From de6cc940b79e8f330d34b7aa05c84ff46867ead2 Mon Sep 17 00:00:00 2001
From: Simar <simar@linux.com>
Date: Tue, 4 Mar 2025 17:12:44 -0700
Subject: [PATCH] refactor network checks

---
 checks/{cloud => }/kubernetes/network/bind_address.rego       | 0
 checks/{cloud => }/kubernetes/network/bind_address_test.rego  | 0
 .../kubernetes/network/deny_service_external_ips_plugin.rego  | 0
 .../network/deny_service_external_ips_plugin_test.rego        | 0
 .../kubernetes/network/kubelet_make_iptables_util_chains.rego | 0
 .../network/kubelet_make_iptables_util_chains_test.rego       | 0
 .../kubernetes/network/kubelet_read_only_port_argument.rego   | 0
 .../network/kubelet_read_only_port_argument_test.rego         | 0
 .../network/kubelet_streaming_connection_argument.rego        | 0
 .../network/kubelet_streaming_connection_argument_test.rego   | 0
 .../kubernetes/network/manage_kubernetes_networking.rego      | 0
 .../kubernetes/network/manage_kubernetes_networking_test.rego | 0
 checks/{cloud => }/kubernetes/network/net_raw_capability.rego | 0
 .../kubernetes/network/net_raw_capability_test.rego           | 0
 checks/{cloud => }/kubernetes/network/no_public_egress.rego   | 4 ++--
 checks/{cloud => }/kubernetes/network/no_public_egress.yaml   | 0
 .../{cloud => }/kubernetes/network/no_public_egress_test.rego | 0
 checks/{cloud => }/kubernetes/network/no_public_ingress.rego  | 4 ++--
 checks/{cloud => }/kubernetes/network/no_public_ingress.yaml  | 0
 .../kubernetes/network/no_public_ingress_test.rego            | 0
 .../kubernetes/network/proxy_kube_config_file_ownership.rego  | 0
 .../network/proxy_kube_config_file_ownership_test.rego        | 0
 .../kubernetes/network/proxy_kube_config_file_permission.rego | 0
 .../network/proxy_kube_config_file_permission_test.rego       | 0
 checks/{cloud => }/kubernetes/network/secure_port.rego        | 0
 checks/{cloud => }/kubernetes/network/secure_port_test.rego   | 0
 .../network/selector_usage_in_network_policies.rego           | 2 +-
 .../network/selector_usage_in_network_policies.yaml           | 0
 .../network/selector_usage_in_network_policies_test.rego      | 0
 .../kubernetes/network/service_with_externalip.rego           | 0
 .../kubernetes/network/service_with_externalip_test.rego      | 0
 31 files changed, 5 insertions(+), 5 deletions(-)
 rename checks/{cloud => }/kubernetes/network/bind_address.rego (100%)
 rename checks/{cloud => }/kubernetes/network/bind_address_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/deny_service_external_ips_plugin.rego (100%)
 rename checks/{cloud => }/kubernetes/network/deny_service_external_ips_plugin_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/kubelet_make_iptables_util_chains.rego (100%)
 rename checks/{cloud => }/kubernetes/network/kubelet_make_iptables_util_chains_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/kubelet_read_only_port_argument.rego (100%)
 rename checks/{cloud => }/kubernetes/network/kubelet_read_only_port_argument_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/kubelet_streaming_connection_argument.rego (100%)
 rename checks/{cloud => }/kubernetes/network/kubelet_streaming_connection_argument_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/manage_kubernetes_networking.rego (100%)
 rename checks/{cloud => }/kubernetes/network/manage_kubernetes_networking_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/net_raw_capability.rego (100%)
 rename checks/{cloud => }/kubernetes/network/net_raw_capability_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/no_public_egress.rego (88%)
 rename checks/{cloud => }/kubernetes/network/no_public_egress.yaml (100%)
 rename checks/{cloud => }/kubernetes/network/no_public_egress_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/no_public_ingress.rego (89%)
 rename checks/{cloud => }/kubernetes/network/no_public_ingress.yaml (100%)
 rename checks/{cloud => }/kubernetes/network/no_public_ingress_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/proxy_kube_config_file_ownership.rego (100%)
