k8s_rbac_cluster_roles resource
Use the k8s_rbac_cluster_roles
Chef InSpec audit resource to test all the Role-based access control (RBAC) cluster roles.
Installation
Syntax
describe k8s_rbac_cluster_roles do
#...
end
Properties
uids
- UID of the cluster roles.
kinds
- Resource type of the cluster roles.
resource_versions
- Resource version of the cluster roles.
labels
- Labels attached to the cluster roles.
annotations
- Annotations of the cluster roles.
rules
- List of rules set for the cluster roles.
aggregation_rules
- Aggregation rule set for the cluster roles.
cluster_role_selectors
- List of aggregation rule cluster role selectors set for the cluster roles.
metadata
- Metadata of the cluster roles.
creation_timestamps
- Creation timestamp of the cluster roles.
Examples
Test to verify that the RBAC cluster roles
describe k8s_rbac_cluster_roles do
it { should exist }
end
Test to verify rules set for the specified cluster role
describe k8s_rbac_cluster_roles do
its('rules') { should include apiGroups: [''], resources: ['pods'], verbs: ['get', 'list', 'watch'] }
end
Test to verify aggregation rules and aggregation rule cluster role selectors
describe k8s_rbac_cluster_roles do
its("aggregation_rules") { should_not be_empty }
its("cluster_role_selectors") { should include matchLabels: { "rbac.example.com/aggregate-to-monitoring": 'true' } }
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our Universal Matchers page.