Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: test VAPs generated by pod security cel policies #1006

Draft
wants to merge 26 commits into
base: main
Choose a base branch
from
Draft

feat: test VAPs generated by pod security cel policies #1006

wants to merge 26 commits into from

Commits on May 14, 2024

  1. setup vap generation in CI for testing 

    Signed-off-by: Chandan-DK <chandandk468@gmail.com>
    @Chandan-DK
    Chandan-DK committed May 14, 2024
    Configuration menu
    Copy the full SHA
    a3a727d View commit details
    Browse the repository at this point in the history

  2. add vap tests for disallow-capabilities 

    Signed-off-by: Chandan-DK <chandandk468@gmail.com>
    @Chandan-DK
    Chandan-DK committed May 14, 2024
    Configuration menu
    Copy the full SHA
    327fae0 View commit details
    Browse the repository at this point in the history

  3. add vap tests for disallow-host-namespaces 

    Signed-off-by: Chandan-DK <chandandk468@gmail.com>
    @Chandan-DK
    Chandan-DK committed May 14, 2024
    Configuration menu
    Copy the full SHA
    a95d18d View commit details
    Browse the repository at this point in the history

Commits on May 17, 2024

  1. add vap tests for rest of baseline policies 

    Signed-off-by: Chandan-DK <chandandk468@gmail.com>
    @Chandan-DK
    Chandan-DK committed May 17, 2024
    Configuration menu
    Copy the full SHA
    5414f2d View commit details
    Browse the repository at this point in the history

  2. add vap tests for restricted policies 

    Signed-off-by: Chandan-DK <chandandk468@gmail.com>
    @Chandan-DK
    Chandan-DK committed May 17, 2024
    Configuration menu
    Copy the full SHA
    90eb891 View commit details
    Browse the repository at this point in the history

  3. Merge branch 'main' into pod-security-cel-test-generated-vaps

    @Chandan-DK
    Chandan-DK committed May 17, 2024
    Configuration menu
    Copy the full SHA
    d7e07b0 View commit details
    Browse the repository at this point in the history

  4. set timeout to 60s 

    Signed-off-by: Chandan-DK <chandandk468@gmail.com>
    @Chandan-DK
    Chandan-DK committed May 17, 2024
    Configuration menu
    Copy the full SHA
    07320ff View commit details
    Browse the repository at this point in the history

Commits on May 18, 2024

  1. use assert in vap file names 

    Signed-off-by: Chandan-DK <chandandk468@gmail.com>
    @Chandan-DK
    Chandan-DK committed May 18, 2024
    Configuration menu
    Copy the full SHA
    bbf05f4 View commit details
    Browse the repository at this point in the history

Commits on Jul 14, 2024

  1. Merge branch 'main' into pod-security-cel-test-generated-vaps

    @chipzoller
    chipzoller committed Jul 14, 2024
    Configuration menu
    Copy the full SHA
    564217c View commit details
    Browse the repository at this point in the history

Commits on Jul 23, 2024

  1. Merge branch 'main' into pod-security-cel-test-generated-vaps

    @chipzoller
    chipzoller committed Jul 23, 2024
    Configuration menu
    Copy the full SHA
    2ce1dae View commit details
    Browse the repository at this point in the history

Commits on Aug 1, 2024

  1. Merge branch 'main' into pod-security-cel-test-generated-vaps 

    Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 1, 2024
    Configuration menu
    Copy the full SHA
    5f89802 View commit details
    Browse the repository at this point in the history

  2. add composite action for installing crds 

    Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 1, 2024
    Configuration menu
    Copy the full SHA
    992afa9 View commit details
    Browse the repository at this point in the history

  3. add composite action to wait for kyverno to become ready 

    Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 1, 2024
    Configuration menu
    Copy the full SHA
    d5224c2 View commit details
    Browse the repository at this point in the history

  4. add test-file input for run-tests action and reference actions in set… 

    …up-env

Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 1, 2024
    Configuration menu
    Copy the full SHA
    1b0e34b View commit details
    Browse the repository at this point in the history

  5. add job for vaps 

    Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 1, 2024
    Configuration menu
    Copy the full SHA
    c7501b2 View commit details
    Browse the repository at this point in the history

  6. add bash shell to actions 

    Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 1, 2024
    Configuration menu
    Copy the full SHA
    78c1073 View commit details
    Browse the repository at this point in the history

  7. remove --no-color flag 

    Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 1, 2024
    Configuration menu
    Copy the full SHA
    a247385 View commit details
    Browse the repository at this point in the history

Commits on Aug 15, 2024

  1. Merge branch 'main' into pod-security-cel-test-generated-vaps

    @Chandan-DK
    Chandan-DK committed Aug 15, 2024
    Configuration menu
    Copy the full SHA
    978d8df View commit details
    Browse the repository at this point in the history

Commits on Aug 24, 2024

  1. test vaps above kubernetes vesrion 1.28 

    Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 24, 2024
    Configuration menu
    Copy the full SHA
    1848a6a View commit details
    Browse the repository at this point in the history

  2. use vap beta 

    Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 24, 2024
    Configuration menu
    Copy the full SHA
    1f579a8 View commit details
    Browse the repository at this point in the history

  3. remove applying the ns in chainsaw test as it is not needed 

    Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 24, 2024
    Configuration menu
    Copy the full SHA
    e5b18bc View commit details
    Browse the repository at this point in the history

  4. enable templating in disallow-host-process 

    Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 24, 2024
    Configuration menu
    Copy the full SHA
    ac409d9 View commit details
    Browse the repository at this point in the history

  5. (fix chainsaw test): hostNetwork must be true if any container has ho… 

    …stProcess set to true and if any container has hostProcess set to true all the containers must have it too (see comment for the error that would be generated otherwise)

[spec: Invalid value: "": If pod contains any hostProcess containers then all containers must be HostProcess containers, spec.hostNetwork: Invalid value: false: hostNetwork must be true if pod contains any hostProcess containers]

Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 24, 2024
    Configuration menu
    Copy the full SHA
    2a12958 View commit details
    Browse the repository at this point in the history

  6. use containerPort to avoid this error (Pod "badpod01-new" is invalid:… 

    … spec.initContainers[0].ports[0].containerPort: Required value) in disallow-host-ports

Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 24, 2024
    Configuration menu
    Copy the full SHA
    7f05483 View commit details
    Browse the repository at this point in the history

  7. skip running vap tests for policies with variables when K8s version i… 

    …s 1.27 or 1.26

Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 24, 2024
    Configuration menu
    Copy the full SHA
    2d79945 View commit details
    Browse the repository at this point in the history

Commits on Aug 25, 2024

  1. disable templating in disallow-host-namespaces 

    Signed-off-by: Chandan-DK <chandan.dk@nirmata.com>
    @Chandan-DK
    Chandan-DK committed Aug 25, 2024
    Configuration menu
    Copy the full SHA
    41a39c8 View commit details
    Browse the repository at this point in the history