github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-07 17:57:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
906 Commits 28 Branches 117 Tags
rb/machine
Commit Graph

87 Commits

Author SHA1 Message Date
Robert Brennan
f71ca999c9 Change target: Pod to target: PodSpec (#726) 
* change target pod to target pod spec

* add checks

* update docs

* fix tests

Co-authored-by: MAKOSCAFEE <barnabasmakonda@gmail.com>
 2022-06-07 07:37:25 -06:00
Barnabas Makonda
6b7d6ab301 Added Mutation webhook (#755) 
* added mutate webhook

* fix mutation operation type

* if no mutation just use valid response
 2022-05-03 17:42:19 +03:00
Barnabas Makonda
a59063bdb2 Add fix command to mutate and update IaC (#746) 
* added fix command

* update fix command to walk through the folder to find all files

* added ability to add comment

* fix comment prefix

* trim whitespaces to the line

* refactor update mutated file

* remove filepath as is not needed anymore

* remove filepath as is not needed anymore

* remove timestamp and status if creation is null

* added comments and fix tests

* remove hardcoded mutation in config

* revert comment deletion

* separate mutated to success files

* read multiple resources in a file and update both

* Remove mutation in config.yaml
 2022-04-28 18:28:33 +03:00
Andrew Suderman
78838a606d Add a --namespace flag to the in-cluster audit (#742) 2022-04-08 07:54:03 -06:00
Andrew Suderman
bd8b2962dc Fix license headers (#736) 
* Update license headers

* Fmt

Co-authored-by: Barnabas Makonda <6409210+makoscafee@users.noreply.github.com>
 2022-03-31 11:02:10 -04:00
Barnabas Makonda
a4c0b0f555 Add mutation field to imagePolicyNotAlways (#712) 
* added mutation field in checks and config

* added test

* fix tests

* revert resolve export

* remove Patched resources as moving that to separate functionality apart from validation

* go mod tidy

* move mutation to the container level

* change prefix based on the resource kind

* collect all mutations from results and apply

* added test for cronjob and deployment apart from just pod

* test cronjob prefix

* return a copy of mutation

* fix tests and comments

* address feedback comments

* fix warning formating

* refactor getJSONSchemaPrefix function
 2022-03-25 16:38:58 +03:00
nobletrout
f429f1922a Nobletrout/add kubectx support (#719) 
* See #699 add support for kubecontext selection

* Update cli.md
 2022-03-15 09:24:24 -04:00
Barnabas Makonda
e91b9b8824 Update serverity for polaris check (#690) 
* update serverity for polaris check

* update test checks

* update changelog and fix test failure

* update tests/checks

* update replicas for webhook

* update config-full.yaml

* update tags

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2022-01-20 17:08:39 +03:00
Maxime VISONNEAU
32c1150b28 config: new flags '--disallow-(config|annotation)-exemptions' (#636) 
This change follows up #635 and lets end-users decide to disallow exemption rules defined as part of the config file or the controller annotations (whether none, any or both). The main use case here is to be able to prevent users with edit privileges over a controller to add a new exemption rule through an annotation which may obfuscate the actual policies we want to enforce.

Signed-off-by: Maxime VISONNEAU <maxime.visonneau@gmail.com>

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2021-09-27 12:56:59 -04:00
Robert Brennan
b923caf79e better support for namespaces in additional schemas (#593) 
* better support for namespaces in additional schemas

* add alertmanager check

* Revert " revert file"

This reverts commit f55839b87aeec5af20ac28ecff664d17ac1159b3.

