From 75a0009d53857bb9e4321a7d678316c95bf9cce5 Mon Sep 17 00:00:00 2001 From: Bernie White Date: Wed, 8 Jan 2020 00:05:08 +1000 Subject: [PATCH] Apply OSS guidelines #25 (#34) --- .azure-pipelines/azure-pipelines.yaml | 2 +- .azure-pipelines/pipeline-deps.ps1 | 3 ++ .github/CODEOWNERS | 2 +- .github/PULL_REQUEST_TEMPLATE.md | 2 +- .ps-rule/OpenSource.Rule.ps1 | 54 +++++++++++++++++++ .ps-rule/Rule.Rule.ps1 | 2 + CHANGELOG.md | 24 ++++----- CODE_OF_CONDUCT.md | 9 ++++ CONTRIBUTING.md | 54 +++++++++++++++++++ LICENSE | 2 +- README.md | 21 ++++++-- RuleHelp.Doc.ps1 | 5 +- RuleToc.Doc.ps1 | 2 + SECURITY.md | 43 +++++++++++++++ build.ps1 | 10 ++++ docs/rules/en/Kubernetes.AKS.PublicLB.md | 2 +- docs/rules/en/Kubernetes.API.Removal.md | 2 +- docs/rules/en/Kubernetes.Metadata.md | 2 +- docs/rules/en/Kubernetes.Pod.Health.md | 2 +- docs/rules/en/Kubernetes.Pod.Latest.md | 2 +- .../en/Kubernetes.Pod.PrivilegeEscalation.md | 2 +- docs/rules/en/Kubernetes.Pod.Replicas.md | 2 +- docs/rules/en/Kubernetes.Pod.Resources.md | 2 +- docs/rules/en/Kubernetes.Pod.Secrets.md | 2 +- pipeline.build.ps1 | 44 ++++++++++++++- ps-project.yaml | 6 +-- .../PSRule.Rules.Kubernetes.psd1 | 15 +++--- .../en/PSRule-rules.psd1 | 3 ++ .../rules/Kubernetes.AKS.Rule.ps1 | 3 ++ .../rules/Kubernetes.API.Rule.ps1 | 3 ++ .../rules/Kubernetes.Common.Rule.ps1 | 3 +- .../rules/Kubernetes.Metadata.Rule.ps1 | 3 ++ .../rules/Kubernetes.Pod.Rule.ps1 | 3 ++ .../Kubernetes.AKS.Tests.ps1 | 7 +-- .../Kubernetes.API.Tests.ps1 | 7 +-- .../Kubernetes.Metadata.Tests.ps1 | 7 +-- .../Kubernetes.Pod.Tests.ps1 | 7 +-- .../Module.PSGallery.Tests.ps1 | 3 ++ .../Resources.AKS.yaml | 4 +- .../Rule.Common.Tests.ps1 | 7 +-- 40 files changed, 320 insertions(+), 58 deletions(-) create mode 100644 .ps-rule/OpenSource.Rule.ps1 create mode 100644 CODE_OF_CONDUCT.md create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md create mode 100644 build.ps1 diff --git a/.azure-pipelines/azure-pipelines.yaml b/.azure-pipelines/azure-pipelines.yaml index 8ecb4bf..9df6c62 100644 --- a/.azure-pipelines/azure-pipelines.yaml +++ b/.azure-pipelines/azure-pipelines.yaml @@ -146,7 +146,7 @@ stages: action: edit tag: '$(Build.SourceBranchName)' releaseNotesSource: input - releaseNotes: 'See [change log](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/CHANGELOG.md)' + releaseNotes: 'See [change log](https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/CHANGELOG.md)' assetUploadMode: replace addChangeLog: false isPreRelease: $(isPreRelease) diff --git a/.azure-pipelines/pipeline-deps.ps1 b/.azure-pipelines/pipeline-deps.ps1 index cd8dd83..d7d403b 100644 --- a/.azure-pipelines/pipeline-deps.ps1 +++ b/.azure-pipelines/pipeline-deps.ps1 @@ -1,3 +1,6 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # Install dependencies for integration with Azure DevOps # diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 0127dea..efe33c1 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1,2 @@ # https://help.github.com/articles/about-codeowners/ -* @BernieWhite +* @microsoft/psrule-rules-kubernetes diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 3123101..ea86640 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -11,4 +11,4 @@ - **Code changes** - [ ] Have unit tests created/ updated - [ ] Link to a filed issue - - [ ] [Change log](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/CHANGELOG.md) has been updated with change under unreleased section + - [ ] [Change log](https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/CHANGELOG.md) has been updated with change under unreleased section diff --git a/.ps-rule/OpenSource.Rule.ps1 b/.ps-rule/OpenSource.Rule.ps1 new file mode 100644 index 0000000..2b56edb --- /dev/null +++ b/.ps-rule/OpenSource.Rule.ps1 @@ -0,0 +1,54 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +# Synopsis: Check for recommended community files +Rule 'OpenSource.Community' -Type 'System.IO.DirectoryInfo' { + $requiredFiles = @( + 'CHANGELOG.md' + 'LICENSE' + 'CODE_OF_CONDUCT.md' + 'CONTRIBUTING.md' + 