Open dekuhn opened 5 years ago
@joecheuk we might to define some method for the [control] value related to GKE hardening guidelines or leave it blank
@dekuhn I recommend not leaving the control value blank, but instead come up with a control name for each guideline. Ex.
bundles.validator.forsetisecurity.org/gke-hardening-guideline: DISABLE_WEB_UI
@morgante @ryanismert @blueandgold - FYI @joecheuk lets move forward with the following annotation format for GKE Hardening Guidelines bundles.validator.forsetisecurity.org/gke-hardening-v2019.11.11: DISABLE_DASHBOARD_UI
It will be up to the engineer when adding these annotations to determine the text control name e.g. DISABLE_DASHBOARD_UI for each GKE hardening guideline.
I spent a little time starting to update a few rules today. https://github.com/forseti-security/policy-library/pull/199 https://github.com/forseti-security/policy-library/pull/200
Based on go/policy-bundles - the recommended annotations would look something like: bundles.validator.forsetisecurity.org/[bundle_key]: [control]
Please add details for all GKE Hardening Policies Example: description: Disable the Kubernetes web UI (Dashboard) bundles.validator.forsetisecurity.org/gke-hardening-guideline: