revert k8s old changes (#608)

Co-authored-by: apple <avanti@accurics.com>

pkg/policies/opa/rego/k8s/kubernetes_ingress/AC-K8-NS-IN-H-0020.json

@@ -1,14 +1,14 @@
 {
+  "name": "noHttps",
+  "file": "noHttps.rego",
+  "template_args": {
     "name": "noHttps",
-    "file": "noHttps.rego",
-    "template_args": {
-        "name": "noHttps",
-        "prefix": "",
-        "suffix": ""
-    },
-    "severity": "HIGH",
-    "description": "TLS disabled can affect the confidentiality of the data in transit",
-    "reference_id": "AC-K8-NS-IN-H-0020",
-    "category": "Network Security",
-    "version": 1
-}
+    "prefix": "",
+    "suffix": ""
+  },
+  "severity": "HIGH",
+  "description": "TLS disabled can affect the confidentiality of the data in transit",
+  "reference_id": "AC-K8-NS-IN-H-0020",
+  "category": "Infrastructure Security",
+  "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_namespace/AC-K8-OE-NS-L-0128.json

@@ -1,14 +1,14 @@
 {
+  "name": "noOwnerLabel",
+  "file": "noOwnerLabel.rego",
+  "template_args": {
     "name": "noOwnerLabel",
-    "file": "noOwnerLabel.rego",
-    "template_args": {
-        "name": "noOwnerLabel",
-        "prefix": "",
-        "suffix": ""
-    },
-    "severity": "LOW",
-    "description": "No owner for namespace affects the operations",
-    "reference_id": "AC-K8-OE-NS-L-0128",
-    "category": "Operational Efficiency",
-    "version": 1
-}
+    "prefix": "",
+    "suffix": ""
+  },
+  "severity": "LOW",
+  "description": "No owner for namespace affects the operations",
+  "reference_id": "AC-K8-OE-NS-L-0128",
+  "category": "Security Best Practices",
+  "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-CA-PO-H-0165.json

@@ -1,21 +1,21 @@
 {
+  "name": "privilegeEscalationCheck",
+  "file": "securityContextCheck.rego",
+  "template_args": {
+    "allowed": "false",
+    "arg1": "cpu",
+    "arg2": "limits",
     "name": "privilegeEscalationCheck",
-    "file": "securityContextCheck.rego",
-    "template_args": {
-        "allowed": "false",
-        "arg1": "cpu",
-        "arg2": "limits",
-        "name": "privilegeEscalationCheck",
-        "not_allowed": "true",
-        "param": "allowPrivilegeEscalation",
-        "param1": "securityContext",
-        "prefix": "",
-        "suffix": "",
-        "value": "true"
-    },
-    "severity": "HIGH",
-    "description": "Containers Should Not Run with AllowPrivilegeEscalation",
-    "reference_id": "AC-K8-CA-PO-H-0165",
-    "category": "Cloud Assets Management",
-    "version": 1
-}
+    "not_allowed": "true",
+    "param": "allowPrivilegeEscalation",
+    "param1": "securityContext",
+    "prefix": "",
+    "suffix": "",
+    "value": "true"
+  },
+  "severity": "HIGH",
+  "description": "Containers Should Not Run with AllowPrivilegeEscalation",
+  "reference_id": "AC-K8-CA-PO-H-0165",
+  "category": "Compliance Validation",
+  "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-DS-PO-M-0176.json

@@ -1,14 +1,14 @@
 {
+  "name": "kubeDashboardEnabled",
+  "file": "kubeDashboardEnabled.rego",
+  "template_args": {
     "name": "kubeDashboardEnabled",
-    "file": "kubeDashboardEnabled.rego",
-    "template_args": {
-        "name": "kubeDashboardEnabled",
-        "prefix": "",
-        "suffix": ""
-    },
-    "severity": "MEDIUM",
-    "description": "Ensure Kubernetes Dashboard Is Not Deployed",
-    "reference_id": "AC-K8-DS-PO-M-0176",
-    "category": "Data Security",
-    "version": 1
-}
+    "prefix": "",
+    "suffix": ""
+  },
+  "severity": "MEDIUM",
+  "description": "Ensure Kubernetes Dashboard Is Not Deployed",
+  "reference_id": "AC-K8-DS-PO-M-0176",
+  "category": "Data Protection",
+  "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-DS-PO-M-0177.json

