Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[New Rule] Api server first automated rule (1.2.2) #11

Merged
merged 12 commits into from
Nov 22, 2021
Merged

[New Rule] Api server first automated rule (1.2.2) #11

merged 12 commits into from
Nov 22, 2021

Conversation

oren-zohar
Copy link
Collaborator

@oren-zohar oren-zohar commented Nov 16, 2021
edited by kfirpeled
Loading

API Server current input example:

{
  "type": "api_server",
  "command": "kube-apiserver --allow-privileged=true",
}

security-team#2015

@oren-zohar
Add test data generator
0d8c8e7 
General repo struct refactor
@oren-zohar
Readme
40f3602 
Split common test function from k8s test data function file
@oren-zohar
Readme
453782a
@oren-zohar
API Server First rule
d4aa802
@oren-zohar
First automated rule under API server (1.2.2)
94fb697
@oren-zohar oren-zohar mentioned this pull request Nov 16, 2021
Closed
kfirpeled
kfirpeled requested changes Nov 22, 2021
View reviewed changes
compliance/lib/data_adapter.rego Outdated Show resolved Hide resolved
compliance/cis_k8s/rules/cis_1_2_2/rule.rego Outdated Show resolved Hide resolved
compliance/cis_k8s/rules/cis_1_2_2/rule.rego Outdated Show resolved Hide resolved
compliance/cis_k8s/test_data.rego
@@ -9,3 +9,9 @@ filesystem_input(filename, mode, uid, gid) = {
"uid": uid,
"gid": gid,
}

# Recivies an array of arguments representing the API Server command
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if you don't mind - change the file name to test_utils.rego same goes with package
(leave that refactor to the backlog)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll do it in a separate PR after all other rules are merged

@kfirpeled kfirpeled linked an issue Nov 22, 2021 that may be closed by this pull request
[csp task] 1.1 Master Node Configuration Files #3
Closed
@kfirpeled kfirpeled removed a link to an issue Nov 22, 2021
[csp task] 1.1 Master Node Configuration Files #3
Closed
@kfirpeled kfirpeled linked an issue Nov 22, 2021 that may be closed by this pull request
[csp task] 1.2 API Server rules #8
Closed
@oren-zohar oren-zohar requested a review from kfirpeled November 22, 2021 16:16
@oren-zohar oren-zohar merged commit 2dbd5cd into main Nov 22, 2021
@oren-zohar oren-zohar deleted the api-server-first-rule branch November 22, 2021 17:44
orestisfl pushed a commit that referenced this pull request Oct 11, 2023
@oren-zohar @orestisfl
[Security Policies] [New Rule] Api server first automated rule (1.2.2) (
08d987a 
#11)
orestisfl pushed a commit to orestisfl/csp-security-policies that referenced this pull request Oct 12, 2023
@oren-zohar @orestisfl
[Security Policies] [New Rule] Api server first automated rule (1.2.2)
76df5dd 
elastic#11


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic/cloudbeat#1405
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kfirpeled kfirpeled kfirpeled approved these changes

Assignees
No one assigned
Labels
Team: csp
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[csp task] 1.2 API Server rules
2 participants
@oren-zohar @kfirpeled