fix some..in lint issues in k8s, openapi, pulumi, serverlessFW

assets/queries/k8s/cluster_admin_role_binding_with_super_user_permissions/query.rego

@@ -9,7 +9,7 @@ CxPolicy[result] {
 	resource.roleRef.name == "cluster-admin"
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": resource.id,
 		"resourceType": resource.kind,
 		"resourceName": metadata.name,
 		"searchKey": sprintf("metadata.name={{%s}}.roleRef.name=cluster-admin", [metadata.name]),

assets/queries/k8s/cluster_allows_unsafe_sysctls/query.rego

@@ -1,9 +1,10 @@
 package Cx
 
 import data.generic.k8s as k8sLib
+import future.keywords.in
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	document.kind == "PodSecurityPolicy"
 	spec := document.spec
 
@@ -23,7 +24,7 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	metadata := document.metadata
 
 	specInfo := k8sLib.getSpecInfo(document)

assets/queries/k8s/cni_plugin_does_not_support_network_policies/query.rego

@@ -2,10 +2,10 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.k8s as k8sLib
+import future.keywords.in
 
 CxPolicy[result] {
-	document := input.document[i]
-
+	some document in input.document
 	common_lib.valid_key(document, "cniVersion")
 	plugin := document.plugins[j]
 	plugin.type == "flannel"
@@ -23,7 +23,7 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	document.kind == "ConfigMap"
 
 	cni := json.unmarshal(document.data["cni-conf.json"])

assets/queries/k8s/container_is_privileged/query.rego

@@ -1,11 +1,12 @@
 package Cx
 
 import data.generic.k8s as k8sLib
+import future.keywords.in
 
 types := {"initContainers", "containers"}
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	metadata := document.metadata
 
 	specInfo := k8sLib.getSpecInfo(document)

assets/queries/k8s/containers_running_as_root/query.rego

@@ -2,6 +2,7 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.k8s as k8sLib
+import future.keywords.in
 
 types := {"initContainers", "containers"}
 
@@ -74,7 +75,7 @@ checkRoot(specInfo, container, containerType, containerId, document, metadata) =
 }
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	metadata := document.metadata
 
 	specInfo := k8sLib.getSpecInfo(document)

assets/queries/k8s/containers_with_added_capabilities/query.rego

@@ -2,11 +2,12 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.k8s as k8sLib
+import future.keywords.in
 
 types = {"initContainers", "containers"}
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	metadata := document.metadata
 
 	specInfo := k8sLib.getSpecInfo(document)

assets/queries/k8s/cpu_limits_not_set/query.rego

@@ -2,11 +2,12 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.k8s as k8sLib
+import future.keywords.in
 
 types := {"initContainers", "containers"}
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	specInfo := k8sLib.getSpecInfo(document)
 	metadata := document.metadata
 
@@ -15,7 +16,7 @@ CxPolicy[result] {
 	not common_lib.valid_key(containers[index].resources.limits, "cpu")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": document.kind,
 		"resourceName": metadata.name,
 		"issueType": "MissingAttribute",
@@ -26,7 +27,7 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	specInfo := k8sLib.getSpecInfo(document)
 	metadata := document.metadata
 
@@ -35,7 +36,7 @@ CxPolicy[result] {
 	not common_lib.valid_key(containers[index].resources, "limits")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": document.kind,
 		"resourceName": metadata.name,
 		"issueType": "MissingAttribute",
@@ -46,7 +47,7 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	specInfo := k8sLib.getSpecInfo(document)
 	metadata := document.metadata
 
@@ -55,7 +56,7 @@ CxPolicy[result] {
 	not common_lib.valid_key(containers[index], "resources")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": document.kind,
 		"resourceName": metadata.name,
 		"issueType": "MissingAttribute",

assets/queries/k8s/cpu_requests_not_set/query.rego

@@ -2,11 +2,12 @@ package Cx
 
 import data.generic.common as common_lib
 import data.generic.k8s as k8sLib
+import future.keywords.in
 
 types := {"initContainers", "containers"}
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	specInfo := k8sLib.getSpecInfo(document)
 	metadata := document.metadata
 
@@ -15,7 +16,7 @@ CxPolicy[result] {
 	not common_lib.valid_key(containers[index].resources.requests, "cpu")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": document.kind,
 		"resourceName": metadata.name,
 		"issueType": "MissingAttribute",
@@ -26,7 +27,7 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	specInfo := k8sLib.getSpecInfo(document)
 	metadata := document.metadata
 
@@ -35,7 +36,7 @@ CxPolicy[result] {
 	not common_lib.valid_key(containers[index].resources, "requests")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": document.kind,
 		"resourceName": metadata.name,
 		"issueType": "MissingAttribute",
@@ -46,7 +47,7 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	specInfo := k8sLib.getSpecInfo(document)
 	metadata := document.metadata
 