* remove alertmanager check
 2021-07-27 10:31:34 -04:00
Robert Brennan
f753fc91f2 Support multi-resource templates (#524) 
* able to run multi-resource tests

* start passing resource provider through

* working end-to-end

* better support for go templating

* fix tests

* delint

* add test

* add json annotations

* remove panics

* fix annotation

* fix for groupkinds

* add comment

* add docs

* change jsonSchema field to schemaString

* rename check

* add pdb to tests

* add ingress to tests

* update deps

* fix up policy import

* update go

* fix check name

* funk it up

* better docs
 2021-05-06 14:01:20 -04:00
Robert Brennan
371e30fe3d Add support for check templates (#520) 
* Add basic flow

* Add arbitrary validator

* Pipe config through to resource provider

* Set arbitraries on resource provider

* Add arbitrary validation to fullaudit

* Add conf argument

* Fix resource setting from string

* PR updates

* Fix nil map error

* Delete lingering print, add pdb check, start implementing validator test

* move ingress to arbitrary

* fix compile

* refactor a bunch

* add tls tests

* tests passing

* resource provider helper

* refactor tests

* fix exemptions

* fix check test

* fix up resource creation from API

* fix init containers

* fix cronjob test

* fix pod tests

* combine controllers and-noncontrollers in resource provider

* delint

* add ingress backward compat

* fix tests

* reenable test

* rename a fn

* remove unused fn

* remove if

* first pass

* more progress

* debug

* update jsonschema

* Revert "update jsonschema"

This reverts commit 45e6c398ff.

* Revert "Revert "update jsonschema""

This reverts commit f8c5ec223824694c43a6af9dae9319f1f0e30b37.

* templating working

* rename check

* add failure details to results

* minor edits

* add runAsRoot test

* Revert "Revert "Revert "update jsonschema"""

This reverts commit fcdacdc3c22e32c580541901f99e154d00bedbc8.

* minor fixes

* most tests passing

* fix json annotations

* logspam

* delint

* add comment

Co-authored-by: Jordan Doig <jordan.steele.doig@gmail.com>
 2021-04-09 09:08:31 -04:00
Jordan Doig
63fd576d3e Add support for arbitrary Kinds (#505) 
* Add basic flow

* Add arbitrary validator

* Pipe config through to resource provider

* Set arbitraries on resource provider

* Add arbitrary validation to fullaudit

* Add conf argument

* Fix resource setting from string

* PR updates

* Fix nil map error

* Delete lingering print, add pdb check, start implementing validator test

* move ingress to arbitrary

* fix compile

* refactor a bunch

* add tls tests

* tests passing

* resource provider helper

* refactor tests

* fix exemptions

* fix check test

* fix up resource creation from API

* fix init containers

* fix cronjob test

* fix pod tests

* combine controllers and-noncontrollers in resource provider

* delint

* add ingress backward compat

* fix tests

* reenable test

* rename a fn

* remove unused fn

* remove if

Co-authored-by: Robert Brennan <contact@rbren.io>
 2021-03-26 08:29:59 -04:00
Jordan Doig
fc368485ef Add ingress schema checks 2020-12-30 21:58:48 -07:00
skatika
a79260a324 Update exemption documentation and unit test 2020-12-22 15:30:39 -05:00
skatika
dd2976794a Implement namespace and container exemptions. Also refactoring according to gofmt 2020-12-18 09:50:04 -05:00
skatika
272e06bbec Add ContainerNames to Exemption struct 2020-12-16 17:21:50 -05:00
skatika
ca6e4b43e4 Rename to receivers to same name 2020-12-16 15:53:22 -05:00
skatika
3a2fb3584b Refactor common code 2020-12-16 15:52:48 -05:00
Markus Blaschke
5bce1db05e Implement namespace support for exceptions (#421) 
* Implement namespace support for exceptions

Signed-off-by: Markus Blaschke <mblaschke82@gmail.com>

* remove debug

Signed-off-by: Markus Blaschke <mblaschke82@gmail.com>

* Add documentation

Signed-off-by: Markus Blaschke <mblaschke82@gmail.com>

Co-authored-by: baderbuddy <bader@fairwinds.com>
 2020-10-19 08:45:45 -04:00
Robert Brennan
5705f81911 throw error when severity isn't set for custom check (#360) 
* throw error when severity isn't set for custom check

* fix syntax
 2020-06-22 16:53:15 -04:00
hgoscenski-vail
0a0720a26c Adds option to exempt an entire controller from checks via config file (#350) 
This adds the ability to exempt a controller from all checks similar to
the annotation for "exempt" which exempts all checks.

