Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: Separate kube-bench -specific code #405

Merged
merged 1 commit into from
Feb 19, 2021
Merged

refactor: Separate kube-bench -specific code #405

merged 1 commit into from
Feb 19, 2021

Conversation

danielpacak
Copy link
Contributor

Signed-off-by: Daniel Pacak pacak.daniel@gmail.com

@danielpacak
refactor: Separate kube-bench -specific code
0e752eb 
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
@codecov
Copy link

codecov bot commented Feb 18, 2021
edited

Codecov Report

Merging #405 (8861bc0) into main (1bb07be) will decrease coverage by 0.05%.
The diff coverage is 94.87%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #405      +/-   ##
==========================================
- Coverage   67.75%   67.69%   -0.06%     
==========================================
  Files          59       58       -1     
  Lines        3098     3105       +7     
==========================================
+ Hits         2099     2102       +3     
- Misses        738      741       +3     
- Partials      261      262       +1
Impacted Files Coverage Δ
pkg/kubebench/io.go 78.26% <0.00%> (-7.46%) ⬇️
pkg/kubebench/scanner.go 90.36% <96.05%> (-1.21%) ⬇️
pkg/cmd/scan_ciskubebench.go 57.14% <100.00%> (+0.89%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1bb07be...0e752eb. Read the comment docs.

danielpacak
danielpacak commented Feb 18, 2021
View reviewed changes
pkg/kubebench/scanner.go
)
// Plugin defines the interface between Starboard and Kubernetes configuration
// checker with CIS Kubernetes Benchmarks.
type Plugin interface {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even though there's (and probably will be) only one implementation that relies on Kube-Bench, the purpose of this interface is to share the logic between CLI and the operator in preparation to resolve #263

knqyf263
knqyf263 approved these changes Feb 19, 2021
View reviewed changes
Copy link
Contributor

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@danielpacak danielpacak merged commit 0c9cf08 into main Feb 19, 2021
@danielpacak danielpacak deleted the refactor_kube-bench_scanner branch February 19, 2021 07:54
joebowbeer
joebowbeer reviewed Jul 4, 2022
View reviewed changes
pkg/kubebench/scanner_test.go
Privileged: pointer.BoolPtr(false),
AllowPrivilegeEscalation: pointer.BoolPtr(false),
Capabilities: &corev1.Capabilities{
Drop: []corev1.Capability{"all"},
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Drop: []corev1.Capability{"all"},
Drop: []corev1.Capability{"ALL"},

Isn't this supposed to be ALL (caps)?

According to spec, PSA implementation, and most policy rules?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joebowbeer joebowbeer joebowbeer left review comments

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@danielpacak @joebowbeer @knqyf263