'SECURITY.md' + 'README.md' + '.github/CODEOWNERS' + '.github/PULL_REQUEST_TEMPLATE.md' + ) + Test-Path -Path $TargetObject.FullName; + for ($i = 0; $i -lt $requiredFiles.Length; $i++) { + $filePath = Join-Path -Path $TargetObject.FullName -ChildPath $requiredFiles[$i]; + $Assert.Create((Test-Path -Path $filePath -PathType Leaf), "$($requiredFiles[$i]) does not exist"); + } +} + +# Synopsis: Check for license in code files +Rule 'OpenSource.License' -Type 'System.IO.FileInfo' -If { $TargetObject.Extension -in '.cs', '.ps1', '.psd1', '.psm1' } { + $commentPrefix = "`# "; + if ($TargetObject.Extension -eq '.cs') { + $commentPrefix = '// ' + } + $header = GetLicenseHeader -CommentPrefix $commentPrefix; + $content = Get-Content -Path $TargetObject.FullName -Raw; + $content.StartsWith($header); +} + +function global:GetLicenseHeader { + [CmdletBinding()] + [OutputType([String])] + param ( + [Parameter(Mandatory = $True)] + [String]$CommentPrefix + ) + process { + $text = @( + 'Copyright (c) Microsoft Corporation.' + 'Licensed under the MIT License.' + ) + $builder = [System.Text.StringBuilder]::new(); + foreach ($line in $text) { + $Null = $builder.Append($CommentPrefix); + $Null = $builder.Append($line); + $Null = $builder.Append([System.Environment]::NewLine); + } + return $builder.ToString(); + } +} diff --git a/.ps-rule/Rule.Rule.ps1 b/.ps-rule/Rule.Rule.ps1 index f2e713a..05e8490 100644 --- a/.ps-rule/Rule.Rule.ps1 +++ b/.ps-rule/Rule.Rule.ps1 @@ -1,3 +1,5 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. # Synopsis: Use short rule names Rule 'Rule.Name' -Type 'PSRule.Rules.Rule' { diff --git a/CHANGELOG.md b/CHANGELOG.md index 6045870..91027e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,11 +8,11 @@ What's changed since pre-release v0.1.0-B2001007: -- Updated documentation to use parent culture `en`. [#30](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/30) +- Updated documentation to use parent culture `en`. [#30](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues/30) ## v0.1.0-B2001007 (pre-release) -- **Breaking change**: Updated and renamed baselines make them easier to use. [#27](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/27) +- **Breaking change**: Updated and renamed baselines make them easier to use. [#27](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues/27) - `KubeBaseline` is now `Kubernetes`, the default baseline. - `AKSBaseline` is now `AKS`. - The `Kubernetes` baseline include common Kubernetes rules. @@ -20,16 +20,16 @@ What's changed since pre-release v0.1.0-B2001007: ## v0.1.0-B1912003 (pre-release) -- Fixed `Kubernetes.AKS.PublicLB` handling of internal LB annotation. [#17](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/17) -- Updated metadata rule to align to recommended labels. [#14](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/14) -- Expanded deployment rules to include pods and replica sets. [#13](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/13) -- Added rule documentation. [#5](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/5) -- Added new rule `Kubernetes.API.Removal` to check for use of removed APIs. [#18](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/18) -- Added new rule `Kubernetes.Pod.Secrets` to check if sensitive environment variables are used. [#19](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/19) -- Added new rule `Kubernetes.Pod.Health` to check health probes are used. [#20](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/20) -- Added new rule `Kubernetes.Pod.Replicas` to check if more then one replica is used. [#21](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/21) -- **Breaking change**: Renamed deployment rules to relate to pods. [#12](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/12) +- Fixed `Kubernetes.AKS.PublicLB` handling of internal LB annotation. [#17](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues/17) +- Updated metadata rule to align to recommended