-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add control C-0272 - Workload with administrative roles #595
Conversation
Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>
PR Description updated to latest commit (8b49e80) |
PR Review
✨ Review tool usage guide:Overview:
With a configuration file, use the following template:
See the review usage page for a comprehensive guide on using this tool. |
PR Code Suggestions
✨ Improve tool usage guide:Overview:
With a configuration file, use the following template:
See the improve usage page for a more comprehensive guide on using this tool. |
Summary:
|
User description
Overview
Type
enhancement, documentation
Description
C-0272
) to identify workloads with administrative roles, including detailed description and remediation.filter.rego
andraw.rego
) for detecting workloads that mount service account tokens by default and have administrative roles.rule.metadata.json
) specifying the rule's application scope and language.Changes walkthrough
C-0272-workloadwithadministrativeroles.json
New Control Definition for Workloads with Administrative Roles
controls/C-0272-workloadwithadministrativeroles.json
administrative roles.
filter.rego
Rego Policy for Identifying Workloads Mounting Service Account Tokens
rules/workload-with-administrative-roles/filter.rego
tokens by default.
workload kind.
raw.rego
Detailed Rego Policy for Workloads with Administrative Roles
rules/workload-with-administrative-roles/raw.rego
roles.
bindings.
rule.metadata.json
Metadata for New Rule on Workloads with Administrative Roles
rules/workload-with-administrative-roles/rule.metadata.json
criteria.
expected.json
Failing Test Case Expected Output for Administrative Role Assignment
rules/workload-with-administrative-roles/test/fail-wl-creates-pod/expected.json
with administrative roles.
expected.json
Passing Test Case Expected Output for Limited Permissions
rules/workload-with-administrative-roles/test/pass-wl-limited-permissions/expected.json
expected.json
Passing Test Case Expected Output for Not Mounting Service Account
Token
rules/workload-with-administrative-roles/test/pass-wl-not-mount-sa-token/expected.json
mount a service account token.
expected.json
Passing Test Case Expected Output for Role Binding
rules/workload-with-administrative-roles/test/pass-wl-rolebinding/expected.json