Merge pull request #22 from defenseunicorns/mtls_strict_rule

Added rule to check for mtls value
defenseunicorns · Sep 13, 2022 · cb64a40 · cb64a40
2 parents a260a87 + 4978d33
commit cb64a40
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/test/cli/component-definitions/oscal-component.yaml b/test/cli/component-definitions/oscal-component.yaml
@@ -302,6 +302,17 @@ component-definition:
               spec:
                 ^(containers):
                 - image: "*/istio/proxyv*"
+        - name: istio-controlplane_AC-4(peer-authentication-STRICT)
+          match:
+            resources:
+                kinds: 
+                - PeerAuthentication
+          validate:
+            message: "Every peer authentication should have mtls set to STRICT"
+            pattern:
+              spec:
+                mtls:
+                  mode: "STRICT"
 
       - uuid: 1D1E8705-F6EB-4A21-A24F-1DF7427BA491
         control-id: ac-4.4