* Add CI containerfile for portal NPM commands + makefile target
* Update docs to reflect new envvar for makefile, including a reasonable default for local dev: NO_CACHE
* Update the hack script to require the new envs
* Add new targets to the Makefile
* Update the docs
* Fix typo
* Add some info to the delete flow
* Update docs/shared-cluster.md
Co-authored-by: Jason Healy <jason@jhealy.net>
* Tag all created resource groups with persist
* Drop shared-cluster from the explicit denys
* Update docs
---------
Co-authored-by: Jason Healy <jason@jhealy.net>
* Revert "temporarily remove policies other than the machine one as the example and test policy to create a base code pr"
This reverts commit 08d377d4b8.
* extracted shared rego resources to a separate lib
* improvement: rego unit test and gator test polishing (#2767)
* rego unit test and gator test polishing
* lint fix
* rego lint fix
* adjusted user id related judgement plus match kinds for resources other than pod
* added test cases for priv'd ns to cover pull-secret deletion
* add new policy for machine config modification (#2879)
* add new policy for machine config modification
* reformat yaml
* revise api group logic
* added pod host path policy
* dont run guardrails if a standard gatekeeper instance is already started
* comment out corresponding gator tests as r/w PV check is temporarily removed
* satisfy mega linter
* temporarily backoff the standard gatekeeper check
* enable standard gatekeeper check with proper test case modifications
* comment out non-namespaced resources
* add k8s specific namespaces to the priv'd list
* update README plus add two SA to allowed list
* update Guardrails README
* a typo in README
* allow policies to enforce on openshift-azure-guardrails namespace
* added group support for user validation
* update: Guardrail policy scripts and doc updates (#2941)
* update generate.sh to support single dir gen
* update scripts to support params
* update README
* added usage print for scripts
* change to flexible mode for username, group and SA name validation
* update get func to print more debug info
* rely solely on userInfo for user authentication
* extend audit-interval to slow down the audit run, plus display more violations
* roll back a temp change for local test
* dont allow updates for machine and machineset
* removed MachineSet
* unified the constraint filename and resource name to make the config easier
* adjust constraint and template name and kind as per convention
* update gatekeeper params, affinity and tolerations
* log violations
* white list more user and group
* extend priv'd ns protection to ns itself
* add guardrails policy generate entry in makefile
* make gator in README lower cased to keep consistent with official doc
---------
Co-authored-by: Arris Li <huili@redhat.com>
Runs local development and PR E2E in podman containers, rather than using the inbuilt installer.
---------
Co-authored-by: Jeremy Facchetti <facchettos@gmail.com>
* sync with upstream
* remove network sdk from _validators.py
* ignore licensing in python/az/aro/azext_aro/aaz
* display command flag for get_subnet error message
* move import to top of file
* Update autorest core to 3.6.3. Update nodejs to new secure LTS version for client generation. Fix permissions error in autorest Dockerfile for client generation.
* Added closing console line after api version generation
* Fixed admin portal v2 navigation and e2e admin portal flakes
Check for docker before running e2e tests
* Assuming docker has failed until proven succeeded
* Made changes based on review feedback
PRoxy needs to include all its dependencies instead of
linking them.
With links and ubi-minimal it can lead to missing libraries issue.
Signed-off-by: Petr Kotas <pkotas@redhat.com>
Brendan Bergen
Maitiú Ó Ciaráin
Kipp Morris
Amber Brown
Jory Horeman
Ben Vesel
Goutham Muguluvalli Niranjan
Jeff Yuan
Srinivas Atmakuri
Tony Schneider
Ayato Tokubi
Carlo Wisse
Caden Marchese
Steven Fairchild
Andrew Denton
Aldo Fuster Turpin
Ellis Johnson
Mikalai Radchuk
Spencer Amann
Petr Kotas
Ross Bryan
Carlo Wisse
Christoph Blecker
darthhexx