Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Introduce Postee Actions #249

Merged
merged 18 commits into from
Feb 11, 2022
Merged

feat: Introduce Postee Actions #249

merged 18 commits into from
Feb 11, 2022

Conversation

simar7
Copy link
Member

@simar7 simar7 commented Jan 29, 2022
edited

This PR introduces Postee Actions, a lightweight (no-code) workflows that allows users to configure Postee to execute ad-hoc but useful post processing steps.

Some use cases include (but are not limited):

  1. As a security practitioner, I want to remove a vulnerable image from my node when Trivy scan detects a vulnerability in an image, so that I can keep vulnerable images unavailable for deployment.
  2. As a security practitioner, I want to ship Tracee security notifications logs from my node when security events are detected, so that I can build a timelog for forensics purposes.
  3. [WIP] As a Kubernetes operator, I want to add labels to my Kubernetes cluster when Starboard detects a vulnerable image in my cluster, so that I can effectively manage vulnerable deployments.

These are some examples of how a user can use Postee Actions.

Signed-off-by: Simar simar@linux.com

@simar7 simar7 self-assigned this Jan 29, 2022
@simar7 simar7 marked this pull request as ready for review February 1, 2022 01:24
@simar7
Copy link
Member Author

simar7 commented Feb 1, 2022

@AndreyLevchenko - do you know why the CI is failing?

AndreyLevchenko
AndreyLevchenko reviewed Feb 1, 2022
View reviewed changes
outputs/exec.go Outdated Show resolved Hide resolved
AndreyLevchenko
AndreyLevchenko reviewed Feb 1, 2022
View reviewed changes
outputs/http.go Outdated Show resolved Hide resolved
AndreyLevchenko
AndreyLevchenko reviewed Feb 1, 2022
View reviewed changes
outputs/http.go Outdated Show resolved Hide resolved
@simar7 simar7 mentioned this pull request Feb 1, 2022
Closed
AndreyLevchenko
AndreyLevchenko reviewed Feb 4, 2022
View reviewed changes
outputs/http.go Outdated Show resolved Hide resolved
@simar7
feat: Introduce Postee Actions.
768ad0e 
This commit introduces the exec action which allows a practitioner to run shell
commands upon receiving a trigger.

Signed-off-by: Simar <simar@linux.com>
@simar7
feat: Initial implementation of http action.
605b1de 
Signed-off-by: Simar <simar@linux.com>
@simar7
feat: Add support for adding HTTP headers to http action.
80a60b6 
Signed-off-by: Simar <simar@linux.com>
@simar7
fix: Cleanup timeout option for http output.
8fe55e0 
Signed-off-by: Simar <simar@linux.com>
@simar7
feat: Change to sending a file for HTTP post action.
e2c4122 
Signed-off-by: Simar <simar@linux.com>
@simar7
feat: Add test coverage for ExecClient action.
2071bf9 
Signed-off-by: Simar <simar@linux.com>
@simar7
feat: Add test coverage for HTTPClient action.
b02750d 
Signed-off-by: Simar <simar@linux.com>
@simar7
fix: Reset e.Env each time to os.Env
92c962f 
Signed-off-by: Simar <simar@linux.com>
@simar7
fix: Handle non OK HTTP codes better
4a4f231 
Signed-off-by: Simar <simar@linux.com>
@simar7
fix: Copy headers before appending, add assertion for all headers.
2b93bf5 
Signed-off-by: Simar <simar@linux.com>
AndreyLevchenko
AndreyLevchenko reviewed Feb 9, 2022
View reviewed changes
outputs/exec.go Outdated Show resolved Hide resolved
@simar7
fix: Copy env vars on each instance to avoid races.
4cae44a 
Signed-off-by: Simar <simar@linux.com>
@simar7
docs: Document usage of env vars with exec action.
08c919f 
Signed-off-by: Simar <simar@linux.com>

Signed-off-by: Simar <simar@linux.com>
@simar7
fix: Address lint issues
aa2896e 
Signed-off-by: Simar <simar@linux.com>
@codecov
Copy link

codecov bot commented Feb 10, 2022
edited

Codecov Report

Merging #249 (cb50267) into main (ca72375) will increase coverage by 0.46%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #249      +/-   ##
==========================================
+ Coverage   86.87%   87.33%   +0.46%     
==========================================
  Files          28       28              
  Lines        1112     1153      +41     
==========================================
+ Hits          966     1007      +41     
  Misses         88       88              
  Partials       58       58
Impacted Files Coverage Δ
router/builders.go 98.01% <100.00%> (+0.96%) ⬆️
router/router.go 86.79% <100.00%> (+0.51%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ca72375...cb50267. Read the comment docs.

@simar7
fix: Fix an issue where timeout is not specified
5d7cd1c 
Signed-off-by: Simar <simar@linux.com>
@simar7
fix: Improve timeout handling, add more tests.
cb50267 
Signed-off-by: Simar <simar@linux.com>
@simar7 simar7 changed the title feat: Introduce Postee actions framework feat: Introduce Postee Actions Feb 10, 2022
@simar7 simar7 merged commit a74c883 into aquasecurity:main Feb 11, 2022
@simar7 simar7 deleted the postee-actions branch February 11, 2022 23:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndreyLevchenko AndreyLevchenko Awaiting requested review from AndreyLevchenko

Assignees

@simar7 simar7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@simar7 @AndreyLevchenko