fix: fixed failing test after master merge

pkg/iac-providers/kubernetes/v1/normalize.go

@@ -29,11 +29,11 @@ import (
 )
 
 const (
-	terrascanSkip        = "terrascan/skip"
+	terrascanSkip        = "runterrascan.io/skip"
 	terrascanSkipRule    = "rule"
 	terrascanSkipComment = "comment"
-	terrascanMaxSeverity = "terrascan/maxseverity"
-	terrascanMinSeverity = "terrascan/minseverity"
+	terrascanMaxSeverity = "runterrascan.io/maxseverity"
+	terrascanMinSeverity = "runterrascan.io/minseverity"
 )
 
 var (

pkg/iac-providers/kubernetes/v1/normalize_test.go

@@ -56,7 +56,7 @@ kind: Pod
 metadata:
   name: myapp-pod
   annotations:
-    terrascan/skip: |
+    runterrascan.io/skip: |
       [{"rule": "accurics.kubernetes.IAM.109", "comment": "reason to skip the rule"}]
 spec:
   containers:
@@ -68,7 +68,7 @@ kind: CRD
 metadata:
   generateName: myapp-pod-prefix-
   annotations:
-    terrascan/skip: |
+    runterrascan.io/skip: |
       [{"rule": "accurics.kubernetes.IAM.109", "comment": "reason to skip the rule"}]
 spec:
   containers:

pkg/policy/opa/engine.go

@@ -303,14 +303,10 @@ func (e *Engine) reportViolation(regoData *RegoData, resource *output.ResourceCo
 	}
 
 	if !strings.EqualFold(resource.MaxSeverity, "none") {
-		// if both values are set then max severity will be applicable
-		// if minseverity is also provided then it will be applied first and over that change maxseverity will be applied.
-		// eg. resource.Violation = medium -> minseverity = High -> resource.Violation = High -> maxseverity = Low -> resource.Violation = Low
+		// if both values are set then min severity will be applicable
 		if utils.MinSeverityApplicable(regoData.Metadata.Severity, resource.MinSeverity) {
 			violation.Severity = strings.ToUpper(resource.MinSeverity)
-		}
-
-		if utils.MaxSeverityApplicable(regoData.Metadata.Severity, resource.MaxSeverity) {
+		} else if utils.MaxSeverityApplicable(regoData.Metadata.Severity, resource.MaxSeverity) {
 			violation.Severity = strings.ToUpper(resource.MaxSeverity)
 		}
 	}

test/e2e/scan/golden/resource_prioritising/max_severity_set/k8s/k8s_file_setting_max_severity.txt

@@ -18,7 +18,7 @@
       "file/folder": "/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/resource_prioritising/max_severity_set/k8s",
       "iac_type": "k8s",
       "scanned_at": "2021-05-26 08:22:49.108823 +0000 UTC",
-      "policies_validated": 7,
+      "policies_validated": 8,
       "violated_policies": 1,
       "low": 1,
       "medium": 0,

test/e2e/scan/golden/resource_prioritising/max_severity_set/terraform/terraform_file_setting_max_severity.txt

@@ -33,7 +33,7 @@
       "file/folder": "/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/resource_prioritising/max_severity_set/terraform",
       "iac_type": "terraform",
       "scanned_at": "2021-05-26 08:32:20.553515 +0000 UTC",
-      "policies_validated": 7,
+      "policies_validated": 8,
       "violated_policies": 2,
       "low": 2,
       "medium": 0,

test/e2e/scan/golden/resource_prioritising/max_severity_set_none/k8s/k8s_file_setting_max_severity_none.txt

@@ -18,7 +18,7 @@
       "file/folder": "/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/resource_prioritising/max_severity_set_none/k8s",
       "iac_type": "k8s",
       "scanned_at": "2021-05-26 08:26:12.117853 +0000 UTC",
-      "policies_validated": 7,
+      "policies_validated": 8,
       "violated_policies": 0,
       "low": 0,
       "medium": 0,

test/e2e/scan/golden/resource_prioritising/max_severity_set_none/terraform/terraform_file_setting_max_severity_none.txt

