Add rego rule to check for windows securityContext compliance #317

alegrey91 · 2023-03-06T16:31:53Z

In order to support Windows system, we should add rego rules to check for securityContext parameters also for this OS.
Reading from the official documentation, we should implement a control for each of the following listed fields: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#windowssecuritycontextoptions-v1-core
So, the new checks to be added, are the following:

The equivalent rules should be named like so:

set-gmsacredentialspec-value
set-gmsacredentialspecname-value
set-hostprocess-true (checking also if WindowsHostProcessContainers feature flag is enabled in api-server)
runAsUserName

The text was updated successfully, but these errors were encountered:

alegrey91 · 2023-03-06T16:33:03Z

@0xquark can this issue be of your interest?

0xquark · 2023-03-06T17:07:28Z

Yes! Seems like a good addition

alegrey91 added enhancement New feature or request good first issue Good for newcomers labels Mar 6, 2023

alegrey91 assigned 0xquark Mar 6, 2023

0xquark mentioned this issue Mar 7, 2023

Add rego rule to check for windows securityContext compliance #318

Closed

Provide feedback