Robert Brennan
322e6f7dcd
fix kinds ( #752 )
2022-04-25 11:52:38 -04:00
Robert Brennan
c92819ca9d
Save last podspec when walking owner hierarchy ( #748 )
...
* try saving last podspec when walking owner hierarchy
* remove namespace from config
2022-04-25 11:09:22 -04:00
Barnabas Makonda
321bfa8f1f
Added more mutations and refactor test to test each mutation separately ( #734 )
...
* added more mutations and refactor test to test each mutation separately
* added more mutation definitions
* update spec for controller
* added mutations for cpu and memory request and limits
* update request memory mutation
* added liveness and probes
* rmeove hostport mutation
* added multiple mutations for request and limits memory
Co-authored-by: Robert Brennan <accounts@rbren.io >
2022-04-08 17:19:14 +03:00
Andrew Suderman
78838a606d
Add a --namespace flag to the in-cluster audit ( #742 )
2022-04-08 07:54:03 -06:00
staerion
fd16fb993d
merge the list of resources from custom checks and the generated controller list before deduplicating them ( #727 )
...
Co-authored-by: Robert Brennan <accounts@rbren.io >
2022-04-07 10:18:04 -04:00
Andrew Suderman
bd8b2962dc
Fix license headers ( #736 )
...
* Update license headers
* Fmt
Co-authored-by: Barnabas Makonda <6409210+makoscafee@users.noreply.github.com >
2022-03-31 11:02:10 -04:00
Barnabas Makonda
a4c0b0f555
Add mutation field to imagePolicyNotAlways ( #712 )
...
* added mutation field in checks and config
* added test
* fix tests
* revert resolve export
* remove Patched resources as moving that to separate functionality apart from validation
* go mod tidy
* move mutation to the container level
* change prefix based on the resource kind
* collect all mutations from results and apply
* added test for cronjob and deployment apart from just pod
* test cronjob prefix
* return a copy of mutation
* fix tests and comments
* address feedback comments
* fix warning formating
* refactor getJSONSchemaPrefix function
2022-03-25 16:38:58 +03:00
nobletrout
f429f1922a
Nobletrout/add kubectx support ( #719 )
...
* See #699 add support for kubecontext selection
* Update cli.md
2022-03-15 09:24:24 -04:00
nobletrout
06322dc8a4
bounce out once we hit a type we know to avoid CRD problems ( #718 )
2022-03-14 16:41:43 -04:00
Luke Reed
2aedaa9ba4
Benchmark banner image ( #696 )
2022-01-27 14:20:40 -07:00
Barnabas Makonda
e91b9b8824
Update serverity for polaris check ( #690 )
...
* update serverity for polaris check
* update test checks
* update changelog and fix test failure
* update tests/checks
* update replicas for webhook
* update config-full.yaml
* update tags
Co-authored-by: Robert Brennan <accounts@rbren.io >
2022-01-20 17:08:39 +03:00
Timur Girgin
5acdc4a4b9
fix: add space before "in namespace" output ( #650 )
2021-10-15 15:48:58 -04:00
Maxime VISONNEAU
32c1150b28
config: new flags '--disallow-(config|annotation)-exemptions' ( #636 )
...
This change follows up #635 and lets end-users decide to disallow exemption rules defined as part of the config file or the controller annotations (whether none, any or both). The main use case here is to be able to prevent users with edit privileges over a controller to add a new exemption rule through an annotation which may obfuscate the actual policies we want to enforce.
Signed-off-by: Maxime VISONNEAU <maxime.visonneau@gmail.com >
Co-authored-by: Robert Brennan <accounts@rbren.io >
2021-09-27 12:56:59 -04:00
Robert Brennan
19bf91e13b
change test for PDB disruptions ( #620 )
2021-08-31 11:40:36 -04:00
Robert Brennan
9ae4f774e9
bump version, add docs, fix up dashboard ( #595 )
...
* bump version\, add docs\, fix up dashboard
* fix pretty output
* Update config.yaml
* fix extra kinds appearing
2021-08-18 17:55:48 -04:00
Robert Brennan
b923caf79e
better support for namespaces in additional schemas ( #593 )
...
* better support for namespaces in additional schemas
* add alertmanager check
* Revert " revert file"
This reverts commit f55839b87aeec5af20ac28ecff664d17ac1159b3.
* remove alertmanager check
2021-07-27 10:31:34 -04:00
jdesouza
01cc5fa642
Fixed repeated names on dashboard ( #586 )
...
* Fixed repeated names on dashboard
* Fixed unit test
2021-07-14 09:17:40 -04:00
Robert Brennan
7e7e553c0d
fix dashboard banner ( #577 )
2021-06-25 17:54:02 -04:00
Robert Brennan
8385fd10e5
fix webhook for top-level resources ( #576 )
...
* fix webhook for top-level resources
* delete unused code
* unused imports
2021-06-25 14:42:51 -04:00
Robert Brennan
a43a0fe2f5
fix score when onlyOutputFailed is true ( #563 )
...
* fix score when onlyOutputFailed is true
* fix tests
* remove return
2021-06-21 12:26:44 -04:00
Robert Brennan
2e7368d011
change fairwinds links ( #552 )
2021-05-25 12:53:32 -04:00
Robert Brennan
f753fc91f2
Support multi-resource templates ( #524 )
...
* able to run multi-resource tests
* start passing resource provider through
* working end-to-end
* better support for go templating
* fix tests
* delint
* add test
* add json annotations
* remove panics
* fix annotation
* fix for groupkinds
* add comment
* add docs
* change jsonSchema field to schemaString
* rename check
* add pdb to tests
* add ingress to tests
* update deps
* fix up policy import
* update go
* fix check name
* funk it up
* better docs
2021-05-06 14:01:20 -04:00
Cydnee Owens
46923d0a0a
Helper tests2 ( #527 )
...