labels. [#14](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues/14) +- Expanded deployment rules to include pods and replica sets. [#13](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues/13) +- Added rule documentation. [#5](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues/5) +- Added new rule `Kubernetes.API.Removal` to check for use of removed APIs. [#18](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues/18) +- Added new rule `Kubernetes.Pod.Secrets` to check if sensitive environment variables are used. [#19](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues/19) +- Added new rule `Kubernetes.Pod.Health` to check health probes are used. [#20](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues/20) +- Added new rule `Kubernetes.Pod.Replicas` to check if more then one replica is used. [#21](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues/21) +- **Breaking change**: Renamed deployment rules to relate to pods. [#12](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues/12) ## v0.1.0-B190521 (pre-release) -- Initial pre-release +- Initial pre-release. diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..f9ba8cf --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,9 @@ +# Microsoft Open Source Code of Conduct + +This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). + +Resources: + +- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/) +- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) +- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..e7f7f0b --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,54 @@ +# Contributing + +This project welcomes contributions and suggestions. Most contributions require you to +agree to a Contributor License Agreement (CLA) declaring that you have the right to, +and actually do, grant us the rights to use your contribution. For details, visit +https://cla.microsoft.com. + +When you submit a pull request, a CLA-bot will automatically determine whether you need +to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the +instructions provided by the bot. You will only need to do this once across all repositories using our CLA. + +## Code of Conduct + +This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). +For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) +or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. + +## How to contribute + +- File or vote up issues +- Improve documentation +- Fix bugs or add features + +### Intro to Git and GitHub + +When contributing to documentation or code changes, you'll need to have a GitHub account and a basic understanding of Git. +Check out the links below to get started. + +- Make sure you have a [GitHub account][github-signup]. +- GitHub Help: + - [Git and GitHub learning resources][learn-git]. + - [GitHub Flow Guide][github-flow]. + - [Fork a repo][github-fork]. + - [About Pull Requests][github-pr]. + +## Contributing to issues + +- Check if the issue you are going to file already exists in our GitHub [issues](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues). +- If you do not see your problem captured, please file a new issue and follow the provided template. +- If the an open issue exists for the problem you are experiencing, vote up the issue or add a comment. + +## Contributing to code + +- Before writing a fix or feature enhancement, ensure that an issue is logged. +- Be prepared to discuss a feature and take feedback. +- Include unit tests and updates documentation to complement the change. + +[learn-git]: https://help.github.com/en/articles/git-and-github-learning-resources +[github-flow]: https://guides.github.com/introduction/flow/ +[github-signup]: https://github.com/signup/free +[github-fork]: https://help.github.com/en/github/getting-started-with-github/fork-a-repo +[github-pr]: https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests +[github-pr-create]: https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork +[build]: docs/scenarios/install-instructions.md#building-from-source diff --git a/LICENSE b/LICENSE index 3692616..22aed37 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2019 Bernard White +Copyright (c) Microsoft Corporation. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 36f57c9..d1c65b4 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ A suite of rules to validate Kubernetes resources using PSRule. This project is to be considered a **proof-of-concept** and **not a supported product**. -For issues with rules and documentation please check our GitHub [issues](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues) page. +For issues with rules and documentation please check our GitHub [issues](https://github.com/Microsoft/PSRule.Rules.Kubernetes/issues) page. If you do not see your problem captured, please file a new issue and follow the provided template. If you have any problems with the [PSRule][project] engine, please check the project GitHub [issues](https://github.com/Microsoft/PSRule/issues) page instead. @@ -160,9 +160,24 @@ For a list of rules included in the `PSRule.Rules.Kubernetes` module see: ## Changes and versioning -Modules in this repository will use the [semantic versioning](http://semver.org/) model to declare breaking changes from v1.0.0. Prior to v1.0.0, breaking changes may be introduced in minor (0.x.0) version increments. For a list of module changes please see the [change log](CHANGELOG.md). +Modules in this repository will use the [semantic versioning](http://semver.org/) model to declare breaking changes from v1.0.0. +Prior to v1.0.0, breaking changes may be introduced in minor (0.x.0) version increments. +For a list of module changes please see the [change log](CHANGELOG.md). -> Pre-release module versions are created on major commits and can be installed from the PowerShell Gallery. Pre-release versions should be considered experimental. Modules and change log details for pre-releases will be removed as standard releases are made available. +> Pre-release module versions are created on major commits and can be installed from the PowerShell Gallery. +> Pre-release versions should be considered experimental. +> Modules and change log details for pre-releases will be removed as standard releases are made available. + +## Contributing + +This project welcomes contributions and suggestions. +If you are ready to contribute, please visit the [contribution guide](CONTRIBUTING.md). + +## Code of Conduct + +This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). +For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) +or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. ## Maintainers diff --git a/RuleHelp.Doc.ps1 b/RuleHelp.Doc.ps1 index 20dbfb3..b9fa7cf 100644 --- a/RuleHelp.Doc.ps1 +++ b/RuleHelp.Doc.ps1 @@ -1,3 +1,6 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # Generate rule help # @@ -16,7 +19,7 @@ Document 'RuleHelp' { } if (!$annotations.Contains('online version')) { - $annotations['online version'] = "https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/$($rule.Name).md"; + $annotations['online version'] = "https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/$($rule.Name).md"; } Metadata $annotations; diff --git a/RuleToc.Doc.ps1 b/RuleToc.Doc.ps1 index fb7871e..e3ab001 100644 --- a/RuleToc.Doc.ps1 +++ b/RuleToc.Doc.ps1 @@ -1,3 +1,5 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. Document 'module' { Title 'Module rule reference' diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..bb5af99 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,43 @@ +# Security policy + + + +## Security + +Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). + +If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)) of a security vulnerability, please report it to us as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues.** + +Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report). + +If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc). + +You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). + +Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: + + * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) + * Full paths of source file(s) related to the manifestation of the issue + * The location of the affected source code (tag/branch/commit or direct URL) + * Any special configuration required to reproduce the issue + * Step-by-step instructions to reproduce the issue + * Proof-of-concept or exploit code (if possible) + * Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs. + +## Preferred Languages + +We prefer all communications to be in English. + +## Policy + +Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd). + + diff --git a/build.ps1 b/build.ps1 new file mode 100644 index 0000000..e1bacb2 --- /dev/null +++ b/build.ps1 @@ -0,0 +1,10 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +# Note: +# This manually builds the project locally + +. ./.azure-pipelines/pipeline-deps.ps1 +Invoke-Build Test -AssertStyle Client + +Write-Host "If no build errors occured. The module has been saved to out/modules/PSRule.Rules.Kubernetes" diff --git a/docs/rules/en/Kubernetes.AKS.PublicLB.md b/docs/rules/en/Kubernetes.AKS.PublicLB.md index 0de4cc3..6be41bc 100644 --- a/docs/rules/en/Kubernetes.AKS.PublicLB.md +++ b/docs/rules/en/Kubernetes.AKS.PublicLB.md @@ -1,7 +1,7 @@ --- severity: Critical category: Security -online version: https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.AKS.PublicLB.md +online version: https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.AKS.PublicLB.md --- # Use internal load balancer diff --git a/docs/rules/en/Kubernetes.API.Removal.md b/docs/rules/en/Kubernetes.API.Removal.md index c881bf8..8c3116c 100644 --- a/docs/rules/en/Kubernetes.API.Removal.md +++ b/docs/rules/en/Kubernetes.API.Removal.md @@ -1,7 +1,7 @@ --- severity: Important category: API -online version: https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.API.Removal.md +online version: https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.API.Removal.md --- # Use supported APIs diff --git a/docs/rules/en/Kubernetes.Metadata.md b/docs/rules/en/Kubernetes.Metadata.md index 6163239..f21f97d 100644 --- a/docs/rules/en/Kubernetes.Metadata.md +++ b/docs/rules/en/Kubernetes.Metadata.md @@ -1,7 +1,7 @@ --- severity: Awareness category: Management -online version: https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Metadata.md +online version: https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Metadata.md --- # Use recommended labels diff --git a/docs/rules/en/Kubernetes.Pod.Health.md b/docs/rules/en/Kubernetes.Pod.Health.md index 655c75d..0ddec62 100644 --- a/docs/rules/en/Kubernetes.Pod.Health.md +++ b/docs/rules/en/Kubernetes.Pod.Health.md @@ -1,7 +1,7 @@ --- severity: Important category: Reliability -online version: https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Pod.Health.md +online version: https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Pod.Health.md --- # Use probes diff --git a/docs/rules/en/Kubernetes.Pod.Latest.md b/docs/rules/en/Kubernetes.Pod.Latest.md index 38db5bf..09a96c9 100644 --- a/docs/rules/en/Kubernetes.Pod.Latest.md +++ b/docs/rules/en/Kubernetes.Pod.Latest.md @@ -1,7 +1,7 @@ --- severity: Important category: Security -online version: https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Pod.Latest.md +online version: https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Pod.Latest.md --- # Use specific tags diff --git a/docs/rules/en/Kubernetes.Pod.PrivilegeEscalation.md b/docs/rules/en/Kubernetes.Pod.PrivilegeEscalation.md index c57ecda..0a27ad7 100644 --- a/docs/rules/en/Kubernetes.Pod.PrivilegeEscalation.md +++ b/docs/rules/en/Kubernetes.Pod.PrivilegeEscalation.md @@ -1,7 +1,7 @@ --- severity: Critical category: Security -online version: https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Pod.PriviledgeEscalation.md +online version: https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Pod.PriviledgeEscalation.md --- # Deny privilege escalation diff --git a/docs/rules/en/Kubernetes.Pod.Replicas.md