@@ -33,7 +33,7 @@
       "file/folder": "/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/resource_prioritising/max_severity_set_none/terraform",
       "iac_type": "terraform",
       "scanned_at": "2021-05-26 08:34:10.87025 +0000 UTC",
-      "policies_validated": 7,
+      "policies_validated": 8,
       "violated_policies": 0,
       "low": 0,
       "medium": 0,

test/e2e/scan/golden/resource_prioritising/min_severity_set/k8s/k8s_file_setting_min_severity.txt

@@ -2,13 +2,13 @@
   "results": {
     "violations": [
       {
-        "rule_name": "noHttps",
-        "description": "TLS disabled can affect the confidentiality of the data in transit",
-        "rule_id": "AC-K8-NS-IN-H-0020",
+        "rule_name": "ensurePrivateIP",
+        "description": "Vulnerable to CVE-2020-8554",
+        "rule_id": "AC-K8-NS-SE-M-0188",
         "severity": "HIGH",
         "category": "Network Security",
-        "resource_name": "ingress-demo-disallowed",
-        "resource_type": "kubernetes_ingress",
+        "resource_name": "allowed-external-ip",
+        "resource_type": "kubernetes_service",
         "file": "config.yaml",
         "line": 1
       }
@@ -17,8 +17,8 @@
     "scan_summary": {
       "file/folder": "/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/resource_prioritising/min_severity_set/k8s",
       "iac_type": "k8s",
-      "scanned_at": "2021-05-26 09:17:52.348215 +0000 UTC",
-      "policies_validated": 7,
+      "scanned_at": "2021-05-26 14:52:51.254256 +0000 UTC",
+      "policies_validated": 8,
       "violated_policies": 1,
       "low": 0,
       "medium": 0,

test/e2e/scan/golden/resource_prioritising/min_severity_set/terraform/terraform_file_setting_min_severity.txt

@@ -33,7 +33,7 @@
       "file/folder": "/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/resource_prioritising/min_severity_set/terraform",
       "iac_type": "terraform",
       "scanned_at": "2021-05-26 08:35:52.681856 +0000 UTC",
-      "policies_validated": 7,
+      "policies_validated": 8,
       "violated_policies": 2,
       "low": 0,
       "medium": 0,

test/e2e/test_data/iac/resource_prioritising/max_severity_set/k8s/config.yaml

@@ -3,7 +3,7 @@ kind: Ingress
 metadata:
   name: ingress-demo-disallowed
   annotations:
-    terrascan/maxseverity: Low
+    runterrascan.io/maxseverity: Low
 spec:
   rules:
     - host: example-host.example.com

test/e2e/test_data/iac/resource_prioritising/max_severity_set_none/k8s/config.yaml

@@ -3,7 +3,7 @@ kind: Ingress
 metadata:
   name: ingress-demo-disallowed
   annotations:
-    terrascan/maxseverity: None
+    runterrascan.io/maxseverity: None
 spec:
   rules:
     - host: example-host.example.com

test/e2e/test_data/iac/resource_prioritising/min_severity_set/k8s/config.yaml

@@ -1,14 +1,19 @@
-apiVersion: extensions/v1beta1
-kind: Ingress
+apiVersion: v1
+kind: Service
 metadata:
-  name: ingress-demo-disallowed
+  name: allowed-external-ip
   annotations:
-    terrascan/minseverity: Medium
+    runterrascan.io/minseverity: High
 spec:
-  rules:
-    - host: example-host.example.com
-      http:
-        paths:
-          - backend:
-              serviceName: nginx
-              servicePort: 80  
+  type: ClusterIP
+  selector:
+    app: MyApp
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 8080
+  externalIPs:
+    - 192.168.10.10
+    - 8.8.8.8
+    - 203.0.113.0

test/e2e/test_data/iac/resource_skipping/kubernetes/config.yaml

@@ -3,7 +3,7 @@ kind: Ingress
 metadata:
   name: ingress-demo-disallowed
   annotations:
-    terrascan/skip: "[{\"rule\": \"AC-K8-NS-IN-H-0020\", \"comment\": \"reason to skip the rule\"}]"
+    runterrascan.io/skip: "[{\"rule\": \"AC-K8-NS-IN-H-0020\", \"comment\": \"reason to skip the rule\"}]"
 spec:
   rules:
     - host: example-host.example.com