github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-10 19:26:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
906 Commits 28 Branches 117 Tags
rb/machine
Commit Graph

69 Commits

Author SHA1 Message Date
intrand
3b865fcea8 skip incomplete or broken YAML - warn user (#678) 
* skip broken yaml (eg, patch file)

* skip in visitFile, not in parser

* restore filepath.Walk() error handling

* restore test; correct assertion

* Update pkg/kube/resources_test.go

Co-authored-by: Robert Brennan <accounts@rbren.io>

* Fix tests

* update kind

Co-authored-by: Robert Brennan <accounts@rbren.io>
Co-authored-by: Luke Reed <luke@lreed.net>
Co-authored-by: Barnabas Makonda <6409210+makoscafee@users.noreply.github.com>
Co-authored-by: MAKOSCAFEE <barnabasmakonda@gmail.com>
 2022-06-07 12:02:27 -04:00
Barnabas Makonda
a59063bdb2 Add fix command to mutate and update IaC (#746) 
* added fix command

* update fix command to walk through the folder to find all files

* added ability to add comment

* fix comment prefix

* trim whitespaces to the line

* refactor update mutated file

* remove filepath as is not needed anymore

* remove filepath as is not needed anymore

* remove timestamp and status if creation is null

* added comments and fix tests

* remove hardcoded mutation in config

* revert comment deletion

* separate mutated to success files

* read multiple resources in a file and update both

* Remove mutation in config.yaml
 2022-04-28 18:28:33 +03:00
Robert Brennan
c92819ca9d Save last podspec when walking owner hierarchy (#748) 
* try saving last podspec when walking owner hierarchy

* remove namespace from config
 2022-04-25 11:09:22 -04:00
Andrew Suderman
78838a606d Add a --namespace flag to the in-cluster audit (#742) 2022-04-08 07:54:03 -06:00
staerion
fd16fb993d merge the list of resources from custom checks and the generated controller list before deduplicating them (#727) 
Co-authored-by: Robert Brennan <accounts@rbren.io>
 2022-04-07 10:18:04 -04:00
Andrew Suderman
bd8b2962dc Fix license headers (#736) 
* Update license headers

* Fmt

Co-authored-by: Barnabas Makonda <6409210+makoscafee@users.noreply.github.com>
 2022-03-31 11:02:10 -04:00
nobletrout
f429f1922a Nobletrout/add kubectx support (#719) 
* See #699 add support for kubecontext selection

* Update cli.md
 2022-03-15 09:24:24 -04:00
nobletrout
06322dc8a4 bounce out once we hit a type we know to avoid CRD problems (#718) 2022-03-14 16:41:43 -04:00
Robert Brennan
9ae4f774e9 bump version, add docs, fix up dashboard (#595) 
* bump version\, add docs\, fix up dashboard

* fix pretty output

* Update config.yaml

* fix extra kinds appearing
 2021-08-18 17:55:48 -04:00
Robert Brennan
b923caf79e better support for namespaces in additional schemas (#593) 
* better support for namespaces in additional schemas

* add alertmanager check

* Revert " revert file"

This reverts commit f55839b87aeec5af20ac28ecff664d17ac1159b3.

* remove alertmanager check
 2021-07-27 10:31:34 -04:00
jdesouza
01cc5fa642 Fixed repeated names on dashboard (#586) 
* Fixed repeated names on dashboard

* Fixed unit test
 2021-07-14 09:17:40 -04:00
Robert Brennan
f753fc91f2 Support multi-resource templates (#524) 
* able to run multi-resource tests

* start passing resource provider through

* working end-to-end

* better support for go templating

* fix tests

* delint

* add test

* add json annotations

* remove panics

* fix annotation

* fix for groupkinds

* add comment

* add docs

* change jsonSchema field to schemaString

* rename check

* add pdb to tests

* add ingress to tests

* update deps

* fix up policy import

* update go

* fix check name

* funk it up

* better docs
 2021-05-06 14:01:20 -04:00
Jordan Doig
63fd576d3e Add support for arbitrary Kinds (#505) 
* Add basic flow

