Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add owner reference linkage for adapter policy and strict mode handling #37

Merged
merged 1 commit into from
Jan 23, 2024
Merged

feat: Add owner reference linkage for adapter policy and strict mode handling #37

merged 1 commit into from
Jan 23, 2024

Conversation

seungsoo-lee
Copy link
Collaborator

Description

Fixes # (issue)

Add owner reference linkage and strict mode handling

Does this PR introduce a breaking change?

Checklist

  • PR title follows the <type>: <description> convention
  • I use conventional commits in my commit messages
  • I have updated the documentation accordingly
  • I Keep It Small and Simple: The smaller the PR is, the easier it is to review and have it merged
  • I have performed a self-review of my code
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

Additional information for reviewer

Mention if this PR is part of any design or a continuation of previous PRs

anurag-rajawat
anurag-rajawat reviewed Jan 22, 2024
View reviewed changes
pkg/adapter/nimbus-kubearmor/manager/kspmanager.go
Comment on lines +100 to +111
allStrictIntentsImplemented := true
for _, rule := range np.Spec.NimbusRules {
if rule.Rule.Mode == "strict" && !idpool.IsIdSupported(rule.ID) {
allStrictIntentsImplemented = false
logger.Info("The adapter does not support the strict mode intent", "ID", rule.ID)
break
}
}

// If there is any unimplemented strict mode intent, skip processing the NimbusPolicy.
if !allStrictIntentsImplemented {
logger.Info("Skipping NimbusPolicy processing.", "NimbusPolicy.Name", npName, "NimbusPolicy.Namespace", npNamespace)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If an adapter doesn't fully support strict mode for some SecurityIntents, then for those Intents, it will either skip them, resulting in no corresponding adapter policy or generate a best-effort policy.
But we shouldn't skip the whole NimbusPolicy.

CC @shivaccuknox

@nandhued nandhued linked an issue Jan 23, 2024 that may be closed by this pull request
Support ownership tracking for adapter policies, which are referenced to the Nimbus policy. #41
Closed
@seungsoo-lee seungsoo-lee merged commit 3e46af2 into 5GSEC:main Jan 23, 2024
5 checks passed
@b0m313 b0m313 deleted the add_mode branch March 12, 2024 06:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anurag-rajawat anurag-rajawat anurag-rajawat left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support ownership tracking for adapter policies, which are referenced to the Nimbus policy.
3 participants
@seungsoo-lee @anurag-rajawat @b0m313