Kube bench support (#46)

* Update PolicyReporter Mapping * Update UI * Update Manifest Install YAMLs
2024-12-14 11:57:32 +00:00 · 2021-06-27 15:10:29 +02:00 · 2021-06-27 15:10:29 +02:00 · 55dbfdcd03
commit 55dbfdcd03
parent d187c55e9e
14 changed files with 69 additions and 37 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,11 @@
 # Changelog

+# 1.8.2
+* Fix `scored` mapping for `v1alpha2/policyreports`
+* Disable KyvernPlugin as default as expected
+* Support `source` and `properties` for `policyreports/v1alpha2` in Policy Reporter UI
+    * Update Policy Reporter UI to `0.12.0`
+
 # 1.8.1
 * Customize label and annotation for Grafana dashboards [#43](https://github.com/fjogeleit/policy-reporter/pull/43) by [nlamirault](https://github.com/nlamirault)
 * ARM64 Support for all Components
--- a/6
+++ b/6
@ -1,7 +1,7 @@
 GO ?= go
 BUILD ?= build
 REPO ?= fjogeleit/policy-reporter
-IMAGE_TAG ?= 1.8.0
+IMAGE_TAG ?= 1.8.2
 LD_FLAGS="-s -w"

 all: build
@ -34,3 +34,7 @@ docker-build:
 docker-push:
 	@docker buildx build --progress plane --platform linux/arm64,linux/amd64 --tag $(REPO):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS) --push
 	@docker buildx build --progress plane --platform linux/arm64,linux/amd64 --tag $(REPO):latest . --build-arg LD_FLAGS=$(LD_FLAGS) --push
+
+.PHONY: docker-push-dev
+docker-push-dev:
+	@docker buildx build --progress plane --platform linux/arm64,linux/amd64 --tag $(REPO):dev . --build-arg LD_FLAGS=$(LD_FLAGS) --push
--- a/charts/policy-reporter/Chart.lock
+++ b/charts/policy-reporter/Chart.lock
@ -4,9 +4,9 @@ dependencies:
  version: 1.4.0
 - name: ui
  repository: ""
-  version: 1.8.0
+  version: 1.8.2
 - name: kyvernoPlugin
  repository: ""
  version: 0.5.0
-digest: sha256:660df7373e8a47a3ac2fce8260e907a0c6575078c3e26714e11472dc219206df
-generated: "2021-06-27T11:57:21.864963+02:00"
+digest: sha256:2f20b2781e2b7938df3f717550308706ed593e8b1510a4e48efd181bc07b516d
+generated: "2021-06-27T15:00:38.03278+02:00"
--- a/charts/policy-reporter/Chart.yaml
+++ b/charts/policy-reporter/Chart.yaml
@ -5,8 +5,8 @@ description: |
  It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

 type: application
-version: 1.8.1
-appVersion: 1.8.0
+version: 1.8.2
+appVersion: 1.8.2

 dependencies:
  - name: monitoring
@ -16,7 +16,7 @@ dependencies:
  - name: ui
    condition: ui.enabled
    repository: ""
-    version: "1.8.0"
+    version: "1.8.2"
  - name: kyvernoPlugin
    condition: kyvernoPlugin.enabled
    repository: ""
--- a/charts/policy-reporter/charts/ui/Chart.yaml
+++ b/charts/policy-reporter/charts/ui/Chart.yaml
@ -3,5 +3,5 @@ name: ui
 description: Policy Reporter UI

 type: application
-version: 1.8.0
-appVersion: 0.11.0
+version: 1.8.2
+appVersion: 0.12.0
--- a/charts/policy-reporter/charts/ui/values.yaml
+++ b/charts/policy-reporter/charts/ui/values.yaml
@ -10,7 +10,7 @@ plugins:
 image:
  repository: fjogeleit/policy-reporter-ui
  pullPolicy: IfNotPresent
-  tag: 0.11.0
+  tag: 0.12.0

 imagePullSecrets: []

--- a/charts/policy-reporter/values.yaml
+++ b/charts/policy-reporter/values.yaml
@ -1,7 +1,7 @@
 image:
  repository: fjogeleit/policy-reporter
  pullPolicy: IfNotPresent
-  tag: 1.8.0
+  tag: 1.8.2

 imagePullSecrets: []

@ -75,6 +75,9 @@ resources: {}
 ui:
  enabled: false

+kyvernoPlugin:
+  enabled: false
+
 monitoring:
  enabled: false
  namespace: cattle-dashboards
--- a/manifest/default-policy-reporter-ui/install.yaml
+++ b/manifest/default-policy-reporter-ui/install.yaml
@ -97,7 +97,7 @@ spec:
      automountServiceAccountToken: false
      containers:
        - name: ui
-          image: "fjogeleit/policy-reporter-ui:0.10.2"
+          image: "fjogeleit/policy-reporter-ui:0.12.0"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
@ -148,7 +148,7 @@ spec:
      automountServiceAccountToken: true
      containers:
        - name: policy-reporter
-          image: "fjogeleit/policy-reporter:1.7.0"
+          image: "fjogeleit/policy-reporter:1.8.2"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
--- a/manifest/kyverno-policy-reporter-ui/install.yaml
+++ b/manifest/kyverno-policy-reporter-ui/install.yaml
@ -165,7 +165,7 @@ spec:
      automountServiceAccountToken: true
      containers:
        - name: "kyverno-plugin"
-          image: "fjogeleit/policy-reporter-kyverno-plugin:0.1.1"
+          image: "fjogeleit/policy-reporter-kyverno-plugin:0.3.0"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
@ -215,7 +215,7 @@ spec:
    spec:
      containers:
        - name: ui
-          image: "fjogeleit/policy-reporter-ui:0.10.2"
+          image: "fjogeleit/policy-reporter-ui:0.12.0"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
@ -266,7 +266,7 @@ spec:
      automountServiceAccountToken: true
      containers:
        - name: policy-reporter
-          image: "fjogeleit/policy-reporter:1.7.0"
+          image: "fjogeleit/policy-reporter:1.8.2"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
--- a/manifest/policy-reporter/install.yaml
+++ b/manifest/policy-reporter/install.yaml
@ -84,7 +84,7 @@ spec:
      automountServiceAccountToken: true
      containers:
        - name: policy-reporter
-          image: "fjogeleit/policy-reporter:1.7.0"
+          image: "fjogeleit/policy-reporter:1.8.2"
          imagePullPolicy: IfNotPresent
          securityContext:
            allowPrivilegeEscalation: false
--- a/pkg/api/model.go
+++ b/pkg/api/model.go
@ -18,15 +18,17 @@ type Resource struct {

 // Result API Model
 type Result struct {
-	Message  string    `json:"message"`
-	Policy   string    `json:"policy"`
-	Rule     string    `json:"rule"`
-	Priority string    `json:"priority"`
-	Status   string    `json:"status"`
-	Severity string    `json:"severity,omitempty"`
-	Category string    `json:"category,omitempty"`
-	Scored   bool      `json:"scored"`
-	Resource *Resource `json:"resource,omitempty"`
+	Message    string            `json:"message"`
+	Policy     string            `json:"policy"`
+	Rule       string            `json:"rule"`
+	Priority   string            `json:"priority"`
+	Status     string            `json:"status"`
+	Severity   string            `json:"severity,omitempty"`
+	Category   string            `json:"category,omitempty"`
+	Scored     bool              `json:"scored"`
+	Properties map[string]string `json:"properties,omitempty"`
+	Source     string            `json:"source,omitempty"`
+	Resource   *Resource         `json:"resource,omitempty"`
 }

 // Summary API Model
@ -52,14 +54,16 @@ func mapPolicyReport(p report.PolicyReport) PolicyReport {

 	for _, r := range p.Results {
 		result := Result{
-			Message:  r.Message,
-			Policy:   r.Policy,
-			Rule:     r.Rule,
-			Priority: r.Priority.String(),
-			Status:   r.Status,
-			Severity: r.Severity,
-			Category: r.Category,
-			Scored:   r.Scored,
+			Message:    r.Message,
+			Policy:     r.Policy,
+			Rule:       r.Rule,
+			Priority:   r.Priority.String(),
+			Status:     r.Status,
+			Severity:   r.Severity,
+			Category:   r.Category,
+			Scored:     r.Scored,
+			Properties: r.Properties,
+			Source:     r.Source,
 		}

 		if r.HasResource() {
--- a/pkg/kubernetes/mapper.go
+++ b/pkg/kubernetes/mapper.go
@ -124,12 +124,15 @@ func (m *mapper) mapResult(result map[string]interface{}) []report.Result {
 			Message:    result["message"].(string),
 			Policy:     result["policy"].(string),
 			Status:     status,
-			Scored:     result["scored"].(bool),
 			Priority:   report.PriorityFromStatus(status),
 			Resource:   res,
 			Properties: make(map[string]string, 0),
 		}

+		if scored, ok := result["scored"]; ok {
+			r.Scored = scored.(bool)
+		}
+
 		if severity, ok := result["severity"]; ok {
 			r.Severity = severity.(report.Severity)
 		}
@ -146,12 +149,19 @@ func (m *mapper) mapResult(result map[string]interface{}) []report.Result {
 			r.Category = category.(string)
 		}

+		if source, ok := result["source"]; ok {
+			r.Source = source.(string)
+		}
+
 		r.Timestamp = convertTimestamp(result)

 		if props, ok := result["properties"]; ok {
 			if properties, ok := props.(map[string]interface{}); ok {
-				for property, value := range properties {
-					r.Properties[property] = value.(string)
+				for property, v := range properties {
+					value := v.(string)
+					if len(value) > 0 {
+						r.Properties[property] = value
+					}
 				}
 			}
 		}
--- a/pkg/kubernetes/mapper_test.go
+++ b/pkg/kubernetes/mapper_test.go
@ -36,6 +36,7 @@ var policyMap = map[string]interface{}{
 			"timestamp": map[string]interface{}{
 				"seconds": 1614093000,
 			},
+			"source":   "test",
 			"category": "test",
 			"severity": "high",
 			"resources": []interface{}{
@ -170,6 +171,9 @@ func Test_MapPolicyReport(t *testing.T) {
 	if result1.Category != "test" {
 		t.Errorf("Expected Category 'test' (acutal %s)", result1.Category)
 	}
+	if result1.Source != "test" {
+		t.Errorf("Expected Source 'test' (acutal %s)", result1.Source)
+	}
 	if result1.Severity != report.High {
 		t.Errorf("Expected Severity '%s' (acutal %s)", report.High, result1.Severity)
 	}
--- a/pkg/report/model.go
+++ b/pkg/report/model.go
@ -149,6 +149,7 @@ type Result struct {
 	Status     Status
 	Severity   Severity `json:",omitempty"`
 	Category   string   `json:",omitempty"`
+	Source     string   `json:"source,omitempty"`
 	Scored     bool
 	Timestamp  time.Time
 	Resource   Resource