@@ -55,7 +56,7 @@ CxPolicy[result] {
 	not common_lib.valid_key(containers[index], "resources")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": document.kind,
 		"resourceName": metadata.name,
 		"issueType": "MissingAttribute",

assets/queries/k8s/cronjob_deadline_not_configured/query.rego

@@ -1,17 +1,18 @@
 package Cx
 
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	document := input.document[i]
+	some document in input.document
 	spec := document.spec
 	metadata := document.metadata
 	kind := document.kind
 	kind == "CronJob"
 	not common_lib.valid_key(spec, "startingDeadlineSeconds")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": document.id,
 		"resourceType": document.kind,
 		"resourceName": metadata.name,
 		"searchKey": sprintf("metadata.name={{%s}}.spec", [metadata.name]),

assets/queries/k8s/dashboard_is_enabled/query.rego

@@ -1,20 +1,21 @@
 package Cx
 
 import data.generic.k8s as k8sLib
+import future.keywords.in
 
 CxPolicy[result] {
-	document := input.document
-	metadata := document[i].metadata
+	some document in input.document
+	metadata := document.metadata
 
-	specInfo := k8sLib.getSpecInfo(document[i])
+	specInfo := k8sLib.getSpecInfo(document)
 
 	types := {"initContainers", "containers"}
 	containers := specInfo.spec[types[x]]
 	check_image_content(containers[j])
 
 	result := {
-		"documentId": input.document[i].id,
-		"resourceType": document[i].kind,
+		"documentId": document.id,
+		"resourceType": document.kind,
 		"resourceName": metadata.name,
 		"searchKey": sprintf("metadata.name={{%s}}.%s.%s.name={{%s}}.image", [metadata.name, specInfo.path, types[x], containers[j].name]),
 		"issueType": "IncorrectValue",

assets/queries/k8s/deployment_has_no_pod_anti_affinity/query.rego

@@ -1,9 +1,10 @@
 package Cx
 
 import data.generic.common as common_lib
+import future.keywords.in
 
 CxPolicy[result] {
-	deployment := input.document[i]
+	some deployment in input.document
 	object.get(deployment, "kind", "undefined") == "Deployment"
 
 	metadata := deployment.metadata
@@ -13,7 +14,7 @@ CxPolicy[result] {
 	not common_lib.valid_key(deployment.spec.template.spec, "affinity")
 
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": deployment.id,
 		"resourceType": deployment.kind,
 		"resourceName": metadata.name,
 		"searchKey": sprintf("metadata.name={{%s}}.spec.template.spec", [metadata.name]),
@@ -24,7 +25,7 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	deployment := input.document[i]
+	some deployment in input.document
 	object.get(deployment, "kind", "undefined") == "Deployment"
 
 	to_number(deployment.spec.replicas) > 2
@@ -34,7 +35,7 @@ CxPolicy[result] {
 
 	metadata := deployment.metadata
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": deployment.id,
 		"resourceType": deployment.kind,
 		"resourceName": metadata.name,
 		"searchKey": sprintf("metadata.name={{%s}}.spec.template.spec.affinity", [metadata.name]),
@@ -45,7 +46,7 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	deployment := input.document[i]
+	some deployment in input.document
 	object.get(deployment, "kind", "undefined") == "Deployment"
 
 	to_number(deployment.spec.replicas) > 2
@@ -60,7 +61,7 @@ CxPolicy[result] {
 
 	metadata := deployment.metadata
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": deployment.id,
 		"resourceType": deployment.kind,
 		"resourceName": metadata.name,
 		"searchKey": sprintf("metadata.name={{%s}}.spec.template.spec.affinity.podAntiAffinity", [metadata.name]),
@@ -71,7 +72,7 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	deployment := input.document[i]
+	some deployment in input.document
 	object.get(deployment, "kind", "undefined") == "Deployment"
 
 	to_number(deployment.spec.replicas) > 2
@@ -89,7 +90,7 @@ CxPolicy[result] {
 
 	metadata := deployment.metadata
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": deployment.id,
 		"resourceType": deployment.kind,
 		"resourceName": metadata.name,
 		"searchKey": sprintf("metadata.name={{%s}}.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm", [metadata.name]),
@@ -100,7 +101,7 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	deployment := input.document[i]
+	some deployment in input.document
 	object.get(deployment, "kind", "undefined") == "Deployment"
 
 	to_number(deployment.spec.replicas) > 2
@@ -123,7 +124,7 @@ CxPolicy[result] {
 
 	metadata := deployment.metadata
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": deployment.id,
 		"resourceType": deployment.kind,
 		"resourceName": metadata.name,
 		"searchKey": sprintf("metadata.name={{%s}}.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchLabels", [metadata.name]),
@@ -134,7 +135,7 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	deployment := input.document[i]
+	some deployment in input.document
 	object.get(deployment, "kind", "undefined") == "Deployment"
 
 	to_number(deployment.spec.replicas) > 2
@@ -152,7 +153,7 @@ CxPolicy[result] {
 
 	metadata := deployment.metadata
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": deployment.id,
 		"resourceType": deployment.kind,
 		"resourceName": metadata.name,
 		"searchKey": sprintf("metadata.name={{%s}}.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution", [metadata.name]),
@@ -163,7 +164,7 @@ CxPolicy[result] {
 }
 
 CxPolicy[result] {
-	deployment := input.document[i]
+	some deployment in input.document
 	object.get(deployment, "kind", "undefined") == "Deployment"
 
 	to_number(deployment.spec.replicas) > 2
@@ -186,7 +187,7 @@ CxPolicy[result] {
 
 	metadata := deployment.metadata
 	result := {
-		"documentId": input.document[i].id,
+		"documentId": deployment.id,
 		"resourceType": deployment.kind,
 		"resourceName": metadata.name,
 		"searchKey": sprintf("metadata.name={{%s}}.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchLabels", [metadata.name]),