* Add arbitrary validator

* Pipe config through to resource provider

* Set arbitraries on resource provider

* Add arbitrary validation to fullaudit

* Add conf argument

* Fix resource setting from string

* PR updates

* Fix nil map error

* Delete lingering print, add pdb check, start implementing validator test

* move ingress to arbitrary

* fix compile

* refactor a bunch

* add tls tests

* tests passing

* resource provider helper

* refactor tests

* fix exemptions

* fix check test

* fix up resource creation from API

* fix init containers

* fix cronjob test

* fix pod tests

* combine controllers and-noncontrollers in resource provider

* delint

* add ingress backward compat

* fix tests

* reenable test

* rename a fn

* remove unused fn

* remove if

Co-authored-by: Robert Brennan <contact@rbren.io>
 2021-03-26 08:29:59 -04:00
Jordan Doig
4c3d0e0603 Set full object ObjectMeta on new workload from Pod (#471) 
* Unmarshal OriginalObjectJSON into ObjectMeta

* Unmarshal to unst before converting too v1 Object

* Add passing annotated deployment webhook test case

* fix meta accessor

* fix tests

* remove logs

* fix tests

Co-authored-by: Robert Brennan <contact@rbren.io>
 2021-02-26 15:33:40 -05:00
Jordan Doig
bc866a4d18 Merge branch 'master' into jd/out-of-control 2021-01-14 11:20:35 -07:00
Robert Brennan
ec557f7ce8 Update dependencies (#470) 
* update to v20

* fix tests
 2021-01-08 14:01:01 -05:00
Jordan Doig
ba53a2b8ab Add ingress nil check test 2021-01-04 20:57:51 -07:00
Jordan Doig
8f510a1b67 Add ingress to resource provider 2020-12-28 13:55:49 -07:00
Robert Brennan
7c98598858 Fix test fixtures, add a test for controllers (#455) 
* first pass at fixing test fixtures

* tests mostly working

* add controller test

* remove debug stuff

* delint

* revert test file

* remove extra controllers from fixtures

* delint

* fix messages
 2020-12-17 17:32:01 -05:00
Robert Brennan
4e044602f4 change how controller checks are handled (#454) 
* change how controller checks are handled

* add changelog

* simpler fix
 2020-12-17 16:29:49 -05:00
baderbuddy
7c9f01639b Update dependencies (#400) 
* Start working on updating dependencies:

* Fix webhook

* Rollback jsonschema update

* Checkin new config

* Fix run as root

* Update versions of kind

* Fix typo in kind URL

* Fix kind config

* Add csr permissions

* Fix weird image thing

* Fixed certificates

* Add to logging

* Approve cert manually

* Fix approval

* Add cert script

* Fix deployment

* Add requests/limits

* Wait if certificate doesn't exist yet

* Add check for file size

* Add variable

* Try a different imagE

* Fix command

* Update certificate logic

* Add healthz

* Don't check cert size

* Remove stat

* Fix vet

* Put in change that makes no sense

* Fix cert names

* Roll back

* Try changing config

* Add logging for each request

* Cleanup code some

* Remove bad deployments

* Fix client injection

* Update timeout

* Add logging

* Fixed e2e webhook tests

* Add permissions for approval

* Fix permissions for CSR

* Remove logging code

* Remove refresh certs file

* Fix merge issues

* Update deployments

* Try beta of admission controller config

* Target 1.15 for testing

* Add beta versions of resourceS

* Lower webhook timeout

* Refactor out a method

* Fix up PR issues

* Fix more tabs

* Remove unnecessary messageS

* Fix go.sum

* Fix go.sum
 2020-09-11 08:53:14 -04:00
Robert Brennan
8d562f2490 fix for parent tree climbing (#379) 2020-07-22 13:31:49 -04:00
Robert Brennan
47150155a0 add ability to audit a single workload (#368) 
* add ability to audit a single workload

* delint

* fix help text

* update readme
 2020-07-22 13:28:02 -04:00
Robert Brennan
997d4bfb2b Handle orphaned pods (#371) 
* handle orphaned pods

* set originalResource when creating Pod resources
 2020-07-10 09:43:33 -04:00
Robert Brennan
b4e3d40f4b Add priority class check, some test infra (#342) 
* add check for priority-class

* add test message

* lint
 2020-06-22 16:34:48 -04:00
Robert Brennan
69bed16e4f don't error out when resolving parent resource (#358) 2020-06-22 16:05:23 -04:00
Huang Huang
5b173cf4a7 Support read yaml contents of workload from stdin (#353) 2020-06-22 14:19:51 -04:00
Huang Huang
b26c4be8d6 Support audit files which use \r or \r\n as newline character (#343) 2020-06-16 10:46:28 -04:00
baderbuddy
bf6e41566d Don't assume all objects have pods. (#329) 
* Don't assume all objects have pods.

