Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(validate)!: #408 create resources in kubernetes domain #415

Merged
merged 62 commits into from
Jun 17, 2024

Conversation

meganwolf0
Copy link
Collaborator

Description

Adds an additional parameter in the Kubernetes domain spec to "create" resources. Purpose being to test admission controllers, networking, and possibly other constraints in a k8s cluster that would otherwise be challenging/impossible to evaluate simply with resource manifests.

Related Issue

Relates to #408

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Other (security config, docs update, etc)

Checklist before merging

mike-winberry and others added 15 commits May 7, 2024 13:21
refactor!(component): change NewOscalComponentDefinitionFromBytes to return a pointer
…rce for the extension

refactor!(catalog): now uses pointers
… source in favor of oscal validation

refactor!(component): delete the NewOscalComponentDefinitionFromBytes method in favor of NewOscalComponentDefinition
refactor!(common): rename WriteFile -> WriteOscalModel
refactor(generate): WriteFile -> WriteOscalModel
refactor(composition): removed validation logic in favor of NewOscalCOmponentDefinition handling it
feat(common): WriteOscalModel now handles json file extensions
feat(evaluate): now runs file extension validation for json/yaml
feat(validate): now checks input file for extension
tests: update tests, update test data to pass oscal validation
…nstructors and updated all relavant constructors
…talog to use pointers

refactor(generate): update all refs to ComponentFromCatalog
@meganwolf0 meganwolf0 self-assigned this May 14, 2024
Copy link

netlify bot commented May 14, 2024

Deploy Preview for lula-docs canceled.

Name Link
🔨 Latest commit dc2b1d1
🔍 Latest deploy log https://app.netlify.com/sites/lula-docs/deploys/666b271556e42700084a1aaa

@meganwolf0 meganwolf0 linked an issue May 14, 2024 that may be closed by this pull request
brandtkeller
brandtkeller previously approved these changes Jun 12, 2024
@meganwolf0 meganwolf0 merged commit bd8d72b into main Jun 17, 2024
8 checks passed
@meganwolf0 meganwolf0 deleted the 408-create-k8s-resource-for-test branch June 17, 2024 10:13
CloudBeard pushed a commit that referenced this pull request Jun 24, 2024
* refactor!(common): #388 update common/types (and all references) to use pointers

* refactor!(common): #388 update Domain struct to use pointers

* refactor!(common): #388 update Provider struct to use pointers

* refactor!(evaluate): #388 EvaluateResults now uses pointers
refactor!(component): change NewOscalComponentDefinitionFromBytes to return a pointer

* refactor!(resource-store): #388 changed AddFromLink params to use pointers, updated references

* refactor!(assessment-results): #388 NewAssessmentResults now returns a pointer

* refactor!(catalog): now runs validation rather than requiring the source for the extension

refactor!(catalog): now uses pointers

* refactor!(component): #388 NewOscalComponentDefinition no longer uses source in favor of oscal validation
refactor!(component): delete the NewOscalComponentDefinitionFromBytes method in favor of NewOscalComponentDefinition
refactor!(common): rename WriteFile -> WriteOscalModel
refactor(generate): WriteFile -> WriteOscalModel
refactor(composition): removed validation logic in favor of NewOscalCOmponentDefinition handling it
feat(common): WriteOscalModel now handles json file extensions
feat(evaluate): now runs file extension validation for json/yaml
feat(validate): now checks input file for extension
tests: update tests, update test data to pass oscal validation

* refactor!(common): #388 moved WriteOscalModel to the oscal package (complete-schema)

* feat(oscal): create the multiModelValidate method for use in oscal constructors and updated all relavant constructors

* refactor!(component): #388 update mergeComponents and ComponentFromCatalog to use pointers
refactor(generate): update all refs to ComponentFromCatalog

* initial resource creation

* refactor(component): pointer refactor

* fix(component): failing e2e

* refactor(component): ControlToImplementRequirement now takes pointer to control

* fix(common): add omitempty to the marshalling for Validation

* refactor!(domains/kubernetes): #388 KubernetesSpec.Wait and Resource.ResourceRule are now pointers and have omitempty, updated all references

* refactor!(domains/kubernetes): #388 ResourceRule.Field is now a pointer and has omitempty tag

