From 400c3b8c531680f0da72c11c2759ddedee724c05 Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Wed, 24 Jul 2024 17:22:48 +0300 Subject: [PATCH 1/3] Adding review path for the service Signed-off-by: Amit Schendel --- rules/unauthenticated-service/raw.rego | 4 +++- rules/unauthenticated-service/test/fail_service/expected.json | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/rules/unauthenticated-service/raw.rego b/rules/unauthenticated-service/raw.rego index cdc4c9cc..1b2d7c27 100644 --- a/rules/unauthenticated-service/raw.rego +++ b/rules/unauthenticated-service/raw.rego @@ -29,7 +29,9 @@ deny contains msga if { "packagename": "armo_builtins", "alertObject": {"k8sApiObjects": [wl]}, "relatedObjects": [ - {"object": service}, + {"object": service, + "reviewPaths": ["spec"], + }, ], } } diff --git a/rules/unauthenticated-service/test/fail_service/expected.json b/rules/unauthenticated-service/test/fail_service/expected.json index 6a14dcbd..8e3abc42 100644 --- a/rules/unauthenticated-service/test/fail_service/expected.json +++ b/rules/unauthenticated-service/test/fail_service/expected.json @@ -45,7 +45,7 @@ } } }, - "reviewPaths": null + "reviewPaths": ["spec"] } ], "reviewPaths": ["spec"], From 86e5ebb70bf4a3f816fac1bb184c1666dadd35ab Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Thu, 25 Jul 2024 13:22:26 +0300 Subject: [PATCH 2/3] PR fixes Signed-off-by: Amit Schendel --- rules/unauthenticated-service/raw.rego | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/rules/unauthenticated-service/raw.rego b/rules/unauthenticated-service/raw.rego index 1b2d7c27..a0a3a95a 100644 --- a/rules/unauthenticated-service/raw.rego +++ b/rules/unauthenticated-service/raw.rego @@ -17,14 +17,11 @@ deny contains msga if { service_name := service.metadata.name has_unauthenticated_service(service_name, service.metadata.namespace, service_scan_result) - # Path to the service object - path := "spec" - msga := { "alertMessage": sprintf("Unauthenticated service %v exposes %v", [service_name, wl.metadata.name]), "alertScore": 7, "fixPaths": [], - "reviewPaths": [path], + "reviewPaths": ["spec"], "failedPaths": [], "packagename": "armo_builtins", "alertObject": {"k8sApiObjects": [wl]}, From ef079e794fe6f11afb3b92c91505e09a1804d3c2 Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Thu, 25 Jul 2024 13:41:08 +0300 Subject: [PATCH 3/3] Adding CR fixes Signed-off-by: Amit Schendel --- rules/unauthenticated-service/raw.rego | 2 +- rules/unauthenticated-service/test/fail_service/expected.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/unauthenticated-service/raw.rego b/rules/unauthenticated-service/raw.rego index a0a3a95a..6e311218 100644 --- a/rules/unauthenticated-service/raw.rego +++ b/rules/unauthenticated-service/raw.rego @@ -21,7 +21,7 @@ deny contains msga if { "alertMessage": sprintf("Unauthenticated service %v exposes %v", [service_name, wl.metadata.name]), "alertScore": 7, "fixPaths": [], - "reviewPaths": ["spec"], + "reviewPaths": [], "failedPaths": [], "packagename": "armo_builtins", "alertObject": {"k8sApiObjects": [wl]}, diff --git a/rules/unauthenticated-service/test/fail_service/expected.json b/rules/unauthenticated-service/test/fail_service/expected.json index 8e3abc42..3d733686 100644 --- a/rules/unauthenticated-service/test/fail_service/expected.json +++ b/rules/unauthenticated-service/test/fail_service/expected.json @@ -48,7 +48,7 @@ "reviewPaths": ["spec"] } ], - "reviewPaths": ["spec"], + "reviewPaths": [], "ruleStatus": "" } ]