initial push after filling out content

Azure · Feb 8, 2024 · 7442ebf · 7442ebf
1 parent 10100d8
commit 7442ebf
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 14 deletions.
diff --git a/pkg/safeguards/constraints/NoUnauthenticatedPulls/constraint/constraint.yaml b/pkg/safeguards/constraints/NoUnauthenticatedPulls/constraint/constraint.yaml
@@ -8,4 +8,4 @@ spec:
       - apiGroups: ["apps"]
         kinds: ["Deployment"]
   parameters:
-    excludedImages: []
+    excludedImages: ["nginx:latest"]
diff --git a/pkg/safeguards/constraints/NoUnauthenticatedPulls/deployments/NUP_Error_Manifest.yaml b/pkg/safeguards/constraints/NoUnauthenticatedPulls/deployments/NUP_Error_Manifest.yaml
@@ -1,11 +1,9 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: my-deployment
+  name: nup-error-manifest
   labels:
     app: my-app
-    environment: production
-    testLabel3: randomlabel
 spec:
   replicas: 3
   selector:
@@ -16,9 +14,8 @@ spec:
       labels:
         app: my-app
     spec:
-      initContainers:
-        - name: my-container-CAI-error
-          image: nginx:latest
       containers:
-        - name: my-container-CAI-error
-          image: nginx:latest
+      - name: badcontainer
+        image: badimage
+      imagePullSecrets:
+      - name: my-secret
diff --git a/pkg/safeguards/constraints/NoUnauthenticatedPulls/deployments/NUP_Success_Manifest.yaml b/pkg/safeguards/constraints/NoUnauthenticatedPulls/deployments/NUP_Success_Manifest.yaml
@@ -1,11 +1,9 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: my-deployment
+  name: nup-success-manifest
   labels:
     app: my-app
-    environment: production
-    testLabel3: randomlabel
 spec:
   replicas: 3
   selector:
@@ -17,5 +15,5 @@ spec:
         app: my-app
     spec:
       containers:
-        - name: my-container-CAI-success
-          image: nginx:latest
+      - name: my-container
+        image: nginx:latest
diff --git a/pkg/safeguards/safeguards_test.go b/pkg/safeguards/safeguards_test.go
@@ -81,3 +81,33 @@ func TestValidateSafeguardsConstraint_CEP(t *testing.T) {
 	err = validateDeployment(ctx, c, successDeployment)
 	assert.Nil(t, err)
 }
+
+func TestValidateSafeguardsConstraint_NUP(t *testing.T) {
+	// instantiate constraint client
+	c, err := getConstraintClient()
+	assert.Nil(t, err)
+
+	// retrieving template, constraint, and deployments
+	constraintTemplate, err := testFc.ReadConstraintTemplate(testDeployment_NUP.Name)
+	assert.Nil(t, err)
+	constraint, err := testFc.ReadConstraint(testDeployment_NUP.Name)
+	assert.Nil(t, err)
+	errDeployment, err := testFc.ReadDeployment(testDeployment_NUP.ErrorPath)
+	assert.Nil(t, err)
+	successDeployment, err := testFc.ReadDeployment(testDeployment_NUP.SuccessPath)
+	assert.Nil(t, err)
+
+	// load template, constraint into constraint client
+	err = loadConstraintTemplates(ctx, c, []*templates.ConstraintTemplate{constraintTemplate})
+	assert.Nil(t, err)
+	err = loadConstraints(ctx, c, []*unstructured.Unstructured{constraint})
+	assert.Nil(t, err)
+
+	// validating deployment manifests
+	// error case - should throw error
+	err = validateDeployment(ctx, c, errDeployment)
+	assert.NotNil(t, err)
+	// success case - should not throw error
+	err = validateDeployment(ctx, c, successDeployment)
+	assert.Nil(t, err)
+}