github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-06 17:26:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
928 Commits 28 Branches 117 Tags
7.0.2
Commit Graph

928 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Brennan
b90f091bb6 fix polaris cves (#824) 7.0.2 2022-08-22 09:44:44 -04:00
ivanfetch-fw
e3a6cb3774 Fix namespace checking when validating additional schemas which are not namespaced (#822) 2022-08-18 18:34:32 -06:00
dependabot[bot]
7addced32c Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 (#815) 
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-18 16:53:49 -04:00
dependabot[bot]
7e77350428 Bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.3 (#814) 
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.12.1 to 0.12.3.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.12.1...v0.12.3)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-18 16:53:39 -04:00
dependabot[bot]
af0d548a07 Bump k8s.io/apimachinery from 0.24.1 to 0.24.3 (#807) 
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.24.1 to 0.24.3.
- [Release notes](https://github.com/kubernetes/apimachinery/releases)
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.24.1...v0.24.3)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Barnabas Makonda <6409210+makoscafee@users.noreply.github.com>
Co-authored-by: Robert Brennan <accounts@rbren.io>
 2022-08-18 16:45:12 -04:00
dependabot[bot]
3efa3b40c9 Bump k8s.io/client-go from 0.24.1 to 0.24.3 (#806) 
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.24.1 to 0.24.3.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.24.1...v0.24.3)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Robert Brennan <accounts@rbren.io>
 2022-08-18 16:45:03 -04:00
ivanfetch-fw
206322271c FWI-2509: Add sensitiveContainerEnvVar and sensitiveConfigMapContent checks (#817) 
* Add sensitiveContainerEnvVar and sensitiveConfigMapContent checks

* Update full example configfile
 2022-08-05 11:58:57 -04:00
ivanfetch-fw
e5b9236268 FWI-2476: Add missingNetworkPolicy, automountServiceAccountToken, and linuxHardening checks (#816) 
* Add missingNetworkPolicy, automountServiceAccountToken, and linuxHardening checks
 2022-08-05 09:44:18 -06:00
ivanfetch-fw
c3b57bf6c7 target: container also populates .Polaris.PodSpec|PodTemplate + a new .Polaris.Container representing the currently checked container, GetPodTemplate serializes data to work around a DeepCopy bug with type int (#812) 2022-07-29 07:45:56 -06:00
Igor Beliakov
652b65b3c2 fix: properly remove emojis in pretty format with no color (#765) 
Signed-off-by: Igor Beliakov <demtis.register@gmail.com>

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2022-07-28 15:39:17 -04:00
dependabot[bot]
41030320bb Bump github.com/stretchr/testify from 1.7.1 to 1.8.0 (#786) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.8.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-28 15:30:09 -04:00
dependabot[bot]
76c42c4799 Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (#813) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-28 15:29:58 -04:00
dependabot[bot]
65add73e70 Bump k8s.io/api from 0.24.1 to 0.24.3 (#808) 
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.24.1 to 0.24.3.
- [Release notes](https://github.com/kubernetes/api/releases)
- [Commits](https://github.com/kubernetes/api/compare/v0.24.1...v0.24.3)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Barnabas Makonda <6409210+makoscafee@users.noreply.github.com>
 2022-07-28 15:21:50 -04:00
Igor Beliakov
a0000e1919 Suppress empty results when --only-show-failed-tests is passed (#811) 
* Suppress empty results when --only-show-failed-tests is passed

Signed-off-by: Igor Beliakov <demtis.register@gmail.com>

* Fix remaining typo

Signed-off-by: Igor Beliakov <demtis.register@gmail.com>

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2022-07-26 09:31:08 -04:00
dependabot[bot]
f9e2603b16 Bump alpine from 3.16.0 to 3.16.1 (#810) 
Bumps alpine from 3.16.0 to 3.16.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-25 17:21:08 +03:00
ivanfetch-fw
50d789fd42 Fix resourceKindMap.addResource() to not assume every Kind has an APIGroup (#805) 
This was causing the `ResourceProvider.Resources` map to essentially
loose resources with no APIGroup, such as ServiceAccounts.
 2022-07-15 13:53:41 -06:00
ivanfetch-fw
25ab600eef Update docs to reflect target: PodTemplate RE: PR #801 (#804) 
* Update docs to reflect `target: PodTemplate` and the template being available via the `Polaris.PodTemplate` variable RE: PR #801