* Test service is ignored

* Fix test

* Fix comment on test
 2020-06-10 10:22:59 -04:00
Robert Brennan
af5b86e28c catch cache error (#324) 2020-06-03 15:55:13 -04:00
Robert Brennan
27faab919c handle case where RBAC is missing for a CRD (#305) 
* handle case where RBAC is missing for a CRD

* handle error
 2020-05-21 06:27:15 -04:00
baderbuddy
d50d9c81f8 Add the capability for controller level checks (#285) 
* Add controller level checks

* Add check for multipleReplicas

* Fixed spec

* Add controller level check

* Move controller schema checks to their own function.
 2020-05-18 14:57:35 -04:00
baderbuddy
69621f7034 Improve performance (#278) 
* rename root fs check

* speed up docker build

* refactor webhook to be more generic

* delete controllers pkg

* revert deploy

* fix example config

* remove controllersToScan config

* fix lint error

* fix webhook name

* FileSystem -> Filesystem

* update deps

* skip node owners

* clean up meta tracking

* Cache results of dynamic queries

* Dynamically pick types to list.

* Fix unit tests

* Fix the other tests I missed

* Fix container test

* Fix issues from PR feedback

Co-authored-by: Robert Brennan <bobby.brennan@gmail.com>
Co-authored-by: Robert Brennan <accounts@rbren.io>
 2020-05-01 13:29:29 -04:00
Robert Brennan
6792fba91f Delete controllers package (#270) 
* rename root fs check

* speed up docker build

* refactor webhook to be more generic

* delete controllers pkg

* revert deploy

* fix example config

* remove controllersToScan config

* fix lint error

* fix webhook name

* FileSystem -> Filesystem

* update deps

* skip node owners

* clean up meta tracking

Co-authored-by: Robert Brennan <bobby.brennan@gmail.com>
 2020-04-27 10:43:02 -04:00
Bader Boland
3c46f405a9 Cleanup SupportedControllers 2020-03-25 16:50:12 -04:00
Bader Boland
a5828a2d3b Fix tests 2020-03-25 14:23:18 -04:00
Bader Boland
68fe23018a Feedback from PR 2020-03-23 09:27:36 -04:00
Bader Boland
8c769e445c Cut out duplicitive code. 2020-03-17 13:23:58 -04:00
Bader Boland
3c685279be Cut out logic specific to controller types 2020-03-17 12:41:44 -04:00
Bader Boland
7fdebfc4db Fix tests 2020-03-17 09:19:33 -04:00
Bader Boland
0d3fe6130a Remove unnecessary queries 2020-03-16 16:48:57 -04:00
Bader Boland
bb34be7e02 Dynamically retrieve parents 2020-03-16 16:41:16 -04:00
Robert Brennan
d2bb2f126b test extra controller versions 2020-02-26 19:26:18 +00:00
Robert Brennan
51f3eaa3f0 add more webhook test cases, suport for cronjobs v2alpha1 2020-02-25 20:21:22 +00:00
Robert Brennan
0da4ea69bf support some old controller versions 2020-02-25 16:25:34 +00:00
Nick Huanca
75f70352ba Additional Pod Controller Scans (#166) 
**Changes**

- Refactored the way controllers work to be an interface
- Added configurable controllers to include in scans
- Added daemonsets, jobs and cronjobs in scans
- Added `ReplicationController` type controllers to the supported list
- Adjusted logic for failed YAML parsing to bubble up errors
- Added better logic for calculating summaries on cluster wide results
- Relocated responsibilities for counting types into validators vs spreading it around more packages
- Fixed bug where cronjob parsing was using wrong KIND
- Added fixtures for mocking new controller types
- Added example yamls to test scanning files
- Added functions to NamespacedResult(s) to reduce code complexity deep set iterations
- Refactored how results get added to namespacedresults so adding more later is easier
- Minor signature changes for interface implementing structs for controllers
 2019-07-31 15:56:27 -06:00
Bobby Brennan
20bd32afb6 Rename ReactiveOps to Fairwinds (#180) 
* Rename ReactiveOps to Fairwinds

* Rename ReactiveOps to Fairwinds
 2019-07-30 15:29:09 -04:00
Bobby Brennan
ebfb4ea9a1 Add support for stateful sets (#145) 2019-06-13 07:59:01 -06:00
kimschles
b32a7afa77 update tests 2019-06-11 13:46:12 -06:00
kimschles
30ff6e6667 [WIP] change GetConfigOrDie to GetConfig 2019-06-10 13:34:09 -06:00