From 170e2a517969dc1cae518a108cba9df61f5fd9a1 Mon Sep 17 00:00:00 2001
From: Jim Bugwadia <jim@nirmata.com>
Date: Sun, 10 Nov 2019 12:53:48 -0800
Subject: [PATCH] update disallow_docker_sock_mount and
 disallow_host_network_port

---
 pkg/testrunner/testrunner_test.go                         | 4 ++--
 samples/DisallowHostNetworkPort.md                        | 8 ++++----
 ...work_hostport.yaml => disallow_host_network_port.yaml} | 2 +-
 ...er_sock_mount.yaml => disallow_docker_sock_mount.yaml} | 0
 ...work_hostport.yaml => disallow_host_network_port.yaml} | 5 ++---
 5 files changed, 9 insertions(+), 10 deletions(-)
 rename samples/best_practices/{disallow_host_network_hostport.yaml => disallow_host_network_port.yaml} (94%)
 rename test/scenarios/samples/best_practices/{scenario_validate_disallow_docker_sock_mount.yaml => disallow_docker_sock_mount.yaml} (100%)
 rename test/scenarios/samples/best_practices/{scenario_validate_disallow_host_network_hostport.yaml => disallow_host_network_port.yaml} (54%)

diff --git a/pkg/testrunner/testrunner_test.go b/pkg/testrunner/testrunner_test.go
index 1a8e38badf..bed584cee7 100644
--- a/pkg/testrunner/testrunner_test.go
+++ b/pkg/testrunner/testrunner_test.go
@@ -45,7 +45,7 @@ func Test_validate_disallow_default_namespace(t *testing.T) {
 }
 
 func Test_validate_host_network_port(t *testing.T) {
-	testScenario(t, "test/scenarios/samples/best_practices/scenario_validate_disallow_host_network_hostport.yaml")
+	testScenario(t, "test/scenarios/samples/best_practices/disallow_host_network_port.yaml")
 }
 
 func Test_validate_hostPID_hostIPC(t *testing.T) {
@@ -117,7 +117,7 @@ func Test_validate_disallow_new_capabilities(t *testing.T) {
 }
 
 func Test_validate_disallow_docker_sock_mount(t *testing.T) {
-	testScenario(t, "test/scenarios/samples/best_practices/scenario_validate_disallow_docker_sock_mount.yaml")
+	testScenario(t, "test/scenarios/samples/best_practices/disallow_docker_sock_mount.yaml")
 }
 
 func Test_validate_disallow_helm_tiller(t *testing.T) {
diff --git a/samples/DisallowHostNetworkPort.md b/samples/DisallowHostNetworkPort.md
index 2f7e93de87..aeaa274e81 100644
--- a/samples/DisallowHostNetworkPort.md
+++ b/samples/DisallowHostNetworkPort.md
@@ -5,23 +5,23 @@ Using `hostPort` and `hostNetwork` allows pods to share the host networking stac
 
 ## Policy YAML
 
-[disallow_host_network_hostport.yaml](best_practices/disallow_host_network_hostport.yaml)
+[disallow_host_network_port.yaml](best_practices/disallow_host_network_port.yaml)
 
 
 ````yaml
 apiVersion: kyverno.io/v1alpha1
 kind: ClusterPolicy
 metadata:
-  name: validate-host-network-hostport
+  name: disallow-host-network-port
 spec:
   rules:
-  - name: validate-host-network-hostport
+  - name: validate-host-network-port
     match:
       resources:
         kinds:
         - Pod
     validate:
-      message: "Defining hostNetwork and hostPort are not allowed"
+      message: "Using host networking is not allowed"
       pattern:
         spec:
           (hostNetwork): false
diff --git a/samples/best_practices/disallow_host_network_hostport.yaml b/samples/best_practices/disallow_host_network_port.yaml
similarity index 94%
rename from samples/best_practices/disallow_host_network_hostport.yaml
rename to samples/best_practices/disallow_host_network_port.yaml
index af3a60aaef..e375eece68 100644
--- a/samples/best_practices/disallow_host_network_hostport.yaml
+++ b/samples/best_practices/disallow_host_network_port.yaml
@@ -8,7 +8,7 @@ metadata:
       the host network stack, allowing potential snooping of network traffic from an application pod.
 spec:
   rules:
-  - name: validate-host-network-hostport
+  - name: validate-host-network-port
     match:
       resources:
         kinds:
diff --git a/test/scenarios/samples/best_practices/scenario_validate_disallow_docker_sock_mount.yaml b/test/scenarios/samples/best_practices/disallow_docker_sock_mount.yaml
similarity index 100%
rename from test/scenarios/samples/best_practices/scenario_validate_disallow_docker_sock_mount.yaml
rename to test/scenarios/samples/best_practices/disallow_docker_sock_mount.yaml
diff --git a/test/scenarios/samples/best_practices/scenario_validate_disallow_host_network_hostport.yaml b/test/scenarios/samples/best_practices/disallow_host_network_port.yaml
similarity index 54%
rename from test/scenarios/samples/best_practices/scenario_validate_disallow_host_network_hostport.yaml
rename to test/scenarios/samples/best_practices/disallow_host_network_port.yaml
index 783bdd1c57..edcc588275 100644
--- a/test/scenarios/samples/best_practices/scenario_validate_disallow_host_network_hostport.yaml
+++ b/test/scenarios/samples/best_practices/disallow_host_network_port.yaml
@@ -1,6 +1,6 @@
 # file path relative to project root
 input:
-  policy: samples/best_practices/disallow_host_network_hostport.yaml
+  policy: samples/best_practices/disallow_host_network_port.yaml
   resource: test/resources/disallow_host_network_hostport.yaml
 expected:
   validation:
@@ -12,7 +12,6 @@ expected:
         namespace: ''
         name: "nginx-host-network"
       rules:
-        - name: validate-host-network-hostport
+        - name: validate-host-network-port
           type: Validation
-          message: "Validation error: Defining hostNetwork and hostPort are not allowed\nValidation rule 'validate-host-network-hostport' failed at path '/spec/containers/0/ports/0/hostPort/'."
           success: false   
\ No newline at end of file