Skip to content

Commit 7d56ea0

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #8669 from ameukam/update-conftest-policies
Update conftest policies
2 parents bf397c7 + a71913b commit 7d56ea0

File tree

2 files changed

+11
-16
lines changed

2 files changed

+11
-16
lines changed

policy/deprecations.rego

Lines changed: 7 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,48 +1,43 @@
11
package main
2-
3-
warn[msg] {
4-
input.apiVersion != "v1"
5-
input.kind != "List"
6-
msg := _warn
7-
}
2+
import rego.v1
83

94
# All resources will no longer be served from rbac.authorization.k8s.io/v1alpha1 and rbac.authorization.k8s.io/v1beta1 in 1.20. Migrate to use rbac.authorization.k8s.io/v1 instead
10-
_warn = msg {
5+
warn contains msg if {
116
apis := ["rbac.authorization.k8s.io/v1alpha1", "rbac.authorization.k8s.io/v1beta1"]
127
input.apiVersion == apis[_]
138
msg := sprintf("%s/%s: API %s is deprecated from Kubernetes 1.20, use rbac.authorization.k8s.io/v1 instead.", [input.kind, input.metadata.name, input.apiVersion])
149
}
1510

1611
# All resources under apps/v1beta1 and apps/v1beta2 - use apps/v1 instead
17-
_warn = msg {
12+
warn contains msg if {
1813
apis := ["apps/v1beta1", "apps/v1beta2"]
1914
input.apiVersion == apis[_]
2015
msg := sprintf("%s/%s: API %s has been deprecated, use apps/v1 instead.", [input.kind, input.metadata.name, input.apiVersion])
2116
}
2217

2318
# daemonsets, deployments, replicasets resources under extensions/v1beta1 - use apps/v1 instead
24-
_warn = msg {
19+
deny contains msg if {
2520
resources := ["DaemonSet", "Deployment", "ReplicaSet"]
2621
input.apiVersion == "extensions/v1beta1"
2722
input.kind == resources[_]
2823
msg := sprintf("%s/%s: API extensions/v1beta1 for %s has been deprecated, use apps/v1 instead.", [input.kind, input.metadata.name, input.kind])
2924
}
3025

3126
# Ingress resources extensions/v1beta1 will no longer be served from in v1.20. Migrate use to the networking.k8s.io/v1beta1 API, available since v1.14.
32-
_warn = msg {
27+
warn contains msg if {
3328
input.apiVersion == "extensions/v1beta1"
3429
input.kind == "Ingress"
3530
msg := sprintf("%s/%s: API extensions/v1beta1 for Ingress is deprecated from Kubernetes 1.14, use networking.k8s.io/v1beta1 instead.", [input.kind, input.metadata.name])
3631
}
3732

3833
# ref: https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/
39-
_warn = msg {
34+
warn contains msg if {
4035
input.apiVersion == "apiextensions.k8s.io/v1beta1"
4136
input.kind == "CustomResourceDefinition"
4237
msg := sprintf("%s/%s: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition instead", [input.kind, input.metadata.name])
4338
}
4439

45-
_warn = msg {
40+
warn contains msg if {
4641
input.apiVersion == "networking.k8s.io/v1beta1"
4742
input.kind == "Ingress"
4843
msg := sprintf("%s/%s: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress instead", [input.kind, input.metadata.name])

policy/kubernetes.rego

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11

22
package kubernetes
33

4-
is_service {
4+
is_service if {
55
input.kind = "Service"
66
}
77

8-
is_deployment {
8+
is_deployment if {
99
input.kind = "Deployment"
1010
}
1111

12-
is_ingress {
12+
is_ingress if {
1313
input.kind = "Ingress"
14-
}
14+
}

0 commit comments

Comments
 (0)