github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-07 09:46:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
853 Commits 28 Branches 117 Tags
tg/improved-ui
Commit Graph

186 Commits

Author SHA1 Message Date
Timur Girgin
5acdc4a4b9 fix: add space before "in namespace" output (#650) 2021-10-15 15:48:58 -04:00
Maxime VISONNEAU
32c1150b28 config: new flags '--disallow-(config|annotation)-exemptions' (#636) 
This change follows up #635 and lets end-users decide to disallow exemption rules defined as part of the config file or the controller annotations (whether none, any or both). The main use case here is to be able to prevent users with edit privileges over a controller to add a new exemption rule through an annotation which may obfuscate the actual policies we want to enforce.

Signed-off-by: Maxime VISONNEAU <maxime.visonneau@gmail.com>

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2021-09-27 12:56:59 -04:00
Robert Brennan
19bf91e13b change test for PDB disruptions (#620) 2021-08-31 11:40:36 -04:00
Robert Brennan
9ae4f774e9 bump version, add docs, fix up dashboard (#595) 
* bump version\, add docs\, fix up dashboard

* fix pretty output

* Update config.yaml

* fix extra kinds appearing
 2021-08-18 17:55:48 -04:00
Robert Brennan
b923caf79e better support for namespaces in additional schemas (#593) 
* better support for namespaces in additional schemas

* add alertmanager check

* Revert " revert file"

This reverts commit f55839b87aeec5af20ac28ecff664d17ac1159b3.

* remove alertmanager check
 2021-07-27 10:31:34 -04:00
jdesouza
01cc5fa642 Fixed repeated names on dashboard (#586) 
* Fixed repeated names on dashboard

* Fixed unit test
 2021-07-14 09:17:40 -04:00
Robert Brennan
a43a0fe2f5 fix score when onlyOutputFailed is true (#563) 
* fix score when onlyOutputFailed is true

* fix tests

* remove return
 2021-06-21 12:26:44 -04:00
Robert Brennan
f753fc91f2 Support multi-resource templates (#524) 
* able to run multi-resource tests

* start passing resource provider through

* working end-to-end

* better support for go templating

* fix tests

* delint

* add test

* add json annotations

* remove panics

* fix annotation

* fix for groupkinds

* add comment

* add docs

* change jsonSchema field to schemaString

* rename check

* add pdb to tests

* add ingress to tests

* update deps

* fix up policy import

* update go

* fix check name

* funk it up

* better docs
 2021-05-06 14:01:20 -04:00
Robert Brennan
371e30fe3d Add support for check templates (#520) 
* Add basic flow

* Add arbitrary validator

* Pipe config through to resource provider

* Set arbitraries on resource provider

* Add arbitrary validation to fullaudit

* Add conf argument

* Fix resource setting from string

* PR updates

* Fix nil map error

* Delete lingering print, add pdb check, start implementing validator test

* move ingress to arbitrary

* fix compile

* refactor a bunch

* add tls tests

* tests passing

* resource provider helper

* refactor tests

* fix exemptions

* fix check test

* fix up resource creation from API

* fix init containers

* fix cronjob test

* fix pod tests

* combine controllers and-noncontrollers in resource provider

* delint

* add ingress backward compat

* fix tests

* reenable test

* rename a fn

* remove unused fn

* remove if

* first pass

* more progress

* debug

* update jsonschema

* Revert "update jsonschema"

This reverts commit 45e6c398ff.

* Revert "Revert "update jsonschema""

This reverts commit f8c5ec223824694c43a6af9dae9319f1f0e30b37.

* templating working

* rename check

* add failure details to results

* minor edits

* add runAsRoot test

* Revert "Revert "Revert "update jsonschema"""

This reverts commit fcdacdc3c22e32c580541901f99e154d00bedbc8.

