Correct k8s Query

cast-and-crew · Sep 7, 2022 · f25382a · f25382a
1 parent bc6e197
commit f25382a
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 4 deletions.
diff --git a/assets/libraries/k8s.rego b/assets/libraries/k8s.rego
@@ -18,6 +18,14 @@ checkKind(currentKind, listKinds) {
 	currentKind == listKinds[i]
 }
 
+checkKindWithKnative(doc, listKinds, knativeKinds) {
+	doc.kind == listKinds[i]
+} else {
+	contains(doc.apiVersion, "knative")
+	doc.kind == knativeKinds[i]
+}
+
+
 hasFlag(container, flag) {
 	common_lib.inArray(container.command, flag)
 } else {

diff --git a/assets/queries/k8s/service_account_token_automount_not_disabled/query.rego b/assets/queries/k8s/service_account_token_automount_not_disabled/query.rego
@@ -3,11 +3,12 @@ package Cx
 import data.generic.common as common_lib
 import data.generic.k8s as k8sLib
 
-listKinds := ["Pod", "Deployment", "DaemonSet", "StatefulSet", "ReplicaSet", "ReplicationController", "Job", "CronJob", "Configuration", "Service", "Revision", "ContainerSource"]
+knativeKinds := ["Configuration", "Service", "Revision", "ContainerSource"]
+listKinds := ["Pod", "Deployment", "DaemonSet", "StatefulSet", "ReplicaSet", "ReplicationController", "Job", "CronJob" ]
 
 CxPolicy[result] {
 	document := input.document[i]
-	k8sLib.checkKind(document.kind, listKinds)
+	k8sLib.checkKindWithKnative(document, listKinds, knativeKinds)
 	metadata := document.metadata
 
 	specInfo := k8sLib.getSpecInfo(document)
@@ -16,7 +17,7 @@ CxPolicy[result] {
 
 CxPolicy[result] {
 	document := input.document[i]
-	k8sLib.checkKind(document.kind, listKinds)
+	k8sLib.checkKindWithKnative(document, listKinds, knativeKinds)
 	metadata := document.metadata
 
 	specInfo := k8sLib.getSpecInfo(document)

diff --git a/test/main_test.go b/test/main_test.go
@@ -59,7 +59,7 @@ var (
 		"../assets/queries/googleDeploymentManager": {FileKind: []model.FileKind{model.KindYAML}, Platform: "googleDeploymentManager"},
 		"../assets/queries/grpc":                    {FileKind: []model.FileKind{model.KindPROTO}, Platform: "grpc"},
 		"../assets/queries/buildah":                 {FileKind: []model.FileKind{model.KindBUILDAH}, Platform: "buildah"},
-    "../assets/queries/serverlessFW":            {FileKind: []model.FileKind{model.KindYAML, model.KindYML}, Platform: "serverlessFW"},
+		"../assets/queries/serverlessFW":            {FileKind: []model.FileKind{model.KindYAML, model.KindYML}, Platform: "serverlessFW"},
 		"../assets/queries/knative":                 {FileKind: []model.FileKind{model.KindYAML}, Platform: "knative"},
 	}