* update
* update go mod
* tidy
* revert go mod
* fix port
* move pod test case
* downgrade controller-runtime
* revert updates
* fix nil pointer
* add logs
* fix var
* remove test requirement
* fix decoder
* fix mutate
* fix test case
* fix logs
* fmt
* fix owned pods in mutate
* fix test
* add logs
* add mutations to tests
* convert to json for patch
* fix up tests
* remove nil check
* fix logs
* add logs
* add env vars to webhook tests
* add login flow
* add logout functionality
* improve code
* implement token and status print
* implement status command
* add user to login
* improve server port management
* improve login flow
* fix login flow
* make insights URL for login configurable
* remove comments
* fix logrus directive usage
* add upload-insights command
* remove unnecessary usage of pointer
* error when using upload-insights and audit-path simultaneously
* upload-insights support
* set priority to reports
* adds report verification
* fix logging to meet expected results
* renaming variable name
* improve results printing
* improve variable naming
* remove TODO
* Update checks severities (#950)
* change all ignore checks to warning
* promoting checks initially warning that should be danger.
* fixing docs and examples
* adds changelog
* fix changelog version
* improve general error message
* update workloads to be able grab its version
* print URL on stdout on browser error
* use os.WriteFile instead of low-level API
* renaming fn params
* add insights client
* validating token on auth status
* minor fix
* only query for re-auth if token is still valid
* update some dependencies in go and CI (#951)
* update some dependencies
* update testing requirements
* Fix cert-manager
* lots of deprecated versions
* attempts
* review suggestions
* avoid nil pointer
* fix fixtures
* fix test
---------
Co-authored-by: Robert Brennan <contact@rbren.io>
* update changelog
---------
Co-authored-by: Andrew Suderman <andy@fairwinds.com>
Co-authored-by: Robert Brennan <contact@rbren.io>
* change all ignore checks to warning
* promoting checks initially warning that should be danger.
* fixing docs and examples
* adds changelog
* fix changelog version
* Update docs with new checks; make sure both config-full has all config.yml checks
* Update doc on mutating webhooks
---------
Co-authored-by: Robert Brennan <accounts@rbren.io>
* Add persistentpostrun to root cmd and postrun to version cmd
* Change PLG link
* Add PLG link to dashboard
* <strong> the link
Co-authored-by: Andrew Suderman <andy@suderman.dev>
The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.
[1]: https://golang.org/doc/go1.16#ioutil
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Co-authored-by: Andrew Suderman <andrew@sudermanjr.com>
* Enable these checks in the default configuration file, which may produce many new results:
* automountServiceAccountToken
* linuxHardening
* sensitiveConfigmapContent and sensitiveContainerEnvVar
* clusterrolebindingClusterAdmin, rolebindingClusterAdminClusterRole, and rolebindingClusterAdminRole
* clusterrolePodExecAttach, rolePodExecAttach, clusterrolebindingPodExecAttach, rolebindingClusterRolePodExecAttach, and rolebindingRolePodExecAttach
* Ignore the `missingNetworkPolicy` and `automountServiceAccountToken` checks by default
* `hasPrefix` and `hasSuffix` functions are now available in the go template
* Fix the `sensitiveContainerEnvVar` check to ignore sensitive environment
variable names when those variables use `valueFrom` to reference an
external resource.
* Add the `*ClusterAdmin` checks to `examples/config-full.yaml`.
* Exempt the prefix `system:` instead of individual entries for RBAC checks (#871)
* Add debug logging for JSON Schema validation and Go templating
* Fix `--help` to display the full Polaris usage
* add valid log possible levels to `--log-level` flag help
