Closed sboschman closed 2 months ago
@alacuku, it looks like the new tag format is missing somewhere, the actual git tag is plugins/k8saudit/v0.8.0
error: pathspec 'tags/k8saudit-0.8.0' did not match any file(s) known to git
Hopefully you have time to have a look 🙏
The #482 has not been merged yet. Could you rebase on that?
/retest
@alacuku don't think #482 fixes this issue, test still fails after the rebase (this pr updates the k8saudit
rules, it has nothing to do with k8saudit-gke
)
@sboschman, #482 extends the rules checker so it impacts all the plugins. Found bug, related to how we built the tag for the plugins. I just pushed the fix. Could you please rebase on it?
Comparing fcc9b5e4bb07f986a55a1aa4b6a36dcf7aa89d73
with latest tag plugins/k8saudit/v0.8.0
No changes detected
nice @alacuku , the build succeeds
Not sure what this 'rules files suggestions' is supposed to do, it says:
No changes detected
But this PR changed the rules... so should it show a diff in the rules?
nice @alacuku , the build succeeds
Not sure what this 'rules files suggestions' is supposed to do, it says:
No changes detected
But this PR changed the rules... so should it show a diff in the rules?
I'm not the original author of the CI, so can't say. I modified that part of the CI maybe I missed something. I'll have a look at it right now.
@sboschman, I pushed the fix #482. Could you test it?
Comparing 029593e335101df1d4f0734a8d447ed8db718203
with latest tag plugins/k8saudit/v0.8.0
Major changes:
K8s Role/Clusterrolebinding Deleted
has been removedK8s Role/Clusterrole Deleted
has been removedK8s Role/Clusterrolebinding Created
has been removedK8s Role/Clusterrole Created
has been removedMinor changes:
K8s RoleBinding Created
has been addedK8s ClusterRole Deleted
has been addedK8s Role Created
has been addedK8s RoleBinding Deleted
has been addedK8s Role Deleted
has been addedK8s ClusterRole Created
has been addedK8s ClusterRoleBinding Deleted
has been addedK8s ClusterRoleBinding Created
has been addedrolebinding
has been added☝️ @alacuku nice looking rules comparison 💪
@Issif could you take a look at this please? :pray:
/assign
Comparing e36500b1ce48e046c05467f587b83d6120562bcb
with latest tag plugins/k8saudit/v0.8.0
Major changes:
K8s Role/Clusterrolebinding Created
has been removedK8s Role/Clusterrolebinding Deleted
has been removedK8s Role/Clusterrole Created
has been removedK8s Role/Clusterrole Deleted
has been removedMinor changes:
K8s ClusterRole Created
has been addedK8s RoleBinding Deleted
has been addedK8s Role Created
has been addedK8s ClusterRole Deleted
has been addedK8s ClusterRoleBinding Created
has been addedK8s Role Deleted
has been addedK8s RoleBinding Created
has been addedK8s ClusterRoleBinding Deleted
has been addedrolebinding
has been addedIt makes totally sense, and the changes are correct to me. IMHO it requires also a bump of the version of the rules (with the relevant changelog).
@Issif version bump and changelog are included
Good to me, cc @leogr
/lgtm
LGTM label has been added.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: Issif, leogr, sboschman
The full list of commands accepted by this bot can be found here.
The pull request process is described here
What type of PR is this?
/kind bug
/kind feature
Any specific area of the project related to this PR?
/area plugins
What this PR does / why we need it: k8saudit ruleset is only detecting create/delete events for
ClusterRoleBinding
objects. As the rules do detect the create/delete events forRole
objects, it makes sense to detect create/delete events forRoleBinding
objects as well.As
Role
andRoleBinding
are namespace scoped objects, I did split the rules out for each individual rbac object to include the namespace field into the output. As well as to make it easier to see the difference between cluster wide and namespace scoped objects by rule name, instead of having to parse out the 'resources' field.Which issue(s) this PR fixes:
Fixes #319
Special notes for your reviewer: