Robert Brennan
b923caf79e
better support for namespaces in additional schemas ( #593 )
...
* better support for namespaces in additional schemas
* add alertmanager check
* Revert " revert file"
This reverts commit f55839b87aeec5af20ac28ecff664d17ac1159b3.
* remove alertmanager check
2021-07-27 10:31:34 -04:00
Robert Brennan
f753fc91f2
Support multi-resource templates ( #524 )
...
* able to run multi-resource tests
* start passing resource provider through
* working end-to-end
* better support for go templating
* fix tests
* delint
* add test
* add json annotations
* remove panics
* fix annotation
* fix for groupkinds
* add comment
* add docs
* change jsonSchema field to schemaString
* rename check
* add pdb to tests
* add ingress to tests
* update deps
* fix up policy import
* update go
* fix check name
* funk it up
* better docs
2021-05-06 14:01:20 -04:00
Robert Brennan
371e30fe3d
Add support for check templates ( #520 )
...
* Add basic flow
* Add arbitrary validator
* Pipe config through to resource provider
* Set arbitraries on resource provider
* Add arbitrary validation to fullaudit
* Add conf argument
* Fix resource setting from string
* PR updates
* Fix nil map error
* Delete lingering print, add pdb check, start implementing validator test
* move ingress to arbitrary
* fix compile
* refactor a bunch
* add tls tests
* tests passing
* resource provider helper
* refactor tests
* fix exemptions
* fix check test
* fix up resource creation from API
* fix init containers
* fix cronjob test
* fix pod tests
* combine controllers and-noncontrollers in resource provider
* delint
* add ingress backward compat
* fix tests
* reenable test
* rename a fn
* remove unused fn
* remove if
* first pass
* more progress
* debug
* update jsonschema
* Revert "update jsonschema"
This reverts commit 45e6c398ffjordan.steele.doig@gmail.com >
2021-04-09 09:08:31 -04:00
Jordan Doig
63fd576d3e
Add support for arbitrary Kinds ( #505 )
...
* Add basic flow
* Add arbitrary validator
* Pipe config through to resource provider
* Set arbitraries on resource provider
* Add arbitrary validation to fullaudit
* Add conf argument
* Fix resource setting from string
* PR updates
* Fix nil map error
* Delete lingering print, add pdb check, start implementing validator test
* move ingress to arbitrary
* fix compile
* refactor a bunch
* add tls tests
* tests passing
* resource provider helper
* refactor tests
* fix exemptions
* fix check test
* fix up resource creation from API
* fix init containers
* fix cronjob test
* fix pod tests
* combine controllers and-noncontrollers in resource provider
* delint
* add ingress backward compat
* fix tests
* reenable test
* rename a fn
* remove unused fn
* remove if
Co-authored-by: Robert Brennan <contact@rbren.io >
2021-03-26 08:29:59 -04:00
Jordan Doig
4c3d0e0603
Set full object ObjectMeta on new workload from Pod ( #471 )
...
* Unmarshal OriginalObjectJSON into ObjectMeta
* Unmarshal to unst before converting too v1 Object
* Add passing annotated deployment webhook test case
* fix meta accessor
* fix tests
* remove logs
* fix tests
Co-authored-by: Robert Brennan <contact@rbren.io >
2021-02-26 15:33:40 -05:00
Jordan Doig
3f62126bdd
Refactor resolveCheck
2021-01-04 16:52:09 -07:00
Jordan Doig
5ab9f0b251
Add ingress tls check
2021-01-04 09:53:09 -07:00
Jordan Doig
fc368485ef
Add ingress schema checks
2020-12-30 21:58:48 -07:00
skatika
dd2976794a
Implement namespace and container exemptions. Also refactoring according to gofmt
2020-12-18 09:50:04 -05:00
skatika
fdd30717e5
Remove unused parameter
2020-12-17 09:54:29 -05:00
Markus Blaschke
5bce1db05e
Implement namespace support for exceptions ( #421 )
...
* Implement namespace support for exceptions
Signed-off-by: Markus Blaschke <mblaschke82@gmail.com >
* remove debug
Signed-off-by: Markus Blaschke <mblaschke82@gmail.com >
* Add documentation
Signed-off-by: Markus Blaschke <mblaschke82@gmail.com >
Co-authored-by: baderbuddy <bader@fairwinds.com >
2020-10-19 08:45:45 -04:00
baderbuddy
7c9f01639b
Update dependencies ( #400 )
...