 rename checks/{cloud => }/kubernetes/network/proxy_kube_config_file_ownership_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/proxy_kube_config_file_permission.rego (100%)
 rename checks/{cloud => }/kubernetes/network/proxy_kube_config_file_permission_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/secure_port.rego (100%)
 rename checks/{cloud => }/kubernetes/network/secure_port_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/selector_usage_in_network_policies.rego (96%)
 rename checks/{cloud => }/kubernetes/network/selector_usage_in_network_policies.yaml (100%)
 rename checks/{cloud => }/kubernetes/network/selector_usage_in_network_policies_test.rego (100%)
 rename checks/{cloud => }/kubernetes/network/service_with_externalip.rego (100%)
 rename checks/{cloud => }/kubernetes/network/service_with_externalip_test.rego (100%)

diff --git a/checks/cloud/kubernetes/network/bind_address.rego b/checks/kubernetes/network/bind_address.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/bind_address.rego
rename to checks/kubernetes/network/bind_address.rego
diff --git a/checks/cloud/kubernetes/network/bind_address_test.rego b/checks/kubernetes/network/bind_address_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/bind_address_test.rego
rename to checks/kubernetes/network/bind_address_test.rego
diff --git a/checks/cloud/kubernetes/network/deny_service_external_ips_plugin.rego b/checks/kubernetes/network/deny_service_external_ips_plugin.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/deny_service_external_ips_plugin.rego
rename to checks/kubernetes/network/deny_service_external_ips_plugin.rego
diff --git a/checks/cloud/kubernetes/network/deny_service_external_ips_plugin_test.rego b/checks/kubernetes/network/deny_service_external_ips_plugin_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/deny_service_external_ips_plugin_test.rego
rename to checks/kubernetes/network/deny_service_external_ips_plugin_test.rego
diff --git a/checks/cloud/kubernetes/network/kubelet_make_iptables_util_chains.rego b/checks/kubernetes/network/kubelet_make_iptables_util_chains.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/kubelet_make_iptables_util_chains.rego
rename to checks/kubernetes/network/kubelet_make_iptables_util_chains.rego
diff --git a/checks/cloud/kubernetes/network/kubelet_make_iptables_util_chains_test.rego b/checks/kubernetes/network/kubelet_make_iptables_util_chains_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/kubelet_make_iptables_util_chains_test.rego
rename to checks/kubernetes/network/kubelet_make_iptables_util_chains_test.rego
diff --git a/checks/cloud/kubernetes/network/kubelet_read_only_port_argument.rego b/checks/kubernetes/network/kubelet_read_only_port_argument.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/kubelet_read_only_port_argument.rego
rename to checks/kubernetes/network/kubelet_read_only_port_argument.rego
diff --git a/checks/cloud/kubernetes/network/kubelet_read_only_port_argument_test.rego b/checks/kubernetes/network/kubelet_read_only_port_argument_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/kubelet_read_only_port_argument_test.rego
rename to checks/kubernetes/network/kubelet_read_only_port_argument_test.rego
diff --git a/checks/cloud/kubernetes/network/kubelet_streaming_connection_argument.rego b/checks/kubernetes/network/kubelet_streaming_connection_argument.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/kubelet_streaming_connection_argument.rego
rename to checks/kubernetes/network/kubelet_streaming_connection_argument.rego
diff --git a/checks/cloud/kubernetes/network/kubelet_streaming_connection_argument_test.rego b/checks/kubernetes/network/kubelet_streaming_connection_argument_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/kubelet_streaming_connection_argument_test.rego
rename to checks/kubernetes/network/kubelet_streaming_connection_argument_test.rego