b/docs/rules/en/Kubernetes.Pod.Replicas.md index 1a31fda..c73c983 100644 --- a/docs/rules/en/Kubernetes.Pod.Replicas.md +++ b/docs/rules/en/Kubernetes.Pod.Replicas.md @@ -1,7 +1,7 @@ --- severity: Important category: Reliability -online version: https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Pod.Replicas.md +online version: https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Pod.Replicas.md --- # Use two or more replicas diff --git a/docs/rules/en/Kubernetes.Pod.Resources.md b/docs/rules/en/Kubernetes.Pod.Resources.md index 2ebc5d0..30a38e8 100644 --- a/docs/rules/en/Kubernetes.Pod.Resources.md +++ b/docs/rules/en/Kubernetes.Pod.Resources.md @@ -1,7 +1,7 @@ --- severity: Important category: Performance -online version: https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Pod.Resources.md +online version: https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Pod.Resources.md --- # Set compute resource requirements diff --git a/docs/rules/en/Kubernetes.Pod.Secrets.md b/docs/rules/en/Kubernetes.Pod.Secrets.md index bdcd2fe..f4676af 100644 --- a/docs/rules/en/Kubernetes.Pod.Secrets.md +++ b/docs/rules/en/Kubernetes.Pod.Secrets.md @@ -1,7 +1,7 @@ --- severity: Critical category: Security -online version: https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Pod.Secrets.md +online version: https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/docs/rules/en/Kubernetes.Pod.Secrets.md --- # Use secret references diff --git a/pipeline.build.ps1 b/pipeline.build.ps1 index 765e69a..7931ead 100644 --- a/pipeline.build.ps1 +++ b/pipeline.build.ps1 @@ -1,3 +1,5 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. [CmdletBinding()] param ( @@ -81,6 +83,44 @@ function CopyModuleFiles { } } +function Get-RepoRuleData { + [CmdletBinding()] + param ( + [Parameter(Position = 0, Mandatory = $False)] + [String]$Path = $PWD + ) + process { + GetPathInfo -Path $Path -Verbose:$VerbosePreference; + } +} + +function GetPathInfo { + [CmdletBinding()] + param ( + [Parameter(Mandatory = $True)] + [String]$Path + ) + begin { + $items = New-Object -TypeName System.Collections.ArrayList; + } + process { + $Null = $items.Add((Get-Item -Path $Path)); + $files = @(Get-ChildItem -Path $Path -File -Recurse -Include *.ps1,*.psm1,*.psd1,*.cs | Where-Object { + !($_.FullName -like "*.Designer.cs") -and + !($_.FullName -like "*/bin/*") -and + !($_.FullName -like "*/obj/*") -and + !($_.FullName -like "*\obj\*") -and + !($_.FullName -like "*\bin\*") -and + !($_.FullName -like "*\out\*") -and + !($_.FullName -like "*/out/*") + }); + $Null = $items.AddRange($files); + } + end { + $items; + } +} + task VersionModule ModuleDependencies, { $modulePath = Join-Path -Path $ArtifactPath -ChildPath PSRule.Rules.Kubernetes; $manifestPath = Join-Path -Path $modulePath -ChildPath PSRule.Rules.Kubernetes.psd1; @@ -218,8 +258,8 @@ task Rules PSRule, { OutputFormat = 'NUnit3'; } Import-Module (Join-Path -Path $PWD -ChildPath out/modules/PSRule.Rules.Kubernetes) -Force; - # Get-RepoRuleData -Path $PWD | - # Assert-PSRule @assertParams -OutputPath reports/ps-rule-file.xml; + Get-RepoRuleData -Path $PWD | + Assert-PSRule @assertParams -OutputPath reports/ps-rule-file.xml; $rules = Get-PSRule -Module PSRule.Rules.Kubernetes; $rules | Assert-PSRule @assertParams -OutputPath reports/ps-rule-file2.xml; diff --git a/ps-project.yaml b/ps-project.yaml index 1a693a8..676ed54 100644 --- a/ps-project.yaml +++ b/ps-project.yaml @@ -2,14 +2,14 @@ info: name: PSRule.Rules.Kubernetes description: A suite of rules to validate Kubernetes resources using PSRule. - url: https://github.com/BernieWhite/PSRule.Rules.Kubernetes + url: https://github.com/Microsoft/PSRule.Rules.Kubernetes repository: type: git - url: https://github.com/BernieWhite/PSRule.Rules.Kubernetes.git + url: https://github.com/Microsoft/PSRule.Rules.Kubernetes.git modules: - PSRule: 0.11.0 + PSRule: 0.13.0 tasks: build: diff --git a/src/PSRule.Rules.Kubernetes/PSRule.Rules.Kubernetes.psd1 b/src/PSRule.Rules.Kubernetes/PSRule.Rules.Kubernetes.psd1 