38.0-PR/konstraint + chmod +x konstraint + mv konstraint konstraint_tmp + echo "Creating ConstraintTemplates via konstraint..." konstraint doc -o POLICIES.md - konstraint create --constraint-template-version v1 + ./konstraint_tmp create --constraint-template-version v1 # shellcheck disable=SC2038 for file in $(find policy/* \( -name "template.yaml" \) -type f | xargs); do @@ -112,13 +117,13 @@ generate_constraints() { elif [[ "${file}" == *"/ocp/deprecated/"* ]]; then # tests cant be deployed to a 4.x cluster so cant be tested against gatekeeper rm -f "${file}" - elif [[ "${file}" == *"/ocp/bestpractices/deploymentconfig-triggers-notset/"* ]]; then + elif [[ "${file}" == *"/ocp/bestpractices/deploymentconfig_triggers_notset/"* ]]; then # OCP API-Server adds a default ConfigChange trigger by default so cant be tested against gatekeeper rm -f "${file}" - elif [[ "${file}" == *"/ocp/bestpractices/rolebinding-roleref-apigroup-notset/"* ]]; then + elif [[ "${file}" == *"/ocp/bestpractices/rolebinding_roleref_apigroup_notset/"* ]]; then # OCP API-Server does not accept data matching this criteria but they are good for conftest when people are moving from 3.11 to 4.x rm -f "${file}" - elif [[ "${file}" == *"/ocp/bestpractices/rolebinding-roleref-kind-notset/"* ]]; then + elif [[ "${file}" == *"/ocp/bestpractices/rolebinding_roleref_kind_notset/"* ]]; then # OCP API-Server does not accept data matching this criteria but they are good for conftest when people are moving from 3.11 to 4.x rm -f "${file}" elif [[ "${file}" == *"/podman/"* ]]; then diff --git a/_test/gatekeeper-integrationtests.sh b/_test/gatekeeper-integrationtests.sh index 34564787..0b79cd61 100755 --- a/_test/gatekeeper-integrationtests.sh +++ b/_test/gatekeeper-integrationtests.sh @@ -41,8 +41,8 @@ teardown() { # ocp/bestpractices #################### -@test "policy/ocp/bestpractices/common-k8s-labels-notset" { - tmp=$(split_files "policy/ocp/bestpractices/common-k8s-labels-notset/test_data/integration") +@test "policy/ocp/bestpractices/common_k8s_labels_notset" { + tmp=$(split_files "policy/ocp/bestpractices/common_k8s_labels_notset/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -54,8 +54,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-env-maxmemory-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-env-maxmemory-notset/test_data/integration") +@test "policy/ocp/bestpractices/container_env_maxmemory_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_env_maxmemory_notset/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -67,8 +67,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-image-latest" { - tmp=$(split_files "policy/ocp/bestpractices/container-image-latest/test_data/integration") +@test "policy/ocp/bestpractices/container_image_latest" { + tmp=$(split_files "policy/ocp/bestpractices/container_image_latest/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -80,8 +80,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-image-unknownregistries" { - tmp=$(split_files "policy/ocp/bestpractices/container-image-unknownregistries/test_data/integration") +@test "policy/ocp/bestpractices/container_image_unknownregistries" { + tmp=$(split_files "policy/ocp/bestpractices/container_image_unknownregistries/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -93,8 +93,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-java-xmx-set" { - tmp=$(split_files "policy/ocp/bestpractices/container-java-xmx-set/test_data/integration") +@test "policy/ocp/bestpractices/container_java_xmx_set" { + tmp=$(split_files "policy/ocp/bestpractices/container_java_xmx_set/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -110,8 +110,8 @@ teardown() { [[ "${#lines[@]}" -eq 7 ]] } -@test "policy/ocp/bestpractices/container-labelkey-inconsistent" { - tmp=$(split_files "policy/ocp/bestpractices/container-labelkey-inconsistent/test_data/integration") +@test "policy/ocp/bestpractices/container_labelkey_inconsistent" { + tmp=$(split_files "policy/ocp/bestpractices/container_labelkey_inconsistent/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -123,8 +123,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-liveness-readinessprobe-equal" { - tmp=$(split_files "policy/ocp/bestpractices/container-liveness-readinessprobe-equal/test_data/integration") +@test "policy/ocp/bestpractices/container_liveness_readinessprobe_equal" { + tmp=$(split_files "policy/ocp/bestpractices/container_liveness_readinessprobe_equal/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -136,8 +136,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-livenessprobe-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-livenessprobe-notset/test_data/integration") +@test "policy/ocp/bestpractices/container_livenessprobe_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_livenessprobe_notset/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -149,8 +149,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-readinessprobe-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-readinessprobe-notset/test_data/integration") +@test "policy/ocp/bestpractices/container_readinessprobe_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_readinessprobe_notset/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -162,8 +162,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-resources-limits-cpu-set" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-cpu-set/test_data/integration") +@test "policy/ocp/bestpractices/container_resources_limits_cpu_set" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_cpu_set/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -175,8 +175,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-resources-limits-memory-greater-than" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-memory-greater-than/test_data/integration") +@test "policy/ocp/bestpractices/container_resources_limits_memory_greater_than" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_memory_greater_than/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -188,8 +188,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-resources-limits-memory-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-memory-notset/test_data/integration") +@test "policy/ocp/bestpractices/container_resources_limits_memory_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_memory_notset/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -201,8 +201,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-resources-memoryunit-incorrect" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-memoryunit-incorrect/test_data/integration") +@test "policy/ocp/bestpractices/container_resources_memoryunit_incorrect" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_memoryunit_incorrect/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -216,8 +216,8 @@ teardown() { [[ "${#lines[@]}" -eq 7 ]] } -@test "policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect/test_data/integration") +@test "policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -229,8 +229,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-resources-requests-memory-greater-than" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-requests-memory-greater-than/test_data/integration") +@test "policy/ocp/bestpractices/container_resources_requests_memory_greater_than" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_requests_memory_greater_than/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -242,8 +242,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-secret-mounted-envs" { - tmp=$(split_files "policy/ocp/bestpractices/container-secret-mounted-envs/test_data/integration") +@test "policy/ocp/bestpractices/container_secret_mounted_envs" { + tmp=$(split_files "policy/ocp/bestpractices/container_secret_mounted_envs/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -255,8 +255,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-volumemount-inconsistent-path" { - tmp=$(split_files "policy/ocp/bestpractices/container-volumemount-inconsistent-path/test_data/integration") +@test "policy/ocp/bestpractices/container_volumemount_inconsistent_path" { + tmp=$(split_files "policy/ocp/bestpractices/container_volumemount_inconsistent_path/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -268,8 +268,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-volumemount-missing" { - tmp=$(split_files "policy/ocp/bestpractices/container-volumemount-missing/test_data/integration") +@test "policy/ocp/bestpractices/container_volumemount_missing" { + tmp=$(split_files "policy/ocp/bestpractices/container_volumemount_missing/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -281,8 +281,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/deploymentconfig-triggers-containername" { - tmp=$(split_files "policy/ocp/bestpractices/deploymentconfig-triggers-containername/test_data/integration") +@test "policy/ocp/bestpractices/deploymentconfig_triggers_containername" { + tmp=$(split_files "policy/ocp/bestpractices/deploymentconfig_triggers_containername/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -293,8 +293,8 @@ teardown() { [[ "${#lines[@]}" -eq 2 ]] } -@test "policy/ocp/bestpractices/pod-hostnetwork" { - tmp=$(split_files "policy/ocp/bestpractices/pod-hostnetwork/test_data/integration") +@test "policy/ocp/bestpractices/pod_hostnetwork" { + tmp=$(split_files "policy/ocp/bestpractices/pod_hostnetwork/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -306,8 +306,8 @@ teardown() { [[ "${#lines[@]}" -eq 4 ]] } -@test "policy/ocp/bestpractices/pod-replicas-below-one" { - tmp=$(split_files "policy/ocp/bestpractices/pod-replicas-below-one/test_data/integration") +@test "policy/ocp/bestpractices/pod_replicas_below_one" { + tmp=$(split_files "policy/ocp/bestpractices/pod_replicas_below_one/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -319,8 +319,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/pod-replicas-not-odd" { - tmp=$(split_files "policy/ocp/bestpractices/pod-replicas-not-odd/test_data/integration") +@test "policy/ocp/bestpractices/pod_replicas_not_odd" { + tmp=$(split_files "policy/ocp/bestpractices/pod_replicas_not_odd/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -332,8 +332,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/route-tls-termination-notset" { - tmp=$(split_files "policy/ocp/bestpractices/route-tls-termination-notset/test_data/integration") +@test "policy/ocp/bestpractices/route_tls_termination_notset" { + tmp=$(split_files "policy/ocp/bestpractices/route_tls_termination_notset/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -358,8 +358,8 @@ teardown() { [ "$status" -eq 0 ] } -@test "policy/ocp/bestpractices/common-k8s-labels-notset - disabled policy label" { - tmp=$(split_files "policy/ocp/bestpractices/common-k8s-labels-notset/test_data/integration") +@test "policy/ocp/bestpractices/common_k8s_labels_notset - disabled policy label" { + tmp=$(split_files "policy/ocp/bestpractices/common_k8s_labels_notset/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name_disabled}" run ${cmd} @@ -376,8 +376,8 @@ teardown() { # ocp/requiresinventory #################### -@test "policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget" { - tmp=$(split_files "policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget/test_data/integration") +@test "policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget" { + tmp=$(split_files "policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -389,8 +389,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/requiresinventory/deployment-has-matching-pvc" { - tmp=$(split_files "policy/ocp/requiresinventory/deployment-has-matching-pvc/test_data/integration") +@test "policy/ocp/requiresinventory/deployment_has_matching_pvc" { + tmp=$(split_files "policy/ocp/requiresinventory/deployment_has_matching_pvc/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -401,8 +401,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/requiresinventory/deployment-has-matching-service" { - tmp=$(split_files "policy/ocp/requiresinventory/deployment-has-matching-service/test_data/integration") +@test "policy/ocp/requiresinventory/deployment_has_matching_service" { + tmp=$(split_files "policy/ocp/requiresinventory/deployment_has_matching_service/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -413,8 +413,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/requiresinventory/deployment-has-matching-serviceaccount" { - tmp=$(split_files "policy/ocp/requiresinventory/deployment-has-matching-serviceaccount/test_data/integration") +@test "policy/ocp/requiresinventory/deployment_has_matching_serviceaccount" { + tmp=$(split_files "policy/ocp/requiresinventory/deployment_has_matching_serviceaccount/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} @@ -425,8 +425,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/requiresinventory/service-has-matching-servicemonitor" { - tmp=$(split_files "policy/ocp/requiresinventory/service-has-matching-servicemonitor/test_data/integration") +@test "policy/ocp/requiresinventory/service_has_matching_servicemonitor" { + tmp=$(split_files "policy/ocp/requiresinventory/service_has_matching_servicemonitor/test_data/integration") cmd="oc create -f ${tmp} -n ${project_name}" run ${cmd} diff --git a/_test/gatekeeper-k8s-integrationtests.sh b/_test/gatekeeper-k8s-integrationtests.sh index c16a9cb6..8ff8badb 100755 --- a/_test/gatekeeper-k8s-integrationtests.sh +++ b/_test/gatekeeper-k8s-integrationtests.sh @@ -42,8 +42,8 @@ teardown() { # ocp/bestpractices #################### -@test "policy/ocp/bestpractices/common-k8s-labels-notset" { - tmp=$(split_files "policy/ocp/bestpractices/common-k8s-labels-notset/test_data/integration") +@test "policy/ocp/bestpractices/common_k8s_labels_notset" { + tmp=$(split_files "policy/ocp/bestpractices/common_k8s_labels_notset/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -55,8 +55,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-env-maxmemory-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-env-maxmemory-notset/test_data/integration") +@test "policy/ocp/bestpractices/container_env_maxmemory_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_env_maxmemory_notset/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -68,8 +68,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-image-latest" { - tmp=$(split_files "policy/ocp/bestpractices/container-image-latest/test_data/integration") +@test "policy/ocp/bestpractices/container_image_latest" { + tmp=$(split_files "policy/ocp/bestpractices/container_image_latest/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -81,8 +81,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-image-unknownregistries" { - tmp=$(split_files "policy/ocp/bestpractices/container-image-unknownregistries/test_data/integration") +@test "policy/ocp/bestpractices/container_image_unknownregistries" { + tmp=$(split_files "policy/ocp/bestpractices/container_image_unknownregistries/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -94,8 +94,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-java-xmx-set" { - tmp=$(split_files "policy/ocp/bestpractices/container-java-xmx-set/test_data/integration") +@test "policy/ocp/bestpractices/container_java_xmx_set" { + tmp=$(split_files "policy/ocp/bestpractices/container_java_xmx_set/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -109,8 +109,8 @@ teardown() { [[ "${#lines[@]}" -eq 3 ]] } -@test "policy/ocp/bestpractices/container-labelkey-inconsistent" { - tmp=$(split_files "policy/ocp/bestpractices/container-labelkey-inconsistent/test_data/integration") +@test "policy/ocp/bestpractices/container_labelkey_inconsistent" { + tmp=$(split_files "policy/ocp/bestpractices/container_labelkey_inconsistent/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -122,8 +122,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-liveness-readinessprobe-equal" { - tmp=$(split_files "policy/ocp/bestpractices/container-liveness-readinessprobe-equal/test_data/integration") +@test "policy/ocp/bestpractices/container_liveness_readinessprobe_equal" { + tmp=$(split_files "policy/ocp/bestpractices/container_liveness_readinessprobe_equal/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -135,8 +135,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-livenessprobe-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-livenessprobe-notset/test_data/integration") +@test "policy/ocp/bestpractices/container_livenessprobe_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_livenessprobe_notset/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -148,8 +148,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-readinessprobe-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-readinessprobe-notset/test_data/integration") +@test "policy/ocp/bestpractices/container_readinessprobe_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_readinessprobe_notset/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -161,8 +161,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-resources-limits-cpu-set" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-cpu-set/test_data/integration") +@test "policy/ocp/bestpractices/container_resources_limits_cpu_set" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_cpu_set/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -174,8 +174,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-resources-limits-memory-greater-than" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-memory-greater-than/test_data/integration") +@test "policy/ocp/bestpractices/container_resources_limits_memory_greater_than" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_memory_greater_than/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -187,8 +187,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-resources-limits-memory-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-memory-notset/test_data/integration") +@test "policy/ocp/bestpractices/container_resources_limits_memory_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_memory_notset/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -200,8 +200,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-resources-memoryunit-incorrect" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-memoryunit-incorrect/test_data/integration") +@test "policy/ocp/bestpractices/container_resources_memoryunit_incorrect" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_memoryunit_incorrect/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -217,8 +217,8 @@ teardown() { [[ "${#lines[@]}" -eq 4 ]] } -@test "policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect/test_data/integration") +@test "policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -230,8 +230,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-resources-requests-memory-greater-than" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-requests-memory-greater-than/test_data/integration") +@test "policy/ocp/bestpractices/container_resources_requests_memory_greater_than" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_requests_memory_greater_than/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -243,8 +243,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-secret-mounted-envs" { - tmp=$(split_files "policy/ocp/bestpractices/container-secret-mounted-envs/test_data/integration") +@test "policy/ocp/bestpractices/container_secret_mounted_envs" { + tmp=$(split_files "policy/ocp/bestpractices/container_secret_mounted_envs/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -256,8 +256,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-volumemount-inconsistent-path" { - tmp=$(split_files "policy/ocp/bestpractices/container-volumemount-inconsistent-path/test_data/integration") +@test "policy/ocp/bestpractices/container_volumemount_inconsistent_path" { + tmp=$(split_files "policy/ocp/bestpractices/container_volumemount_inconsistent_path/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -269,8 +269,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/container-volumemount-missing" { - tmp=$(split_files "policy/ocp/bestpractices/container-volumemount-missing/test_data/integration") +@test "policy/ocp/bestpractices/container_volumemount_missing" { + tmp=$(split_files "policy/ocp/bestpractices/container_volumemount_missing/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -282,8 +282,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/pod-hostnetwork" { - tmp=$(split_files "policy/ocp/bestpractices/pod-hostnetwork/test_data/integration") +@test "policy/ocp/bestpractices/pod_hostnetwork" { + tmp=$(split_files "policy/ocp/bestpractices/pod_hostnetwork/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -295,8 +295,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/pod-replicas-below-one" { - tmp=$(split_files "policy/ocp/bestpractices/pod-replicas-below-one/test_data/integration") +@test "policy/ocp/bestpractices/pod_replicas_below_one" { + tmp=$(split_files "policy/ocp/bestpractices/pod_replicas_below_one/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -308,8 +308,8 @@ teardown() { [[ "${#lines[@]}" -eq 1 ]] } -@test "policy/ocp/bestpractices/pod-replicas-not-odd" { - tmp=$(split_files "policy/ocp/bestpractices/pod-replicas-not-odd/test_data/integration") +@test "policy/ocp/bestpractices/pod_replicas_not_odd" { + tmp=$(split_files "policy/ocp/bestpractices/pod_replicas_not_odd/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name}" @@ -336,8 +336,8 @@ teardown() { [ "$status" -eq 0 ] } -@test "policy/ocp/bestpractices/common-k8s-labels-notset - disabled policy label" { - tmp=$(split_files "policy/ocp/bestpractices/common-k8s-labels-notset/test_data/integration") +@test "policy/ocp/bestpractices/common_k8s_labels_notset - disabled policy label" { + tmp=$(split_files "policy/ocp/bestpractices/common_k8s_labels_notset/test_data/integration") remove_ocp_resources "${tmp}/list.yml" cmd="kubectl create -f ${tmp} -n ${project_name_disabled}" diff --git a/_test/opa-profile.sh b/_test/opa-profile.sh index ae503dd7..9b3c9ccc 100755 --- a/_test/opa-profile.sh +++ b/_test/opa-profile.sh @@ -45,10 +45,10 @@ check_violations() { # ocp/bestpractices #################### -@test "policy/ocp/bestpractices/common-k8s-labels-notset" { - tmp=$(split_files "policy/ocp/bestpractices/common-k8s-labels-notset/test_data/unit") +@test "policy/ocp/bestpractices/common_k8s_labels_notset" { + tmp=$(split_files "policy/ocp/bestpractices/common_k8s_labels_notset/test_data/unit") - policy_dir="policy/ocp/bestpractices/common-k8s-labels-notset" + policy_dir="policy/ocp/bestpractices/common_k8s_labels_notset" policy_package="data.ocp.bestpractices.common_k8s_labels_notset" schema_dir="_test/schema-generation/openshift-json-schema" @@ -64,10 +64,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00001" ] } -@test "policy/ocp/bestpractices/container-env-maxmemory-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-env-maxmemory-notset/test_data/unit") +@test "policy/ocp/bestpractices/container_env_maxmemory_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_env_maxmemory_notset/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-env-maxmemory-notset" + policy_dir="policy/ocp/bestpractices/container_env_maxmemory_notset" policy_package="data.ocp.bestpractices.container_env_maxmemory_notset" schema_dir="_test/schema-generation/openshift-json-schema" @@ -83,10 +83,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00002" ] } -@test "policy/ocp/bestpractices/container-image-latest" { - tmp=$(split_files "policy/ocp/bestpractices/container-image-latest/test_data/unit") +@test "policy/ocp/bestpractices/container_image_latest" { + tmp=$(split_files "policy/ocp/bestpractices/container_image_latest/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-image-latest" + policy_dir="policy/ocp/bestpractices/container_image_latest" policy_package="data.ocp.bestpractices.container_image_latest" schema_dir="_test/schema-generation/openshift-json-schema" @@ -103,10 +103,10 @@ check_violations() { } -@test "policy/ocp/bestpractices/container-image-unknownregistries" { - tmp=$(split_files "policy/ocp/bestpractices/container-image-unknownregistries/test_data/unit") +@test "policy/ocp/bestpractices/container_image_unknownregistries" { + tmp=$(split_files "policy/ocp/bestpractices/container_image_unknownregistries/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-image-unknownregistries" + policy_dir="policy/ocp/bestpractices/container_image_unknownregistries" policy_package="data.ocp.bestpractices.container_image_unknownregistries" schema_dir="_test/schema-generation/openshift-json-schema" @@ -122,10 +122,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00004" ] } -@test "policy/ocp/bestpractices/container-java-xmx-set" { - tmp=$(split_files "policy/ocp/bestpractices/container-java-xmx-set/test_data/unit") +@test "policy/ocp/bestpractices/container_java_xmx_set" { + tmp=$(split_files "policy/ocp/bestpractices/container_java_xmx_set/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-java-xmx-set" + policy_dir="policy/ocp/bestpractices/container_java_xmx_set" policy_package="data.ocp.bestpractices.container_java_xmx_set" schema_dir="_test/schema-generation/openshift-json-schema" @@ -141,10 +141,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00005" ] } -@test "policy/ocp/bestpractices/container-labelkey-inconsistent" { - tmp=$(split_files "policy/ocp/bestpractices/container-labelkey-inconsistent/test_data/unit") +@test "policy/ocp/bestpractices/container_labelkey_inconsistent" { + tmp=$(split_files "policy/ocp/bestpractices/container_labelkey_inconsistent/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-labelkey-inconsistent" + policy_dir="policy/ocp/bestpractices/container_labelkey_inconsistent" policy_package="data.ocp.bestpractices.container_labelkey_inconsistent" schema_dir="_test/schema-generation/openshift-json-schema" @@ -160,10 +160,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00006" ] } -@test "policy/ocp/bestpractices/container-liveness-readinessprobe-equal" { - tmp=$(split_files "policy/ocp/bestpractices/container-liveness-readinessprobe-equal/test_data/unit") +@test "policy/ocp/bestpractices/container_liveness_readinessprobe_equal" { + tmp=$(split_files "policy/ocp/bestpractices/container_liveness_readinessprobe_equal/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-liveness-readinessprobe-equal" + policy_dir="policy/ocp/bestpractices/container_liveness_readinessprobe_equal" policy_package="data.ocp.bestpractices.container_liveness_readinessprobe_equal" schema_dir="_test/schema-generation/openshift-json-schema" @@ -179,10 +179,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00007" ] } -@test "policy/ocp/bestpractices/container-livenessprobe-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-livenessprobe-notset/test_data/unit") +@test "policy/ocp/bestpractices/container_livenessprobe_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_livenessprobe_notset/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-livenessprobe-notset" + policy_dir="policy/ocp/bestpractices/container_livenessprobe_notset" policy_package="data.ocp.bestpractices.container_livenessprobe_notset" schema_dir="_test/schema-generation/openshift-json-schema" @@ -198,10 +198,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00008" ] } -@test "policy/ocp/bestpractices/container-readinessprobe-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-readinessprobe-notset/test_data/unit") +@test "policy/ocp/bestpractices/container_readinessprobe_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_readinessprobe_notset/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-readinessprobe-notset" + policy_dir="policy/ocp/bestpractices/container_readinessprobe_notset" policy_package="data.ocp.bestpractices.container_readinessprobe_notset" schema_dir="_test/schema-generation/openshift-json-schema" @@ -217,10 +217,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00009" ] } -@test "policy/ocp/bestpractices/container-resources-limits-cpu-set" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-cpu-set/test_data/unit") +@test "policy/ocp/bestpractices/container_resources_limits_cpu_set" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_cpu_set/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-resources-limits-cpu-set" + policy_dir="policy/ocp/bestpractices/container_resources_limits_cpu_set" policy_package="data.ocp.bestpractices.container_resources_limits_cpu_set" schema_dir="_test/schema-generation/openshift-json-schema" @@ -236,10 +236,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00010" ] } -@test "policy/ocp/bestpractices/container-resources-limits-memory-greater-than" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-memory-greater-than/test_data/unit") +@test "policy/ocp/bestpractices/container_resources_limits_memory_greater_than" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_memory_greater_than/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-resources-limits-memory-greater-than" + policy_dir="policy/ocp/bestpractices/container_resources_limits_memory_greater_than" policy_package="data.ocp.bestpractices.container_resources_limits_memory_greater_than" schema_dir="_test/schema-generation/openshift-json-schema" @@ -255,10 +255,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00011" ] } -@test "policy/ocp/bestpractices/container-resources-limits-memory-notset" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-limits-memory-notset/test_data/unit") +@test "policy/ocp/bestpractices/container_resources_limits_memory_notset" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_limits_memory_notset/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-resources-limits-memory-notset" + policy_dir="policy/ocp/bestpractices/container_resources_limits_memory_notset" policy_package="data.ocp.bestpractices.container_resources_limits_memory_notset" schema_dir="_test/schema-generation/openshift-json-schema" @@ -274,10 +274,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00012" ] } -@test "policy/ocp/bestpractices/container-resources-memoryunit-incorrect" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-memoryunit-incorrect/test_data/unit") +@test "policy/ocp/bestpractices/container_resources_memoryunit_incorrect" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_memoryunit_incorrect/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-resources-memoryunit-incorrect" + policy_dir="policy/ocp/bestpractices/container_resources_memoryunit_incorrect" policy_package="data.ocp.bestpractices.container_resources_memoryunit_incorrect" schema_dir="_test/schema-generation/openshift-json-schema" @@ -293,10 +293,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00013" ] } -@test "policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect/test_data/unit") +@test "policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect" + policy_dir="policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect" policy_package="data.ocp.bestpractices.container_resources_requests_cpuunit_incorrect" schema_dir="_test/schema-generation/openshift-json-schema" @@ -312,10 +312,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00014" ] } -@test "policy/ocp/bestpractices/container-resources-requests-memory-greater-than" { - tmp=$(split_files "policy/ocp/bestpractices/container-resources-requests-memory-greater-than/test_data/unit") +@test "policy/ocp/bestpractices/container_resources_requests_memory_greater_than" { + tmp=$(split_files "policy/ocp/bestpractices/container_resources_requests_memory_greater_than/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-resources-requests-memory-greater-than" + policy_dir="policy/ocp/bestpractices/container_resources_requests_memory_greater_than" policy_package="data.ocp.bestpractices.container_resources_requests_memory_greater_than" schema_dir="_test/schema-generation/openshift-json-schema" @@ -331,10 +331,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00015" ] } -@test "policy/ocp/bestpractices/container-secret-mounted-envs" { - tmp=$(split_files "policy/ocp/bestpractices/container-secret-mounted-envs/test_data/unit") +@test "policy/ocp/bestpractices/container_secret_mounted_envs" { + tmp=$(split_files "policy/ocp/bestpractices/container_secret_mounted_envs/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-secret-mounted-envs" + policy_dir="policy/ocp/bestpractices/container_secret_mounted_envs" policy_package="data.ocp.bestpractices.container_secret_mounted_envs" schema_dir="_test/schema-generation/openshift-json-schema" @@ -350,10 +350,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00016" ] } -@test "policy/ocp/bestpractices/container-volumemount-inconsistent-path" { - tmp=$(split_files "policy/ocp/bestpractices/container-volumemount-inconsistent-path/test_data/unit") +@test "policy/ocp/bestpractices/container_volumemount_inconsistent_path" { + tmp=$(split_files "policy/ocp/bestpractices/container_volumemount_inconsistent_path/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-volumemount-inconsistent-path" + policy_dir="policy/ocp/bestpractices/container_volumemount_inconsistent_path" policy_package="data.ocp.bestpractices.container_volumemount_inconsistent_path" schema_dir="_test/schema-generation/openshift-json-schema" @@ -369,10 +369,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00017" ] } -@test "policy/ocp/bestpractices/container-volumemount-missing" { - tmp=$(split_files "policy/ocp/bestpractices/container-volumemount-missing/test_data/unit") +@test "policy/ocp/bestpractices/container_volumemount_missing" { + tmp=$(split_files "policy/ocp/bestpractices/container_volumemount_missing/test_data/unit") - policy_dir="policy/ocp/bestpractices/container-volumemount-missing" + policy_dir="policy/ocp/bestpractices/container_volumemount_missing" policy_package="data.ocp.bestpractices.container_volumemount_missing" schema_dir="_test/schema-generation/openshift-json-schema" @@ -388,10 +388,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00018" ] } -@test "policy/ocp/bestpractices/deploymentconfig-triggers-containername" { - tmp=$(split_files "policy/ocp/bestpractices/deploymentconfig-triggers-containername/test_data/unit") +@test "policy/ocp/bestpractices/deploymentconfig_triggers_containername" { + tmp=$(split_files "policy/ocp/bestpractices/deploymentconfig_triggers_containername/test_data/unit") - policy_dir="policy/ocp/bestpractices/deploymentconfig-triggers-containername" + policy_dir="policy/ocp/bestpractices/deploymentconfig_triggers_containername" policy_package="data.ocp.bestpractices.deploymentconfig_triggers_containername" schema_dir="_test/schema-generation/openshift-json-schema" @@ -407,10 +407,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00027" ] } -@test "policy/ocp/bestpractices/deploymentconfig-triggers-notset" { - tmp=$(split_files "policy/ocp/bestpractices/deploymentconfig-triggers-notset/test_data/unit") +@test "policy/ocp/bestpractices/deploymentconfig_triggers_notset" { + tmp=$(split_files "policy/ocp/bestpractices/deploymentconfig_triggers_notset/test_data/unit") - policy_dir="policy/ocp/bestpractices/deploymentconfig-triggers-notset" + policy_dir="policy/ocp/bestpractices/deploymentconfig_triggers_notset" policy_package="data.ocp.bestpractices.deploymentconfig_triggers_notset" schema_dir="_test/schema-generation/openshift-json-schema" @@ -426,10 +426,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00019" ] } -@test "policy/ocp/bestpractices/pod-hostnetwork" { - tmp=$(split_files "policy/ocp/bestpractices/pod-hostnetwork/test_data/unit") +@test "policy/ocp/bestpractices/pod_hostnetwork" { + tmp=$(split_files "policy/ocp/bestpractices/pod_hostnetwork/test_data/unit") - policy_dir="policy/ocp/bestpractices/pod-hostnetwork" + policy_dir="policy/ocp/bestpractices/pod_hostnetwork" policy_package="data.ocp.bestpractices.pod_hostnetwork" schema_dir="_test/schema-generation/openshift-json-schema" @@ -445,10 +445,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00020" ] } -@test "policy/ocp/bestpractices/pod-replicas-below-one" { - tmp=$(split_files "policy/ocp/bestpractices/pod-replicas-below-one/test_data/unit") +@test "policy/ocp/bestpractices/pod_replicas_below_one" { + tmp=$(split_files "policy/ocp/bestpractices/pod_replicas_below_one/test_data/unit") - policy_dir="policy/ocp/bestpractices/pod-replicas-below-one" + policy_dir="policy/ocp/bestpractices/pod_replicas_below_one" policy_package="data.ocp.bestpractices.pod_replicas_below_one" schema_dir="_test/schema-generation/openshift-json-schema" @@ -464,10 +464,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00021" ] } -@test "policy/ocp/bestpractices/pod-replicas-not-odd" { - tmp=$(split_files "policy/ocp/bestpractices/pod-replicas-not-odd/test_data/unit") +@test "policy/ocp/bestpractices/pod_replicas_not_odd" { + tmp=$(split_files "policy/ocp/bestpractices/pod_replicas_not_odd/test_data/unit") - policy_dir="policy/ocp/bestpractices/pod-replicas-not-odd" + policy_dir="policy/ocp/bestpractices/pod_replicas_not_odd" policy_package="data.ocp.bestpractices.pod_replicas_not_odd" schema_dir="_test/schema-generation/openshift-json-schema" @@ -483,10 +483,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00022" ] } -@test "policy/ocp/bestpractices/rolebinding-roleref-apigroup-notset" { - tmp=$(split_files "policy/ocp/bestpractices/rolebinding-roleref-apigroup-notset/test_data/unit") +@test "policy/ocp/bestpractices/rolebinding_roleref_apigroup_notset" { + tmp=$(split_files "policy/ocp/bestpractices/rolebinding_roleref_apigroup_notset/test_data/unit") - policy_dir="policy/ocp/bestpractices/rolebinding-roleref-apigroup-notset" + policy_dir="policy/ocp/bestpractices/rolebinding_roleref_apigroup_notset" policy_package="data.ocp.bestpractices.rolebinding_roleref_apigroup_notset" schema_dir="_test/schema-generation/openshift-json-schema" @@ -502,10 +502,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00023" ] } -@test "policy/ocp/bestpractices/rolebinding-roleref-kind-notset" { - tmp=$(split_files "policy/ocp/bestpractices/rolebinding-roleref-kind-notset/test_data/unit") +@test "policy/ocp/bestpractices/rolebinding_roleref_kind_notset" { + tmp=$(split_files "policy/ocp/bestpractices/rolebinding_roleref_kind_notset/test_data/unit") - policy_dir="policy/ocp/bestpractices/rolebinding-roleref-kind-notset" + policy_dir="policy/ocp/bestpractices/rolebinding_roleref_kind_notset" policy_package="data.ocp.bestpractices.rolebinding_roleref_kind_notset" schema_dir="_test/schema-generation/openshift-json-schema" @@ -521,10 +521,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00024" ] } -@test "policy/ocp/bestpractices/route-tls-termination-notset" { - tmp=$(split_files "policy/ocp/bestpractices/route-tls-termination-notset/test_data/unit") +@test "policy/ocp/bestpractices/route_tls_termination_notset" { + tmp=$(split_files "policy/ocp/bestpractices/route_tls_termination_notset/test_data/unit") - policy_dir="policy/ocp/bestpractices/route-tls-termination-notset" + policy_dir="policy/ocp/bestpractices/route_tls_termination_notset" policy_package="data.ocp.bestpractices.route_tls_termination_notset" schema_dir="_test/schema-generation/openshift-json-schema" @@ -540,10 +540,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_BESTPRACT-00025" ] } -@test "policy/ocp/bestpractices/pod-antiaffinity-notset" { - tmp=$(split_files "policy/ocp/bestpractices/pod-antiaffinity-notset/test_data/unit") +@test "policy/ocp/bestpractices/pod_antiaffinity_notset" { + tmp=$(split_files "policy/ocp/bestpractices/pod_antiaffinity_notset/test_data/unit") - policy_dir="policy/ocp/bestpractices/pod-antiaffinity-notset" + policy_dir="policy/ocp/bestpractices/pod_antiaffinity_notset" policy_package="data.ocp.bestpractices.pod_antiaffinity_notset" schema_dir="_test/schema-generation/openshift-json-schema" @@ -563,10 +563,10 @@ check_violations() { # ocp/deprecated #################### -@test "policy/ocp/deprecated/3_11/buildconfig-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/buildconfig-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/buildconfig_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/buildconfig_v1/test_data/unit") - policy_dir="policy/ocp/deprecated/3_11/buildconfig-v1" + policy_dir="policy/ocp/deprecated/ocp3_11/buildconfig_v1" policy_package="data.ocp.deprecated.ocp3_11.buildconfig_v1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -582,10 +582,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-3.11-00001" ] } -@test "policy/ocp/deprecated/3_11/deploymentconfig-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/deploymentconfig-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/deploymentconfig_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/deploymentconfig_v1/test_data/unit") - policy_dir="policy/ocp/deprecated/3_11/deploymentconfig-v1" + policy_dir="policy/ocp/deprecated/ocp3_11/deploymentconfig_v1" policy_package="data.ocp.deprecated.ocp3_11.deploymentconfig_v1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -601,10 +601,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-3.11-00002" ] } -@test "policy/ocp/deprecated/3_11/imagestream-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/imagestream-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/imagestream_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/imagestream_v1/test_data/unit") - policy_dir="policy/ocp/deprecated/3_11/imagestream-v1" + policy_dir="policy/ocp/deprecated/ocp3_11/imagestream_v1" policy_package="data.ocp.deprecated.ocp3_11.imagestream_v1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -620,10 +620,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-3.11-00003" ] } -@test "policy/ocp/deprecated/3_11/projectrequest-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/projectrequest-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/projectrequest_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/projectrequest_v1/test_data/unit") - policy_dir="policy/ocp/deprecated/3_11/projectrequest-v1" + policy_dir="policy/ocp/deprecated/ocp3_11/projectrequest_v1" policy_package="data.ocp.deprecated.ocp3_11.projectrequest_v1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -639,10 +639,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-3.11-00004" ] } -@test "policy/ocp/deprecated/3_11/rolebinding-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/rolebinding-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/rolebinding_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/rolebinding_v1/test_data/unit") - policy_dir="policy/ocp/deprecated/3_11/rolebinding-v1" + policy_dir="policy/ocp/deprecated/ocp3_11/rolebinding_v1" policy_package="data.ocp.deprecated.ocp3_11.rolebinding_v1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -658,10 +658,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-3.11-00005" ] } -@test "policy/ocp/deprecated/3_11/route-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/route-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/route_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/route_v1/test_data/unit") - policy_dir="policy/ocp/deprecated/3_11/route-v1" + policy_dir="policy/ocp/deprecated/ocp3_11/route_v1" policy_package="data.ocp.deprecated.ocp3_11.route_v1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -677,10 +677,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-3.11-00006" ] } -@test "policy/ocp/deprecated/3_11/securitycontextconstraints-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/securitycontextconstraints-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/securitycontextconstraints_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/securitycontextconstraints_v1/test_data/unit") - policy_dir="policy/ocp/deprecated/3_11/securitycontextconstraints-v1" + policy_dir="policy/ocp/deprecated/ocp3_11/securitycontextconstraints_v1" policy_package="data.ocp.deprecated.ocp3_11.securitycontextconstraints_v1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -696,10 +696,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-3.11-00007" ] } -@test "policy/ocp/deprecated/3_11/template-v1" { - tmp=$(split_files "policy/ocp/deprecated/3_11/template-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp3_11/template_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp3_11/template_v1/test_data/unit") - policy_dir="policy/ocp/deprecated/3_11/template-v1" + policy_dir="policy/ocp/deprecated/ocp3_11/template_v1" policy_package="data.ocp.deprecated.ocp3_11.template_v1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -715,10 +715,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-3.11-00008" ] } -@test "policy/ocp/deprecated/4_1/buildconfig-custom-strategy" { - tmp=$(split_files "policy/ocp/deprecated/4_1/buildconfig-custom-strategy/test_data/unit") +@test "policy/ocp/deprecated/ocp4_1/buildconfig_custom_strategy" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_1/buildconfig_custom_strategy/test_data/unit") - policy_dir="policy/ocp/deprecated/4_1/buildconfig-custom-strategy" + policy_dir="policy/ocp/deprecated/ocp4_1/buildconfig_custom_strategy" policy_package="data.ocp.deprecated.ocp4_1.buildconfig_custom_strategy" schema_dir="_test/schema-generation/openshift-json-schema" @@ -734,10 +734,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-4.1-00001" ] } -@test "policy/ocp/deprecated/4_2/authorization-openshift" { - tmp=$(split_files "policy/ocp/deprecated/4_2/authorization-openshift/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/authorization_openshift" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/authorization_openshift/test_data/unit") - policy_dir="policy/ocp/deprecated/4_2/authorization-openshift" + policy_dir="policy/ocp/deprecated/ocp4_2/authorization_openshift" policy_package="data.ocp.deprecated.ocp4_2.authorization_openshift" schema_dir="_test/schema-generation/openshift-json-schema" @@ -753,10 +753,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-4.2-00001" ] } -@test "policy/ocp/deprecated/4_2/automationbroker-v1alpha1" { - tmp=$(split_files "policy/ocp/deprecated/4_2/automationbroker-v1alpha1/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/automationbroker_v1alpha1" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/automationbroker_v1alpha1/test_data/unit") - policy_dir="policy/ocp/deprecated/4_2/automationbroker-v1alpha1" + policy_dir="policy/ocp/deprecated/ocp4_2/automationbroker_v1alpha1" policy_package="data.ocp.deprecated.ocp4_2.automationbroker_v1alpha1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -772,10 +772,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-4.2-00002" ] } -@test "policy/ocp/deprecated/4_2/catalogsourceconfigs-v1" { - tmp=$(split_files "policy/ocp/deprecated/4_2/catalogsourceconfigs-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v1/test_data/unit") - policy_dir="policy/ocp/deprecated/4_2/catalogsourceconfigs-v1" + policy_dir="policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v1" policy_package="data.ocp.deprecated.ocp4_2.catalogsourceconfigs_v1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -791,10 +791,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-4.2-00003" ] } -@test "policy/ocp/deprecated/4_2/catalogsourceconfigs-v2" { - tmp=$(split_files "policy/ocp/deprecated/4_2/catalogsourceconfigs-v2/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v2" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v2/test_data/unit") - policy_dir="policy/ocp/deprecated/4_2/catalogsourceconfigs-v2" + policy_dir="policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v2" policy_package="data.ocp.deprecated.ocp4_2.catalogsourceconfigs_v2" schema_dir="_test/schema-generation/openshift-json-schema" @@ -810,10 +810,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-4.2-00004" ] } -@test "policy/ocp/deprecated/4_2/operatorsources-v1" { - tmp=$(split_files "policy/ocp/deprecated/4_2/operatorsources-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/operatorsources_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/operatorsources_v1/test_data/unit") - policy_dir="policy/ocp/deprecated/4_2/operatorsources-v1" + policy_dir="policy/ocp/deprecated/ocp4_2/operatorsources_v1" policy_package="data.ocp.deprecated.ocp4_2.operatorsources_v1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -829,10 +829,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-4.2-00005" ] } -@test "policy/ocp/deprecated/4_2/osb-v1" { - tmp=$(split_files "policy/ocp/deprecated/4_2/osb-v1/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/osb_v1" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/osb_v1/test_data/unit") - policy_dir="policy/ocp/deprecated/4_2/osb-v1" + policy_dir="policy/ocp/deprecated/ocp4_2/osb_v1" policy_package="data.ocp.deprecated.ocp4_2.osb_v1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -848,10 +848,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-4.2-00006" ] } -@test "policy/ocp/deprecated/4_2/servicecatalog-v1beta1" { - tmp=$(split_files "policy/ocp/deprecated/4_2/servicecatalog-v1beta1/test_data/unit") +@test "policy/ocp/deprecated/ocp4_2/servicecatalog_v1beta1" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_2/servicecatalog_v1beta1/test_data/unit") - policy_dir="policy/ocp/deprecated/4_2/servicecatalog-v1beta1" + policy_dir="policy/ocp/deprecated/ocp4_2/servicecatalog_v1beta1" policy_package="data.ocp.deprecated.ocp4_2.servicecatalog_v1beta1" schema_dir="_test/schema-generation/openshift-json-schema" @@ -867,10 +867,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-OCP_DEPRECATED-4.2-00007" ] } -@test "policy/ocp/deprecated/4_3/buildconfig-jenkinspipeline-strategy" { - tmp=$(split_files "policy/ocp/deprecated/4_3/buildconfig-jenkinspipeline-strategy/test_data/unit") +@test "policy/ocp/deprecated/ocp4_3/buildconfig_jenkinspipeline_strategy" { + tmp=$(split_files "policy/ocp/deprecated/ocp4_3/buildconfig_jenkinspipeline_strategy/test_data/unit") - policy_dir="policy/ocp/deprecated/4_3/buildconfig-jenkinspipeline-strategy" + policy_dir="policy/ocp/deprecated/ocp4_3/buildconfig_jenkinspipeline_strategy" policy_package="data.ocp.deprecated.ocp4_3.buildconfig_jenkinspipeline_strategy" schema_dir="_test/schema-generation/openshift-json-schema" @@ -890,10 +890,10 @@ check_violations() { # podman #################### -@test "policy/podman/history/contains-layer" { - tmp=$(split_files "policy/podman/history/contains-layer/test_data/unit/jenkins-python-mising.json" "true") +@test "policy/podman/history/contains_layer" { + tmp=$(split_files "policy/podman/history/contains_layer/test_data/unit/jenkins-python-mising.json" "true") - policy_dir="policy/podman/history/contains-layer" + policy_dir="policy/podman/history/contains_layer" policy_package="data.podman.history.contains_layer" schema_dir="_test/schema-generation/openshift-json-schema" @@ -909,10 +909,10 @@ check_violations() { [ "${policy_id}" = "RHCOP-PODMAN-00001" ] } -@test "policy/podman/images/image-size-not-greater-than" { - tmp=$(split_files "policy/podman/images/image-size-not-greater-than/test_data/unit" "true") +@test "policy/podman/images/image_size_not_greater_than" { + tmp=$(split_files "policy/podman/images/image_size_not_greater_than/test_data/unit" "true") - policy_dir="policy/podman/images/image-size-not-greater-than" + policy_dir="policy/podman/images/image_size_not_greater_than" policy_package="data.podman.images.image_size_not_greater_than" schema_dir="_test/schema-generation/openshift-json-schema" diff --git a/policy/combine/namespace-has-networkpolicy/src.rego b/policy/combine/namespace_has_networkpolicy/src.rego similarity index 100% rename from policy/combine/namespace-has-networkpolicy/src.rego rename to policy/combine/namespace_has_networkpolicy/src.rego diff --git a/policy/combine/namespace-has-networkpolicy/test_data/unit/list.yml b/policy/combine/namespace_has_networkpolicy/test_data/unit/list.yml similarity index 100% rename from policy/combine/namespace-has-networkpolicy/test_data/unit/list.yml rename to policy/combine/namespace_has_networkpolicy/test_data/unit/list.yml diff --git a/policy/combine/namespace-has-resourcequota/src.rego b/policy/combine/namespace_has_resourcequota/src.rego similarity index 100% rename from policy/combine/namespace-has-resourcequota/src.rego rename to policy/combine/namespace_has_resourcequota/src.rego diff --git a/policy/combine/namespace-has-resourcequota/test_data/unit/list.yml b/policy/combine/namespace_has_resourcequota/test_data/unit/list.yml similarity index 100% rename from policy/combine/namespace-has-resourcequota/test_data/unit/list.yml rename to policy/combine/namespace_has_resourcequota/test_data/unit/list.yml diff --git a/policy/lib/konstraint/core.rego b/policy/lib/konstraint/core/src.rego similarity index 100% rename from policy/lib/konstraint/core.rego rename to policy/lib/konstraint/core/src.rego diff --git a/policy/lib/konstraint/pods.rego b/policy/lib/konstraint/pods/src.rego similarity index 100% rename from policy/lib/konstraint/pods.rego rename to policy/lib/konstraint/pods/src.rego diff --git a/policy/lib/kubernetes.rego b/policy/lib/kubernetes/src.rego similarity index 100% rename from policy/lib/kubernetes.rego rename to policy/lib/kubernetes/src.rego diff --git a/policy/lib/memory.rego b/policy/lib/memory/src.rego similarity index 100% rename from policy/lib/memory.rego rename to policy/lib/memory/src.rego diff --git a/policy/lib/openshift.rego b/policy/lib/openshift/src.rego similarity index 100% rename from policy/lib/openshift.rego rename to policy/lib/openshift/src.rego diff --git a/policy/ocp/bestpractices/common-k8s-labels-notset/src.rego b/policy/ocp/bestpractices/common_k8s_labels_notset/src.rego