-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexample_test.rego
More file actions
41 lines (36 loc) · 898 Bytes
/
example_test.rego
File metadata and controls
41 lines (36 loc) · 898 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
package example.test_rule
import data.example.rule
test_unsafe_security_context {
unsafe_config := {
"request": {
"kind": {"kind": "Pod"},
"object": {
"spec": {
"containers": [
{"name": "my-opa-unit-test"},
{"image": "busybox"},
{"securityContext": {"privileged": "true"}}
]
}
}
}
}
count(rule.deny) == 1 with input as unsafe_config
}
test_safe_security_context {
safe_config := {
"request": {
"kind": {"kind": "Pod"},
"object": {
"spec": {
"containers": [
{"image": "hooli.com/nginx"},
{"image": "busybox"},
{"securityContext": {"privileged": "false"}}
]
}
}
}
}
count(rule.allow) == 1 with input as safe_config
}