index 813b009..2438f9d 100644 --- a/src/PSRule.Rules.Kubernetes/PSRule.Rules.Kubernetes.psd1 +++ b/src/PSRule.Rules.Kubernetes/PSRule.Rules.Kubernetes.psd1 @@ -1,3 +1,6 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # PSRule.Rules.Kubernetes # @@ -17,13 +20,13 @@ CompatiblePSEditions = 'Core', 'Desktop' GUID = 'efaacb4d-b447-4de3-96b9-93860fd87a8c' # Author of this module -Author = 'Bernie White' +Author = 'Microsoft Corporation' # Company or vendor of this module -CompanyName = 'Bernie White' +CompanyName = 'Microsoft Corporation' # Copyright statement for this module -Copyright = '(c) Bernie White. All rights reserved.' +Copyright = '(c) Microsoft Corporation. All rights reserved.' # Description of the functionality provided by this module Description = 'Validate Kubernetes resources using PSRule. @@ -96,16 +99,16 @@ PrivateData = @{ Tags = @('PSRule', 'PSRule-rules', 'Rule', 'Kubernetes') # A URL to the license for this module. - LicenseUri = 'https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/LICENSE' + LicenseUri = 'https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/LICENSE' # A URL to the main website for this project. - ProjectUri = 'https://github.com/BernieWhite/PSRule.Rules.Kubernetes' + ProjectUri = 'https://github.com/Microsoft/PSRule.Rules.Kubernetes' # A URL to an icon representing this module. # IconUri = '' # ReleaseNotes of this module - ReleaseNotes = 'https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/CHANGELOG.md' + ReleaseNotes = 'https://github.com/Microsoft/PSRule.Rules.Kubernetes/blob/master/CHANGELOG.md' } # End of PSData hashtable PSRule = @{ Baseline = 'Kubernetes' diff --git a/src/PSRule.Rules.Kubernetes/en/PSRule-rules.psd1 b/src/PSRule.Rules.Kubernetes/en/PSRule-rules.psd1 index 180408c..60f06e6 100644 --- a/src/PSRule.Rules.Kubernetes/en/PSRule-rules.psd1 +++ b/src/PSRule.Rules.Kubernetes/en/PSRule-rules.psd1 @@ -1,3 +1,6 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + @{ PodCPURequest = 'Set CPU resource reservation.' PodCPULimit = 'Set CPU resource limit.' diff --git a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.AKS.Rule.ps1 b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.AKS.Rule.ps1 index 43ffc9f..69dbacc 100644 --- a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.AKS.Rule.ps1 +++ b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.AKS.Rule.ps1 @@ -1,3 +1,6 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # Validation rules for Azure Kubernetes Service (AKS) # diff --git a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.API.Rule.ps1 b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.API.Rule.ps1 index 2ebc1e3..174d65d 100644 --- a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.API.Rule.ps1 +++ b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.API.Rule.ps1 @@ -1,3 +1,6 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # Validation rules for Kubernetes resource requirements # diff --git a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Common.Rule.ps1 b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Common.Rule.ps1 index 9b0fe2b..61a3082 100644 --- a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Common.Rule.ps1 +++ b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Common.Rule.ps1 @@ -1,4 +1,5 @@ - +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. function global:GetPodSpec { [CmdletBinding()] diff --git a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Metadata.Rule.ps1 b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Metadata.Rule.ps1 index 4aead88..02fbbda 100644 --- a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Metadata.Rule.ps1 +++ b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Metadata.Rule.ps1 @@ -1,3 +1,6 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # Validation rules for Kubernetes metadata requirements # diff --git a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Pod.Rule.ps1 b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Pod.Rule.ps1 index