Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Groups examples by category in filter #35

Merged
merged 5 commits into from
Oct 16, 2023
Merged

Groups examples by category in filter #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
bf88062
adds the category field to yml file
joaovictor3g Oct 16, 2023
655f586
adds group by category in select
joaovictor3g Oct 16, 2023
50b0455
fixes styles of dropdown and add in blank option
joaovictor3g Oct 16, 2023
722b09a
fixes dropdown logics and render names
joaovictor3g Oct 16, 2023
d876360
build wasm
matheusfm Oct 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 29 additions & 13 deletions examples.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,22 +22,23 @@ examples:
// - Use the area on the side for input data, in YAML or JSON format
// - Press 'Run' to evaluate your CEL expression against the input data
// - Explore our collection of examples for inspiration

account.balance >= transaction.withdrawal
|| (account.overdraftProtection
&& account.overdraftLimit >= transaction.withdrawal - account.balance)

data: |
# Here is the input data in YAML or JSON format.

account:
balance: 500
overdraftProtection: true
overdraftLimit: 1000
transaction:
withdrawal: 700
category: "default"

- name: "Kubernetes: Check image registry"
- name: "Check image registry"
cel: |
object.spec.template.spec.containers.all(container,
params.allowedRegistries.exists(registry,
Expand Down Expand Up @@ -68,12 +69,13 @@ examples:
selector:
matchLabels:
app: nginx
category: "Kubernetes"

- name: "Kubernetes: Disallow HostPorts"
- name: "Disallow HostPorts"
cel: |
// According the Pod Security Standards, HostPorts should be disallowed entirely.
// https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline

object.spec.template.spec.containers.all(container,
!has(container.ports) ||
container.ports.all(port,
Expand Down Expand Up @@ -103,12 +105,13 @@ examples:
selector:
matchLabels:
app: nginx
category: "Kubernetes"

- name: "Kubernetes: Require non-root containers"
- name: "Require non-root containers"
cel: |
// According the Pod Security Standards, Containers must be required to run as non-root users.
// https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted

// Pod or Containers must set `securityContext.runAsNonRoot`
(
(has(object.spec.template.spec.securityContext) && has(object.spec.template.spec.securityContext.runAsNonRoot)) ||
Expand All @@ -117,7 +120,7 @@ examples:
)
)
&&

// Neither Pod nor Containers should set `securityContext.runAsNonRoot` to false
(
(!has(object.spec.template.spec.securityContext) || !has(object.spec.template.spec.securityContext.runAsNonRoot) || object.spec.template.spec.securityContext.runAsNonRoot != false)
Expand Down Expand Up @@ -149,12 +152,13 @@ examples:
selector:
matchLabels:
app: nginx
category: "Kubernetes"

- name: "Kubernetes: Drop ALL capabilities"
- name: "Drop ALL capabilities"
cel: |
// According the Pod Security Standards, Containers must drop `ALL` capabilities, and are only permitted to add back the `NET_BIND_SERVICE` capability.
// https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted

// Containers must drop `ALL` capabilities,
object.spec.template.spec.containers.all(container,
has(container.securityContext) &&
Expand Down Expand Up @@ -196,8 +200,9 @@ examples:
selector:
matchLabels:
app: nginx
category: "Kubernetes"

- name: "Kubernetes: Semantic version check for image tags (Regex)"
- name: "Semantic version check for image tags (Regex)"
cel: |
// Checks if the container images are tagged following the semantic version.

Expand Down Expand Up @@ -225,6 +230,7 @@ examples:
image: registry.com:80/nginx@sha256:asdf
- name: wrong
image: registry.com:80/nginx:latest # comment the wrong container to test a success scenario
category: "Kubernetes"

- name: "URLs"
cel: |
Expand All @@ -244,6 +250,7 @@ examples:
"href": "https://user:pass@example.com:80/path?query=val#fragment"
}
}
category: "General"

- name: "Check JWT custom claims"
cel: |
Expand All @@ -253,7 +260,7 @@ examples:
// Determine whether the jwt.extra_claims has at least one key that starts
// with the group prefix, and ensure that all group-like keys have list
// values containing only strings that end with '@acme.co'.

jwt.extra_claims.exists(c, c.startsWith('group'))
&& jwt.extra_claims
.filter(c, c.startsWith('group'))
Expand All @@ -275,10 +282,12 @@ examples:
"labels": [ "metadata", "prod", "pii" ]
}
}
category: "General"

- name: "Optional"
cel: 'object.?foo.orValue("fallback")'
data: "object: {}"
category: "General"

- name: "Duration and timestamp"
cel: |
Expand All @@ -290,11 +299,12 @@ examples:
created: "2023-06-14T02:00:14+00:00"
ttl: "5m"
expired: "2023-06-14T02:06:14+00:00"
category: "General"

- name: "Quantity"
cel: |
// Quantity library introduced in Kubernetes 1.28

isQuantity(object.memory) &&
quantity(object.memory)
.add(quantity("700M"))
Expand All @@ -304,3 +314,9 @@ examples:
object:
memory: 1.3G
limit: 2G
category: "General"

- name: "Blank"
cel: ""
data: ""
category: "Blank"
Loading