Add Rego syntax test file

3 files changed, 387 insertions, 0 deletions

diff --git a/tests/syntax-tests/highlighted/Rego/src_test.rego b/tests/syntax-tests/highlighted/Rego/src_test.rego
new file mode 100644
index 00000000..a249e679
--- /dev/null
+++ b/tests/syntax-tests/highlighted/Rego/src_test.rego
@@ -0,0 +1,181 @@
+package k8sazureprocmount
+
+test_input_container_not_proc_mount_allowed {
+    input := { "review": input_review, "parameters": input_parameters_default}
+    results := violation with input as input
+    count(results) == 0
+}
+test_input_container_proc_mount_not_allowed {
+    input := { "review": input_review_unmasked, "parameters": input_parameters_default}
+    results := violation with input as input
+    count(results) == 1
+}
+test_input_container_proc_mount_not_allowed_null_param {
+    input := { "review": input_review_unmasked, "parameters": null }
+    results := violation with input as input
+    count(results) == 1
+}
+test_input_container_proc_mount_not_allowed_missing_param {
+    input := { "review": input_review_unmasked }
+    results := violation with input as input
+    count(results) == 1
+}
+test_input_container_many_not_proc_mount_allowed {
+    input := { "review": input_review_many, "parameters": input_parameters_default}
+    results := violation with input as input
+    count(results) == 0
+}
+test_input_container_many_mixed_proc_mount_not_allowed {
+    input := { "review": input_review_many_mixed, "parameters": input_parameters_default}
+    results := violation with input as input
+    count(results) == 1
+}
+test_input_container_many_mixed_proc_mount_not_allowed_two {
+    input := { "review": input_review_many_mixed_two, "parameters": input_parameters_default}
+    results := violation with input as input
+    count(results) == 2
+}
+test_input_container_proc_mount_case_insensitive {
+    input := { "review": input_review, "parameters": input_parameters_default_lower}
+    results := violation with input as input
+    count(results) == 0
+}
+test_input_container_not_proc_mount_unmasked {
+    input := { "review": input_review, "parameters": input_parameters_unmasked}
+    results := violation with input as input
+    count(results) == 0
+}
+test_input_container_proc_mount_unmasked {
+    input := { "review": input_review_unmasked, "parameters": input_parameters_unmasked}
+    results := violation with input as input
+    count(results) == 0
+}
+test_input_container_many_mixed_proc_mount_allowed_two {
+    input := { "review": input_review_many_mixed_two, "parameters": input_parameters_unmasked}
+    results := violation with input as input
+    count(results) == 0
+}
+
+input_review = {
+    "object": {
+        "metadata": {
+            "name": "nginx"
+        },
+        "spec": {
+            "containers": input_containers_one
+        }
+    }
+}
+
+input_review_unmasked = {
+    "object": {
+        "metadata": {
+            "name": "nginx"
+        },
+        "spec": {
+            "containers": input_containers_one_unmasked
+        }
+    }
+}
+
+input_review_many = {
+    "object": {
+        "metadata": {
+            "name": "nginx"
+        },
+        "spec": {
+            "containers": input_containers_many,
+            "initContainers": input_containers_one
+        }
+    }
+}
+
+input_review_many_mixed = {
+    "object": {
+        "metadata": {
+            "name": "nginx"
+        },
+        "spec": {
+            "containers": input_containers_many,
+            "initContainers": input_containers_one_unmasked
+        }
+    }
+}
+
+input_review_many_mixed_two = {
+    "object": {
+        "metadata": {
+            "name": "nginx"
+        },
+        "spec": {
+            "containers": input_containers_many_mixed,
+            "initContainers": input_containers_one_unmasked
+        }
+    }
+}
+
+input_containers_one = [
+{
+    "name": "nginx",
+    "image": "nginx",
+    "securityContext": {
+      "procMount": "Default"
+    }
+}]
+
+input_containers_one_unmasked = [
+{
+    "name": "nginx",
+    "image": "nginx",
+    "securityContext": {
+      "procMount": "Unmasked"
+    }
+}]
+
+input_containers_many = [
+{
+    "name": "nginx",
+    "image": "nginx",
+    "securityContext": {
+      "procMount": "Default"
+    }
+},
+{
+    "name": "nginx1",
+    "image": "nginx"
+},
+{
+    "name": "nginx2",
+    "image": "nginx",
+    "securityContext": {
+      "runAsUser": "1000"
+    }
+}]
+
+input_containers_many_mixed = [
+{
+    "name": "nginx",
+    "image": "nginx",
+    "securityContext": {
+      "procMount": "Default"
+    }
+},
+{
+    "name": "nginx1",
+    "image": "nginx",
+    "securityContext": {
+      "procMount": "Unmasked"
+    }
+}]
+
+input_parameters_default = {
+     "procMount": "Default"
+}
+
+input_parameters_default_lower = {
+     "procMount": "default"
+}
+
+input_parameters_unmasked = {
+     "procMount": "Unmasked"
+}
diff --git a/tests/syntax-tests/source/Rego/LICENSE.md b/tests/syntax-tests/source/Rego/LICENSE.md
new file mode 100644
index 00000000..0a21dc11
--- /dev/null
+++ b/tests/syntax-tests/source/Rego/LICENSE.md
