renames namespaces

Shopify · Feb 24, 2023 · 7d5b684 · 7d5b684
1 parent 913ec0b
commit 7d5b684
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 10 deletions.
diff --git a/auditors/apparmor/apparmor_test.go b/auditors/apparmor/apparmor_test.go
@@ -24,7 +24,7 @@ func TestAuditAppArmor(t *testing.T) {
 		{"apparmor-annotation-init-container-missing.yml", []string{AppArmorAnnotationMissing}, true},
 		{"apparmor-disabled.yml", []string{AppArmorDisabled}, true},
 		{"apparmor-disabled-overriden.yml", []string{override.GetOverriddenResultName(AppArmorDisabled)}, true},
-		// {"apparmor-disabled-overriden-old-label.yml", []string{override.GetOverriddenResultName(AppArmorDisabled)}, true},
+		{"apparmor-disabled-overriden-old-label.yml", []string{override.GetOverriddenResultName(AppArmorDisabled)}, true},
 		{"apparmor-disabled-overriden-multiple.yml", []string{AppArmorAnnotationMissing, override.GetOverriddenResultName(AppArmorDisabled)}, true},
 		// These are invalid manifests so we should only test it in manifest mode as kubernetes will fail to apply it
 		{"apparmor-bad-value.yml", []string{AppArmorBadValue}, false},

diff --git a/auditors/apparmor/fixtures/apparmor-disabled-overriden-old-label.yml b/auditors/apparmor/fixtures/apparmor-disabled-overriden-old-label.yml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: pod
-  namespace: apparmor-disabled-overriden-old
+  namespace: apparmor-disabled-overriden-old-label
   annotations:
     container.apparmor.security.beta.kubernetes.io/container: unconfined
   labels:

diff --git a/auditors/capabilities/capabilities_test.go b/auditors/capabilities/capabilities_test.go
@@ -40,7 +40,7 @@ func TestAuditCapabilities(t *testing.T) {
 			CapabilityShouldDropAll,
 			override.GetOverriddenResultName(CapabilityAdded),
 		}},
-		{"capabilities-some-allowed-mix-old-labels.yml", fixtureDir, []string{
+		{"capabilities-some-allowed-multi-containers-mix-old-labels.yml", fixtureDir, []string{
 			CapabilityAdded,
 			CapabilityShouldDropAll,
 			override.GetOverriddenResultName(CapabilityAdded),

diff --git a/...abilities-some-allowed-mix-old-labels.yml → ...lowed-multi-containers-mix-old-labels.yml b/...abilities-some-allowed-mix-old-labels.yml → ...lowed-multi-containers-mix-old-labels.yml
@@ -4,7 +4,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: deployment
-  namespace: capabilities-some-allowed-multi-containers-mix-labels
+  namespace: capabilities-some-allowed-multi-containers-mix-old-labels
 spec:
   selector:
     matchLabels:

diff --git a/auditors/netpols/fixtures/namespace-allow-missing-default-deny-ingress-old-label.yml b/auditors/netpols/fixtures/namespace-allow-missing-default-deny-ingress-old-label.yml
@@ -1,18 +1,17 @@
 # this is to test backwards compatibility with old unregistered annotations (kubernetes.io)
-
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: namespace-missing-default-deny-ingress-netpol-allowed
+  name: namespace-allow-missing-default-deny-ingress-old-label
   labels:
-    audit.kubernetes.io/namespace.allow-non-default-deny-ingress-network-policy: "SomeReason"
+    audit.kubeaudit.io/namespace.allow-non-default-deny-ingress-network-policy: "SomeReason"
 ---
 # https://kubernetes.io/docs/concepts/services-networking/network-policies/#default-deny-all-ingress-traffic
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: default-deny
-  namespace: namespace-missing-default-deny-ingress-netpol-allowed
+  namespace: namespace-allow-missing-default-deny-ingress-old-label
 spec:
   podSelector: {}
   policyTypes:

diff --git a/printer.go b/printer.go
@@ -82,13 +82,13 @@ func (p *Printer) PrintReport(report *Report) {
 }
 
 func (p *Printer) prettyPrintReport(report *Report) {
+	p.printColor(color.YellowColor, p.deprecationWarning)
+
 	if len(report.ResultsWithMinSeverity(p.minSeverity)) < 1 {
 		p.printColor(color.GreenColor, "All checks completed. 0 high-risk vulnerabilities found\n")
 		return
 	}
 
-	p.printColor(color.YellowColor, p.deprecationWarning)
-
 	for _, workloadResult := range report.ResultsWithMinSeverity(p.minSeverity) {
 		resource := workloadResult.GetResource().Object()
 		objectMeta := k8s.GetObjectMeta(resource)