similarity index 100% rename from policy/ocp/bestpractices/common-k8s-labels-notset/src.rego rename to policy/ocp/bestpractices/common_k8s_labels_notset/src.rego diff --git a/policy/ocp/bestpractices/common-k8s-labels-notset/test_data/integration/list.yml b/policy/ocp/bestpractices/common_k8s_labels_notset/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/common-k8s-labels-notset/test_data/integration/list.yml rename to policy/ocp/bestpractices/common_k8s_labels_notset/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/common-k8s-labels-notset/test_data/unit/list.yml b/policy/ocp/bestpractices/common_k8s_labels_notset/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/common-k8s-labels-notset/test_data/unit/list.yml rename to policy/ocp/bestpractices/common_k8s_labels_notset/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-env-maxmemory-notset/src.rego b/policy/ocp/bestpractices/container_env_maxmemory_notset/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-env-maxmemory-notset/src.rego rename to policy/ocp/bestpractices/container_env_maxmemory_notset/src.rego diff --git a/policy/ocp/bestpractices/container-env-maxmemory-notset/test_data/integration/list.yml b/policy/ocp/bestpractices/container_env_maxmemory_notset/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-env-maxmemory-notset/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_env_maxmemory_notset/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-env-maxmemory-notset/test_data/unit/list.yml b/policy/ocp/bestpractices/container_env_maxmemory_notset/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-env-maxmemory-notset/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_env_maxmemory_notset/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-image-latest/src.rego b/policy/ocp/bestpractices/container_image_latest/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-image-latest/src.rego rename to policy/ocp/bestpractices/container_image_latest/src.rego diff --git a/policy/ocp/bestpractices/container-image-latest/test_data/integration/list.yml b/policy/ocp/bestpractices/container_image_latest/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-image-latest/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_image_latest/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-image-latest/test_data/unit/list.yml b/policy/ocp/bestpractices/container_image_latest/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-image-latest/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_image_latest/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-image-unknownregistries/src.rego b/policy/ocp/bestpractices/container_image_unknownregistries/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-image-unknownregistries/src.rego rename to policy/ocp/bestpractices/container_image_unknownregistries/src.rego diff --git a/policy/ocp/bestpractices/container-image-unknownregistries/test_data/integration/list.yml b/policy/ocp/bestpractices/container_image_unknownregistries/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-image-unknownregistries/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_image_unknownregistries/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-image-unknownregistries/test_data/unit/list.yml b/policy/ocp/bestpractices/container_image_unknownregistries/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-image-unknownregistries/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_image_unknownregistries/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-java-xmx-set/src.rego b/policy/ocp/bestpractices/container_java_xmx_set/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-java-xmx-set/src.rego rename to policy/ocp/bestpractices/container_java_xmx_set/src.rego diff --git a/policy/ocp/bestpractices/container-java-xmx-set/test_data/integration/list.yml b/policy/ocp/bestpractices/container_java_xmx_set/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-java-xmx-set/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_java_xmx_set/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-java-xmx-set/test_data/unit/list.yml b/policy/ocp/bestpractices/container_java_xmx_set/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-java-xmx-set/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_java_xmx_set/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-labelkey-inconsistent/src.rego b/policy/ocp/bestpractices/container_labelkey_inconsistent/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-labelkey-inconsistent/src.rego rename to policy/ocp/bestpractices/container_labelkey_inconsistent/src.rego diff --git a/policy/ocp/bestpractices/container-labelkey-inconsistent/test_data/integration/list.yml b/policy/ocp/bestpractices/container_labelkey_inconsistent/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-labelkey-inconsistent/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_labelkey_inconsistent/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-labelkey-inconsistent/test_data/unit/list.yml b/policy/ocp/bestpractices/container_labelkey_inconsistent/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-labelkey-inconsistent/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_labelkey_inconsistent/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-liveness-readinessprobe-equal/src.rego b/policy/ocp/bestpractices/container_liveness_readinessprobe_equal/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-liveness-readinessprobe-equal/src.rego rename to policy/ocp/bestpractices/container_liveness_readinessprobe_equal/src.rego diff --git a/policy/ocp/bestpractices/container-liveness-readinessprobe-equal/test_data/integration/list.yml b/policy/ocp/bestpractices/container_liveness_readinessprobe_equal/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-liveness-readinessprobe-equal/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_liveness_readinessprobe_equal/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-liveness-readinessprobe-equal/test_data/unit/list.yml b/policy/ocp/bestpractices/container_liveness_readinessprobe_equal/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-liveness-readinessprobe-equal/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_liveness_readinessprobe_equal/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-livenessprobe-notset/src.rego b/policy/ocp/bestpractices/container_livenessprobe_notset/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-livenessprobe-notset/src.rego rename to policy/ocp/bestpractices/container_livenessprobe_notset/src.rego diff --git a/policy/ocp/bestpractices/container-livenessprobe-notset/test_data/integration/list.yml b/policy/ocp/bestpractices/container_livenessprobe_notset/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-livenessprobe-notset/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_livenessprobe_notset/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-livenessprobe-notset/test_data/unit/list.yml b/policy/ocp/bestpractices/container_livenessprobe_notset/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-livenessprobe-notset/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_livenessprobe_notset/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-readinessprobe-notset/src.rego b/policy/ocp/bestpractices/container_readinessprobe_notset/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-readinessprobe-notset/src.rego rename to policy/ocp/bestpractices/container_readinessprobe_notset/src.rego diff --git a/policy/ocp/bestpractices/container-readinessprobe-notset/test_data/integration/list.yml b/policy/ocp/bestpractices/container_readinessprobe_notset/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-readinessprobe-notset/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_readinessprobe_notset/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-readinessprobe-notset/test_data/unit/list.yml b/policy/ocp/bestpractices/container_readinessprobe_notset/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-readinessprobe-notset/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_readinessprobe_notset/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-resources-limits-cpu-set/src.rego b/policy/ocp/bestpractices/container_resources_limits_cpu_set/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-resources-limits-cpu-set/src.rego rename to policy/ocp/bestpractices/container_resources_limits_cpu_set/src.rego diff --git a/policy/ocp/bestpractices/container-resources-limits-cpu-set/test_data/integration/list.yml b/policy/ocp/bestpractices/container_resources_limits_cpu_set/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-resources-limits-cpu-set/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_resources_limits_cpu_set/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-resources-limits-cpu-set/test_data/unit/list.yml b/policy/ocp/bestpractices/container_resources_limits_cpu_set/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-resources-limits-cpu-set/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_resources_limits_cpu_set/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-resources-limits-memory-greater-than/src.rego b/policy/ocp/bestpractices/container_resources_limits_memory_greater_than/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-resources-limits-memory-greater-than/src.rego rename to policy/ocp/bestpractices/container_resources_limits_memory_greater_than/src.rego diff --git a/policy/ocp/bestpractices/container-resources-limits-memory-greater-than/test_data/integration/list.yml b/policy/ocp/bestpractices/container_resources_limits_memory_greater_than/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-resources-limits-memory-greater-than/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_resources_limits_memory_greater_than/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-resources-limits-memory-greater-than/test_data/unit/list.yml b/policy/ocp/bestpractices/container_resources_limits_memory_greater_than/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-resources-limits-memory-greater-than/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_resources_limits_memory_greater_than/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-resources-limits-memory-notset/src.rego b/policy/ocp/bestpractices/container_resources_limits_memory_notset/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-resources-limits-memory-notset/src.rego rename to policy/ocp/bestpractices/container_resources_limits_memory_notset/src.rego diff --git a/policy/ocp/bestpractices/container-resources-limits-memory-notset/test_data/integration/list.yml b/policy/ocp/bestpractices/container_resources_limits_memory_notset/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-resources-limits-memory-notset/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_resources_limits_memory_notset/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-resources-limits-memory-notset/test_data/unit/list.yml b/policy/ocp/bestpractices/container_resources_limits_memory_notset/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-resources-limits-memory-notset/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_resources_limits_memory_notset/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-resources-memoryunit-incorrect/src.rego b/policy/ocp/bestpractices/container_resources_memoryunit_incorrect/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-resources-memoryunit-incorrect/src.rego rename to policy/ocp/bestpractices/container_resources_memoryunit_incorrect/src.rego diff --git a/policy/ocp/bestpractices/container-resources-memoryunit-incorrect/test_data/integration/list.yml b/policy/ocp/bestpractices/container_resources_memoryunit_incorrect/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-resources-memoryunit-incorrect/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_resources_memoryunit_incorrect/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-resources-memoryunit-incorrect/test_data/unit/list.yml b/policy/ocp/bestpractices/container_resources_memoryunit_incorrect/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-resources-memoryunit-incorrect/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_resources_memoryunit_incorrect/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect/src.rego b/policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect/src.rego rename to policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect/src.rego diff --git a/policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect/test_data/integration/list.yml b/policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect/test_data/unit/list.yml b/policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-resources-requests-cpuunit-incorrect/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_resources_requests_cpuunit_incorrect/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-resources-requests-memory-greater-than/src.rego b/policy/ocp/bestpractices/container_resources_requests_memory_greater_than/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-resources-requests-memory-greater-than/src.rego rename to policy/ocp/bestpractices/container_resources_requests_memory_greater_than/src.rego diff --git a/policy/ocp/bestpractices/container-resources-requests-memory-greater-than/test_data/integration/list.yml