Query: cronjob_container_argument_pod_security_policy_enabled

select
  coalesce(uid, concat(path, ':', start_line)) as resource,
  case
    when (c -> 'command') is null
    or not ((c -> 'command') @> '["kube-apiserver"]') then 'ok'
    when (c -> 'command') @> '["kube-apiserver"]'
    and (c -> 'command') @> '["--enable-admission-plugins=PodSecurityPolicy"]' then 'ok'
    else 'alarm'
  end as status,
  case
    when (c -> 'command') is null then c ->> 'name' || ' command not defined.'
    when not ((c -> 'command') @> '["kube-apiserver"]') then c ->> 'name' || ' kube-apiserver not defined.'
    when (c -> 'command') @> '["kube-apiserver"]'
    and (c -> 'command') @> '["--enable-admission-plugins=PodSecurityPolicy"]' then c ->> 'name' || ' has admission control plugin PodSecurityPolicy enabled.'
    else c ->> 'name' || ' has admission control plugin PodSecurityPolicy disabled.'
  end as reason,
  name as cronjob_name,
  coalesce(context_name, '') as context_name,
  namespace,
  source_type,
  coalesce(path || ':' || start_line || '-' || end_line, '') as path
from
  kubernetes_cronjob,
  jsonb_array_elements(
    job_template -> 'spec' -> 'template' -> 'spec' -> 'containers'
  ) as c;