* Start working on updating dependencies:
* Fix webhook
* Rollback jsonschema update
* Checkin new config
* Fix run as root
* Update versions of kind
* Fix typo in kind URL
* Fix kind config
* Add csr permissions
* Fix weird image thing
* Fixed certificates
* Add to logging
* Approve cert manually
* Fix approval
* Add cert script
* Fix deployment
* Add requests/limits
* Wait if certificate doesn't exist yet
* Add check for file size
* Add variable
* Try a different imagE
* Fix command
* Update certificate logic
* Add healthz
* Don't check cert size
* Remove stat
* Fix vet
* Put in change that makes no sense
* Fix cert names
* Roll back
* Try changing config
* Add logging for each request
* Cleanup code some
* Remove bad deployments
* Fix client injection
* Update timeout
* Add logging
* Fixed e2e webhook tests
* Add permissions for approval
* Fix permissions for CSR
* Remove logging code
* Remove refresh certs file
* Fix merge issues
* Update deployments
* Try beta of admission controller config
* Target 1.15 for testing
* Add beta versions of resourceS
* Lower webhook timeout
* Refactor out a method
* Fix up PR issues
* Fix more tabs
* Remove unnecessary messageS
* Fix go.sum
* Fix go.sum
2020-09-11 08:53:14 -04:00
Robert Brennan
b4e3d40f4b
Add priority class check, some test infra ( #342 )
...
* add check for priority-class
* add test message
* lint
2020-06-22 16:34:48 -04:00
baderbuddy
d50d9c81f8
Add the capability for controller level checks ( #285 )
...
* Add controller level checks
* Add check for multipleReplicas
* Fixed spec
* Add controller level check
* Move controller schema checks to their own function.
2020-05-18 14:57:35 -04:00
Robert Brennan
6792fba91f
Delete controllers package ( #270 )
...
* rename root fs check
* speed up docker build
* refactor webhook to be more generic
* delete controllers pkg
* revert deploy
* fix example config
* remove controllersToScan config
* fix lint error
* fix webhook name
* FileSystem -> Filesystem
* update deps
* skip node owners
* clean up meta tracking
Co-authored-by: Robert Brennan <bobby.brennan@gmail.com >
2020-04-27 10:43:02 -04:00
Bader Boland
a5828a2d3b
Fix tests
2020-03-25 14:23:18 -04:00
Bader Boland
68fe23018a
Feedback from PR
2020-03-23 09:27:36 -04:00
Bader Boland
7f71a352a7
Remove kebab case
2020-01-28 09:34:52 -05:00
Bader Boland
56bba70ef3
Add ability to exclude individual tests
2020-01-24 08:53:34 -05:00
Robert Brennan
542694841a
change resolveCheck signature
2020-01-14 14:50:35 +00:00
Robert Brennan
7637108234
refactor ValidateContainers
2020-01-14 14:50:34 +00:00
Robert Brennan
49c540e993
type -> kind
2020-01-14 14:50:34 +00:00
Robert Brennan
9f7caabef4
change message type to boolean
2020-01-14 14:50:34 +00:00
Robert Brennan
2770be643f
Refactor validation
2020-01-14 14:50:34 +00:00
Robert Brennan
04da47d83e
change input config to simplify things
2020-01-02 17:55:21 +00:00
Robert Brennan
5efa416ea9
implement custom checks, implement resource ranges as custom check
2020-01-02 17:55:21 +00:00
Robert Brennan
7b0fe81d01
implement capabilities checks in JSON schema
2020-01-02 17:55:21 +00:00
Robert Brennan
7cc0be4188
remove unused function
2019-12-23 21:16:59 +00:00
Robert Brennan
b0035158d2
fix lint errors
2019-12-23 20:57:48 +00:00
Robert Brennan
f7dccc079b
move more security checks to jsonschema
2019-12-23 20:32:38 +00:00
Robert Brennan
ad3a8e6748
move runAsRootAllowed over to jsonschema
2019-12-23 20:32:38 +00:00
Robert Brennan
3fa627a2cd
move networking checks over to json schema
2019-12-23 20:32:38 +00:00
Robert Brennan
30b49c4d7b
implement image checks using json schema
2019-12-23 20:32:38 +00:00
Robert Brennan
f2c5752718
migrate health checks to schemas
2019-12-23 20:32:38 +00:00
Robert Brennan
3304285b4e
move rest of pod checks over to schema
2019-12-23 20:32:38 +00:00
Robert Brennan
d80d326f7c
swap out host_network for a schema-based check
2019-12-23 20:32:38 +00:00
