Merge pull request #538 from kubescape/fix-C-0014

replace serviceaccountname with serviceAccountName
kubescape · Oct 31, 2023 · 086e948 · 086e948
2 parents 901b81a + bcf6663
commit 086e948
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 15 deletions.
diff --git a/rules/rule-access-dashboard-wl-v1/raw.rego b/rules/rule-access-dashboard-wl-v1/raw.rego
@@ -14,8 +14,8 @@ deny[msga] {
 		"packagename": "armo_builtins",
 		"alertScore": 7,
 		"fixPaths": [],
-		"deletePaths": ["spec.serviceaccountname"],
-		"failedPaths": ["spec.serviceaccountname"],
+		"deletePaths": ["spec.serviceAccountName"],
+		"failedPaths": ["spec.serviceAccountName"],
 		"alertObject": {
 			"k8sApiObjects": [pod]
 		}
@@ -36,8 +36,8 @@ deny[msga] {
 	msga := {
 		"alertMessage": sprintf("%v: %v is associated with dashboard service account", [wl.kind, wl.metadata.name]),
 		"packagename": "armo_builtins",
-		"deletePaths": ["spec.template.spec.serviceaccountname"],
-		"failedPaths": ["spec.template.spec.serviceaccountname"],
+		"deletePaths": ["spec.template.spec.serviceAccountName"],
+		"failedPaths": ["spec.template.spec.serviceAccountName"],
 		"alertScore": 7,
 		"fixPaths": [],
 		"alertObject": {
@@ -61,8 +61,8 @@ deny[msga] {
 		"packagename": "armo_builtins",
 		"alertScore": 7,
 		"fixPaths": [],
-		"deletePaths": ["spec.jobTemplate.spec.template.spec.serviceaccountname"],
-		"failedPaths": ["spec.jobTemplate.spec.template.spec.serviceaccountname"],
+		"deletePaths": ["spec.jobTemplate.spec.template.spec.serviceAccountName"],
+		"failedPaths": ["spec.jobTemplate.spec.template.spec.serviceAccountName"],
 		"alertObject": {
 			"k8sApiObjects": [wl]
 		}

diff --git a/rules/rule-access-dashboard-wl-v1/test/cronjob/expected.json b/rules/rule-access-dashboard-wl-v1/test/cronjob/expected.json
@@ -1,6 +1,7 @@
 [{
     "alertMessage": "the following cronjob: hello is associated with dashboard service account",
-    "failedPaths": ["spec.jobTemplate.spec.template.spec.serviceaccountname"],
+    "failedPaths": ["spec.jobTemplate.spec.template.spec.serviceAccountName"],
+    "deletePaths": ["spec.jobTemplate.spec.template.spec.serviceAccountName"],
     "fixPaths": [],
     "ruleStatus": "",
     "packagename": "armo_builtins",

diff --git a/rules/rule-access-dashboard-wl-v1/test/pod/expected.json b/rules/rule-access-dashboard-wl-v1/test/pod/expected.json
@@ -1,6 +1,7 @@
 [{
     "alertMessage": "the following pods: frontend are associated with dashboard service account",
-    "failedPaths": ["spec.serviceaccountname"],
+    "failedPaths": ["spec.serviceAccountName"],
+    "deletePaths": ["spec.serviceAccountName"],
     "fixPaths": [],
     "ruleStatus": "",
     "packagename": "armo_builtins",

diff --git a/rules/rule-access-dashboard-wl-v1/test/workload/expected.json b/rules/rule-access-dashboard-wl-v1/test/workload/expected.json
@@ -1,6 +1,7 @@
 [{
     "alertMessage": "Deployment: test is associated with dashboard service account",
-    "failedPaths": ["spec.template.spec.serviceaccountname"],
+    "failedPaths": ["spec.template.spec.serviceAccountName"],
+    "deletePaths": ["spec.template.spec.serviceAccountName"],
     "fixPaths": [],
     "ruleStatus": "",
     "packagename": "armo_builtins",

diff --git a/rules/rule-access-dashboard/raw.rego b/rules/rule-access-dashboard/raw.rego
@@ -58,9 +58,9 @@ deny[msga] {
 
 deny[msga] {
     pod := input[_]
-    pod.spec.serviceaccountname == "kubernetes-dashboard"
+    pod.spec.serviceAccountName == "kubernetes-dashboard"
     not startswith(pod.metadata.name, "kubernetes-dashboard")
-	path := "spec.serviceaccountname"
+	path := "spec.serviceAccountName"
 	msga := {
 		"alertMessage": sprintf("the following pods: %s are associated with dashboard service account", [pod.metadata.name]),
 		"packagename": "armo_builtins",
@@ -81,9 +81,9 @@ deny[msga] {
     wl := input[_]
 	spec_template_spec_patterns := {"Deployment","ReplicaSet","DaemonSet","StatefulSet","Job"}
 	spec_template_spec_patterns[wl.kind]
-    wl.spec.template.spec.serviceaccountname == "kubernetes-dashboard"
+    wl.spec.template.spec.serviceAccountName == "kubernetes-dashboard"
     not startswith(wl.metadata.name, "kubernetes-dashboard")
-	path := "spec.template.spec.serviceaccountname"
+	path := "spec.template.spec.serviceAccountName"
 	msga := {
 		"alertMessage": sprintf("%v: %v is associated with dashboard service account", [wl.kind, wl.metadata.name]),
 		"packagename": "armo_builtins",
@@ -103,9 +103,9 @@ deny[msga] {
 deny[msga] {
     wl := input[_]
 	wl.kind == "CronJob"
-    wl.spec.jobTemplate.spec.template.spec.serviceaccountname == "kubernetes-dashboard"
+    wl.spec.jobTemplate.spec.template.spec.serviceAccountName == "kubernetes-dashboard"
     not startswith(wl.metadata.name, "kubernetes-dashboard")
-	path := "spec.jobTemplate.spec.template.spec.serviceaccountname"
+	path := "spec.jobTemplate.spec.template.spec.serviceAccountName"
 	msga := {
 		"alertMessage": sprintf("the following cronjob: %s is associated with dashboard service account", [wl.metadata.name]),
 		"packagename": "armo_builtins",