Add support for PersistentVolume resource kind #10
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
➖ Refactors internals of codebase to make adding new K8s object types easier #12
❌ Add
SecretReference
,ObjectReference
,NodeSelector
,NodeSelectorTerm
,NodeSelectorRequirement
, etc.✔️ : Centralizes the relationship strings under single class for easier tracking in IDE/dev environments (PR opened #11)
➖ Adds object hash (SHA2-256) to object model for tracking down references in neo4j #12
✔️ Fixes bug in attack_path.py where non-plural resource name for
Pod
was used (PR opened #11)❌ Add support for choosing neo4j database from CLI
➖ Add support for object recursing for nested objects in resources #12
➖ Refactor re-looping of relationships to be configurable #12
➖ Add BaseResource type for representing nested objects #12
➖ Move some code from Resource to BaseResource to reduce code duplication #12
❌ Move some code in neo4j.py to neo4j_utils.py in attempt to reduce chances of circular import (might not be needed)
Motivation
I'm interested in modeling K8s resources using neo4j for DevOps/SRE purposes and wanted a more complete cluster definition to experiment with. I also read through the issues and noticed that there are some
hostPath
detections that you may want to make, and thought that this could potentially help out.I found this project yesterday and I'm in love with it, I think it's a great approach to solving some of the lower-hanging fruits for securing clusters.
I'm upstreaming some changes I made to make onboarding new object types more easy and provide the flexibility of defining new relationship types for objects and their sub-resources.
I'm not expecting to get all of my changes merged in, but I'm willing to work on this repo until it's in a shape where it could be merged in without any issues.
Please feel free to reach out directly to my email if you'd like to establish a dialogue in private.