* minor fixes

* most tests passing

* fix json annotations

* logspam

* delint

* add comment

Co-authored-by: Jordan Doig <jordan.steele.doig@gmail.com>
 2021-04-09 09:08:31 -04:00
Jordan Doig
63fd576d3e Add support for arbitrary Kinds (#505) 
* Add basic flow

* Add arbitrary validator

* Pipe config through to resource provider

* Set arbitraries on resource provider

* Add arbitrary validation to fullaudit

* Add conf argument

* Fix resource setting from string

* PR updates

* Fix nil map error

* Delete lingering print, add pdb check, start implementing validator test

* move ingress to arbitrary

* fix compile

* refactor a bunch

* add tls tests

* tests passing

* resource provider helper

* refactor tests

* fix exemptions

* fix check test

* fix up resource creation from API

* fix init containers

* fix cronjob test

* fix pod tests

* combine controllers and-noncontrollers in resource provider

* delint

* add ingress backward compat

* fix tests

* reenable test

* rename a fn

* remove unused fn

* remove if

Co-authored-by: Robert Brennan <contact@rbren.io>
 2021-03-26 08:29:59 -04:00
Robert Brennan
1fed099b53 Pretty printer for audit (#512) 
* pretty output

* add colors

* better nocolor

* fix up main title

* delint

* remove double negative

* update docs
 2021-03-12 12:20:00 -05:00
Robert Brennan
768b715fdf fix npe (#511) 2021-03-08 08:34:31 -05:00
Robert Brennan
2064384985 fix status bar for ingress (#509) 2021-03-03 10:20:36 -05:00
Robert Brennan
b436699260 add a test (#506) 2021-02-26 16:29:25 -05:00
Jordan Doig
4c3d0e0603 Set full object ObjectMeta on new workload from Pod (#471) 
* Unmarshal OriginalObjectJSON into ObjectMeta

* Unmarshal to unst before converting too v1 Object

* Add passing annotated deployment webhook test case

* fix meta accessor

* fix tests

* remove logs

* fix tests

Co-authored-by: Robert Brennan <contact@rbren.io>
 2021-02-26 15:33:40 -05:00
MAKOSCAFEE
f42af35352 fix merge conflicts 2021-02-24 21:17:58 +03:00
Robert Brennan
c16aac808f fix checks for k8s defaults (#496) 
* fix insecure caps check

* add more tests

* fix privilege escalation allowed
 2021-02-11 17:11:16 -05:00
MAKOSCAFEE
0aa173789a refactor resultSet loop 2021-02-09 19:16:42 +03:00
MAKOSCAFEE
fe0060af77 added test for score 2021-01-29 22:13:01 +03:00
Jordan Doig
93a80e44d3 Manually set Ingress object Kind 2021-01-14 11:38:32 -07:00
Jordan Doig
bc866a4d18 Merge branch 'master' into jd/out-of-control 2021-01-14 11:20:35 -07:00
Robert Brennan
ec557f7ce8 Update dependencies (#470) 
* update to v20

* fix tests
 2021-01-08 14:01:01 -05:00
Jordan Doig
4cee8b7e35 Some nil pointer dereference fixes 2021-01-07 20:40:22 -07:00
Jordan Doig
3a8655de81 Update validate ingress test 2021-01-04 20:44:38 -07:00
Jordan Doig
3f62126bdd Refactor resolveCheck 2021-01-04 16:52:09 -07:00
Jordan Doig
ee8768591b Merge branch 'master' into jd/out-of-control 2021-01-04 16:14:33 -07:00
Robert Brennan
17d19cacff Fix up zero-score issues (#468) 
* return score of 100 when no checks specified

* fix up zero states in frontend

* rename variables
 2021-01-04 13:25:05 -05:00
Jordan Doig
5ab9f0b251 Add ingress tls check 2021-01-04 09:53:09 -07:00
Jordan Doig
fc368485ef Add ingress schema checks 2020-12-30 21:58:48 -07:00
Jordan Doig
9d68ee2359 Merge remote-tracking branch 'origin/master' into jd/out-of-control 2020-12-28 12:40:23 -07:00
skatika
f1957631b5 Remove unsued import 2020-12-22 14:30:09 -05:00
skatika
86b3ab5186 Revert nil slice declarations 2020-12-22 14:27:53 -05:00
skatika
564803c9f8 Fix instructions 2020-12-22 14:10:15 -05:00
skatika
a4e45a0e95 Merge branch 'master' of github.com:FairwindsOps/polaris into ssk/container-exemptions 
# Conflicts:
#	README.md
#	pkg/validator/controller_test.go
#	pkg/validator/fullaudit_test.go
 2020-12-18 09:57:35 -05:00
skatika
dd2976794a Implement namespace and container exemptions. Also refactoring according to gofmt 2020-12-18 09:50:04 -05:00
Robert Brennan
7c98598858 Fix test fixtures, add a test for controllers (#455) 
* first pass at fixing test fixtures