a7af053..048d9ab 100644 --- a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Pod.Rule.ps1 +++ b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Pod.Rule.ps1 @@ -1,3 +1,6 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # Validation rules for Kubernetes deployments # diff --git a/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.AKS.Tests.ps1 b/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.AKS.Tests.ps1 index cc8445c..73ea06a 100644 --- a/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.AKS.Tests.ps1 +++ b/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.AKS.Tests.ps1 @@ -1,11 +1,12 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # Unit tests for Kubernetes AKS rules # [CmdletBinding()] -param ( - -) +param () # Setup error handling $ErrorActionPreference = 'Stop'; diff --git a/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.API.Tests.ps1 b/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.API.Tests.ps1 index bec2e02..8d0b048 100644 --- a/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.API.Tests.ps1 +++ b/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.API.Tests.ps1 @@ -1,11 +1,12 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # Unit tests for Kubernetes resource rules # [CmdletBinding()] -param ( - -) +param () # Setup error handling $ErrorActionPreference = 'Stop'; diff --git a/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.Metadata.Tests.ps1 b/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.Metadata.Tests.ps1 index b4cccbb..62c58df 100644 --- a/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.Metadata.Tests.ps1 +++ b/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.Metadata.Tests.ps1 @@ -1,11 +1,12 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # Unit tests for Kubernetes metadata rules # [CmdletBinding()] -param ( - -) +param () # Setup error handling $ErrorActionPreference = 'Stop'; diff --git a/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.Pod.Tests.ps1 b/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.Pod.Tests.ps1 index e8667cb..ad95e38 100644 --- a/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.Pod.Tests.ps1 +++ b/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.Pod.Tests.ps1 @@ -1,11 +1,12 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # Unit tests for Kubernetes pod rules # [CmdletBinding()] -param ( - -) +param () # Setup error handling $ErrorActionPreference = 'Stop'; diff --git a/tests/PSRule.Rules.Kubernetes.Tests/Module.PSGallery.Tests.ps1 b/tests/PSRule.Rules.Kubernetes.Tests/Module.PSGallery.Tests.ps1 index b6fb663..3f0b12a 100644 --- a/tests/PSRule.Rules.Kubernetes.Tests/Module.PSGallery.Tests.ps1 +++ b/tests/PSRule.Rules.Kubernetes.Tests/Module.PSGallery.Tests.ps1 @@ -1,3 +1,6 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # Unit tests for validating module for publishing # diff --git a/tests/PSRule.Rules.Kubernetes.Tests/Resources.AKS.yaml b/tests/PSRule.Rules.Kubernetes.Tests/Resources.AKS.yaml index d75d5da..f9896d5 100644 --- a/tests/PSRule.Rules.Kubernetes.Tests/Resources.AKS.yaml +++ b/tests/PSRule.Rules.Kubernetes.Tests/Resources.AKS.yaml @@ -16,7 +16,7 @@ spec: app: app-A --- -# This service should fail kubernetes.AKS.PublicLoadBalancer +# This service should fail Kubernetes.AKS.PublicLB apiVersion: v1 kind: Service metadata: @@ -29,7 +29,7 @@ spec: app: app-B --- -# This service should fail kubernetes.AKS.PublicLoadBalancer +# This service should pass Kubernetes.AKS.PublicLB apiVersion: v1 kind: Service metadata: diff --git a/tests/PSRule.Rules.Kubernetes.Tests/Rule.Common.Tests.ps1 b/tests/PSRule.Rules.Kubernetes.Tests/Rule.Common.Tests.ps1 index a1309b1..e772640 100644 --- a/tests/PSRule.Rules.Kubernetes.Tests/Rule.Common.Tests.ps1 +++ b/tests/PSRule.Rules.Kubernetes.Tests/Rule.Common.Tests.ps1 @@ -1,11 +1,12 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + # # Unit tests for PSRule rule quality # [CmdletBinding()] -param ( - -) +param () # Setup error handling $ErrorActionPreference = 'Stop';