Control: Ingress definition should not have NGINX ingress annotation snippets containing lua code snippets
Description
This check ensures that the NGINX ingress annotation snippets in the Ingress do not contain lua code snippets.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.ingress_nginx_annotations_snippets_lua_code_not_usedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.ingress_nginx_annotations_snippets_lua_code_not_used --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when a.key like '%snippet%' and a.value ~ '(lua_|_lua|_lua_|kubernetes\.io)' then 'alarm' else 'ok' end as status, case when a.key like '%snippet%' and a.value ~ '(lua_|_lua|_lua_|kubernetes\.io)' then a.key || ' annotation snippet contains lua code execution.' else a.key || ' annotation snippet does not contain lua code execution.' end as reason, name as ingress_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_ingress, jsonb_each_text(annotations) as a;