github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-15 21:57:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
884 Commits 28 Branches 117 Tags
5.2.0
Commit Graph

29 Commits

Author SHA1 Message Date
Andrew Suderman
78838a606d Add a --namespace flag to the in-cluster audit (#742) 2022-04-08 07:54:03 -06:00
Ken Kaizu
1841b7441d audit check specific checks when passing checks args (#737) 
Signed-off-by: krrrr38 <k.kaizu38@gmail.com>

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2022-04-07 09:11:51 -04:00
Barnabas Makonda
a4c0b0f555 Add mutation field to imagePolicyNotAlways (#712) 
* added mutation field in checks and config

* added test

* fix tests

* revert resolve export

* remove Patched resources as moving that to separate functionality apart from validation

* go mod tidy

* move mutation to the container level

* change prefix based on the resource kind

* collect all mutations from results and apply

* added test for cronjob and deployment apart from just pod

* test cronjob prefix

* return a copy of mutation

* fix tests and comments

* address feedback comments

* fix warning formating

* refactor getJSONSchemaPrefix function
 2022-03-25 16:38:58 +03:00
nobletrout
f429f1922a Nobletrout/add kubectx support (#719) 
* See #699 add support for kubecontext selection

* Update cli.md
 2022-03-15 09:24:24 -04:00
Maxime VISONNEAU
32c1150b28 config: new flags '--disallow-(config|annotation)-exemptions' (#636) 
This change follows up #635 and lets end-users decide to disallow exemption rules defined as part of the config file or the controller annotations (whether none, any or both). The main use case here is to be able to prevent users with edit privileges over a controller to add a new exemption rule through an annotation which may obfuscate the actual policies we want to enforce.

Signed-off-by: Maxime VISONNEAU <maxime.visonneau@gmail.com>

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2021-09-27 12:56:59 -04:00
Robert Brennan
cf69099d3a Fix helm-values (#591) 
* Update audit.go

* Update audit.go
 2021-07-22 11:19:17 -04:00
Robert Brennan
a43a0fe2f5 fix score when onlyOutputFailed is true (#563) 
* fix score when onlyOutputFailed is true

* fix tests

* remove return
 2021-06-21 12:26:44 -04:00
Cydnee Owens
082e9c0406 process helm templates method (#556) 
* process helm templates method

* update helm chart error paths and add helmValues

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2021-06-04 12:47:45 -07:00
Jordan Doig
63fd576d3e Add support for arbitrary Kinds (#505) 
* Add basic flow

* Add arbitrary validator

* Pipe config through to resource provider

* Set arbitraries on resource provider

* Add arbitrary validation to fullaudit

* Add conf argument

* Fix resource setting from string

* PR updates

* Fix nil map error

* Delete lingering print, add pdb check, start implementing validator test

* move ingress to arbitrary

* fix compile

* refactor a bunch

* add tls tests

* tests passing

* resource provider helper

* refactor tests

* fix exemptions

* fix check test

* fix up resource creation from API

* fix init containers

* fix cronjob test

* fix pod tests

* combine controllers and-noncontrollers in resource provider

* delint

* add ingress backward compat

* fix tests

* reenable test

* rename a fn

* remove unused fn

* remove if

Co-authored-by: Robert Brennan <contact@rbren.io>
 2021-03-26 08:29:59 -04:00
Robert Brennan
1fed099b53 Pretty printer for audit (#512) 
* pretty output

* add colors

* better nocolor

* fix up main title

* delint

* remove double negative

* update docs
 2021-03-12 12:20:00 -05:00
MAKOSCAFEE
f42af35352 fix merge conflicts 2021-02-24 21:17:58 +03:00
MAKOSCAFEE
fe0060af77 added test for score 2021-01-29 22:13:01 +03:00
MAKOSCAFEE
7b428fe230 update flag information for listening address 2021-01-29 17:19:22 +03:00
MAKOSCAFEE
2e148546d8 remove 127.0.0.1 and let it remain empty as before 2021-01-29 17:12:26 +03:00
MAKOSCAFEE
23d76594a6 added listening address 2021-01-29 17:07:56 +03:00
Robert Brennan
ec557f7ce8 Update dependencies (#470) 
* update to v20

* fix tests
 2021-01-08 14:01:01 -05:00
skatika
dd2976794a Implement namespace and container exemptions. Also refactoring according to gofmt 2020-12-18 09:50:04 -05:00
skatika
fdd30717e5 Remove unused parameter 2020-12-17 09:54:29 -05:00
baderbuddy
7c9f01639b Update dependencies (#400) 
* Start working on updating dependencies:

* Fix webhook

* Rollback jsonschema update

* Checkin new config

* Fix run as root

* Update versions of kind

* Fix typo in kind URL

* Fix kind config

* Add csr permissions

* Fix weird image thing

* Fixed certificates

* Add to logging

* Approve cert manually

* Fix approval

* Add cert script

* Fix deployment

* Add requests/limits

* Wait if certificate doesn't exist yet

* Add check for file size

* Add variable

* Try a different imagE

* Fix command

* Update certificate logic

* Add healthz

* Don't check cert size

* Remove stat

* Fix vet

* Put in change that makes no sense

* Fix cert names

* Roll back

* Try changing config

* Add logging for each request

* Cleanup code some

* Remove bad deployments

* Fix client injection

* Update timeout

* Add logging

* Fixed e2e webhook tests

* Add permissions for approval

* Fix permissions for CSR

* Remove logging code

* Remove refresh certs file

* Fix merge issues

* Update deployments

* Try beta of admission controller config

* Target 1.15 for testing

* Add beta versions of resourceS

* Lower webhook timeout

* Refactor out a method

* Fix up PR issues

* Fix more tabs

* Remove unnecessary messageS

* Fix go.sum

* Fix go.sum
 2020-09-11 08:53:14 -04:00
Robert Brennan
47150155a0 add ability to audit a single workload (#368) 
* add ability to audit a single workload

* delint

* fix help text

* update readme
 2020-07-22 13:28:02 -04:00
Robert Brennan
2ac6a2b540 Change error to danger (#299) 
* rename 'error' to 'danger'

* update dashboard

* fix docs

* update deploy configs
 2020-05-19 08:41:07 -04:00
Robert Brennan
6792fba91f Delete controllers package (#270) 
* rename root fs check

* speed up docker build

* refactor webhook to be more generic

* delete controllers pkg

* revert deploy

* fix example config

* remove controllersToScan config

* fix lint error

* fix webhook name

* FileSystem -> Filesystem

* update deps

* skip node owners

* clean up meta tracking

Co-authored-by: Robert Brennan <bobby.brennan@gmail.com>
 2020-04-27 10:43:02 -04:00
Robert Brennan
dad526245d don't exit if webhook registration fails 2020-02-25 21:23:31 +00:00
Bader Boland
9c9e58c23d Removed commit from version info 2020-02-11 15:06:57 -05:00
Bader Boland
4c345f3799 Missed a few c -> config. 2020-02-10 08:33:58 -05:00
Bader Boland
6009ee67fa Cleanup code 2020-02-10 08:27:08 -05:00
Bader Boland
1cae69d080 Updated documentation 2020-02-06 10:54:55 -05:00
Bader Boland
6f8028fc17 Moved the rest of the commands. 2020-02-06 10:54:55 -05:00
Bader Boland
d507039d5f First commands added. 2020-02-06 10:54:54 -05:00