@@ -0,0 +1,25 @@
+The `src_test.rego` file has been added from https://github.com/Azure/Community-Policy under the following license:
+
+```text
+    MIT License
+
+    Copyright (c) Microsoft Corporation.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE
+```
diff --git a/tests/syntax-tests/source/Rego/src_test.rego b/tests/syntax-tests/source/Rego/src_test.rego
new file mode 100644
index 00000000..1e5dfce5
--- /dev/null
+++ b/tests/syntax-tests/source/Rego/src_test.rego
@@ -0,0 +1,181 @@
+package k8sazureprocmount
+
+test_input_container_not_proc_mount_allowed {
+    input := { "review": input_review, "parameters": input_parameters_default}
+    results := violation with input as input
+    count(results) == 0
+}
+test_input_container_proc_mount_not_allowed {
+    input := { "review": input_review_unmasked, "parameters": input_parameters_default}
+    results := violation with input as input
+    count(results) == 1
+}
+test_input_container_proc_mount_not_allowed_null_param {
+    input := { "review": input_review_unmasked, "parameters": null }
+    results := violation with input as input
+    count(results) == 1
+}
+test_input_container_proc_mount_not_allowed_missing_param {
+    input := { "review": input_review_unmasked }
+    results := violation with input as input
+    count(results) == 1
+}
+test_input_container_many_not_proc_mount_allowed {
+    input := { "review": input_review_many, "parameters": input_parameters_default}
+    results := violation with input as input
+    count(results) == 0
+}
+test_input_container_many_mixed_proc_mount_not_allowed {
+    input := { "review": input_review_many_mixed, "parameters": input_parameters_default}
+    results := violation with input as input
+    count(results) == 1
+}
+test_input_container_many_mixed_proc_mount_not_allowed_two {
+    input := { "review": input_review_many_mixed_two, "parameters": input_parameters_default}
+    results := violation with input as input
+    count(results) == 2
+}
+test_input_container_proc_mount_case_insensitive {
+    input := { "review": input_review, "parameters": input_parameters_default_lower}
+    results := violation with input as input
+    count(results) == 0
+}
+test_input_container_not_proc_mount_unmasked {
+    input := { "review": input_review, "parameters": input_parameters_unmasked}
+    results := violation with input as input
+    count(results) == 0
+}
+test_input_container_proc_mount_unmasked {
+    input := { "review": input_review_unmasked, "parameters": input_parameters_unmasked}
+    results := violation with input as input
+    count(results) == 0
+}
+test_input_container_many_mixed_proc_mount_allowed_two {
+    input := { "review": input_review_many_mixed_two, "parameters": input_parameters_unmasked}
+    results := violation with input as input
+    count(results) == 0
+}
+
+input_review = {
+    "object": {
+        "metadata": {
+            "name": "nginx"
+        },
+        "spec": {
+            "containers": input_containers_one
+        }
+    }
+}
+
+input_review_unmasked = {
+    "object": {
+        "metadata": {
+            "name": "nginx"
+        },
+        "spec": {
+            "containers": input_containers_one_unmasked
+        }
+    }
+}
+
+input_review_many = {
+    "object": {
+        "metadata": {
+            "name": "nginx"
+        },
+        "spec": {
+            "containers": input_containers_many,
+            "initContainers": input_containers_one
+        }
+    }
+}
+
+input_review_many_mixed = {
+    "object": {
+        "metadata": {
+            "name": "nginx"
+        },
+        "spec": {
+            "containers": input_containers_many,
+            "initContainers": input_containers_one_unmasked
+        }
+    }
+}
+
+input_review_many_mixed_two = {
+    "object": {
+        "metadata": {
+            "name": "nginx"
+        },
+        "spec": {
+            "containers": input_containers_many_mixed,
+            "initContainers": input_containers_one_unmasked
+        }
+    }
+}
+
+input_containers_one = [
+{
+    "name": "nginx",
+    "image": "nginx",
+    "securityContext": {
+      "procMount": "Default"
+    }
+}]
+
+input_containers_one_unmasked = [
+{
+    "name": "nginx",
+    "image": "nginx",
+    "securityContext": {
+      "procMount": "Unmasked"
+    }
+}]
+
+input_containers_many = [
+{
+    "name": "nginx",
+    "image": "nginx",
+    "securityContext": {
+      "procMount": "Default"
+    }
+},
+{
+    "name": "nginx1",
+    "image": "nginx"
+},
+{
+    "name": "nginx2",
+    "image": "nginx",
+    "securityContext": {
+      "runAsUser": "1000"
+    }
+}]
+
+input_containers_many_mixed = [
+{
+    "name": "nginx",
+    "image": "nginx",
+    "securityContext": {
+      "procMount": "Default"
+    }
+},
+{
+    "name": "nginx1",
+    "image": "nginx",
+    "securityContext": {
+      "procMount": "Unmasked"
+    }
+}]
+
+input_parameters_default = {
+     "procMount": "Default"
+}
+
+input_parameters_default_lower = {
+     "procMount": "default"
+}
+
+input_parameters_unmasked = {
+     "procMount": "Unmasked"
+}