Create rule S6596 add Ansible (#4442)

* Add ansible to rule S6596 * Create rule S6596 add Ansible --------- Co-authored-by: mstachniuk <[email protected]> Co-authored-by: Marcin Stachniuk <[email protected]>
SonarSource · Oct 25, 2024 · b835eba · b835eba
1 parent 3d0af4f
commit b835eba
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 9 deletions.
diff --git a/rules/S6596/ansible/metadata.json b/rules/S6596/ansible/metadata.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/rules/S6596/ansible/rule.adoc b/rules/S6596/ansible/rule.adoc
@@ -0,0 +1,56 @@
+:image_type: container
+
+include::../common/description.adoc[]
+
+== How to fix it
+
+include::../common/how-to-fix.adoc[]
+
+=== Code examples
+
+==== Noncompliant code example
+[source,yaml,diff-id=1,diff-type=noncompliant]
+----
+- name: Create Pod
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: v1
+      kind: Pod
+      metadata:
+        name: example
+      spec:
+        containers:
+          - name: nginx
+            image: nginx # Noncompliant
+
+          - name: nginx
+            image: nginx:latest # Noncompliant
+----
+
+==== Compliant solution
+
+[source,yaml,diff-id=1,diff-type=compliant]
+----
+- name: Create Pod
+  kubernetes.core.k8s:
+    definition:
+      apiVersion: v1
+      kind: Pod
+      metadata:
+        name: example
+      spec:
+        containers:
+          - name: nginx
+            image: nginx:1.14.2 # Compliant, fixed tag
+
+          - name: nginx
+            image: nginx@sha256:b0ad43f7ee5edbc0effbc14645ae7055e21bc1973aee5150745632a24a752661 # Compliant, SHA of the image
+----
+
+include::../common/how-does-this-work.adoc[]
+
+include::../common/extra-mile.adoc[]
+
+include::../common/resources.adoc[]
+
+include::../common/implementation-specific.adoc[]
diff --git a/rules/S6596/common/resources.adoc b/rules/S6596/common/resources.adoc
@@ -0,0 +1,6 @@
+== Resources
+=== Documentation
+
+* https://helm.sh/docs/chart_best_practices/pods/#images[Helm chart best practices - Images]
+* https://kubernetes.io/docs/concepts/containers/images/[Kubernetes - Images]
+* https://docs.docker.com/engine/reference/commandline/image_pull/#pull-an-image-by-digest-immutable-identifier[Pull an image by digest (immutable identifier)]
diff --git a/rules/S6596/kubernetes/rule.adoc b/rules/S6596/kubernetes/rule.adoc
@@ -2,14 +2,14 @@
 
 include::../common/description.adoc[]
 
-== How to fix it in Helm
+== How to fix it
 
 include::../common/how-to-fix.adoc[]
 
 === Code examples
 
 ==== Noncompliant code example
-[source,text,diff-id=1,diff-type=noncompliant]
+[source,yaml,diff-id=1,diff-type=noncompliant]
 ----
 apiVersion: v1
 kind: Pod
@@ -26,7 +26,7 @@ spec:
 
 ==== Compliant solution
 
-[source,text,diff-id=1,diff-type=compliant]
+[source,yaml,diff-id=1,diff-type=compliant]
 ----
 apiVersion: v1
 kind: Pod
@@ -45,11 +45,6 @@ include::../common/how-does-this-work.adoc[]
 
 include::../common/extra-mile.adoc[]
 
-== Resources
-=== Documentation
-
-* https://helm.sh/docs/chart_best_practices/pods/#images[Helm chart best practices - Images]
-* https://kubernetes.io/docs/concepts/containers/images/[Kubernetes - Images]
-* https://docs.docker.com/engine/reference/commandline/image_pull/#pull-an-image-by-digest-immutable-identifier[Pull an image by digest (immutable identifier)]
+include::../common/resources.adoc[]
 
 include::../common/implementation-specific.adoc[]