Skip to content

Commit a3a4395

Browse files
darryk10Kaizhe
darryk10
authored and
Kaizhe
committed
introduced opa policy generation
1 parent 0186148 commit a3a4395

File tree

1 file changed

+0
-27
lines changed

1 file changed

+0
-27
lines changed

generator/generator.go

Lines changed: 0 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -818,8 +818,6 @@ func (pg *Generator) GenerateOPAPodWithName(
818818
valueSecContextRule.Body.Append(ast.NewExpr(ast.VarTerm("valueAddedCap(container)")))
819819
valueAddedCapRule := addOPARule("valueAddedCap", "addedCap")
820820
valueAddedCapRule.Body.Append(ast.MustParseExpr("caps = {" + strings.Join(addedCap, ",") + "}"))
821-
//valueAddedCapRule.Body.Append(ast.MustParseExpr("setAddedCap := {"+basepath+".containers[i].securityContext.capabilities.add[i] | "+basepath+".containers[i].securityContext.capabilities.add[i] != null}"))
822-
//valueAddedCapRule.Body.Append(ast.MustParseExpr("count(setAddedCap) > 0"))
823821
valueAddedCapRule.Body.Append(ast.MustParseExpr("diff_fields := {label | label := " + basepath + ".containers[_].securityContext.capabilities.add[_]} - caps"))
824822
valueAddedCapRule.Body.Append(ast.MustParseExpr("count(diff_fields) <= 0"))
825823
mod.Rules = append(mod.Rules, valueAddedCapRule)
@@ -829,8 +827,6 @@ func (pg *Generator) GenerateOPAPodWithName(
829827
valueSecContextRule.Body.Append(ast.NewExpr(ast.VarTerm("valueDroppedCap(container)")))
830828
valueDroppedCapRule := addOPARule("valueDroppedCap", "droppedCap")
831829
valueDroppedCapRule.Body.Append(ast.MustParseExpr("caps = {" + strings.Join(droppedCap, ",") + "}"))
832-
//valueDroppedCapRule.Body.Append(ast.MustParseExpr("setDroppedCap := {"+basepath+".containers[i].securityContext.capabilities.drop[i] | "+basepath+".containers[i].securityContext.capabilities.drop[i] != null}"))
833-
//valueDroppedCapRule.Body.Append(ast.MustParseExpr("count(setDroppedCap) > 0"))
834830
valueDroppedCapRule.Body.Append(ast.MustParseExpr("diff_fields := {label | label := " + basepath + ".containers[_].securityContext.capabilities.drop[_]} - caps"))
835831
valueDroppedCapRule.Body.Append(ast.MustParseExpr("count(diff_fields) <= 0"))
836832
mod.Rules = append(mod.Rules, valueDroppedCapRule)
@@ -870,29 +866,6 @@ func (pg *Generator) GenerateOPAPodWithName(
870866
mod.Rules = append(mod.Rules, valueHostPortRule)
871867
}
872868

873-
/*
874-
if len(volumeMounts) > 0{
875-
valueSecContextRule.Body.Append(ast.MustParseExpr("volumeMountValue(container)"))
876-
valueVolumeMountsRule:= addOPARule("volumeMountValue" ,"container" )
877-
valueVolumeMountsRule.Body.Append(ast.MustParseExpr("hostPaths = {"+strings.Join(volumeMountValues, ",")+"}"))
878-
valueVolumeMountsRule.Body.Append(ast.MustParseExpr("diff_fields := {label | label := input.request.object.spec.containers[_].volumeMounts[_].name} - hostPaths"))
879-
valueVolumeMountsRule.Body.Append(ast.MustParseExpr("count(diff_fields) <= 0"))
880-
881-
valueVolumeMountsRule.Body.Append(ast.MustParseExpr("volumeMount := input.request.object.spec.containers[_].volumeMounts[_]"))
882-
883-
for volume := range volumeMounts {
884-
name:=rand.String(3)
885-
valueVolumeMountsRule.Body.Append(ast.MustParseExpr("volumeMountValue_" + name + "(volumeMount)"))
886-
valueHostPathRule:= addOPARule("volumeMountValue_"+name ,"volumeMount" )
887-
valueHostPathRule.Body.Append(ast.MustParseExpr(checkOPADefault(OPAdefaultRule)+"volums.hostPath.path == \"" + volume + "\""))
888-
valueHostPathRule.Body.Append(ast.MustParseExpr("volumeMount.readOnly == true"))
889-
mod.Rules = append(mod.Rules, valueHostPathRule)
890-
}
891-
892-
mod.Rules = append(mod.Rules, valueVolumeMountsRule)
893-
}
894-
*/
895-
896869
// set allowed host path
897870

898871
if Privileged {

0 commit comments

Comments
 (0)