diff --git a/checks/cloud/kubernetes/network/manage_kubernetes_networking.rego b/checks/kubernetes/network/manage_kubernetes_networking.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/manage_kubernetes_networking.rego
rename to checks/kubernetes/network/manage_kubernetes_networking.rego
diff --git a/checks/cloud/kubernetes/network/manage_kubernetes_networking_test.rego b/checks/kubernetes/network/manage_kubernetes_networking_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/manage_kubernetes_networking_test.rego
rename to checks/kubernetes/network/manage_kubernetes_networking_test.rego
diff --git a/checks/cloud/kubernetes/network/net_raw_capability.rego b/checks/kubernetes/network/net_raw_capability.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/net_raw_capability.rego
rename to checks/kubernetes/network/net_raw_capability.rego
diff --git a/checks/cloud/kubernetes/network/net_raw_capability_test.rego b/checks/kubernetes/network/net_raw_capability_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/net_raw_capability_test.rego
rename to checks/kubernetes/network/net_raw_capability_test.rego
diff --git a/checks/cloud/kubernetes/network/no_public_egress.rego b/checks/kubernetes/network/no_public_egress.rego
similarity index 88%
rename from checks/cloud/kubernetes/network/no_public_egress.rego
rename to checks/kubernetes/network/no_public_egress.rego
index fa8aca61..03b943a9 100644
--- a/checks/cloud/kubernetes/network/no_public_egress.rego
+++ b/checks/kubernetes/network/no_public_egress.rego
@@ -19,10 +19,10 @@
 #           - provider: kubernetes
 #             service: networkpolicies
 #   terraform:
-#     good_examples: checks/cloud/kubernetes/network/no_public_egress.yaml
+#     good_examples: checks/kubernetes/network/no_public_egress.yaml
 #     links:
 #       - https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy#spec.egress.to.ip_block.cidr
-#   examples: checks/cloud/kubernetes/network/no_public_egress.yaml
+#   examples: checks/kubernetes/network/no_public_egress.yaml
 package builtin.kube.network.kube0002
 
 import rego.v1
diff --git a/checks/cloud/kubernetes/network/no_public_egress.yaml b/checks/kubernetes/network/no_public_egress.yaml
similarity index 100%
rename from checks/cloud/kubernetes/network/no_public_egress.yaml
rename to checks/kubernetes/network/no_public_egress.yaml
diff --git a/checks/cloud/kubernetes/network/no_public_egress_test.rego b/checks/kubernetes/network/no_public_egress_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/no_public_egress_test.rego
rename to checks/kubernetes/network/no_public_egress_test.rego
diff --git a/checks/cloud/kubernetes/network/no_public_ingress.rego b/checks/kubernetes/network/no_public_ingress.rego
similarity index 89%
rename from checks/cloud/kubernetes/network/no_public_ingress.rego
rename to checks/kubernetes/network/no_public_ingress.rego
index 23c7cdb7..7dad9906 100644
--- a/checks/cloud/kubernetes/network/no_public_ingress.rego
+++ b/checks/kubernetes/network/no_public_ingress.rego
@@ -20,10 +20,10 @@
 #           - provider: kubernetes
 #             service: networkpolicies
 #   terraform:
-#     good_examples: checks/cloud/kubernetes/network/no_public_ingress.yaml
+#     good_examples: checks/kubernetes/network/no_public_ingress.yaml
 #     links:
 #       - https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy#spec.ingress.from.ip_block.cidr
-#   examples: checks/cloud/kubernetes/network/no_public_ingress.yaml
+#   examples: checks/kubernetes/network/no_public_ingress.yaml
 package builtin.kube.network.kube0001
 
 import rego.v1
diff --git a/checks/cloud/kubernetes/network/no_public_ingress.yaml b/checks/kubernetes/network/no_public_ingress.yaml
similarity index 100%
rename from checks/cloud/kubernetes/network/no_public_ingress.yaml
rename to checks/kubernetes/network/no_public_ingress.yaml
