github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-09 18:56:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
840 Commits 28 Branches 117 Tags
4.2.0
Commit Graph

17 Commits

Author SHA1 Message Date
Robert Brennan
c0d8eb6318 handle case-insensitivity for capabilities (#619) 
* handle lowercase letters in ALL for capabilities

* change all caps to regexp

* revert file
 2021-08-31 11:40:47 -04:00
Robert Brennan
19bf91e13b change test for PDB disruptions (#620) 2021-08-31 11:40:36 -04:00
Robert Brennan
b923caf79e better support for namespaces in additional schemas (#593) 
* better support for namespaces in additional schemas

* add alertmanager check

* Revert " revert file"

This reverts commit f55839b87aeec5af20ac28ecff664d17ac1159b3.

* remove alertmanager check
 2021-07-27 10:31:34 -04:00
Cydnee Owens
cbc15ad069 Pod level testing (#546) 
* update runAsPrivileged to test at pod level

* update runAsPrivileged to test at pod level

* add pod level success/failure tests

* add insuecure capabilities pod level testing

* update checks to include good/bad security

* update checks for good/bad security

* remove good security from runAsPrivileged
 2021-05-25 12:59:28 -04:00
Cydnee Owens
1ede736971 update notReadOnlyRootFilesystem check (#543) 
* update notReadOnlyRootFilesystem check

* remove run as user

* add pod level testing to notreadonlyrootFileSystem and update schema_test.go file

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2021-05-24 15:21:04 -07:00
Cydnee Owens
1935abd563 Test layout refactor (#545) 
* refactor test structure

* update syntax to include template/spec layout

* update syntax to include template/spec layout

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2021-05-24 16:30:10 -04:00
Cydnee Owens
842ccf4853 Multiple replicas (#534) 
* add file structure and success/failure yaml files

* add success/fail check tests for liveness probe missing

* add success/fail check tests for readiness probe missing

* add cpu limit missing success/failure

* add cpu requests missing success/failure

* add hostPortMissing success/failure

* add readinessProbeMissing success/failure

* Add success/failure test for dangerousCapabilities

* add success test

* submit for review for potential bug

* remove outdated files

* fix test cases

Co-authored-by: Robert Brennan <contact@rbren.io>
Co-authored-by: Robert Brennan <accounts@rbren.io>
 2021-05-18 13:16:08 -07:00
Cydnee Owens
2c56a313a1 add failure, failure.latest and success.yaml file (#541) 
Co-authored-by: Robert Brennan <accounts@rbren.io>
 2021-05-18 12:40:55 -07:00
Cydnee Owens
d011bb454a add failure.all.yaml for dangerouscapabilities test (#538) 
* add failure.all.yaml for dangerouscapabilities test

* change to [ALL] failing test

* add failure.all.yaml for dangerouscapabilities test

* change to [ALL] failing test

* fix dangerous caps test

Co-authored-by: Robert Brennan <contact@rbren.io>
 2021-05-11 13:12:46 -07:00
Cydnee Owens
c9811171ce Check testing (#535) 
* add file structure and success/failure yaml files

* add success/fail check tests for liveness probe missing

* add success/fail check tests for readiness probe missing

* add cpu limit missing success/failure

* add cpu requests missing success/failure

* add hostPortMissing success/failure

* add readinessProbeMissing success/failure

* Add success/failure test for dangerousCapabilities

* add success test

* add success/failure tests

* name change pdbDisruptionsGreaterThanZero to pdbDisruptionsIsZero for test

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2021-05-07 09:46:26 -07:00
Cydnee Owens
30eebaf16a add memory limits and requests success/failure tests (#537) 2021-05-06 14:15:22 -07:00
Robert Brennan
f753fc91f2 Support multi-resource templates (#524) 
* able to run multi-resource tests

* start passing resource provider through

* working end-to-end

* better support for go templating

* fix tests

* delint

* add test

* add json annotations

* remove panics

* fix annotation

* fix for groupkinds

* add comment

* add docs

* change jsonSchema field to schemaString

* rename check

* add pdb to tests

* add ingress to tests

* update deps

* fix up policy import

* update go

* fix check name

* funk it up

* better docs
 2021-05-06 14:01:20 -04:00
Cydnee Owens
239a321588 Liveness probe (#529) 
* add file structure and success/failure yaml files

* add success/fail check tests for liveness probe missing

* add success/fail check tests for readiness probe missing

* add cpu limit missing success/failure

* add cpu requests missing success/failure

* add hostPortMissing success/failure

* add readinessProbeMissing success/failure

* delete misspelled file folder readinessProb

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2021-05-06 09:11:10 -07:00
Robert Brennan
371e30fe3d Add support for check templates (#520) 
* Add basic flow

* Add arbitrary validator

* Pipe config through to resource provider

* Set arbitraries on resource provider

* Add arbitrary validation to fullaudit

* Add conf argument

* Fix resource setting from string

* PR updates

* Fix nil map error

* Delete lingering print, add pdb check, start implementing validator test

* move ingress to arbitrary

* fix compile

* refactor a bunch

* add tls tests

* tests passing

* resource provider helper

* refactor tests

* fix exemptions

* fix check test

* fix up resource creation from API

* fix init containers

* fix cronjob test

* fix pod tests

* combine controllers and-noncontrollers in resource provider

* delint

* add ingress backward compat

* fix tests

* reenable test

* rename a fn

* remove unused fn

* remove if

* first pass

* more progress

* debug

* update jsonschema

* Revert "update jsonschema"

This reverts commit 45e6c398ff.

* Revert "Revert "update jsonschema""

This reverts commit f8c5ec223824694c43a6af9dae9319f1f0e30b37.

* templating working

* rename check

* add failure details to results

* minor edits

* add runAsRoot test

* Revert "Revert "Revert "update jsonschema"""

This reverts commit fcdacdc3c22e32c580541901f99e154d00bedbc8.

* minor fixes

* most tests passing

* fix json annotations

* logspam

* delint

* add comment

Co-authored-by: Jordan Doig <jordan.steele.doig@gmail.com>
 2021-04-09 09:08:31 -04:00
Jordan Doig
63fd576d3e Add support for arbitrary Kinds (#505) 
* Add basic flow

* Add arbitrary validator

* Pipe config through to resource provider

* Set arbitraries on resource provider

* Add arbitrary validation to fullaudit

* Add conf argument

* Fix resource setting from string

* PR updates

* Fix nil map error

* Delete lingering print, add pdb check, start implementing validator test

* move ingress to arbitrary

* fix compile

* refactor a bunch

* add tls tests

* tests passing

* resource provider helper

* refactor tests

* fix exemptions

* fix check test

* fix up resource creation from API

* fix init containers

* fix cronjob test

* fix pod tests

* combine controllers and-noncontrollers in resource provider

* delint

* add ingress backward compat

* fix tests

* reenable test

* rename a fn

* remove unused fn

* remove if

Co-authored-by: Robert Brennan <contact@rbren.io>
 2021-03-26 08:29:59 -04:00
Robert Brennan
c16aac808f fix checks for k8s defaults (#496) 
* fix insecure caps check

* add more tests

* fix privilege escalation allowed
 2021-02-11 17:11:16 -05:00
Robert Brennan
b4e3d40f4b Add priority class check, some test infra (#342) 
* add check for priority-class

* add test message

* lint
 2020-06-22 16:34:48 -04:00