fix(gke): Remove pod-security-policy-config check

aquasecurity · Nov 6, 2023 · c9ec157 · c9ec157
1 parent 6d440af
commit c9ec157
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 28 deletions.
diff --git a/internal/adapters/terraform/google/gke/adapt.go b/internal/adapters/terraform/google/gke/adapt.go
@@ -69,10 +69,6 @@ func (a *adapter) adaptCluster(resource *terraform.Block, module *terraform.Modu
 		},
 		LoggingService:    defsecTypes.StringDefault("logging.googleapis.com/kubernetes", resource.GetMetadata()),
 		MonitoringService: defsecTypes.StringDefault("monitoring.googleapis.com/kubernetes", resource.GetMetadata()),
-		PodSecurityPolicy: gke.PodSecurityPolicy{
-			Metadata: resource.GetMetadata(),
-			Enabled:  defsecTypes.BoolDefault(false, resource.GetMetadata()),
-		},
 		MasterAuth: gke.MasterAuth{
 			Metadata: resource.GetMetadata(),
 			ClientCertificate: gke.ClientCertificate{
@@ -125,12 +121,6 @@ func (a *adapter) adaptCluster(resource *terraform.Block, module *terraform.Modu
 	monitoringServiceAttr := resource.GetAttribute("monitoring_service")
 	cluster.MonitoringService = monitoringServiceAttr.AsStringValueOrDefault("monitoring.googleapis.com/kubernetes", resource)
 
-	if policyBlock := resource.GetBlock("pod_security_policy_config"); policyBlock.IsNotNil() {
-		enabledAttr := policyBlock.GetAttribute("enabled")
-		cluster.PodSecurityPolicy.Metadata = policyBlock.GetMetadata()
-		cluster.PodSecurityPolicy.Enabled = enabledAttr.AsBoolValueOrDefault(false, policyBlock)
-	}
-
 	if masterBlock := resource.GetBlock("master_auth"); masterBlock.IsNotNil() {
 		cluster.MasterAuth = adaptMasterAuth(masterBlock)
 	}
@@ -243,10 +233,6 @@ func (a *adapter) adaptNodePool(resource *terraform.Block) {
 		},
 		LoggingService:    defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()),
 		MonitoringService: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()),
-		PodSecurityPolicy: gke.PodSecurityPolicy{
-			Metadata: defsecTypes.NewUnmanagedMetadata(),
-			Enabled:  defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()),
-		},
 		MasterAuth: gke.MasterAuth{
 			Metadata: defsecTypes.NewUnmanagedMetadata(),
 			ClientCertificate: gke.ClientCertificate{

diff --git a/internal/adapters/terraform/google/gke/adapt_test.go b/internal/adapters/terraform/google/gke/adapt_test.go
@@ -153,10 +153,6 @@ resource "google_container_node_pool" "primary_preemptible_nodes" {
 						},
 						LoggingService:    defsecTypes.String("logging.googleapis.com/kubernetes", defsecTypes.NewTestMetadata()),
 						MonitoringService: defsecTypes.String("monitoring.googleapis.com/kubernetes", defsecTypes.NewTestMetadata()),
-						PodSecurityPolicy: gke.PodSecurityPolicy{
-							Metadata: defsecTypes.NewTestMetadata(),
-							Enabled:  defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
-						},
 						MasterAuth: gke.MasterAuth{
 							Metadata: defsecTypes.NewTestMetadata(),
 							ClientCertificate: gke.ClientCertificate{
@@ -227,10 +223,6 @@ resource "google_container_cluster" "example" {
 						},
 						LoggingService:    defsecTypes.String("logging.googleapis.com/kubernetes", defsecTypes.NewTestMetadata()),
 						MonitoringService: defsecTypes.String("monitoring.googleapis.com/kubernetes", defsecTypes.NewTestMetadata()),
-						PodSecurityPolicy: gke.PodSecurityPolicy{
-							Metadata: defsecTypes.NewTestMetadata(),
-							Enabled:  defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
-						},
 						MasterAuth: gke.MasterAuth{
 							Metadata: defsecTypes.NewTestMetadata(),
 							ClientCertificate: gke.ClientCertificate{
@@ -342,12 +334,6 @@ resource "google_container_node_pool" "primary_preemptible_nodes" {
 	assert.Equal(t, 50, cluster.NodeConfig.EnableLegacyEndpoints.GetMetadata().Range().GetStartLine())
 	assert.Equal(t, 52, cluster.NodeConfig.EnableLegacyEndpoints.GetMetadata().Range().GetEndLine())
 
-	assert.Equal(t, 9, cluster.PodSecurityPolicy.Metadata.Range().GetStartLine())
-	assert.Equal(t, 11, cluster.PodSecurityPolicy.Metadata.Range().GetEndLine())
-
-	assert.Equal(t, 10, cluster.PodSecurityPolicy.Enabled.GetMetadata().Range().GetStartLine())
-	assert.Equal(t, 10, cluster.PodSecurityPolicy.Enabled.GetMetadata().Range().GetEndLine())
-
 	assert.Equal(t, 13, cluster.EnableLegacyABAC.GetMetadata().Range().GetStartLine())
 	assert.Equal(t, 13, cluster.EnableLegacyABAC.GetMetadata().Range().GetEndLine())