Skip to content
This repository has been archived by the owner on Aug 16, 2022. It is now read-only.

feat: Add compliance dashboard #1255

Merged
merged 5 commits into from
Jul 21, 2022
Merged

feat: Add compliance dashboard #1255

merged 5 commits into from
Jul 21, 2022

Conversation

yevgenypats
Copy link
Member

@yevgenypats yevgenypats commented Jul 20, 2022

Summary

This also includes the following fixes:

  • check field is a string
  • execution_time is set only once and not in every subpolicy
  • execution_time uses native PostgreSQL now() instead of data
    which makes it work on windows
  • make policies use relational paths and now you can execute it from any directory.

NOTE: There is still work to be done in the dashboard and potentially some rough edges but I think this is a good start.

Other ideas: add severity to checks which can make some of the visualizations more interesting.

Use the following steps to ensure your PR is ready to be reviewed

  • Read the contribution guidelines 🧑‍🎓
  • Run go fmt to format your code 🖊
  • Lint your changes via golangci-lint run 🚨 (install golangci-lint here)
  • Update or add tests. Learn more about testing here 🧪
  • Update the docs by running go run ./docs/docs.go and committing the changes 📃
  • If adding a new resource, add relevant Terraform files in a separate PR 📂
  • Ensure the status checks below are successful ✅

This also includes the following fixes:
* check field is a string
* execution_time is set only once and not in every subpolicy
* execution_time uses native PostgreSQL now() instead of data
which makes it work on windows
@yevgenypats yevgenypats requested a review from a team as a code owner July 20, 2022 21:06
@yevgenypats yevgenypats requested review from zagronitay and removed request for a team July 20, 2022 21:06
@yevgenypats yevgenypats requested review from disq, bbernays and hermanschaaf and removed request for zagronitay July 20, 2022 21:21
Copy link
Contributor

@shimonp21 shimonp21 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why some places are 'execution_time' and some are 'execution_time'::timestamp?

- Add data source row
- Fix colors in Pass/Fail Distribution
- Regenerate screenshot
Copy link
Member

@hermanschaaf hermanschaaf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great 👍 I pushed some updates to the JSON to add a Data Source row and fix the colors of the distributions, which somehow always showed green in my case. Left a few questions, but nothing blocking

policies/README.md Outdated Show resolved Hide resolved
policies/README.md Outdated Show resolved Hide resolved

1. Execute one or more of the above policies.
2. Add the CloudQuery postgres database as a data source to Grafana (`Configuration -> Data Sources -> Add Data Source`)
3. Import [dashboards/azure/azure_asset_inventory.json](../dashboards/grafana/compliance.json) into Grafana (`Import -> Upload JSON File`).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yevgenypats I think we should move most of this Visualization section to a separate readme under the dashboards directory, and link to that section from here (maybe while keeping the screenshot). That way, you can look at the dashboards directory on its own and still know how to use it. WDYT?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah possible. I would still link to Visualization then from this README and also backlink from visualizations to policies.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, that's what I had in mind with my comment too 👍

@yevgenypats
Copy link
Member Author

Why some places are 'execution_time' and some are 'execution_time'::timestamp?

some Postgres edge case in some queries where it couldn't do a cast implicitly 🤷 so it failed and I had to add that.

yevgenypats and others added 2 commits July 21, 2022 12:01
Co-authored-by: Herman Schaaf <hermanschaaf@gmail.com>
Co-authored-by: Herman Schaaf <hermanschaaf@gmail.com>
@yevgenypats yevgenypats merged commit 8d3e0a1 into main Jul 21, 2022
@yevgenypats yevgenypats deleted the feat/compliance_dashboard branch July 21, 2022 09:58
yevgenypats pushed a commit to cloudquery/cq-provider-k8s that referenced this pull request Jul 22, 2022
- Change policy_exeuction to be set only once.
- Change paths to be relative so policies can be executed from any directory.

A copy-paste of cloudquery/cq-provider-aws#1255
erezrokah pushed a commit to cloudquery/cloudquery that referenced this pull request Aug 14, 2022
- Change policy_exeuction to be set only once.
- Change paths to be relative so policies can be executed from any directory.

A copy-paste of cloudquery/cq-provider-aws#1255
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants