* update runAsPrivileged to test at pod level
* update runAsPrivileged to test at pod level
* add pod level success/failure tests
* add insuecure capabilities pod level testing
* update checks to include good/bad security
* update checks for good/bad security
* remove good security from runAsPrivileged
* update notReadOnlyRootFilesystem check
* remove run as user
* add pod level testing to notreadonlyrootFileSystem and update schema_test.go file
Co-authored-by: Robert Brennan <accounts@rbren.io>
* refactor test structure
* update syntax to include template/spec layout
* update syntax to include template/spec layout
Co-authored-by: Robert Brennan <accounts@rbren.io>
* add failure.all.yaml for dangerouscapabilities test
* change to [ALL] failing test
* add failure.all.yaml for dangerouscapabilities test
* change to [ALL] failing test
* fix dangerous caps test
Co-authored-by: Robert Brennan <contact@rbren.io>
* able to run multi-resource tests
* start passing resource provider through
* working end-to-end
* better support for go templating
* fix tests
* delint
* add test
* add json annotations
* remove panics
* fix annotation
* fix for groupkinds
* add comment
* add docs
* change jsonSchema field to schemaString
* rename check
* add pdb to tests
* add ingress to tests
* update deps
* fix up policy import
* update go
* fix check name
* funk it up
* better docs
* Unmarshal OriginalObjectJSON into ObjectMeta
* Unmarshal to unst before converting too v1 Object
* Add passing annotated deployment webhook test case
* fix meta accessor
* fix tests
* remove logs
* fix tests
Co-authored-by: Robert Brennan <contact@rbren.io>
* make it easy to run webhook tests locally
* modify tests so they run locally
* follow the logs
* add instructions
* make it easy to run webhook tests locally
* modify tests so they run locally
* follow the logs
* add instructions
* use universal date command
* fix sed command for portability
* fix date command
* make entire image configurable
* fix instructions
* first pass at fixing test fixtures
* tests mostly working
* add controller test
* remove debug stuff
* delint
* revert test file
* remove extra controllers from fixtures
* delint
* fix messages
* Update yaml to latest chart version
* Install cert-manager
* Try quoting set
* Try more logging
* Try earlier version of cert-manager
* Update issuer NS
* Fix test mistake
* Fix certificate values
Co-authored-by: Robert Brennan <accounts@rbren.io>
* Added testing for webhook using KIND
* fixed branching error
* added tests to CircleCI
* added tests to CircleCI
* attempt to stop failing circleci test
* moved location of testing for webhook in CircleCI
* debugging
* more debugging
* .
* .
* added download of webhook to test
* ..
* ...
* corrected sleep comand
* .
* .
* code working now, clean up
* testing smaller sleep times
* increased sleep time
* responded to comments on github
* .
* debug
* more edits
* debugging second test failing.
* debugging
* tests doing opposite of what they should be debugging.
* debugging
* .
* .
* fixing error in installation of webhook.
* .
* timeout increase
* trying to install webhook
* .
* .
* webhook still not i installing properly
* ..
* ..
* add log message
* ..
* changed order of test_k8s, removed set -e
* ..
* namespace polaris
* .
* .......
* intial testing for new strategy.
* intial testing for new strategy.
* .
* ...
* final edits, working now
* fixed files, cleaned up logs, added more detail to webhook starting documentation.
* ?
* added test files for other controller types, adding testing for them in webhook_test.sh
* increased sleep time
* testing
* finally added tests for jobs
* changed while loop condition to include webhook.
* .
* lskdfsjkl
* sd
* lskfjlskj
* .
* final
* added timeout test for dashboard to try to aleviate error
* .
* .
* install the dashboard
* ...
* initial test for new kube_dashboard_test
* initial test for new kube_dashboard_test
* ?
* deleting unused code
* final change for dashboard test
* final
**Changes**
- Refactored the way controllers work to be an interface
- Added configurable controllers to include in scans
- Added daemonsets, jobs and cronjobs in scans
- Added `ReplicationController` type controllers to the supported list
- Adjusted logic for failed YAML parsing to bubble up errors
- Added better logic for calculating summaries on cluster wide results
- Relocated responsibilities for counting types into validators vs spreading it around more packages
- Fixed bug where cronjob parsing was using wrong KIND
- Added fixtures for mocking new controller types
- Added example yamls to test scanning files
- Added functions to NamespacedResult(s) to reduce code complexity deep set iterations
- Refactored how results get added to namespacedresults so adding more later is easier
- Minor signature changes for interface implementing structs for controllers
* add pod test
* add pod test 2
* update tests
* Added pod tests for configured Host IPC, Host PID, and Host Newtowrk.
* Fixed expected vs. actual mixup
* refactor kubernetes API usage
* add ability to audit directory
* refactor a bit
* fix return statement
* fix main.go
* add ability to audit multiple resources in a single file
