From b835eba04da7ca45749ed411d857305538435a69 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 25 Oct 2024 16:50:41 +0200 Subject: [PATCH] Create rule S6596 add Ansible (#4442) * Add ansible to rule S6596 * Create rule S6596 add Ansible --------- Co-authored-by: mstachniuk Co-authored-by: Marcin Stachniuk --- rules/S6596/ansible/metadata.json | 2 ++ rules/S6596/ansible/rule.adoc | 56 +++++++++++++++++++++++++++++++ rules/S6596/common/resources.adoc | 6 ++++ rules/S6596/kubernetes/rule.adoc | 13 +++---- 4 files changed, 68 insertions(+), 9 deletions(-) create mode 100644 rules/S6596/ansible/metadata.json create mode 100644 rules/S6596/ansible/rule.adoc create mode 100644 rules/S6596/common/resources.adoc diff --git a/rules/S6596/ansible/metadata.json b/rules/S6596/ansible/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6596/ansible/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6596/ansible/rule.adoc b/rules/S6596/ansible/rule.adoc new file mode 100644 index 00000000000..fc3dbd45b9d --- /dev/null +++ b/rules/S6596/ansible/rule.adoc @@ -0,0 +1,56 @@ +:image_type: container + +include::../common/description.adoc[] + +== How to fix it + +include::../common/how-to-fix.adoc[] + +=== Code examples + +==== Noncompliant code example +[source,yaml,diff-id=1,diff-type=noncompliant] +---- +- name: Create Pod + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Pod + metadata: + name: example + spec: + containers: + - name: nginx + image: nginx # Noncompliant + + - name: nginx + image: nginx:latest # Noncompliant +---- + +==== Compliant solution + +[source,yaml,diff-id=1,diff-type=compliant] +---- +- name: Create Pod + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Pod + metadata: + name: example + spec: + containers: + - name: nginx + image: nginx:1.14.2 # Compliant, fixed tag + + - name: nginx + image: nginx@sha256:b0ad43f7ee5edbc0effbc14645ae7055e21bc1973aee5150745632a24a752661 # Compliant, SHA of the image +---- + +include::../common/how-does-this-work.adoc[] + +include::../common/extra-mile.adoc[] + +include::../common/resources.adoc[] + +include::../common/implementation-specific.adoc[] diff --git a/rules/S6596/common/resources.adoc b/rules/S6596/common/resources.adoc new file mode 100644 index 00000000000..d32a768d041 --- /dev/null +++ b/rules/S6596/common/resources.adoc @@ -0,0 +1,6 @@ +== Resources +=== Documentation + +* https://helm.sh/docs/chart_best_practices/pods/#images[Helm chart best practices - Images] +* https://kubernetes.io/docs/concepts/containers/images/[Kubernetes - Images] +* https://docs.docker.com/engine/reference/commandline/image_pull/#pull-an-image-by-digest-immutable-identifier[Pull an image by digest (immutable identifier)] diff --git a/rules/S6596/kubernetes/rule.adoc b/rules/S6596/kubernetes/rule.adoc index b43715a1788..e3ac79bd06a 100644 --- a/rules/S6596/kubernetes/rule.adoc +++ b/rules/S6596/kubernetes/rule.adoc @@ -2,14 +2,14 @@ include::../common/description.adoc[] -== How to fix it in Helm +== How to fix it include::../common/how-to-fix.adoc[] === Code examples ==== Noncompliant code example -[source,text,diff-id=1,diff-type=noncompliant] +[source,yaml,diff-id=1,diff-type=noncompliant] ---- apiVersion: v1 kind: Pod @@ -26,7 +26,7 @@ spec: ==== Compliant solution -[source,text,diff-id=1,diff-type=compliant] +[source,yaml,diff-id=1,diff-type=compliant] ---- apiVersion: v1 kind: Pod @@ -45,11 +45,6 @@ include::../common/how-does-this-work.adoc[] include::../common/extra-mile.adoc[] -== Resources -=== Documentation - -* https://helm.sh/docs/chart_best_practices/pods/#images[Helm chart best practices - Images] -* https://kubernetes.io/docs/concepts/containers/images/[Kubernetes - Images] -* https://docs.docker.com/engine/reference/commandline/image_pull/#pull-an-image-by-digest-immutable-identifier[Pull an image by digest (immutable identifier)] +include::../common/resources.adoc[] include::../common/implementation-specific.adoc[]