* refactor!(providers/kyverno): #388 KyvernoSpec is now a pointer

* refactor!(providers/opa): #388 OpaSpec is now a pointer

* refactor(providers): add omitempty to Kyverno and opa spec tags

* refactor!(providers): update output fields to be pointers

* refactor!(domains): update api and k8s domain specs to be pointers

* refactor!(types): #388 update LulaValidation provider, domain, domain-resources and result to use pointers

* fix(evaluate): add nil check on thresholdResult and newResult to top of method to prevent nil pointer

* chore(validate): add TODO to remove WriteReport as it is unused (question)

* fix: graceful exit conditions, empty result pointer

* feat: merged pointers

* feat: updated error handling, initial docs and flag functions

* feat: added flags to lula validate

* feat: added requirement-store, updated validation

* feat(validate): updated validation refactor, other small fixes

* feat: added tests, dev command updates

* fix(dev): updated tests, fixed dev cmd issues

* fix: refactor yaml multi doc functionality

* fix: get-resources read from stdin

* fix: remove debug file

* fix: clean-up per comments

* Update src/pkg/message/interactive.go

clarifying confirmation text

Co-authored-by: Brandt Keller <43887158+brandtkeller@users.noreply.github.com>

* docs: description of assessments and failure conditions

* feat(validate): non-interactive flag added

* fix(dev): get-resources missing validation opt

* fix: clean-up create resources

* add staticResources check before execution

* fix: updated create observation fcn and usage

---------

Co-authored-by: Cole (Mike) Winberry <cole@defenseunicorns.com>
Co-authored-by: Cole (Mike) Winberry <86802655+mike-winberry@users.noreply.github.com>
Co-authored-by: Brandt Keller <43887158+brandtkeller@users.noreply.github.com>
brandtkeller added a commit that referenced this pull request Jun 28, 2024
* feat: add looping for lint

* updated to handle errors without exiting.

* added conditional for success/fail

* need a wrapper in go-oscal but should work

* feat(validate)!: #408 create resources in kubernetes domain (#415)

* refactor!(common): #388 update common/types (and all references) to use pointers

* refactor!(common): #388 update Domain struct to use pointers

* refactor!(common): #388 update Provider struct to use pointers

* refactor!(evaluate): #388 EvaluateResults now uses pointers
refactor!(component): change NewOscalComponentDefinitionFromBytes to return a pointer

* refactor!(resource-store): #388 changed AddFromLink params to use pointers, updated references

* refactor!(assessment-results): #388 NewAssessmentResults now returns a pointer

* refactor!(catalog): now runs validation rather than requiring the source for the extension

refactor!(catalog): now uses pointers

* refactor!(component): #388 NewOscalComponentDefinition no longer uses source in favor of oscal validation
refactor!(component): delete the NewOscalComponentDefinitionFromBytes method in favor of NewOscalComponentDefinition
refactor!(common): rename WriteFile -> WriteOscalModel
refactor(generate): WriteFile -> WriteOscalModel
refactor(composition): removed validation logic in favor of NewOscalCOmponentDefinition handling it
feat(common): WriteOscalModel now handles json file extensions
feat(evaluate): now runs file extension validation for json/yaml
feat(validate): now checks input file for extension
tests: update tests, update test data to pass oscal validation

* refactor!(common): #388 moved WriteOscalModel to the oscal package (complete-schema)

* feat(oscal): create the multiModelValidate method for use in oscal constructors and updated all relavant constructors

* refactor!(component): #388 update mergeComponents and ComponentFromCatalog to use pointers
refactor(generate): update all refs to ComponentFromCatalog

* initial resource creation

* refactor(component): pointer refactor

* fix(component): failing e2e

* refactor(component): ControlToImplementRequirement now takes pointer to control

* fix(common): add omitempty to the marshalling for Validation

* refactor!(domains/kubernetes): #388 KubernetesSpec.Wait and Resource.ResourceRule are now pointers and have omitempty, updated all references

* refactor!(domains/kubernetes): #388 ResourceRule.Field is now a pointer and has omitempty tag

* refactor!(providers/kyverno): #388 KyvernoSpec is now a pointer

* refactor!(providers/opa): #388 OpaSpec is now a pointer

* refactor(providers): add omitempty to Kyverno and opa spec tags

* refactor!(providers): update output fields to be pointers

* refactor!(domains): update api and k8s domain specs to be pointers

* refactor!(types): #388 update LulaValidation provider, domain, domain-resources and result to use pointers

