feat(terraform): add versioned kubernetes resources to terraform kube…

…rnetes checks (1/5) (bridgecrewio#3653) Add versioned kubernetes resources to terraform kubernetes checks (Part 1/5)
ugrave · Oct 18, 2022 · cd5033c · cd5033c
1 parent 642a0c3
commit cd5033c
Show file tree

Hide file tree

Showing 20 changed files with 1,837 additions and 19 deletions.
diff --git a/checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalation.py b/checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalation.py
@@ -14,7 +14,7 @@ def __init__(self):
 
         name = "Containers should not run with allowPrivilegeEscalation"
         id = "CKV_K8S_20"
-        supported_resources = ['kubernetes_pod']
+        supported_resources = ['kubernetes_pod', 'kubernetes_pod_v1']
         categories = [CheckCategories.GENERAL_SECURITY]
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
 

diff --git a/checkov/terraform/checks/resource/kubernetes/AllowedCapabilities.py b/checkov/terraform/checks/resource/kubernetes/AllowedCapabilities.py
@@ -12,7 +12,7 @@ def __init__(self):
 
         id = "CKV_K8S_25"
 
-        supported_resources = ['kubernetes_pod']
+        supported_resources = ['kubernetes_pod', 'kubernetes_pod_v1']
         categories = [CheckCategories.GENERAL_SECURITY]
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
 

diff --git a/checkov/terraform/checks/resource/kubernetes/AllowedCapabilitiesSysAdmin.py b/checkov/terraform/checks/resource/kubernetes/AllowedCapabilitiesSysAdmin.py
@@ -10,7 +10,7 @@ def __init__(self):
         # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
         id = "CKV_K8S_39"
 
-        supported_resources = ['kubernetes_pod']
+        supported_resources = ['kubernetes_pod', 'kubernetes_pod_v1']
         categories = [CheckCategories.GENERAL_SECURITY]
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
 

diff --git a/checkov/terraform/checks/resource/kubernetes/CPULimits.py b/checkov/terraform/checks/resource/kubernetes/CPULimits.py
@@ -10,7 +10,7 @@ class CPULimits(BaseResourceCheck):
     def __init__(self) -> None:
         name = "CPU Limits should be set"
         id = "CKV_K8S_11"
-        supported_resources = ["kubernetes_pod"]
+        supported_resources = ["kubernetes_pod", "kubernetes_pod_v1"]
         categories = [CheckCategories.GENERAL_SECURITY]
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
 

diff --git a/checkov/terraform/checks/resource/kubernetes/CPURequests.py b/checkov/terraform/checks/resource/kubernetes/CPURequests.py
@@ -6,7 +6,7 @@ class CPURequests(BaseResourceCheck):
     def __init__(self):
         name = "CPU requests should be set"
         id = "CKV_K8S_10"
-        supported_resources = ["kubernetes_pod"]
+        supported_resources = ["kubernetes_pod", "kubernetes_pod_v1"]
         categories = [CheckCategories.GENERAL_SECURITY]
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
 

diff --git a/checkov/terraform/checks/resource/kubernetes/ContainerSecurityContext.py b/checkov/terraform/checks/resource/kubernetes/ContainerSecurityContext.py
@@ -11,7 +11,7 @@ def __init__(self):
         # Location: container .securityContext
         id = "CKV_K8S_30"
 
-        supported_resources = ['kubernetes_pod']
+        supported_resources = ['kubernetes_pod', 'kubernetes_pod_v1']
         categories = [CheckCategories.GENERAL_SECURITY]
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)