fix: revise logic of configured name rule (#947)

* fix: add constraints to required-name rule logic * fix: add constraints to required-name rule logic * fix: add constraints to required-name rule logic * fix: add constraints to required-name rule logic
datreeio · Jun 18, 2023 · 161c511 · 161c511
1 parent 5029f4c
commit 161c511
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 7 deletions.
diff --git a/pkg/defaultRules/defaultRules.yaml b/pkg/defaultRules/defaultRules.yaml
@@ -1843,15 +1843,16 @@ rules:
         - $ref: "#/definitions/podPattern"
         - $ref: "#/definitions/serviceAccountPattern"
   - id: 54
-    name: Ensure resource has a configured name
+    name: Ensure resource has a valid configured name
     uniqueName: RESOURCE_MISSING_NAME
     enabledByDefault: true
     documentationUrl: "https://hub.datree.io/built-in-rules/ensure-resource-name"
-    messageOnFailure: "Missing key `name` or `generateName` - one of them must be set to apply resource to a cluster"
+    messageOnFailure: "Invalid/missing value for key `name` or `generateName` - one of them must be set with a valid value to apply a resource to a cluster"
     categories:
       - cdk8s
+      - Other
     complexity: easy
-    impact: Configurations that miss this property will pass k8s schema validation, but will fail when pushed into a cluster (i.e. when running kubectl apply/create)
+    impact: Configurations with a missing or invalid name will pass k8s schema validation, but will fail when pushed into a cluster (i.e. when running kubectl apply/create)
     schema:
       definitions:
         metadataNamePattern:
@@ -1861,6 +1862,7 @@ rules:
               properties:
                 name:
                   type: string
+                  format: hostname
               required:
                 - name
           required:
@@ -1872,6 +1874,7 @@ rules:
               properties:
                 generateName:
                   type: string
+                  format: hostname
               required:
                 - generateName
           required:

diff --git a/pkg/evaluation/printer_test_expected_outputs/JUnit_output.xml b/pkg/evaluation/printer_test_expected_outputs/JUnit_output.xml
@@ -29,7 +29,7 @@
 		<testcase name="Prevent deprecated APIs in Kubernetes v1.17" classname="K8S_DEPRECATED_APIVERSION_1.17"></testcase>
 		<testcase name="Prevent containers from having root access capabilities" classname="CONTAINERS_INCORRECT_PRIVILEGED_VALUE_TRUE"></testcase>
 		<testcase name="Prevent CronJob from executing jobs concurrently" classname="CRONJOB_MISSING_CONCURRENCYPOLICY_KEY"></testcase>
-		<testcase name="Ensure resource has a configured name" classname="RESOURCE_MISSING_NAME"></testcase>
+		<testcase name="Ensure resource has a valid configured name" classname="RESOURCE_MISSING_NAME"></testcase>
 	</testsuite>
 	<testsuite name="File2">
 		<testcase name="Ensure each container image has a pinned (tag) version" classname="CONTAINERS_MISSING_IMAGE_VALUE_VERSION"></testcase>
@@ -52,7 +52,7 @@
 		<testcase name="Prevent deprecated APIs in Kubernetes v1.17" classname="K8S_DEPRECATED_APIVERSION_1.17"></testcase>
 		<testcase name="Prevent containers from having root access capabilities" classname="CONTAINERS_INCORRECT_PRIVILEGED_VALUE_TRUE"></testcase>
 		<testcase name="Prevent CronJob from executing jobs concurrently" classname="CRONJOB_MISSING_CONCURRENCYPOLICY_KEY"></testcase>
-		<testcase name="Ensure resource has a configured name" classname="RESOURCE_MISSING_NAME"></testcase>
+		<testcase name="Ensure resource has a valid configured name" classname="RESOURCE_MISSING_NAME"></testcase>
 	</testsuite>
 	<testsuite name="policySummary">
 		<properties>

diff --git a/pkg/evaluation/printer_test_expected_outputs/JUnit_output_verbose.xml b/pkg/evaluation/printer_test_expected_outputs/JUnit_output_verbose.xml
@@ -33,7 +33,7 @@
 		<testcase name="Prevent deprecated APIs in Kubernetes v1.17" classname="K8S_DEPRECATED_APIVERSION_1.17"></testcase>
 		<testcase name="Prevent containers from having root access capabilities" classname="CONTAINERS_INCORRECT_PRIVILEGED_VALUE_TRUE"></testcase>
 		<testcase name="Prevent CronJob from executing jobs concurrently" classname="CRONJOB_MISSING_CONCURRENCYPOLICY_KEY"></testcase>
-		<testcase name="Ensure resource has a configured name" classname="RESOURCE_MISSING_NAME"></testcase>
+		<testcase name="Ensure resource has a valid configured name" classname="RESOURCE_MISSING_NAME"></testcase>
 	</testsuite>
 	<testsuite name="File2">
 		<testcase name="Ensure each container image has a pinned (tag) version" classname="CONTAINERS_MISSING_IMAGE_VALUE_VERSION"></testcase>
@@ -56,7 +56,7 @@
 		<testcase name="Prevent deprecated APIs in Kubernetes v1.17" classname="K8S_DEPRECATED_APIVERSION_1.17"></testcase>
 		<testcase name="Prevent containers from having root access capabilities" classname="CONTAINERS_INCORRECT_PRIVILEGED_VALUE_TRUE"></testcase>
 		<testcase name="Prevent CronJob from executing jobs concurrently" classname="CRONJOB_MISSING_CONCURRENCYPOLICY_KEY"></testcase>
-		<testcase name="Ensure resource has a configured name" classname="RESOURCE_MISSING_NAME"></testcase>
+		<testcase name="Ensure resource has a valid configured name" classname="RESOURCE_MISSING_NAME"></testcase>
 	</testsuite>
 	<testsuite name="policySummary">
 		<properties>