* fix(evaluate): add nil check on thresholdResult and newResult to top of method to prevent nil pointer

* chore(validate): add TODO to remove WriteReport as it is unused (question)

* fix: graceful exit conditions, empty result pointer

* feat: merged pointers

* feat: updated error handling, initial docs and flag functions

* feat: added flags to lula validate

* feat: added requirement-store, updated validation

* feat(validate): updated validation refactor, other small fixes

* feat: added tests, dev command updates

* fix(dev): updated tests, fixed dev cmd issues

* fix: refactor yaml multi doc functionality

* fix: get-resources read from stdin

* fix: remove debug file

* fix: clean-up per comments

* Update src/pkg/message/interactive.go

clarifying confirmation text

Co-authored-by: Brandt Keller <43887158+brandtkeller@users.noreply.github.com>

* docs: description of assessments and failure conditions

* feat(validate): non-interactive flag added

* fix(dev): get-resources missing validation opt

* fix: clean-up create resources

* add staticResources check before execution

* fix: updated create observation fcn and usage

---------

Co-authored-by: Cole (Mike) Winberry <cole@defenseunicorns.com>
Co-authored-by: Cole (Mike) Winberry <86802655+mike-winberry@users.noreply.github.com>
Co-authored-by: Brandt Keller <43887158+brandtkeller@users.noreply.github.com>

* chore(deps): update module github.com/spf13/cobra to v1.8.1 (#485)

| datasource | package                | from   | to     |
| ---------- | ---------------------- | ------ | ------ |
| go         | github.com/spf13/cobra | v1.8.0 | v1.8.1 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update googleapis/release-please-action digest to 7987652 (#472)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update github/codeql-action action to v3.25.10 (#476)

| datasource  | package              | from    | to       |
| ----------- | -------------------- | ------- | -------- |
| github-tags | github/codeql-action | v3.25.8 | v3.25.10 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore: fix documentation links (#487)

* chore(docs): cleanup unused readme conflicting in docs build (#489)

* chore(deps): update module github.com/defenseunicorns/go-oscal to v0.4.3 (#470)

| datasource | package                             | from   | to     |
| ---------- | ----------------------------------- | ------ | ------ |
| go         | github.com/defenseunicorns/go-oscal | v0.4.1 | v0.4.3 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update actions/checkout action to v4.1.7 (#479)

| datasource  | package          | from   | to     |
| ----------- | ---------------- | ------ | ------ |
| github-tags | actions/checkout | v4.1.6 | v4.1.7 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update module github.com/defenseunicorns/go-oscal to v0.5.0 (#492)

* chore(deps): update module github.com/defenseunicorns/go-oscal to v0.5.0

| datasource | package                             | from   | to     |
| ---------- | ----------------------------------- | ------ | ------ |
| go         | github.com/defenseunicorns/go-oscal | v0.4.3 | v0.5.0 |

* chore(lint): update lint with new go-oscal ValidationCommand changes

* chore(tests): update pod_validation_test with new usage of ValidationCommand

* chore(tests): update e2e pod_validation_test to use JsonSchemaError for validation failures

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Cole (Mike) Winberry <cole@defenseunicorns.com>

* added conditional for success/fail

* need a wrapper in go-oscal but should work

* updating loop

* fixing local branch

* fixed my loop logic

* fix(lint): lint now waits until exiting the loop to write to file and now handles multiple validation results

* fix(tools): lint command properly handles attempting all validations prior to deciding exit state, still bails on non-validation errors as they happen

* fix(tools): lint fatal error message validation -> linting

* fix(tools): lint messaging updated with linting where it makes sense

---------

Co-authored-by: Megan Wolf <97549300+meganwolf0@users.noreply.github.com>
Co-authored-by: Cole (Mike) Winberry <cole@defenseunicorns.com>
Co-authored-by: Cole (Mike) Winberry <86802655+mike-winberry@users.noreply.github.com>
Co-authored-by: Brandt Keller <43887158+brandtkeller@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Bryan Finster <bryan.finster@gmail.com>
This was referenced Jun 29, 2024
This was referenced Jul 12, 2024
This was referenced Aug 5, 2024
This was referenced Oct 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: ✅ Done
Development

Successfully merging this pull request may close these issues.

Create a resource in kubernetes domain
4 participants