* tests mostly working

* add controller test

* remove debug stuff

* delint

* revert test file

* remove extra controllers from fixtures

* delint

* fix messages
 2020-12-17 17:32:01 -05:00
skatika
fdd30717e5 Remove unused parameter 2020-12-17 09:54:29 -05:00
skatika
e57668fc75 Fix typos 2020-12-16 17:17:43 -05:00
Jordan Doig
550447234a ControllerResult to Result 2020-12-16 13:32:08 -07:00
jordandoig
717d9b2630 PodResult to pointer 2020-12-16 12:11:19 -07:00
baderbuddy
b3f1b3b478 Recategorize the results into standard categories. (#434) 
* Initial checkin for recategorizing checks

* Fix tests

* Fix tests

* Update example output
 2020-11-04 10:17:37 -05:00
Markus Blaschke
5bce1db05e Implement namespace support for exceptions (#421) 
* Implement namespace support for exceptions

Signed-off-by: Markus Blaschke <mblaschke82@gmail.com>

* remove debug

Signed-off-by: Markus Blaschke <mblaschke82@gmail.com>

* Add documentation

Signed-off-by: Markus Blaschke <mblaschke82@gmail.com>

Co-authored-by: baderbuddy <bader@fairwinds.com>
 2020-10-19 08:45:45 -04:00
baderbuddy
7c9f01639b Update dependencies (#400) 
* Start working on updating dependencies:

* Fix webhook

* Rollback jsonschema update

* Checkin new config

* Fix run as root

* Update versions of kind

* Fix typo in kind URL

* Fix kind config

* Add csr permissions

* Fix weird image thing

* Fixed certificates

* Add to logging

* Approve cert manually

* Fix approval

* Add cert script

* Fix deployment

* Add requests/limits

* Wait if certificate doesn't exist yet

* Add check for file size

* Add variable

* Try a different imagE

* Fix command

* Update certificate logic

* Add healthz

* Don't check cert size

* Remove stat

* Fix vet

* Put in change that makes no sense

* Fix cert names

* Roll back

* Try changing config

* Add logging for each request

* Cleanup code some

* Remove bad deployments

* Fix client injection

* Update timeout

* Add logging

* Fixed e2e webhook tests

* Add permissions for approval

* Fix permissions for CSR

* Remove logging code

* Remove refresh certs file

* Fix merge issues

* Update deployments

* Try beta of admission controller config

* Target 1.15 for testing

* Add beta versions of resourceS

* Lower webhook timeout

* Refactor out a method

* Fix up PR issues

* Fix more tabs

* Remove unnecessary messageS

* Fix go.sum

* Fix go.sum
 2020-09-11 08:53:14 -04:00
Robert Brennan
b4e3d40f4b Add priority class check, some test infra (#342) 
* add check for priority-class

* add test message

* lint
 2020-06-22 16:34:48 -04:00
Robert Brennan
2ac6a2b540 Change error to danger (#299) 
* rename 'error' to 'danger'

* update dashboard

* fix docs

* update deploy configs
 2020-05-19 08:41:07 -04:00
Robert Brennan
ac9412920f sort results on dashboard (#295) 
This reverts commit 0c671d0f62.
 2020-05-18 15:01:12 -04:00
baderbuddy
d50d9c81f8 Add the capability for controller level checks (#285) 
* Add controller level checks

* Add check for multipleReplicas

* Fixed spec

* Add controller level check

* Move controller schema checks to their own function.
 2020-05-18 14:57:35 -04:00
Robert Brennan
0c671d0f62 Revert "sort results on dashboard" 
This reverts commit e9064dfddc.
 2020-05-18 17:21:22 +00:00
Robert Brennan
e9064dfddc sort results on dashboard 2020-05-18 17:18:23 +00:00
baderbuddy
69621f7034 Improve performance (#278) 
* rename root fs check

* speed up docker build

* refactor webhook to be more generic

* delete controllers pkg

* revert deploy

* fix example config

* remove controllersToScan config

* fix lint error

* fix webhook name

* FileSystem -> Filesystem

* update deps

* skip node owners

* clean up meta tracking

* Cache results of dynamic queries

* Dynamically pick types to list.

* Fix unit tests

* Fix the other tests I missed

* Fix container test

* Fix issues from PR feedback

Co-authored-by: Robert Brennan <bobby.brennan@gmail.com>
Co-authored-by: Robert Brennan <accounts@rbren.io>
 2020-05-01 13:29:29 -04:00