@@ -1,14 +1,14 @@
 {
+  "name": "tillerDeployed",
+  "file": "tillerDeployed.rego",
+  "template_args": {
     "name": "tillerDeployed",
-    "file": "tillerDeployed.rego",
-    "template_args": {
-        "name": "tillerDeployed",
-        "prefix": "",
-        "suffix": ""
-    },
-    "severity": "MEDIUM",
-    "description": "Ensure That Tiller (Helm V2) Is Not Deployed",
-    "reference_id": "AC-K8-DS-PO-M-0177",
-    "category": "Data Security",
-    "version": 1
-}
+    "prefix": "",
+    "suffix": ""
+  },
+  "severity": "MEDIUM",
+  "description": "Ensure That Tiller (Helm V2) Is Not Deployed",
+  "reference_id": "AC-K8-DS-PO-M-0177",
+  "category": "Data Protection",
+  "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-H-0117.json

@@ -1,14 +1,14 @@
 {
+  "name": "secretsAsEnvVariables",
+  "file": "secretsAsEnvVariables.rego",
+  "template_args": {
     "name": "secretsAsEnvVariables",
-    "file": "secretsAsEnvVariables.rego",
-    "template_args": {
-        "name": "secretsAsEnvVariables",
-        "prefix": "",
-        "suffix": ""
-    },
-    "severity": "HIGH",
-    "description": "Prefer using secrets as files over secrets as environment variables",
-    "reference_id": "AC-K8-NS-PO-H-0117",
-    "category": "Network Security",
-    "version": 1
-}
+    "prefix": "",
+    "suffix": ""
+  },
+  "severity": "HIGH",
+  "description": "Prefer using secrets as files over secrets as environment variables",
+  "reference_id": "AC-K8-NS-PO-H-0117",
+  "category": "Infrastructure Security",
+  "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-H-0170.json

@@ -1,14 +1,14 @@
 {
+  "name": "capSysAdminUsed",
+  "file": "capSysAdminUsed.rego",
+  "template_args": {
     "name": "capSysAdminUsed",
-    "file": "capSysAdminUsed.rego",
-    "template_args": {
-        "name": "capSysAdminUsed",
-        "prefix": "",
-        "suffix": ""
-    },
-    "severity": "HIGH",
-    "description": "Do Not Use CAP_SYS_ADMIN Linux Capability",
-    "reference_id": "AC-K8-NS-PO-H-0170",
-    "category": "Network Security",
-    "version": 1
-}
+    "prefix": "",
+    "suffix": ""
+  },
+  "severity": "HIGH",
+  "description": "Do Not Use CAP_SYS_ADMIN Linux Capability",
+  "reference_id": "AC-K8-NS-PO-H-0170",
+  "category": "Infrastructure Security",
+  "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0122.json

@@ -1,14 +1,14 @@
 {
+  "name": "securityContextUsed",
+  "file": "securityContextUsed.rego",
+  "template_args": {
     "name": "securityContextUsed",
-    "file": "securityContextUsed.rego",
-    "template_args": {
-        "name": "securityContextUsed",
-        "prefix": "",
-        "suffix": ""
-    },
-    "severity": "MEDIUM",
-    "description": "Apply Security Context to Your Pods and Containers",
-    "reference_id": "AC-K8-NS-PO-M-0122",
-    "category": "Network Security",
-    "version": 1
-}
+    "prefix": "",
+    "suffix": ""
+  },
+  "severity": "MEDIUM",
+  "description": "Apply Security Context to Your Pods and Containers",
+  "reference_id": "AC-K8-NS-PO-M-0122",
+  "category": "Infrastructure Security",
+  "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0133.json

@@ -1,14 +1,14 @@
 {
+  "name": "imageWithoutDigest",
+  "file": "imageWithoutDigest.rego",
+  "template_args": {
     "name": "imageWithoutDigest",
-    "file": "imageWithoutDigest.rego",
-    "template_args": {
-        "name": "imageWithoutDigest",
-        "prefix": "",
-        "suffix": ""
-    },
-    "severity": "MEDIUM",
-    "description": "Image without digest affects the integrity principle of image security",
-    "reference_id": "AC-K8-NS-PO-M-0133",
-    "category": "Network Security",
-    "version": 1
-}
+    "prefix": "",
+    "suffix": ""
+  },
+  "severity": "MEDIUM",
+  "description": "Image without digest affects the integrity principle of image security",
+  "reference_id": "AC-K8-NS-PO-M-0133",
+  "category": "Infrastructure Security",
+  "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0163.json

@@ -1,16 +1,16 @@
 {
+  "name": "falseHostIPC",
+  "file": "specBoolCheck.rego",
+  "template_args": {
     "name": "falseHostIPC",
-    "file": "specBoolCheck.rego",
-    "template_args": {
-        "name": "falseHostIPC",
-        "param": "hostIPC",
-        "prefix": "",
-        "suffix": "",
-        "value": "true"
-    },
-    "severity": "MEDIUM",
-    "description": "Containers Should Not Share Host IPC Namespace",
-    "reference_id": "AC-K8-NS-PO-M-0163",
-    "category": "Network Security",
-    "version": 1
-}
+    "param": "hostIPC",
+    "prefix": "",
+    "suffix": "",
+    "value": "true"
+  },
+  "severity": "MEDIUM",
+  "description": "Containers Should Not Share Host IPC Namespace",
+  "reference_id": "AC-K8-NS-PO-M-0163",
+  "category": "Infrastructure Security",
+  "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0164.json

@@ -1,16 +1,16 @@
 {
+  "name": "falseHostNetwork",
+  "file": "specBoolCheck.rego",
+  "template_args": {
     "name": "falseHostNetwork",
-    "file": "specBoolCheck.rego",
-    "template_args": {
-        "name": "falseHostNetwork",
-        "param": "hostNetwork",
-        "prefix": "",
-        "suffix": "",
-        "value": "true"
-    },
-    "severity": "MEDIUM",
-    "description": "Containers Should Not Share the Host Network Namespace",
-    "reference_id": "AC-K8-NS-PO-M-0164",
-    "category": "Network Security",
-    "version": 1
-}
+    "param": "hostNetwork",
+    "prefix": "",
+    "suffix": "",
+    "value": "true"
+  },
+  "severity": "MEDIUM",
+  "description": "Containers Should Not Share the Host Network Namespace",
+  "reference_id": "AC-K8-NS-PO-M-0164",
+  "category": "Infrastructure Security",
+  "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0171.json

@@ -1,17 +1,17 @@
 {
+  "name": "dontConnectDockerSock",
+  "file": "dockerSockCheck.rego",
+  "template_args": {
+    "attrib": "spec.volumes[_].hostPath",
     "name": "dontConnectDockerSock",
-    "file": "dockerSockCheck.rego",
-    "template_args": {
-        "attrib": "spec.volumes[_].hostPath",
-        "name": "dontConnectDockerSock",
-        "param": "path",
-        "prefix": "",
-        "suffix": "",
-        "value": "/var/run/docker"
-    },
-    "severity": "MEDIUM",
-    "description": "Restrict Mounting Docker Socket in a Container",
-    "reference_id": "AC-K8-NS-PO-M-0171",
-    "category": "Network Security",
-    "version": 1
-}
+    "param": "path",
+    "prefix": "",
+    "suffix": "",
+    "value": "/var/run/docker"
+  },
+  "severity": "MEDIUM",
+  "description": "Restrict Mounting Docker Socket in a Container",
+  "reference_id": "AC-K8-NS-PO-M-0171",
+  "category": "Infrastructure Security",
+  "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0182.json

@@ -1,14 +1,14 @@
 {
+  "name": "containersAsHighUID",
+  "file": "containersAsHighUID.rego",
+  "template_args": {
     "name": "containersAsHighUID",
-    "file": "containersAsHighUID.rego",
-    "template_args": {
-        "name": "containersAsHighUID",
-        "prefix": "",
-        "suffix": ""
-    },
-    "severity": "MEDIUM",
-    "description": "Containers Should Run as a High UID to Avoid Host Conflict",
-    "reference_id": "AC-K8-NS-PO-M-0182",
-    "category": "Network Security",
-    "version": 1
-}
+    "prefix": "",
+    "suffix": ""
+  },
+  "severity": "MEDIUM",
+  "description": "Containers Should Run as a High UID to Avoid Host Conflict",
+  "reference_id": "AC-K8-NS-PO-M-0182",
+  "category": "Infrastructure Security",
+  "version": 1
+}