-
Notifications
You must be signed in to change notification settings - Fork 2
/
clusters_test.rego
51 lines (39 loc) · 2.27 KB
/
clusters_test.rego
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package rbac.clusters
test_developer_allowed {
allow with input as { "user": "JOHN", "cluster": {
"metadata": { "name": "cluster7", "labels": {"env": "dev"}}, "notOneOf": ["cluster0", "cluster1"]}}
}
test_developer_not_allowed_sensitive {
not allow with input as { "user": "JOHN", "cluster": {
"metadata": { "name": "cluster1", "labels": {"env": "dev"}}, "notOneOf": ["cluster0", "cluster1"]}}
}
test_developer_not_allowed_production {
not allow with input as { "user": "JOHN", "cluster": { "metadata": { "name": "cluster7", "labels": {"env": "production"}}, "notOneOf": ["cluster0", "cluster1"]}}
}
test_allowed_all_labels {
allow with input as { "user": "BRUNO", "cluster": { "metadata": { "name": "cluster7", "labels": {"env": "production"}}, "notOneOf": []}}
}
test_devops_allowed_dev {
allow with input as { "user": "JACK", "cluster": { "metadata": { "name": "cluster7", "labels": {"env": "dev"}}, "notOneOf": ["cluster0", "cluster1"]}}
}
test_devops_not_allowed_sensitive {
not allow with input as { "user": "JACK", "cluster": { "metadata": { "name": "cluster0", "labels": {"env": "production"}}, "notOneOf": ["cluster0", "cluster1"]}}
}
test_devops_not_allowed_staging {
not allow with input as { "user": "JACK", "cluster": { "hasLabel": { "env=staging": true }, "notOneOf": ["cluster0", "cluster1"]}}
}
test_high_clearance_devops_allowed_dev {
allow with input as { "user": "JANE", "cluster": { "metadata": { "name": "cluster0", "labels": {"env": "dev"}}, "notOneOf": ["cluster0", "cluster1"]}}
}
test_high_clearance_devops_allowed_production {
allow with input as { "user": "JANE", "cluster": { "metadata": { "name": "cluster7", "labels": {"env": "production"}}, "notOneOf": ["cluster0", "cluster1"]}}
}
test_high_clearance_devops_allowed_sensitive {
allow with input as { "user": "JANE", "cluster": { "metadata": { "name": "cluster7", "labels": {"env": "production"}}, "notOneOf": []}}
}
test_high_clearance_allowed_sensitive {
allow with input as { "user": "RICHARD", "cluster": { "metadata": { "name": "cluster1", "labels": {"env": "production"}}, "notOneOf": []}}
}
test_high_clearance_devops_not_allowed_staging {
not allow with input as { "user": "JANE", "cluster": { "hasLabel": { "env=staging": true }, "notOneOf": ["cluster0", "cluster1"]}}
}