b/policy/ocp/bestpractices/container_resources_requests_memory_greater_than/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-resources-requests-memory-greater-than/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_resources_requests_memory_greater_than/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-resources-requests-memory-greater-than/test_data/unit/list.yml b/policy/ocp/bestpractices/container_resources_requests_memory_greater_than/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-resources-requests-memory-greater-than/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_resources_requests_memory_greater_than/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-secret-mounted-envs/src.rego b/policy/ocp/bestpractices/container_secret_mounted_envs/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-secret-mounted-envs/src.rego rename to policy/ocp/bestpractices/container_secret_mounted_envs/src.rego diff --git a/policy/ocp/bestpractices/container-secret-mounted-envs/test_data/integration/list.yml b/policy/ocp/bestpractices/container_secret_mounted_envs/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-secret-mounted-envs/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_secret_mounted_envs/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-secret-mounted-envs/test_data/unit/list.yml b/policy/ocp/bestpractices/container_secret_mounted_envs/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-secret-mounted-envs/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_secret_mounted_envs/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-volumemount-inconsistent-path/src.rego b/policy/ocp/bestpractices/container_volumemount_inconsistent_path/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-volumemount-inconsistent-path/src.rego rename to policy/ocp/bestpractices/container_volumemount_inconsistent_path/src.rego diff --git a/policy/ocp/bestpractices/container-volumemount-inconsistent-path/test_data/integration/list.yml b/policy/ocp/bestpractices/container_volumemount_inconsistent_path/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-volumemount-inconsistent-path/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_volumemount_inconsistent_path/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-volumemount-inconsistent-path/test_data/unit/list.yml b/policy/ocp/bestpractices/container_volumemount_inconsistent_path/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-volumemount-inconsistent-path/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_volumemount_inconsistent_path/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/container-volumemount-missing/src.rego b/policy/ocp/bestpractices/container_volumemount_missing/src.rego similarity index 100% rename from policy/ocp/bestpractices/container-volumemount-missing/src.rego rename to policy/ocp/bestpractices/container_volumemount_missing/src.rego diff --git a/policy/ocp/bestpractices/container-volumemount-missing/test_data/integration/list.yml b/policy/ocp/bestpractices/container_volumemount_missing/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-volumemount-missing/test_data/integration/list.yml rename to policy/ocp/bestpractices/container_volumemount_missing/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/container-volumemount-missing/test_data/unit/list.yml b/policy/ocp/bestpractices/container_volumemount_missing/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/container-volumemount-missing/test_data/unit/list.yml rename to policy/ocp/bestpractices/container_volumemount_missing/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/deploymentconfig-triggers-containername/src.rego b/policy/ocp/bestpractices/deploymentconfig_triggers_containername/src.rego similarity index 100% rename from policy/ocp/bestpractices/deploymentconfig-triggers-containername/src.rego rename to policy/ocp/bestpractices/deploymentconfig_triggers_containername/src.rego diff --git a/policy/ocp/bestpractices/deploymentconfig-triggers-containername/test_data/integration/list.yml b/policy/ocp/bestpractices/deploymentconfig_triggers_containername/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/deploymentconfig-triggers-containername/test_data/integration/list.yml rename to policy/ocp/bestpractices/deploymentconfig_triggers_containername/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/deploymentconfig-triggers-containername/test_data/unit/example.yml b/policy/ocp/bestpractices/deploymentconfig_triggers_containername/test_data/unit/example.yml similarity index 100% rename from policy/ocp/bestpractices/deploymentconfig-triggers-containername/test_data/unit/example.yml rename to policy/ocp/bestpractices/deploymentconfig_triggers_containername/test_data/unit/example.yml diff --git a/policy/ocp/bestpractices/deploymentconfig-triggers-notset/src.rego b/policy/ocp/bestpractices/deploymentconfig_triggers_notset/src.rego similarity index 100% rename from policy/ocp/bestpractices/deploymentconfig-triggers-notset/src.rego rename to policy/ocp/bestpractices/deploymentconfig_triggers_notset/src.rego diff --git a/policy/ocp/bestpractices/deploymentconfig-triggers-notset/test_data/unit/example.yml b/policy/ocp/bestpractices/deploymentconfig_triggers_notset/test_data/unit/example.yml similarity index 100% rename from policy/ocp/bestpractices/deploymentconfig-triggers-notset/test_data/unit/example.yml rename to policy/ocp/bestpractices/deploymentconfig_triggers_notset/test_data/unit/example.yml diff --git a/policy/ocp/bestpractices/pod-antiaffinity-notset/src.rego b/policy/ocp/bestpractices/pod_antiaffinity_notset/src.rego similarity index 100% rename from policy/ocp/bestpractices/pod-antiaffinity-notset/src.rego rename to policy/ocp/bestpractices/pod_antiaffinity_notset/src.rego diff --git a/policy/ocp/bestpractices/pod-antiaffinity-notset/test_data/integration/list.yml b/policy/ocp/bestpractices/pod_antiaffinity_notset/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/pod-antiaffinity-notset/test_data/integration/list.yml rename to policy/ocp/bestpractices/pod_antiaffinity_notset/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/pod-antiaffinity-notset/test_data/unit/list.yml b/policy/ocp/bestpractices/pod_antiaffinity_notset/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/pod-antiaffinity-notset/test_data/unit/list.yml rename to policy/ocp/bestpractices/pod_antiaffinity_notset/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/pod-hostnetwork/src.rego b/policy/ocp/bestpractices/pod_hostnetwork/src.rego similarity index 100% rename from policy/ocp/bestpractices/pod-hostnetwork/src.rego rename to policy/ocp/bestpractices/pod_hostnetwork/src.rego diff --git a/policy/ocp/bestpractices/pod-hostnetwork/test_data/integration/list.yml b/policy/ocp/bestpractices/pod_hostnetwork/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/pod-hostnetwork/test_data/integration/list.yml rename to policy/ocp/bestpractices/pod_hostnetwork/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/pod-hostnetwork/test_data/unit/list.yml b/policy/ocp/bestpractices/pod_hostnetwork/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/pod-hostnetwork/test_data/unit/list.yml rename to policy/ocp/bestpractices/pod_hostnetwork/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/pod-replicas-below-one/src.rego b/policy/ocp/bestpractices/pod_replicas_below_one/src.rego similarity index 100% rename from policy/ocp/bestpractices/pod-replicas-below-one/src.rego rename to policy/ocp/bestpractices/pod_replicas_below_one/src.rego diff --git a/policy/ocp/bestpractices/pod-replicas-below-one/test_data/integration/list.yml b/policy/ocp/bestpractices/pod_replicas_below_one/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/pod-replicas-below-one/test_data/integration/list.yml rename to policy/ocp/bestpractices/pod_replicas_below_one/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/pod-replicas-below-one/test_data/unit/list.yml b/policy/ocp/bestpractices/pod_replicas_below_one/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/pod-replicas-below-one/test_data/unit/list.yml rename to policy/ocp/bestpractices/pod_replicas_below_one/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/pod-replicas-not-odd/src.rego b/policy/ocp/bestpractices/pod_replicas_not_odd/src.rego similarity index 100% rename from policy/ocp/bestpractices/pod-replicas-not-odd/src.rego rename to policy/ocp/bestpractices/pod_replicas_not_odd/src.rego diff --git a/policy/ocp/bestpractices/pod-replicas-not-odd/test_data/integration/list.yml b/policy/ocp/bestpractices/pod_replicas_not_odd/test_data/integration/list.yml similarity index 100% rename from policy/ocp/bestpractices/pod-replicas-not-odd/test_data/integration/list.yml rename to policy/ocp/bestpractices/pod_replicas_not_odd/test_data/integration/list.yml diff --git a/policy/ocp/bestpractices/pod-replicas-not-odd/test_data/unit/list.yml b/policy/ocp/bestpractices/pod_replicas_not_odd/test_data/unit/list.yml similarity index 100% rename from policy/ocp/bestpractices/pod-replicas-not-odd/test_data/unit/list.yml rename to policy/ocp/bestpractices/pod_replicas_not_odd/test_data/unit/list.yml diff --git a/policy/ocp/bestpractices/rolebinding-roleref-apigroup-notset/src.rego b/policy/ocp/bestpractices/rolebinding_roleref_apigroup_notset/src.rego similarity index 100% rename from policy/ocp/bestpractices/rolebinding-roleref-apigroup-notset/src.rego rename to policy/ocp/bestpractices/rolebinding_roleref_apigroup_notset/src.rego diff --git a/policy/ocp/bestpractices/rolebinding-roleref-apigroup-notset/test_data/unit/example.yml b/policy/ocp/bestpractices/rolebinding_roleref_apigroup_notset/test_data/unit/example.yml similarity index 100% rename from policy/ocp/bestpractices/rolebinding-roleref-apigroup-notset/test_data/unit/example.yml rename to policy/ocp/bestpractices/rolebinding_roleref_apigroup_notset/test_data/unit/example.yml diff --git a/policy/ocp/bestpractices/rolebinding-roleref-kind-notset/src.rego b/policy/ocp/bestpractices/rolebinding_roleref_kind_notset/src.rego similarity index 100% rename from policy/ocp/bestpractices/rolebinding-roleref-kind-notset/src.rego rename to policy/ocp/bestpractices/rolebinding_roleref_kind_notset/src.rego diff --git a/policy/ocp/bestpractices/rolebinding-roleref-kind-notset/test_data/unit/example.yml b/policy/ocp/bestpractices/rolebinding_roleref_kind_notset/test_data/unit/example.yml similarity index 100% rename from policy/ocp/bestpractices/rolebinding-roleref-kind-notset/test_data/unit/example.yml rename to policy/ocp/bestpractices/rolebinding_roleref_kind_notset/test_data/unit/example.yml diff --git a/policy/ocp/bestpractices/route-tls-termination-notset/src.rego b/policy/ocp/bestpractices/route_tls_termination_notset/src.rego similarity index 100% rename from policy/ocp/bestpractices/route-tls-termination-notset/src.rego rename to policy/ocp/bestpractices/route_tls_termination_notset/src.rego diff --git a/policy/ocp/bestpractices/route-tls-termination-notset/test_data/integration/example.yml b/policy/ocp/bestpractices/route_tls_termination_notset/test_data/integration/example.yml similarity index 100% rename from policy/ocp/bestpractices/route-tls-termination-notset/test_data/integration/example.yml rename to policy/ocp/bestpractices/route_tls_termination_notset/test_data/integration/example.yml diff --git a/policy/ocp/bestpractices/route-tls-termination-notset/test_data/unit/example.yml b/policy/ocp/bestpractices/route_tls_termination_notset/test_data/unit/example.yml similarity index 100% rename from policy/ocp/bestpractices/route-tls-termination-notset/test_data/unit/example.yml rename to policy/ocp/bestpractices/route_tls_termination_notset/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/3_11/buildconfig-v1/src.rego b/policy/ocp/deprecated/ocp3_11/buildconfig_v1/src.rego similarity index 88% rename from policy/ocp/deprecated/3_11/buildconfig-v1/src.rego rename to policy/ocp/deprecated/ocp3_11/buildconfig_v1/src.rego index 9f258db5..5bb2d8f8 100644 --- a/policy/ocp/deprecated/3_11/buildconfig-v1/src.rego +++ b/policy/ocp/deprecated/ocp3_11/buildconfig_v1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-3_11-00001: BuildConfig no longer served by v1' +# title: 'RHCOP-OCP_DEPRECATED-ocp3_11-00001: BuildConfig no longer served by v1' # description: OCP4.x expects build.openshift.io/v1. # custom: # matchers: diff --git a/policy/ocp/deprecated/3_11/buildconfig-v1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp3_11/buildconfig_v1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/3_11/buildconfig-v1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp3_11/buildconfig_v1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/3_11/deploymentconfig-v1/src.rego b/policy/ocp/deprecated/ocp3_11/deploymentconfig_v1/src.rego similarity index 88% rename from policy/ocp/deprecated/3_11/deploymentconfig-v1/src.rego rename to policy/ocp/deprecated/ocp3_11/deploymentconfig_v1/src.rego index a9a65984..070af076 100644 --- a/policy/ocp/deprecated/3_11/deploymentconfig-v1/src.rego +++ b/policy/ocp/deprecated/ocp3_11/deploymentconfig_v1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-3_11-00002: DeploymentConfig no longer served by v1' +# title: 'RHCOP-OCP_DEPRECATED-ocp3_11-00002: DeploymentConfig no longer served by v1' # description: OCP4.x expects apps.openshift.io/v1. # custom: # matchers: diff --git