Update unset-memory-requirements and unset-cpu-requirements, fixes st…

…ackrox#694 stackrox#695

docs/generated/checks.md

@@ -629,15 +629,15 @@ unsafeSysCtls:
 
 **Description**: Indicates when containers do not have CPU requests and limits set.
 
-**Remediation**: Set CPU requests and limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.
+**Remediation**: Set CPU limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.
 
 **Template**: [cpu-requirements](templates.md#cpu-requirements)
 
 **Parameters**:
 
 ```yaml
 lowerBoundMillis: 0
-requirementsType: any
+requirementsType: request
 upperBoundMillis: 0
 ```
 ## unset-memory-requirements
@@ -646,15 +646,15 @@ upperBoundMillis: 0
 
 **Description**: Indicates when containers do not have memory requests and limits set.
 
-**Remediation**: Set memory requests and limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.
+**Remediation**: Set memory limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.
 
 **Template**: [memory-requirements](templates.md#memory-requirements)
 
 **Parameters**:
 
 ```yaml
 lowerBoundMB: 0
-requirementsType: any
+requirementsType: request
 upperBoundMB: 0
 ```
 ## use-namespace

e2etests/bats-tests.sh

@@ -903,16 +903,12 @@ get_value_from() {
   [ "$status" -eq 1 ]
 
   message1=$(get_value_from "${lines[0]}" '.Reports[0].Object.K8sObject.GroupVersionKind.Kind + ": " + .Reports[0].Diagnostic.Message')
-  message2=$(get_value_from "${lines[0]}" '.Reports[1].Object.K8sObject.GroupVersionKind.Kind + ": " + .Reports[1].Diagnostic.Message')
-  message3=$(get_value_from "${lines[0]}" '.Reports[2].Object.K8sObject.GroupVersionKind.Kind + ": " + .Reports[2].Diagnostic.Message')
-  message4=$(get_value_from "${lines[0]}" '.Reports[3].Object.K8sObject.GroupVersionKind.Kind + ": " + .Reports[3].Diagnostic.Message')
+  message2=$(get_value_from "${lines[0]}" '.Reports[2].Object.K8sObject.GroupVersionKind.Kind + ": " + .Reports[2].Diagnostic.Message')
   count=$(get_value_from "${lines[0]}" '.Reports | length')
 
   [[ "${message1}" == "Deployment: container \"app\" has cpu request 0" ]]
-  [[ "${message2}" == "Deployment: container \"app\" has cpu limit 0" ]]
-  [[ "${message3}" == "DeploymentConfig: container \"app\" has cpu request 0" ]]
-  [[ "${message4}" == "DeploymentConfig: container \"app\" has cpu limit 0" ]]
-  [[ "${count}" == "4" ]]
+  [[ "${message2}" == "DeploymentConfig: container \"app\" has cpu request 0" ]]
+  [[ "${count}" == "2" ]]
 }
 
 @test "unset-memory-requirements" {
@@ -924,16 +920,12 @@ get_value_from() {
   [ "$status" -eq 1 ]
 
   message1=$(get_value_from "${lines[0]}" '.Reports[0].Object.K8sObject.GroupVersionKind.Kind + ": " + .Reports[0].Diagnostic.Message')
-  message2=$(get_value_from "${lines[0]}" '.Reports[1].Object.K8sObject.GroupVersionKind.Kind + ": " + .Reports[1].Diagnostic.Message')
-  message3=$(get_value_from "${lines[0]}" '.Reports[2].Object.K8sObject.GroupVersionKind.Kind + ": " + .Reports[2].Diagnostic.Message')
-  message4=$(get_value_from "${lines[0]}" '.Reports[3].Object.K8sObject.GroupVersionKind.Kind + ": " + .Reports[3].Diagnostic.Message')
+  message2=$(get_value_from "${lines[0]}" '.Reports[2].Object.K8sObject.GroupVersionKind.Kind + ": " + .Reports[2].Diagnostic.Message')
   count=$(get_value_from "${lines[0]}" '.Reports | length')
 
   [[ "${message1}" == "Deployment: container \"app\" has memory request 0" ]]
-  [[ "${message2}" == "Deployment: container \"app\" has memory limit 0" ]]
-  [[ "${message3}" == "DeploymentConfig: container \"app\" has memory request 0" ]]
-  [[ "${message4}" == "DeploymentConfig: container \"app\" has memory limit 0" ]]
-  [[ "${count}" == "4" ]]
+  [[ "${message2}" == "DeploymentConfig: container \"app\" has memory request 0" ]]
+  [[ "${count}" == "2" ]]
 }
 
 @test "use-namespace" {

pkg/builtinchecks/yamls/unset-cpu-requirements.yaml

@@ -4,10 +4,10 @@ scope:
   objectKinds:
     - DeploymentLike
 remediation: >-
-  Set CPU requests and limits for your container based on its requirements.
+  Set CPU limits for your container based on its requirements.
   Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.
 template: "cpu-requirements"
 params:
-  requirementsType: "any"
+  requirementsType: "request"
   lowerBoundMillis: 0
   upperBoundMillis: 0

pkg/builtinchecks/yamls/unset-memory-requirements.yaml

@@ -1,13 +1,13 @@
 name: "unset-memory-requirements"
 description: "Indicates when containers do not have memory requests and limits set."
 remediation: >-
-  Set memory requests and limits for your container based on its requirements.
+  Set memory limits for your container based on its requirements.
   Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.
 scope:
   objectKinds:
     - DeploymentLike
 template: "memory-requirements"
 params:
-  requirementsType: "any"
+  requirementsType: "request"
   lowerBoundMB: 0
   upperBoundMB: 0

tests/checks/unset-cpu-requirements.yml

@@ -25,6 +25,4 @@ spec:
       containers:
       - name: app
         requests:
-          memory: 1Gi
-        limits:
           memory: 1Gi

tests/checks/unset-memory-requirements.yml

@@ -25,6 +25,4 @@ spec:
       containers:
       - name: app
         requests:
-          cpu: 1
-        limits:
           cpu: 1