Halaman utama Jelajahi Bantuan
Masuk
akillibulut
/
porter
cermin dari https://github.com/porter-dev/porter
2
0
Fork 0
Berkas Masalah 0 Wiki
Cabang: git-data-docker-previews
Ranting Tag
porter
/
internal
/
opa
/
policies
/
nginx
/
wait_shutdown.rego

wait_shutdown.rego 1011 B
Permalink Riwayat Mentahan

1234567891011121314151617181920212223242526272829303132333435363738 
  1. package nginx.wait_shutdown
    2. 

  2. 

  3. import future.keywords
    4. 

  4. 

  5. # Policy expects input structure of form:
    6. 

  6. # values: {}
    7. 

  7. 

  8. # This policy tests for the modification of the wait-shutdown script as a soft constraint. We look
    9. 

  9. # for Helm values of the form:
    10. 

  10. # 
    11. 

  11. # controller:
    12. 

  12. #   lifecycle:
    13. 

  13. #     preStop:
    14. 

  14. #       exec:
    15. 

  15. #         command:
    16. 

  16. #           - sh
    17. 

  17. #           - '-c'
    18. 

  18. #           - sleep 120 && /wait-shutdown
    19. 

  19. 

  20. POLICY_ID := "nginx_wait_shutdown"
    21. 

  21. 

  22. POLICY_VERSION := "v0.0.1"
    23. 

  23. 

  24. POLICY_SEVERITY := "high"
    25. 

  25. 

  26. POLICY_TITLE := sprintf("NGINX ingress controller should have a modified wait-shutdown script", [])
    27. 

  27. 

  28. POLICY_SUCCESS_MESSAGE := sprintf("Success: NGINX ingress controller has a properly modified wait-shutdown script set", [])
    29. 

  29. 

  30. allow if {
    31. 

  31. 	input.values.controller.lifecycle.preStop.exec.command
    32. 

  32. 	count(input.values.controller.lifecycle.preStop.exec.command) != 1
    33. 

  33. }
    34. 

  34. 

  35. FAILURE_MESSAGE contains msg if {
    36. 

  36. 	not allow
    37. 

  37. 	msg := sprintf("Failed: NGINX ingress controller does not have a properly modified wait-shutdown script", [])
    38. 

  38. }
    39.