* Fix typo

Co-authored-by: Robert Brennan <accounts@rbren.io>

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2022-07-14 13:50:41 -06:00
ivanfetch-fw
be45519a22 Add target PodTemplate which exposes the full Pod (not only the spec) (#801) 
* Add `target PodTemplate` which exposes the full Pod (not only the spec)

* Fix PotTemplate in conjunction with how pod-schema-checks are handled

* Add test for GO template `Polaris` sub-keys, help `NewGenericResourceFromPod` to set `PodTemplate` in more cases

* Clarify PldTemplate logic for `IsActionable()`
 2022-07-14 12:51:24 -06:00
ivanfetch-fw
ccaa384cd0 expose Polaris.PodSpec for PodSpec targeted checks (#793) 
* Add a template `Polaris` variable, expose `Polaris.PodSpec` for checks of `target: PodSpec`.

Polaris checks that are `target: PodSpec` have reflected the original
resource (such as a pod-controller) in the Go template, instead of
reflecting the pod `spec` field. This update makes the PodSpec available
in a new template variable `Polaris.PodSpec`.
 2022-07-12 08:04:17 -06:00
Robert Brennan
1c09ce9e09 update changelog and docs (#800) 
* update changelog and docs

* add 7.0.1

* fix version
7.0.1 		2022-07-11 14:12:50 -04:00
Robert Brennan
fec00893b1 Update fairwinds-insights.yaml (#799) 2022-07-11 14:06:58 -04:00
Robert Brennan
acadebe9fd add docs for mutation (#792) 
* add docs for mutation

* Update infrastructure-as-code.md
7.0.0 		2022-07-11 13:25:15 -04:00
Robert Brennan
a2ec025230 Add more mutations, fix mutation tests (#790) 
* add more mutations

* fix tests

* add more test cases

* Update insecureCapabilities.yaml

* Update dangerousCapabilities.yaml

* fix tests

* fix tests
 2022-07-11 13:22:14 -04:00
Robert Brennan
08682075c6 Enable pullPolicyNotAlways (#795) 
* add more mutations

* fix tests

* add more test cases

* Update insecureCapabilities.yaml

* Update dangerousCapabilities.yaml

* fix tests

* fix tests

* add pullPolicyNotAlways as default mutation
 2022-07-11 13:20:17 -04:00
Barnabas Makonda
e3e790046f Add checks flag to fix specific checks (#797) 
* add checks to fix  and fix-all-checks flags

* only use one flag

* add example

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2022-07-11 11:12:08 -06:00
Robert Brennan
50319fb1b8 fix webhook test (#798) 
* add logs to webhook test

* fix cleanup

* add more logs

* fix webhhook test
 2022-07-11 13:06:21 -04:00
Robert Brennan
c3eb0811e0 Add flag to enable mutations in webhook (#794) 
* rb/mutation-flag

* add validate flag
 2022-07-11 09:37:54 -04:00
Andrew Suderman
5423449177 Use orb to publish docs (#791) 
* Use orb to publish docs

* copy/pasta

* remove test values

* typo
 2022-07-07 11:52:12 -06:00
Robert Brennan
f713d43697 ensure path exists when adding mutations (#789) 2022-07-07 10:00:36 -04:00
Barnabas Makonda
e896eec89f Expose GetValidateResults function to be used in the polaris package (#763) 
* Expose GetValidateResults function to be used in the polaris package

* change to GetValidatedResults
 2022-06-15 15:28:33 +03:00
Barnabas Makonda
25a120ba65 update dependencies (#777) 2022-06-07 20:27:26 +03:00
intrand
3b865fcea8 skip incomplete or broken YAML - warn user (#678) 
* skip broken yaml (eg, patch file)

* skip in visitFile, not in parser

* restore filepath.Walk() error handling

* restore test; correct assertion

* Update pkg/kube/resources_test.go

Co-authored-by: Robert Brennan <accounts@rbren.io>

* Fix tests

* update kind

Co-authored-by: Robert Brennan <accounts@rbren.io>
Co-authored-by: Luke Reed <luke@lreed.net>
Co-authored-by: Barnabas Makonda <6409210+makoscafee@users.noreply.github.com>
Co-authored-by: MAKOSCAFEE <barnabasmakonda@gmail.com>
 2022-06-07 12:02:27 -04:00
Robert Brennan
f71ca999c9 Change target: Pod to target: PodSpec (#726) 
* change target pod to target pod spec

