Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Checking policy rules before pulling resources #1578

Merged
merged 1 commit into from Jan 9, 2024
Merged

Checking policy rules before pulling resources #1578

merged 1 commit into from Jan 9, 2024

Conversation

amirmalka
Copy link
Contributor

@amirmalka amirmalka commented Jan 8, 2024
edited

Overview

This PR introduces two changes:

  1. Checking the compatibility of policy rules will be called before pulling K8s resources. This fixes a bug where Kubescape tries to pull resources based on rules which should not run, either due to Kubescape version mismatch or incompatible scanning scope.

Reference: https://github.com/kubescape/kubescape/pull/1578/files#diff-87f0d4eba9674bd3ac745472ccfc83b063947253678c5cb275532f97679a5aedR34

  1. Failing to pull some K8s (either due to RBAC-related issue or any other error) should not fail the entire scan. In the new behavior, errors will be logged but will not interrupt the scan, unless Kubescape wasn't able to pull any resource.

Reference: https://github.com/kubescape/kubescape/pull/1578/files#diff-dd9d57537773c1533f67a7c34ba66853beb208c302a949b536bbae35a52a155bR351)

@amirmalka
checking for compatible policy rules before pulling k8s resources; fa…
bdc1cec 
…iling to pull some k8s resource should not fail the entire scan

Signed-off-by: Amir Malka <amirm@armosec.io>
@amirmalka amirmalka merged commit 4b8786b into master Jan 9, 2024
43 checks passed
@matthyx matthyx deleted the update-rule-check branch January 25, 2024 16:14
@slashben slashben mentioned this pull request Feb 18, 2024
Open
@chenrui333 chenrui333 mentioned this pull request Mar 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthyx matthyx matthyx approved these changes

@dwertent dwertent Awaiting requested review from dwertent

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@amirmalka @matthyx