a/policy/ocp/deprecated/3_11/deploymentconfig-v1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp3_11/deploymentconfig_v1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/3_11/deploymentconfig-v1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp3_11/deploymentconfig_v1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/3_11/imagestream-v1/src.rego b/policy/ocp/deprecated/ocp3_11/imagestream_v1/src.rego similarity index 88% rename from policy/ocp/deprecated/3_11/imagestream-v1/src.rego rename to policy/ocp/deprecated/ocp3_11/imagestream_v1/src.rego index fdbe1fa1..b3edb6b9 100644 --- a/policy/ocp/deprecated/3_11/imagestream-v1/src.rego +++ b/policy/ocp/deprecated/ocp3_11/imagestream_v1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-3_11-00003: ImageStream no longer served by v1' +# title: 'RHCOP-OCP_DEPRECATED-ocp3_11-00003: ImageStream no longer served by v1' # description: OCP4.x expects image.openshift.io/v1. # custom: # matchers: diff --git a/policy/ocp/deprecated/3_11/imagestream-v1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp3_11/imagestream_v1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/3_11/imagestream-v1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp3_11/imagestream_v1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/3_11/projectrequest-v1/src.rego b/policy/ocp/deprecated/ocp3_11/projectrequest_v1/src.rego similarity index 88% rename from policy/ocp/deprecated/3_11/projectrequest-v1/src.rego rename to policy/ocp/deprecated/ocp3_11/projectrequest_v1/src.rego index 885e1987..9036cbd6 100644 --- a/policy/ocp/deprecated/3_11/projectrequest-v1/src.rego +++ b/policy/ocp/deprecated/ocp3_11/projectrequest_v1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-3_11-00004: ProjectRequest no longer served by v1' +# title: 'RHCOP-OCP_DEPRECATED-ocp3_11-00004: ProjectRequest no longer served by v1' # description: OCP4.x expects project.openshift.io/v1. # custom: # matchers: diff --git a/policy/ocp/deprecated/3_11/projectrequest-v1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp3_11/projectrequest_v1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/3_11/projectrequest-v1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp3_11/projectrequest_v1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/3_11/rolebinding-v1/src.rego b/policy/ocp/deprecated/ocp3_11/rolebinding_v1/src.rego similarity index 88% rename from policy/ocp/deprecated/3_11/rolebinding-v1/src.rego rename to policy/ocp/deprecated/ocp3_11/rolebinding_v1/src.rego index 1c1da7b9..c54549f8 100644 --- a/policy/ocp/deprecated/3_11/rolebinding-v1/src.rego +++ b/policy/ocp/deprecated/ocp3_11/rolebinding_v1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-3_11-00005: RoleBinding no longer served by v1' +# title: 'RHCOP-OCP_DEPRECATED-ocp3_11-00005: RoleBinding no longer served by v1' # description: OCP4.x expects rbac.authorization.k8s.io/v1 # custom: # matchers: diff --git a/policy/ocp/deprecated/3_11/rolebinding-v1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp3_11/rolebinding_v1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/3_11/rolebinding-v1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp3_11/rolebinding_v1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/3_11/route-v1/src.rego b/policy/ocp/deprecated/ocp3_11/route_v1/src.rego similarity index 88% rename from policy/ocp/deprecated/3_11/route-v1/src.rego rename to policy/ocp/deprecated/ocp3_11/route_v1/src.rego index 1885c798..35e47569 100644 --- a/policy/ocp/deprecated/3_11/route-v1/src.rego +++ b/policy/ocp/deprecated/ocp3_11/route_v1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-3_11-00006: Route no longer served by v1' +# title: 'RHCOP-OCP_DEPRECATED-ocp3_11-00006: Route no longer served by v1' # description: OCP4.x expects route.openshift.io/v1. # custom: # matchers: diff --git a/policy/ocp/deprecated/3_11/route-v1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp3_11/route_v1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/3_11/route-v1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp3_11/route_v1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/3_11/securitycontextconstraints-v1/src.rego b/policy/ocp/deprecated/ocp3_11/securitycontextconstraints_v1/src.rego similarity index 88% rename from policy/ocp/deprecated/3_11/securitycontextconstraints-v1/src.rego rename to policy/ocp/deprecated/ocp3_11/securitycontextconstraints_v1/src.rego index 51bddcc4..cc2a31d0 100644 --- a/policy/ocp/deprecated/3_11/securitycontextconstraints-v1/src.rego +++ b/policy/ocp/deprecated/ocp3_11/securitycontextconstraints_v1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-3_11-00007: SecurityContextConstraints no longer served +# title: 'RHCOP-OCP_DEPRECATED-ocp3_11-00007: SecurityContextConstraints no longer served # by v1' # description: OCP4.x expects security.openshift.io/v1. # custom: diff --git a/policy/ocp/deprecated/3_11/securitycontextconstraints-v1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp3_11/securitycontextconstraints_v1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/3_11/securitycontextconstraints-v1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp3_11/securitycontextconstraints_v1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/3_11/template-v1/src.rego b/policy/ocp/deprecated/ocp3_11/template_v1/src.rego similarity index 88% rename from policy/ocp/deprecated/3_11/template-v1/src.rego rename to policy/ocp/deprecated/ocp3_11/template_v1/src.rego index 6126816a..344ae42a 100644 --- a/policy/ocp/deprecated/3_11/template-v1/src.rego +++ b/policy/ocp/deprecated/ocp3_11/template_v1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-3_11-00008: Template no longer served by v1' +# title: 'RHCOP-OCP_DEPRECATED-ocp3_11-00008: Template no longer served by v1' # description: OCP4.x expects template.openshift.io/v1. # custom: # matchers: diff --git a/policy/ocp/deprecated/3_11/template-v1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp3_11/template_v1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/3_11/template-v1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp3_11/template_v1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/4_1/buildconfig-custom-strategy/src.rego b/policy/ocp/deprecated/ocp4_1/buildconfig_custom_strategy/src.rego similarity index 92% rename from policy/ocp/deprecated/4_1/buildconfig-custom-strategy/src.rego rename to policy/ocp/deprecated/ocp4_1/buildconfig_custom_strategy/src.rego index a22482b6..d53f1aa7 100644 --- a/policy/ocp/deprecated/4_1/buildconfig-custom-strategy/src.rego +++ b/policy/ocp/deprecated/ocp4_1/buildconfig_custom_strategy/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-4_1-00001: BuildConfig exposeDockerSocket deprecated' +# title: 'RHCOP-OCP_DEPRECATED-ocp4_1-00001: BuildConfig exposeDockerSocket deprecated' # description: |- # 'spec.strategy.customStrategy.exposeDockerSocket' is no longer supported by BuildConfig. # See: https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-release-notes.html#ocp-41-deprecated-features diff --git a/policy/ocp/deprecated/4_1/buildconfig-custom-strategy/test_data/unit/example.yml b/policy/ocp/deprecated/ocp4_1/buildconfig_custom_strategy/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/4_1/buildconfig-custom-strategy/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp4_1/buildconfig_custom_strategy/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/4_2/authorization-openshift/src.rego b/policy/ocp/deprecated/ocp4_2/authorization_openshift/src.rego similarity index 91% rename from policy/ocp/deprecated/4_2/authorization-openshift/src.rego rename to policy/ocp/deprecated/ocp4_2/authorization_openshift/src.rego index fabd6b8f..9ced853f 100644 --- a/policy/ocp/deprecated/4_2/authorization-openshift/src.rego +++ b/policy/ocp/deprecated/ocp4_2/authorization_openshift/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-4_2-00001: authorization openshift io is deprecated' +# title: 'RHCOP-OCP_DEPRECATED-ocp4_2-00001: authorization openshift io is deprecated' # description: |- # From OCP4.2 onwards, you should migrate from 'authorization.openshift.io' to rbac.authorization.k8s.io/v1. # See: https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html#ocp-4-2-deprecated-features diff --git a/policy/ocp/deprecated/4_2/authorization-openshift/test_data/unit/example.yml b/policy/ocp/deprecated/ocp4_2/authorization_openshift/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/4_2/authorization-openshift/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp4_2/authorization_openshift/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/4_2/automationbroker-v1alpha1/src.rego b/policy/ocp/deprecated/ocp4_2/automationbroker_v1alpha1/src.rego similarity index 91% rename from policy/ocp/deprecated/4_2/automationbroker-v1alpha1/src.rego rename to policy/ocp/deprecated/ocp4_2/automationbroker_v1alpha1/src.rego index f6ed98c7..ad85a91a 100644 --- a/policy/ocp/deprecated/4_2/automationbroker-v1alpha1/src.rego +++ b/policy/ocp/deprecated/ocp4_2/automationbroker_v1alpha1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-4_2-00002: automationbroker io v1alpha1 is deprecated' +# title: 'RHCOP-OCP_DEPRECATED-ocp4_2-00002: automationbroker io v1alpha1 is deprecated' # description: |- # 'automationbroker.io/v1alpha1' is deprecated in OCP 4.2 and removed in 4.4. # See: https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html#ocp-4-2-deprecated-features diff --git a/policy/ocp/deprecated/4_2/automationbroker-v1alpha1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp4_2/automationbroker_v1alpha1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/4_2/automationbroker-v1alpha1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp4_2/automationbroker_v1alpha1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/4_2/catalogsourceconfigs-v1/src.rego b/policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v1/src.rego similarity index 91% rename from policy/ocp/deprecated/4_2/catalogsourceconfigs-v1/src.rego rename to policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v1/src.rego index a3bddce4..f0db7fc9 100644 --- a/policy/ocp/deprecated/4_2/catalogsourceconfigs-v1/src.rego +++ b/policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-4_2-00003: operators coreos com v1 CatalogSourceConfigs +# title: 'RHCOP-OCP_DEPRECATED-ocp4_2-00003: operators coreos com v1 CatalogSourceConfigs # is deprecated' # description: |- # 'operators.coreos.com/v1:CatalogSourceConfigs' is deprecated in OCP 4.2 and removed in 4.5. diff --git a/policy/ocp/deprecated/4_2/catalogsourceconfigs-v1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/4_2/catalogsourceconfigs-v1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/4_2/catalogsourceconfigs-v2/src.rego b/policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v2/src.rego similarity index 91% rename from policy/ocp/deprecated/4_2/catalogsourceconfigs-v2/src.rego rename to policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v2/src.rego index 220b5322..6db63412 100644 --- a/policy/ocp/deprecated/4_2/catalogsourceconfigs-v2/src.rego +++ b/policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v2/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-4_2-00004: operators coreos com v2 CatalogSourceConfigs +# title: 'RHCOP-OCP_DEPRECATED-ocp4_2-00004: operators coreos com v2 CatalogSourceConfigs # is deprecated' # description: |- # 'operators.coreos.com/v2:CatalogSourceConfigs' is deprecated in OCP 4.2 and removed in 4.5. diff --git a/policy/ocp/deprecated/4_2/catalogsourceconfigs-v2/test_data/unit/example.yml b/policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v2/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/4_2/catalogsourceconfigs-v2/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp4_2/catalogsourceconfigs_v2/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/4_2/operatorsources-v1/src.rego b/policy/ocp/deprecated/ocp4_2/operatorsources_v1/src.rego similarity index 90% rename from policy/ocp/deprecated/4_2/operatorsources-v1/src.rego rename to policy/ocp/deprecated/ocp4_2/operatorsources_v1/src.rego index 35c6e49c..1976e9bd 100644 --- a/policy/ocp/deprecated/4_2/operatorsources-v1/src.rego +++ b/policy/ocp/deprecated/ocp4_2/operatorsources_v1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-4_2-00005: operators coreos com v1 OperatorSource is +# title: 'RHCOP-OCP_DEPRECATED-ocp4_2-00005: operators coreos com v1 OperatorSource is # deprecated' # description: |- # 'operators.coreos.com/v1:OperatorSource' is deprecated in OCP 4.2 and will be removed in a future version. diff --git a/policy/ocp/deprecated/4_2/operatorsources-v1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp4_2/operatorsources_v1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/4_2/operatorsources-v1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp4_2/operatorsources_v1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/4_2/osb-v1/src.rego b/policy/ocp/deprecated/ocp4_2/osb_v1/src.rego similarity index 91% rename from policy/ocp/deprecated/4_2/osb-v1/src.rego rename to policy/ocp/deprecated/ocp4_2/osb_v1/src.rego index b2af81f1..1c3242bf 100644 --- a/policy/ocp/deprecated/4_2/osb-v1/src.rego +++ b/policy/ocp/deprecated/ocp4_2/osb_v1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-4_2-00006: osb openshift io v1 is deprecated' +# title: 'RHCOP-OCP_DEPRECATED-ocp4_2-00006: osb openshift io v1 is deprecated' # description: |- # 