Merge branch 'main' into cis1.4

gke-policies-v2/policy/node_pool_use_cos.rego

@@ -44,5 +44,6 @@ valid {
 violation[msg] {
   some pool
   not lower(input.data.gke.node_pools[pool].config.image_type) in {"cos", "cos_containerd"}
+  not startswith(lower(input.data.gke.node_pools[pool].config.image_type), "windows")
   msg := sprintf("Node pool %q does not use Container-Optimized OS.", [input.data.gke.node_pools[pool].name])
 }

gke-policies-v2/policy/node_pool_use_cos_test.rego

@@ -40,4 +40,8 @@ test_multiple_node_pool_using_cos_but_only_one {
 
 test_multiple_node_pool_using_cos {
     valid with input as {"data": {"gke": {"name": "cluster-cos", "node_pools": [{"name": "default", "config": {"image_type": "cos"}},{"name": "custom", "config": {"image_type": "cos_containerd"}}]}}}
+}
+
+test_windows_node_pool {
+    valid with input as {"data": {"gke": {"name": "windows-server", "node_pools": [{"name": "default", "config": {"image_type": "windows-server"}}]}}}
 }

gke-policies/policy/node_pool_use_cos.rego

@@ -42,5 +42,6 @@ valid {
 
 violation[msg] {  
   not lower(input.node_pools[pool].config.image_type) in {"cos", "cos_containerd"}
+  not startswith(lower(input.node_pools[pool].config.image_type), "windows")
   msg := sprintf("Node pool %q does not use Container-Optimized OS.", [input.node_pools[pool].name])
 } 

gke-policies/policy/node_pool_use_cos_test.rego

@@ -40,4 +40,8 @@ test_multiple_node_pool_using_cos_but_only_one {
 
 test_multiple_node_pool_using_cos {
     valid with input as {"name": "cluster-cos", "node_pools": [{"name": "default", "config": {"image_type": "cos"}},{"name": "custom", "config": {"image_type": "cos_containerd"}}]}
+}
+
+test_windows_node_pool {
+    valid with input as {"name": "cluster-windows", "node_pools": [{"name": "default", "config": {"image_type": "windows-server"}}]}
 }