github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-09 02:36:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
840 Commits 28 Branches 117 Tags
4.2.0
Commit Graph

27 Commits

Author SHA1 Message Date
Robert Brennan
c0d8eb6318 handle case-insensitivity for capabilities (#619) 
* handle lowercase letters in ALL for capabilities

* change all caps to regexp

* revert file
 2021-08-31 11:40:47 -04:00
Robert Brennan
19bf91e13b change test for PDB disruptions (#620) 2021-08-31 11:40:36 -04:00
Cydnee Owens
cbc15ad069 Pod level testing (#546) 
* update runAsPrivileged to test at pod level

* update runAsPrivileged to test at pod level

* add pod level success/failure tests

* add insuecure capabilities pod level testing

* update checks to include good/bad security

* update checks for good/bad security

* remove good security from runAsPrivileged
 2021-05-25 12:59:28 -04:00
Cydnee Owens
1ede736971 update notReadOnlyRootFilesystem check (#543) 
* update notReadOnlyRootFilesystem check

* remove run as user

* add pod level testing to notreadonlyrootFileSystem and update schema_test.go file

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2021-05-24 15:21:04 -07:00
Cydnee Owens
d011bb454a add failure.all.yaml for dangerouscapabilities test (#538) 
* add failure.all.yaml for dangerouscapabilities test

* change to [ALL] failing test

* add failure.all.yaml for dangerouscapabilities test

* change to [ALL] failing test

* fix dangerous caps test

Co-authored-by: Robert Brennan <contact@rbren.io>
 2021-05-11 13:12:46 -07:00
Robert Brennan
f753fc91f2 Support multi-resource templates (#524) 
* able to run multi-resource tests

* start passing resource provider through

* working end-to-end

* better support for go templating

* fix tests

* delint

* add test

* add json annotations

* remove panics

* fix annotation

* fix for groupkinds

* add comment

* add docs

* change jsonSchema field to schemaString

* rename check

* add pdb to tests

* add ingress to tests

* update deps

* fix up policy import

* update go

* fix check name

* funk it up

* better docs
 2021-05-06 14:01:20 -04:00
Robert Brennan
371e30fe3d Add support for check templates (#520) 
* Add basic flow

* Add arbitrary validator

* Pipe config through to resource provider

* Set arbitraries on resource provider

* Add arbitrary validation to fullaudit

* Add conf argument

* Fix resource setting from string

* PR updates

* Fix nil map error

* Delete lingering print, add pdb check, start implementing validator test

* move ingress to arbitrary

* fix compile

* refactor a bunch

* add tls tests

* tests passing

* resource provider helper

* refactor tests

* fix exemptions

* fix check test

* fix up resource creation from API

* fix init containers

* fix cronjob test

* fix pod tests

* combine controllers and-noncontrollers in resource provider

* delint

* add ingress backward compat

* fix tests

* reenable test

* rename a fn

* remove unused fn

* remove if

* first pass

* more progress

* debug

* update jsonschema

* Revert "update jsonschema"

This reverts commit 45e6c398ff.

* Revert "Revert "update jsonschema""

This reverts commit f8c5ec223824694c43a6af9dae9319f1f0e30b37.

* templating working

* rename check

* add failure details to results

* minor edits

* add runAsRoot test

* Revert "Revert "Revert "update jsonschema"""

This reverts commit fcdacdc3c22e32c580541901f99e154d00bedbc8.

* minor fixes

* most tests passing

* fix json annotations

* logspam

* delint

* add comment

Co-authored-by: Jordan Doig <jordan.steele.doig@gmail.com>
 2021-04-09 09:08:31 -04:00
Jordan Doig
63fd576d3e Add support for arbitrary Kinds (#505) 
* Add basic flow

* Add arbitrary validator

* Pipe config through to resource provider

* Set arbitraries on resource provider

* Add arbitrary validation to fullaudit

* Add conf argument

* Fix resource setting from string

* PR updates

* Fix nil map error

* Delete lingering print, add pdb check, start implementing validator test

* move ingress to arbitrary

* fix compile

* refactor a bunch

* add tls tests

* tests passing

* resource provider helper

* refactor tests

* fix exemptions

* fix check test

* fix up resource creation from API

* fix init containers

* fix cronjob test

* fix pod tests

* combine controllers and-noncontrollers in resource provider

* delint

* add ingress backward compat

* fix tests

* reenable test

* rename a fn

* remove unused fn

* remove if

Co-authored-by: Robert Brennan <contact@rbren.io>
 2021-03-26 08:29:59 -04:00
Robert Brennan
c16aac808f fix checks for k8s defaults (#496) 
* fix insecure caps check

* add more tests

* fix privilege escalation allowed
 2021-02-11 17:11:16 -05:00
Jordan Doig
3a8655de81 Update validate ingress test 2021-01-04 20:44:38 -07:00
Jordan Doig
5ab9f0b251 Add ingress tls check 2021-01-04 09:53:09 -07:00
Robert Brennan
4e044602f4 change how controller checks are handled (#454) 
* change how controller checks are handled

* add changelog

* simpler fix
 2020-12-17 16:29:49 -05:00
baderbuddy
b3f1b3b478 Recategorize the results into standard categories. (#434) 
* Initial checkin for recategorizing checks

* Fix tests

* Fix tests

* Update example output
 2020-11-04 10:17:37 -05:00
Robert Brennan
b4e3d40f4b Add priority class check, some test infra (#342) 
* add check for priority-class

* add test message

* lint
 2020-06-22 16:34:48 -04:00
baderbuddy
d50d9c81f8 Add the capability for controller level checks (#285) 
* Add controller level checks

* Add check for multipleReplicas

* Fixed spec

* Add controller level check

* Move controller schema checks to their own function.
 2020-05-18 14:57:35 -04:00
Robert Brennan
6792fba91f Delete controllers package (#270) 
* rename root fs check

* speed up docker build

* refactor webhook to be more generic

* delete controllers pkg

* revert deploy

* fix example config

* remove controllersToScan config

* fix lint error

* fix webhook name

* FileSystem -> Filesystem

* update deps

* skip node owners

* clean up meta tracking

Co-authored-by: Robert Brennan <bobby.brennan@gmail.com>
 2020-04-27 10:43:02 -04:00
Robert Brennan
04da47d83e change input config to simplify things 2020-01-02 17:55:21 +00:00
Robert Brennan
5efa416ea9 implement custom checks, implement resource ranges as custom check 2020-01-02 17:55:21 +00:00
Robert Brennan
7b0fe81d01 implement capabilities checks in JSON schema 2020-01-02 17:55:21 +00:00
Robert Brennan
f7dccc079b move more security checks to jsonschema 2019-12-23 20:32:38 +00:00
Robert Brennan
6c588848ef fix up exclusions 2019-12-23 20:32:38 +00:00
Robert Brennan
ad3a8e6748 move runAsRootAllowed over to jsonschema 2019-12-23 20:32:38 +00:00
Robert Brennan
3fa627a2cd move networking checks over to json schema 2019-12-23 20:32:38 +00:00
Robert Brennan
30b49c4d7b implement image checks using json schema 2019-12-23 20:32:38 +00:00
Robert Brennan
f2c5752718 migrate health checks to schemas 2019-12-23 20:32:38 +00:00
Robert Brennan
3304285b4e move rest of pod checks over to schema 2019-12-23 20:32:38 +00:00
Robert Brennan
d80d326f7c swap out host_network for a schema-based check 2019-12-23 20:32:38 +00:00