diff --git a/checks/cloud/kubernetes/network/no_public_ingress_test.rego b/checks/kubernetes/network/no_public_ingress_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/no_public_ingress_test.rego
rename to checks/kubernetes/network/no_public_ingress_test.rego
diff --git a/checks/cloud/kubernetes/network/proxy_kube_config_file_ownership.rego b/checks/kubernetes/network/proxy_kube_config_file_ownership.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/proxy_kube_config_file_ownership.rego
rename to checks/kubernetes/network/proxy_kube_config_file_ownership.rego
diff --git a/checks/cloud/kubernetes/network/proxy_kube_config_file_ownership_test.rego b/checks/kubernetes/network/proxy_kube_config_file_ownership_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/proxy_kube_config_file_ownership_test.rego
rename to checks/kubernetes/network/proxy_kube_config_file_ownership_test.rego
diff --git a/checks/cloud/kubernetes/network/proxy_kube_config_file_permission.rego b/checks/kubernetes/network/proxy_kube_config_file_permission.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/proxy_kube_config_file_permission.rego
rename to checks/kubernetes/network/proxy_kube_config_file_permission.rego
diff --git a/checks/cloud/kubernetes/network/proxy_kube_config_file_permission_test.rego b/checks/kubernetes/network/proxy_kube_config_file_permission_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/proxy_kube_config_file_permission_test.rego
rename to checks/kubernetes/network/proxy_kube_config_file_permission_test.rego
diff --git a/checks/cloud/kubernetes/network/secure_port.rego b/checks/kubernetes/network/secure_port.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/secure_port.rego
rename to checks/kubernetes/network/secure_port.rego
diff --git a/checks/cloud/kubernetes/network/secure_port_test.rego b/checks/kubernetes/network/secure_port_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/secure_port_test.rego
rename to checks/kubernetes/network/secure_port_test.rego
diff --git a/checks/cloud/kubernetes/network/selector_usage_in_network_policies.rego b/checks/kubernetes/network/selector_usage_in_network_policies.rego
similarity index 96%
rename from checks/cloud/kubernetes/network/selector_usage_in_network_policies.rego
rename to checks/kubernetes/network/selector_usage_in_network_policies.rego
index 741619bf..a1ea7186 100644
--- a/checks/cloud/kubernetes/network/selector_usage_in_network_policies.rego
+++ b/checks/kubernetes/network/selector_usage_in_network_policies.rego
@@ -15,7 +15,7 @@
 #   input:
 #     selector:
 #     - type: kubernetes
-#   examples: checks/cloud/kubernetes/network/selector_usage_in_network_policies.yaml
+#   examples: checks/kubernetes/network/selector_usage_in_network_policies.yaml
 package builtin.kubernetes.KSV038
 
 import rego.v1
diff --git a/checks/cloud/kubernetes/network/selector_usage_in_network_policies.yaml b/checks/kubernetes/network/selector_usage_in_network_policies.yaml
similarity index 100%
rename from checks/cloud/kubernetes/network/selector_usage_in_network_policies.yaml
rename to checks/kubernetes/network/selector_usage_in_network_policies.yaml
diff --git a/checks/cloud/kubernetes/network/selector_usage_in_network_policies_test.rego b/checks/kubernetes/network/selector_usage_in_network_policies_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/selector_usage_in_network_policies_test.rego
rename to checks/kubernetes/network/selector_usage_in_network_policies_test.rego
diff --git a/checks/cloud/kubernetes/network/service_with_externalip.rego b/checks/kubernetes/network/service_with_externalip.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/service_with_externalip.rego
rename to checks/kubernetes/network/service_with_externalip.rego
diff --git a/checks/cloud/kubernetes/network/service_with_externalip_test.rego b/checks/kubernetes/network/service_with_externalip_test.rego
similarity index 100%
rename from checks/cloud/kubernetes/network/service_with_externalip_test.rego
rename to checks/kubernetes/network/service_with_externalip_test.rego