Santosh1176/jq-filters.txt Secret

## jq-filters.txt
# Pod Deleteion
(select(.verb == "delete" and .objectRefresource=="pods")  | "A pod named: " + .objectRef.name + " was deleted in: " + .objectRef.namespace + " namespace" + " - [" + .stageTimestamp + " ]"),

# Pod Exec
(select(.objectRef.resource=="pods" and .objectRef.subresource == "exec") | "A shell was opened into " + .objectRef.name + " pod " + "in "+ .objectRef.namespace + " namespace" + " - [" + .stageTimestamp + " ]" ),

# Pod Creation
(select(.verb == "create" and .objectRef.resource =="pods") | "A pod named: " + .objectRef.name + " was created in: " + .objectRef.namespace + " namespace"  + " - [" + .stageTimestamp + " ]"),

# ConfigMap creation
(select(.verb == "create" and .objectRef.resource =="configmaps") | "A configMap named: " + .objectRef.name + " was created in: " + .objectRef.namespace + " namespace"  + " - [" + .stageTimestamp + " ]"),


# ConfigMap Deletion
(select(.verb == "delete" and .objectRef.resource =="configmaps") | "A configMap named: " + .objectRef.name + " was deleted in: " + .objectRef.namespace + " namespace"  + " - [" + .stageTimestamp + " ]"),


# Secret creation
(select(.verb == "create" and .objectRef.resource =="secrets") | "A secret named: " + .objectRef.name + " was created in: " + .objectRef.namespace + " namespace"  + " - [" + .stageTimestamp + " ]"),


# Secret Deletion
(select(.verb == "delete" and .objectRef.resource =="secrets") | "A secret named: " + .objectRef.name + " was deleted in: " + .objectRef.namespace + " namespace"  + " - [" + .stageTimestamp + " ]"),

# ConfigMap creation with sensitive information
(select(.verb == "create" and .objectRef.resource =="configmaps" and (.requestObject.data | tostring | contains("username") or contains("password"))) | "A configMap named: " + .objectRef.name + " was created in: " + .objectRef.namespace + " namespace,"  +  " with sensitive information " + " - [" + .stageTimestamp + " ]")
	# Pod Deleteion
	(select(.verb == "delete" and .objectRefresource=="pods") \| "A pod named: " + .objectRef.name + " was deleted in: " + .objectRef.namespace + " namespace" + " - [" + .stageTimestamp + " ]"),

	# Pod Exec
	(select(.objectRef.resource=="pods" and .objectRef.subresource == "exec") \| "A shell was opened into " + .objectRef.name + " pod " + "in "+ .objectRef.namespace + " namespace" + " - [" + .stageTimestamp + " ]" ),

	# Pod Creation
	(select(.verb == "create" and .objectRef.resource =="pods") \| "A pod named: " + .objectRef.name + " was created in: " + .objectRef.namespace + " namespace" + " - [" + .stageTimestamp + " ]"),

	# ConfigMap creation
	(select(.verb == "create" and .objectRef.resource =="configmaps") \| "A configMap named: " + .objectRef.name + " was created in: " + .objectRef.namespace + " namespace" + " - [" + .stageTimestamp + " ]"),


	# ConfigMap Deletion
	(select(.verb == "delete" and .objectRef.resource =="configmaps") \| "A configMap named: " + .objectRef.name + " was deleted in: " + .objectRef.namespace + " namespace" + " - [" + .stageTimestamp + " ]"),


	# Secret creation
	(select(.verb == "create" and .objectRef.resource =="secrets") \| "A secret named: " + .objectRef.name + " was created in: " + .objectRef.namespace + " namespace" + " - [" + .stageTimestamp + " ]"),


	# Secret Deletion
	(select(.verb == "delete" and .objectRef.resource =="secrets") \| "A secret named: " + .objectRef.name + " was deleted in: " + .objectRef.namespace + " namespace" + " - [" + .stageTimestamp + " ]"),

	# ConfigMap creation with sensitive information
	(select(.verb == "create" and .objectRef.resource =="configmaps" and (.requestObject.data \| tostring \| contains("username") or contains("password"))) \| "A configMap named: " + .objectRef.name + " was created in: " + .objectRef.namespace + " namespace," + " with sensitive information " + " - [" + .stageTimestamp + " ]")