* Add test for getWeatherIcon and getGrade helper methods
* Add tests for all helper methods
2021-04-23 10:49:01 -07:00
Cydnee Owens
ba1b4d5db9
Add test for getWeatherIcon and getGrade helper methods ( #526 )
2021-04-22 09:58:04 -07:00
Robert Brennan
371e30fe3d
Add support for check templates ( #520 )
...
* Add basic flow
* Add arbitrary validator
* Pipe config through to resource provider
* Set arbitraries on resource provider
* Add arbitrary validation to fullaudit
* Add conf argument
* Fix resource setting from string
* PR updates
* Fix nil map error
* Delete lingering print, add pdb check, start implementing validator test
* move ingress to arbitrary
* fix compile
* refactor a bunch
* add tls tests
* tests passing
* resource provider helper
* refactor tests
* fix exemptions
* fix check test
* fix up resource creation from API
* fix init containers
* fix cronjob test
* fix pod tests
* combine controllers and-noncontrollers in resource provider
* delint
* add ingress backward compat
* fix tests
* reenable test
* rename a fn
* remove unused fn
* remove if
* first pass
* more progress
* debug
* update jsonschema
* Revert "update jsonschema"
This reverts commit 45e6c398ffjordan.steele.doig@gmail.com >
2021-04-09 09:08:31 -04:00
Jordan Doig
63fd576d3e
Add support for arbitrary Kinds ( #505 )
...
* Add basic flow
* Add arbitrary validator
* Pipe config through to resource provider
* Set arbitraries on resource provider
* Add arbitrary validation to fullaudit
* Add conf argument
* Fix resource setting from string
* PR updates
* Fix nil map error
* Delete lingering print, add pdb check, start implementing validator test
* move ingress to arbitrary
* fix compile
* refactor a bunch
* add tls tests
* tests passing
* resource provider helper
* refactor tests
* fix exemptions
* fix check test
* fix up resource creation from API
* fix init containers
* fix cronjob test
* fix pod tests
* combine controllers and-noncontrollers in resource provider
* delint
* add ingress backward compat
* fix tests
* reenable test
* rename a fn
* remove unused fn
* remove if
Co-authored-by: Robert Brennan <contact@rbren.io >
2021-03-26 08:29:59 -04:00
Robert Brennan
1fed099b53
Pretty printer for audit ( #512 )
...
* pretty output
* add colors
* better nocolor
* fix up main title
* delint
* remove double negative
* update docs
2021-03-12 12:20:00 -05:00
Robert Brennan
768b715fdf
fix npe ( #511 )
2021-03-08 08:34:31 -05:00
Robert Brennan
2064384985
fix status bar for ingress ( #509 )
2021-03-03 10:20:36 -05:00
Robert Brennan
b436699260
add a test ( #506 )
2021-02-26 16:29:25 -05:00
Jordan Doig
4c3d0e0603
Set full object ObjectMeta on new workload from Pod ( #471 )
...
* Unmarshal OriginalObjectJSON into ObjectMeta
* Unmarshal to unst before converting too v1 Object
* Add passing annotated deployment webhook test case
* fix meta accessor
* fix tests
* remove logs
* fix tests
Co-authored-by: Robert Brennan <contact@rbren.io >
2021-02-26 15:33:40 -05:00
MAKOSCAFEE
f42af35352
fix merge conflicts
2021-02-24 21:17:58 +03:00
Robert Brennan
c16aac808f
fix checks for k8s defaults ( #496 )
...
* fix insecure caps check
* add more tests
* fix privilege escalation allowed
2021-02-11 17:11:16 -05:00
MAKOSCAFEE
0aa173789a
refactor resultSet loop
2021-02-09 19:16:42 +03:00
Robert Brennan
d9e148c0f2
fix html tag ( #489 )
2021-02-03 09:56:30 -05:00
MAKOSCAFEE
fe0060af77
added test for score
2021-01-29 22:13:01 +03:00
Robert Brennan
6cda7cd7d5
remove details links ( #473 )
2021-01-15 13:55:59 -05:00
Jordan Doig
93a80e44d3
Manually set Ingress object Kind
2021-01-14 11:38:32 -07:00
Jordan Doig
bc866a4d18
Merge branch 'master' into jd/out-of-control
2021-01-14 11:20:35 -07:00
Robert Brennan
ec557f7ce8
Update dependencies ( #470 )
...
* update to v20
* fix tests
2021-01-08 14:01:01 -05:00
Jordan Doig
4cee8b7e35
Some nil pointer dereference fixes
2021-01-07 20:40:22 -07:00
Jordan Doig
ba53a2b8ab
Add ingress nil check test
2021-01-04 20:57:51 -07:00
Jordan Doig
3a8655de81
Update validate ingress test
2021-01-04 20:44:38 -07:00
Jordan Doig
3f62126bdd
Refactor resolveCheck
2021-01-04 16:52:09 -07:00
Jordan Doig
ee8768591b
Merge branch 'master' into jd/out-of-control
2021-01-04 16:14:33 -07:00
Jordan Doig
6e93b799b1
Update UI for non-controller types
2021-01-04 16:10:52 -07:00
Robert Brennan
17d19cacff
Fix up zero-score issues ( #468 )
...
* return score of 100 when no checks specified
* fix up zero states in frontend
* rename variables
2021-01-04 13:25:05 -05:00
Jordan Doig
5ab9f0b251
Add ingress tls check
2021-01-04 09:53:09 -07:00
Jordan Doig
fc368485ef
Add ingress schema checks
2020-12-30 21:58:48 -07:00
Jordan Doig
8f510a1b67
Add ingress to resource provider
2020-12-28 13:55:49 -07:00
