feat: introduce Pepr common policies (#50)

## Description Introduce Pepr Validations to replace Kyverno. ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed --------- Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
defenseunicorns · Dec 5, 2023 · 54182b4 · 54182b4
1 parent f9c4269
commit 54182b4
Show file tree

Hide file tree

Showing 35 changed files with 6,254 additions and 1,755 deletions.
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -3,28 +3,16 @@
     "browser": false,
     "es2021": true
   },
-  "extends": [
-    "eslint:recommended",
-    "plugin:@typescript-eslint/recommended"
-  ],
+  "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
   "parser": "@typescript-eslint/parser",
   "parserOptions": {
-    "project": [
-      "./tsconfig.json"
-    ],
+    "project": ["./tsconfig.json"],
     "ecmaVersion": 2022
   },
-  "plugins": [
-    "@typescript-eslint"
-  ],
-  "ignorePatterns": [
-    "node_modules",
-    "dist"
-  ],
+  "plugins": ["@typescript-eslint"],
+  "ignorePatterns": ["node_modules", "dist", "jest.*.js"],
   "root": true,
   "rules": {
-    "@typescript-eslint/no-floating-promises": [
-      "error"
-    ]
+    "@typescript-eslint/no-floating-promises": ["error"]
   }
-}
+}
diff --git a/.github/filters.yaml b/.github/filters.yaml
@@ -18,8 +18,6 @@ keycloak:
   - "src/keycloak/**"
 kiali:
   - "src/kiali/**"
-kyverno:
-  - "src/kyverno/**"
 loki:
   - "src/loki/**"
 metrics-server:

diff --git a/.prettierrc b/.prettierrc
@@ -4,10 +4,10 @@
   "bracketSpacing": true,
   "embeddedLanguageFormatting": "auto",
   "insertPragma": false,
-  "printWidth": 80,
+  "printWidth": 100,
   "quoteProps": "as-needed",
   "requirePragma": false,
   "semi": true,
   "tabWidth": 2,
   "useTabs": false
-}
+}
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -22,5 +22,24 @@
     "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.31.1/zarf.schema.json": [
       "zarf.yaml"
     ]
-  }
+  },
+  "cSpell.words": [
+    "alertmanager",
+    "Authservice",
+    "automount",
+    "controlplane",
+    "crds",
+    "distros",
+    "ironbank",
+    "Kiali",
+    "Kyverno",
+    "MITM",
+    "neuvector",
+    "opensource",
+    "promtail",
+    "Quickstart",
+    "seccomp",
+    "Sysctls",
+    "Velero"
+  ]
 }
diff --git a/README.md b/README.md
@@ -73,7 +73,7 @@ UDS core publishes two packages:
 
 ### UDS Core Bundles
 
-Thes bundles are intended for boostrapping common development & testing environments and should not be used for produciton. They also serve as examples to create custom bundles.
+These bundles are intended for bootstrapping common development & testing environments and should not be used for production. They also serve as examples to create custom bundles.
 
 - [k3d-core](./bundles/k3d-core/README.md): A bundle to create a local k3d cluster with UDS Core installed.
 

diff --git a/jest.setup.js b/jest.setup.js
@@ -0,0 +1,13 @@
+const { K8s, kind } = require("kubernetes-fluent-client");
+
+module.exports = async () => {
+  await K8s(kind.Namespace).Apply({
+    metadata: {
+      name: "policy-tests",
+      labels: {
+        "istio-injection": "disabled",
+        "zarf.dev/agent": "ignore",
+      },
+    },
+  });
+}
diff --git a/jest.teardown.js b/jest.teardown.js
@@ -0,0 +1,5 @@
+const { K8s, kind } = require("kubernetes-fluent-client");
+
+module.exports = async () => {
+  await K8s(kind.Namespace).Delete("policy-tests");
+}