cleaned policie tests

test/deny.rego

@@ -1,24 +0,0 @@
-package main
-
-import data.kubernetes
-
-name = input.metadata.name
-
-deny[msg] {
-	kubernetes.is_deployment
-	not input.spec.template.spec.securityContext.runAsNonRoot
-
-	msg = sprintf("Containers must not run as root in Deployment %s", [name])
-}
-
-required_deployment_selectors {
-	input.spec.selector.matchLabels.app
-	input.spec.selector.matchLabels.release
-}
-
-deny[msg] {
-	kubernetes.is_deployment
-	not required_deployment_selectors
-
-	msg = sprintf("Deployment %s must provide app/release labels for pod selectors", [name])
-}

test/kubernetes.rego

@@ -1,9 +0,0 @@
-package kubernetes
-
-is_service {
-	input.kind = "Service"
-}
-
-is_deployment {
-	input.kind = "Deployment"
-}

test/labels.rego

@@ -18,9 +18,3 @@ deny[msg] {
 	not required_deployment_labels
 	msg = sprintf("%s must include Kubernetes recommended labels: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels", [name])
 }
-
-deny[msg] {
-	input.kind = "Deployment"
-	not input.spec.selector.matchLabels.app
-	msg = "Containers must provide app label for pod selectors"
-}

test/run_as_root.rego

@@ -3,5 +3,5 @@ package main
 deny[msg] {
 	input.kind = "Deployment"
 	not input.spec.template.spec.securityContext.runAsNonRoot = true
-	msg = "Containers must not run as root"
+	msg = sprintf("%s Containers must not run as root", [name])
 }

test/selector.rego

@@ -0,0 +1,11 @@
+package main
+
+import data.kubernetes
+
+name = input.metadata.name
+
+deny[msg] {
+	input.kind = "Deployment"
+	not input.spec.selector.matchLabels.app
+	msg = sprintf("%s must provide app label for pod selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels", [name])
+}