* add checks

* update docs

* fix tests

Co-authored-by: MAKOSCAFEE <barnabasmakonda@gmail.com>
 2022-06-07 07:37:25 -06:00
dependabot[bot]
276c168839 Bump alpine from 3.15.4 to 3.16.0 (#773) 
Bumps alpine from 3.15.4 to 3.16.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-01 23:02:14 +03:00
Barnabas Makonda
92f0b6e551 fix issue when the files-path is actual file path instead of directory (#761) 
* fix issue when the files-path is actual path

* remove check for file extension

* do not panic when sub command is not there

* remove panic and fail graciously
 2022-05-12 07:45:46 -06:00
Barnabas Makonda
6b7d6ab301 Added Mutation webhook (#755) 
* added mutate webhook

* fix mutation operation type

* if no mutation just use valid response
6.0.0 		2022-05-03 17:42:19 +03:00
Robert Brennan
6c33168378 update release process (#744) 
* update release process

* fix lint

* remove kubectl docs

* update webhook install

* fix webhook_test

* fix dashboard test

* Update kube_dashboard_test.sh

* Update webhook_test.sh

Co-authored-by: Barnabas Makonda <6409210+makoscafee@users.noreply.github.com>
 2022-04-28 17:16:17 -04:00
Robert Brennan
8a8ac2d9b9 update go modules (#743) 
* update go modules

* go 1.18

* git mod tidy

* go mod tidy again

Co-authored-by: MAKOSCAFEE <barnabasmakonda@gmail.com>
Co-authored-by: Barnabas Makonda <6409210+makoscafee@users.noreply.github.com>
 2022-04-28 23:18:38 +03:00
Barnabas Makonda
a59063bdb2 Add fix command to mutate and update IaC (#746) 
* added fix command

* update fix command to walk through the folder to find all files

* added ability to add comment

* fix comment prefix

* trim whitespaces to the line

* refactor update mutated file

* remove filepath as is not needed anymore

* remove filepath as is not needed anymore

* remove timestamp and status if creation is null

* added comments and fix tests

* remove hardcoded mutation in config

* revert comment deletion

* separate mutated to success files

* read multiple resources in a file and update both

* Remove mutation in config.yaml
 2022-04-28 18:28:33 +03:00
Terraform User
c597b162d9 Managed by Terraform 2022-04-26 13:31:39 -06:00
Robert Brennan
322e6f7dcd fix kinds (#752) 2022-04-25 11:52:38 -04:00
Robert Brennan
c92819ca9d Save last podspec when walking owner hierarchy (#748) 
* try saving last podspec when walking owner hierarchy

* remove namespace from config
 2022-04-25 11:09:22 -04:00
dependabot[bot]
57d0ae3932 Bump alpine from 3.15.3 to 3.15.4 (#745) 
Bumps alpine from 3.15.3 to 3.15.4.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-12 15:47:27 +03:00
Barnabas Makonda
321bfa8f1f Added more mutations and refactor test to test each mutation separately (#734) 
* added more mutations and refactor test to test each mutation separately

* added more mutation definitions

* update spec for controller

* added mutations for cpu and memory request and limits

* update request memory mutation

* added liveness and probes

* rmeove hostport mutation

* added multiple mutations for request and limits memory

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2022-04-08 17:19:14 +03:00
Andrew Suderman
78838a606d Add a --namespace flag to the in-cluster audit (#742) 5.2.0 2022-04-08 07:54:03 -06:00
staerion
fd16fb993d merge the list of resources from custom checks and the generated controller list before deduplicating them (#727) 
Co-authored-by: Robert Brennan <accounts@rbren.io>
 2022-04-07 10:18:04 -04:00
Ken Kaizu
1841b7441d audit check specific checks when passing checks args (#737) 
Signed-off-by: krrrr38 <k.kaizu38@gmail.com>

Co-authored-by: Robert Brennan <accounts@rbren.io>
 2022-04-07 09:11:51 -04:00
Robert Brennan
ce8786b9d2 update x/text (#740) 2022-04-07 09:10:57 -04:00
dependabot[bot]
82d366364f Bump alpine from 3.15.2 to 3.15.3 (#739) 
Bumps alpine from 3.15.2 to 3.15.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-05 16:20:34 +03:00
Andrew Suderman
bd8b2962dc Fix license headers (#736) 
* Update license headers

* Fmt

Co-authored-by: Barnabas Makonda <6409210+makoscafee@users.noreply.github.com>
 2022-03-31 11:02:10 -04:00