I added the tests to go with this as well as for the IsActionable
function.
 2020-06-22 14:18:23 -04:00
Robert Brennan
3e9c270ac7 fix zero-state (#341) 
* fix zero-state

* fix lint error

* fix denom checks
 2020-06-10 16:53:40 -04:00
Robert Brennan
2ac6a2b540 Change error to danger (#299) 
* rename 'error' to 'danger'

* update dashboard

* fix docs

* update deploy configs
 2020-05-19 08:41:07 -04:00
Robert Brennan
9d81c393de Pack config.yaml in Docker (#298) 
* update examples

* pack config.yaml in Docker
 2020-05-18 17:16:16 -04:00
baderbuddy
d50d9c81f8 Add the capability for controller level checks (#285) 
* Add controller level checks

* Add check for multipleReplicas

* Fixed spec

* Add controller level check

* Move controller schema checks to their own function.
 2020-05-18 14:57:35 -04:00
Robert Brennan
6792fba91f Delete controllers package (#270) 
* rename root fs check

* speed up docker build

* refactor webhook to be more generic

* delete controllers pkg

* revert deploy

* fix example config

* remove controllersToScan config

* fix lint error

* fix webhook name

* FileSystem -> Filesystem

* update deps

* skip node owners

* clean up meta tracking

Co-authored-by: Robert Brennan <bobby.brennan@gmail.com>
 2020-04-27 10:43:02 -04:00
Bader Boland
3c46f405a9 Cleanup SupportedControllers 2020-03-25 16:50:12 -04:00
Bader Boland
68fe23018a Feedback from PR 2020-03-23 09:27:36 -04:00
Bader Boland
61ecb69ab1 Adding support for v2alpha1 for cron 2020-03-17 17:00:30 -04:00
Bader Boland
c43ace22a3 Add support for CronJobs in support versions list 2020-03-17 16:59:15 -04:00
Bader Boland
bb34be7e02 Dynamically retrieve parents 2020-03-16 16:41:16 -04:00
Robert Brennan
51f3eaa3f0 add more webhook test cases, suport for cronjobs v2alpha1 2020-02-25 20:21:22 +00:00
Robert Brennan
574a1483eb add to supported controllers list 2020-02-25 17:49:20 +00:00
Robert Brennan
bcc1cc5384 remove unused code 2020-01-14 14:50:35 +00:00
Robert Brennan
23bf4c81b0 refactor ValidatePod, add NakedPod type 2020-01-14 14:50:34 +00:00
Robert Brennan
49c540e993 type -> kind 2020-01-14 14:50:34 +00:00
Robert Brennan
68166559c5 expand docs 2020-01-02 20:21:46 +00:00
Robert Brennan
fee55ba7f8 fix lint errors 2020-01-02 20:17:56 +00:00
Robert Brennan
f8d5ce70cf support schemas that use json strings 2020-01-02 18:59:11 +00:00
Robert Brennan
5f060801ef remove unused config structs 2020-01-02 17:58:22 +00:00
Robert Brennan
04da47d83e change input config to simplify things 2020-01-02 17:55:21 +00:00
Robert Brennan
5efa416ea9 implement custom checks, implement resource ranges as custom check 2020-01-02 17:55:21 +00:00
Robert Brennan
7b0fe81d01 implement capabilities checks in JSON schema 2020-01-02 17:55:21 +00:00
Robert Brennan
b0035158d2 fix lint errors 2019-12-23 20:57:48 +00:00
Robert Brennan
d0dc7f4b0e simplify GetSupportedControllerFromString 2019-12-23 20:32:38 +00:00
Robert Brennan
d80d326f7c swap out host_network for a schema-based check 2019-12-23 20:32:38 +00:00
Robert Brennan
0d86096f09 remove extensionsv1beta1 reference to support 1.16 (#229) 2019-12-06 11:03:38 -05:00
Robert Brennan
98b47e0aeb Fix resource success messages (#223) 
* add success messages when resources are set

* add tests
 2019-11-13 14:07:32 -05:00
MAKOSCAFEE
fc7c913122 update exemption rules and check controller name prefix 2019-11-07 19:16:06 +02:00