'osb.openshift.io/v1' is deprecated in OCP 4.2 and removed in 4.5. # See: https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html#ocp-4-2-deprecated-features diff --git a/policy/ocp/deprecated/4_2/osb-v1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp4_2/osb_v1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/4_2/osb-v1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp4_2/osb_v1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/4_2/servicecatalog-v1beta1/src.rego b/policy/ocp/deprecated/ocp4_2/servicecatalog_v1beta1/src.rego similarity index 91% rename from policy/ocp/deprecated/4_2/servicecatalog-v1beta1/src.rego rename to policy/ocp/deprecated/ocp4_2/servicecatalog_v1beta1/src.rego index 1252d2da..1e512964 100644 --- a/policy/ocp/deprecated/4_2/servicecatalog-v1beta1/src.rego +++ b/policy/ocp/deprecated/ocp4_2/servicecatalog_v1beta1/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-4_2-00007: servicecatalog k8s io v1beta1 is deprecated' +# title: 'RHCOP-OCP_DEPRECATED-ocp4_2-00007: servicecatalog k8s io v1beta1 is deprecated' # description: |- # 'servicecatalog.k8s.io/v1beta1' is deprecated in OCP 4.2 and removed in 4.5. # See: https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html#ocp-4-2-deprecated-features diff --git a/policy/ocp/deprecated/4_2/servicecatalog-v1beta1/test_data/unit/example.yml b/policy/ocp/deprecated/ocp4_2/servicecatalog_v1beta1/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/4_2/servicecatalog-v1beta1/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp4_2/servicecatalog_v1beta1/test_data/unit/example.yml diff --git a/policy/ocp/deprecated/4_3/buildconfig-jenkinspipeline-strategy/src.rego b/policy/ocp/deprecated/ocp4_3/buildconfig_jenkinspipeline_strategy/src.rego similarity index 90% rename from policy/ocp/deprecated/4_3/buildconfig-jenkinspipeline-strategy/src.rego rename to policy/ocp/deprecated/ocp4_3/buildconfig_jenkinspipeline_strategy/src.rego index 4f875453..d460a97b 100644 --- a/policy/ocp/deprecated/4_3/buildconfig-jenkinspipeline-strategy/src.rego +++ b/policy/ocp/deprecated/ocp4_3/buildconfig_jenkinspipeline_strategy/src.rego @@ -1,5 +1,5 @@ # METADATA -# title: 'RHCOP-OCP_DEPRECATED-4_3-00001: BuildConfig jenkinsPipelineStrategy is deprecated' +# title: 'RHCOP-OCP_DEPRECATED-ocp4_3-00001: BuildConfig jenkinsPipelineStrategy is deprecated' # description: |- # 'spec.strategy.jenkinsPipelineStrategy' is no longer supported by BuildConfig. # See: https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html#ocp-4-3-deprecated-features diff --git a/policy/ocp/deprecated/4_3/buildconfig-jenkinspipeline-strategy/test_data/unit/example.yml b/policy/ocp/deprecated/ocp4_3/buildconfig_jenkinspipeline_strategy/test_data/unit/example.yml similarity index 100% rename from policy/ocp/deprecated/4_3/buildconfig-jenkinspipeline-strategy/test_data/unit/example.yml rename to policy/ocp/deprecated/ocp4_3/buildconfig_jenkinspipeline_strategy/test_data/unit/example.yml diff --git a/policy/ocp/requiresinventory/README.md b/policy/ocp/requiresinventory/README.md index f657a257..da502bdf 100644 --- a/policy/ocp/requiresinventory/README.md +++ b/policy/ocp/requiresinventory/README.md @@ -3,5 +3,5 @@ These policies can only be executed via `Gatekeeper` as they require `data.inven `conftest` can be used if `--data` is passed to provide `data.inventory`. As `data.inventory` is a cache, these policies create an order of creation dependency (i.e.: a race-condition). -For example, a PVC which is created after the Deployment for `deployment-has-matching-pvc` would cause the policy to deny. +For example, a PVC which is created after the Deployment for `deployment_has_matching_pvc` would cause the policy to deny. Due to this, policies which require `data.inventory` should be limited as it is possible to create unforeseen issues. \ No newline at end of file diff --git a/policy/ocp/requiresinventory/data_inventory.rego b/policy/ocp/requiresinventory/data_inventory.rego index 08e5bcb8..5fb37ddd 100644 --- a/policy/ocp/requiresinventory/data_inventory.rego +++ b/policy/ocp/requiresinventory/data_inventory.rego @@ -1,3 +1,4 @@ +# regal ignore:directory-package-mismatch package inventory # Test data to mock out data.inventory cache provided by Gatekeeper diff --git a/policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget/src.rego b/policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget/src.rego similarity index 100% rename from policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget/src.rego rename to policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget/src.rego diff --git a/policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget/test_data/integration/list.yml b/policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget/test_data/integration/list.yml similarity index 100% rename from policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget/test_data/integration/list.yml rename to policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget/test_data/integration/list.yml diff --git a/policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget/test_data/unit/list.yml b/policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget/test_data/unit/list.yml similarity index 100% rename from policy/ocp/requiresinventory/deployment-has-matching-poddisruptionbudget/test_data/unit/list.yml rename to policy/ocp/requiresinventory/deployment_has_matching_poddisruptionbudget/test_data/unit/list.yml diff --git a/policy/ocp/requiresinventory/deployment-has-matching-pvc/src.rego b/policy/ocp/requiresinventory/deployment_has_matching_pvc/src.rego similarity index 100% rename from policy/ocp/requiresinventory/deployment-has-matching-pvc/src.rego rename to policy/ocp/requiresinventory/deployment_has_matching_pvc/src.rego diff --git a/policy/ocp/requiresinventory/deployment-has-matching-pvc/test_data/integration/list.yml b/policy/ocp/requiresinventory/deployment_has_matching_pvc/test_data/integration/list.yml similarity index 100% rename from policy/ocp/requiresinventory/deployment-has-matching-pvc/test_data/integration/list.yml rename to policy/ocp/requiresinventory/deployment_has_matching_pvc/test_data/integration/list.yml diff --git a/policy/ocp/requiresinventory/deployment-has-matching-pvc/test_data/unit/list.yml b/policy/ocp/requiresinventory/deployment_has_matching_pvc/test_data/unit/list.yml similarity index 100% rename from policy/ocp/requiresinventory/deployment-has-matching-pvc/test_data/unit/list.yml rename to policy/ocp/requiresinventory/deployment_has_matching_pvc/test_data/unit/list.yml diff --git a/policy/ocp/requiresinventory/deployment-has-matching-service/src.rego b/policy/ocp/requiresinventory/deployment_has_matching_service/src.rego similarity index 100% rename from policy/ocp/requiresinventory/deployment-has-matching-service/src.rego rename to policy/ocp/requiresinventory/deployment_has_matching_service/src.rego diff --git a/policy/ocp/requiresinventory/deployment-has-matching-service/test_data/integration/list.yml b/policy/ocp/requiresinventory/deployment_has_matching_service/test_data/integration/list.yml similarity index 100% rename from policy/ocp/requiresinventory/deployment-has-matching-service/test_data/integration/list.yml rename to policy/ocp/requiresinventory/deployment_has_matching_service/test_data/integration/list.yml diff --git a/policy/ocp/requiresinventory/deployment-has-matching-service/test_data/unit/list.yml b/policy/ocp/requiresinventory/deployment_has_matching_service/test_data/unit/list.yml similarity index 100% rename from policy/ocp/requiresinventory/deployment-has-matching-service/test_data/unit/list.yml rename to policy/ocp/requiresinventory/deployment_has_matching_service/test_data/unit/list.yml diff --git a/policy/ocp/requiresinventory/deployment-has-matching-serviceaccount/src.rego b/policy/ocp/requiresinventory/deployment_has_matching_serviceaccount/src.rego similarity index 100% rename from policy/ocp/requiresinventory/deployment-has-matching-serviceaccount/src.rego rename to policy/ocp/requiresinventory/deployment_has_matching_serviceaccount/src.rego diff --git a/policy/ocp/requiresinventory/deployment-has-matching-serviceaccount/test_data/integration/list.yml b/policy/ocp/requiresinventory/deployment_has_matching_serviceaccount/test_data/integration/list.yml similarity index 100% rename from policy/ocp/requiresinventory/deployment-has-matching-serviceaccount/test_data/integration/list.yml rename to policy/ocp/requiresinventory/deployment_has_matching_serviceaccount/test_data/integration/list.yml diff --git a/policy/ocp/requiresinventory/deployment-has-matching-serviceaccount/test_data/unit/list.yml b/policy/ocp/requiresinventory/deployment_has_matching_serviceaccount/test_data/unit/list.yml similarity index 100% rename from policy/ocp/requiresinventory/deployment-has-matching-serviceaccount/test_data/unit/list.yml rename to policy/ocp/requiresinventory/deployment_has_matching_serviceaccount/test_data/unit/list.yml diff --git a/policy/ocp/requiresinventory/service-has-matching-servicemonitor/src.rego b/policy/ocp/requiresinventory/service_has_matching_servicemonitor/src.rego similarity index 95% rename from policy/ocp/requiresinventory/service-has-matching-servicemonitor/src.rego rename to policy/ocp/requiresinventory/service_has_matching_servicemonitor/src.rego index 62f3666f..14e64d12 100644 --- a/policy/ocp/requiresinventory/service-has-matching-servicemonitor/src.rego +++ b/policy/ocp/requiresinventory/service_has_matching_servicemonitor/src.rego @@ -10,7 +10,7 @@ # - "" # kinds: # - Service -package ocp.requiresinventory.service_has_matching_servicenonitor +package ocp.requiresinventory.service_has_matching_servicemonitor import future.keywords.in diff --git a/policy/ocp/requiresinventory/service-has-matching-servicemonitor/test_data/integration/list.yml b/policy/ocp/requiresinventory/service_has_matching_servicemonitor/test_data/integration/list.yml similarity index 100% rename from policy/ocp/requiresinventory/service-has-matching-servicemonitor/test_data/integration/list.yml rename to policy/ocp/requiresinventory/service_has_matching_servicemonitor/test_data/integration/list.yml diff --git a/policy/ocp/requiresinventory/service-has-matching-servicemonitor/test_data/unit/list.yml b/policy/ocp/requiresinventory/service_has_matching_servicemonitor/test_data/unit/list.yml similarity index 100% rename from policy/ocp/requiresinventory/service-has-matching-servicemonitor/test_data/unit/list.yml rename to policy/ocp/requiresinventory/service_has_matching_servicemonitor/test_data/unit/list.yml diff --git a/policy/podman/data_parameters.rego b/policy/podman/data_parameters.rego index f1a32cf0..c5bd36b2 100644 --- a/policy/podman/data_parameters.rego +++ b/policy/podman/data_parameters.rego @@ -1,7 +1,8 @@ +# regal ignore:directory-package-mismatch package parameters -# history/contains-layer +# history/contains_layer expected_layer_ids := ["cd343f0d83042932fa992e095cd4a93a89a3520873f99b0e15fde69eb46e7e10"] -# images/image-size-not-greater-than +# images/image_size_not_greater_than image_size_upperbound := 512 diff --git a/policy/podman/history/contains-layer/src.rego b/policy/podman/history/contains_layer/src.rego similarity index 100% rename from policy/podman/history/contains-layer/src.rego rename to policy/podman/history/contains_layer/src.rego diff --git a/policy/podman/history/contains-layer/test_data/unit/jenkins-base.json b/policy/podman/history/contains_layer/test_data/unit/jenkins-base.json similarity index 100% rename from policy/podman/history/contains-layer/test_data/unit/jenkins-base.json rename to policy/podman/history/contains_layer/test_data/unit/jenkins-base.json diff --git a/policy/podman/history/contains-layer/test_data/unit/jenkins-python-mising.json b/policy/podman/history/contains_layer/test_data/unit/jenkins-python-mising.json similarity index 100% rename from policy/podman/history/contains-layer/test_data/unit/jenkins-python-mising.json rename to policy/podman/history/contains_layer/test_data/unit/jenkins-python-mising.json diff --git a/policy/podman/history/contains-layer/test_data/unit/jenkins-python.json b/policy/podman/history/contains_layer/test_data/unit/jenkins-python.json similarity index 100% rename from policy/podman/history/contains-layer/test_data/unit/jenkins-python.json rename to policy/podman/history/contains_layer/test_data/unit/jenkins-python.json diff --git a/policy/podman/images/image-size-not-greater-than/src.rego b/policy/podman/images/image_size_not_greater_than/src.rego similarity index 100% rename from policy/podman/images/image-size-not-greater-than/src.rego rename to policy/podman/images/image_size_not_greater_than/src.rego diff --git a/policy/podman/images/image-size-not-greater-than/test_data/unit/jenkins-base.json b/policy/podman/images/image_size_not_greater_than/test_data/unit/jenkins-base.json similarity index 100% rename from policy/podman/images/image-size-not-greater-than/test_data/unit/jenkins-base.json rename to policy/podman/images/image_size_not_greater_than/test_data/unit/jenkins-base.json diff --git a/policy/tekton/README.md b/policy/tekton/README.md deleted file mode 100644 index 55db2c9a..00000000 --- a/policy/tekton/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# tekton -These policies should be executed by `conftest` and `Gatekeeper`. \ No newline at end of file