Skip to content

Dev/refactor update #336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
May 19, 2021
Merged

Dev/refactor update #336

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
9ad00b5
resolve conflict
hirokuni-kitahara May 18, 2021
26b63be
Merge branch 'dev/refactor' of github.com:IBM/integrity-enforcer into…
hirokuni-kitahara May 18, 2021
1ac609d
fix image decision result
hirokuni-kitahara May 18, 2021
bc1610e
fix image verification condition
hirokuni-kitahara May 18, 2021
794a9e1
fix logger to enable session trace
hirokuni-kitahara May 18, 2021
c7482c0
fix check_functions.go functions and test cases
hirokuni-kitahara May 18, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions build/build_images.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,10 @@ if [ -z "$ISHIELD_OBSERVER_IMAGE_NAME_AND_VERSION" ]; then
exit 1
fi

if [ -z "$ISHIELD_INSPECTOR_IMAGE_NAME_AND_VERSION" ]; then
echo "ISHIELD_INSPECTOR_IMAGE_NAME_AND_VERSION is empty. Please set IShield build env settings."
exit 1
fi
# if [ -z "$ISHIELD_INSPECTOR_IMAGE_NAME_AND_VERSION" ]; then
# echo "ISHIELD_INSPECTOR_IMAGE_NAME_AND_VERSION is empty. Please set IShield build env settings."
# exit 1
# fi

if [ -z "$ISHIELD_OPERATOR_IMAGE_NAME_AND_VERSION" ]; then
echo "ISHIELD_OPERATOR_IMAGE_NAME_AND_VERSION is empty. Please set IShield build env settings."
Expand Down
10 changes: 1 addition & 9 deletions cmd/pkg/yamlsign/audit/audityaml.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,7 @@ func AuditYaml(ctx context.Context, apiVersion, kind, namespace, name string) (*
_ = config.InitShieldConfig()

metaLogger := logger.NewLogger(config.ShieldConfig.LoggerConfig())
reqLog := metaLogger.WithFields(
log.Fields{
"namespace": namespace,
"name": name,
"apiVersion": apiVersion,
"kind": kind,
},
)
resourceHandler := shield.NewResourceHandler(config.ShieldConfig, metaLogger, reqLog)
resourceHandler := shield.NewResourceCheckHandler(config.ShieldConfig, metaLogger)

var obj *unstructured.Unstructured
obj, err := kubeutil.GetResource(apiVersion, kind, namespace, name)
Expand Down
20 changes: 10 additions & 10 deletions integrity-shield-operator/api/v1alpha1/integrityshield_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,13 +39,13 @@ import (
)

const (
DefaultIntegrityShieldCRDName = "integrityshields.apis.integrityshield.io"
DefaultShieldConfigCRDName = "shieldconfigs.apis.integrityshield.io"
DefaultSignerConfigCRDName = "signerconfigs.apis.integrityshield.io"
DefaultResourceSignatureCRDName = "resourcesignatures.apis.integrityshield.io"
DefaultResourceSigningProfileCRDName = "resourcesigningprofiles.apis.integrityshield.io"
DefaultHelmReleaseMetadataCRDName = "helmreleasemetadatas.apis.integrityshield.io"
DefaultProtectedResourceIntegrityCRDName = "protectedresourceintegrities.apis.integrityshield.io"
DefaultIntegrityShieldCRDName = "integrityshields.apis.integrityshield.io"
DefaultShieldConfigCRDName = "shieldconfigs.apis.integrityshield.io"
DefaultSignerConfigCRDName = "signerconfigs.apis.integrityshield.io"
DefaultResourceSignatureCRDName = "resourcesignatures.apis.integrityshield.io"
DefaultResourceSigningProfileCRDName = "resourcesigningprofiles.apis.integrityshield.io"
DefaultHelmReleaseMetadataCRDName = "helmreleasemetadatas.apis.integrityshield.io"
// DefaultProtectedResourceIntegrityCRDName = "protectedresourceintegrities.apis.integrityshield.io"
DefaultSignerConfigCRName = "signer-config"
DefaultIShieldAdminClusterRoleName = "ishield-admin-clusterrole"
DefaultIShieldAdminClusterRoleBindingName = "ishield-admin-clusterrolebinding"
Expand Down Expand Up @@ -282,9 +282,9 @@ func (self *IntegrityShield) GetResourceSigningProfileCRDName() string {
return DefaultResourceSigningProfileCRDName
}

func (self *IntegrityShield) GetProtectedResourceIntegrityCRDName() string {
return DefaultProtectedResourceIntegrityCRDName
}
// func (self *IntegrityShield) GetProtectedResourceIntegrityCRDName() string {
// return DefaultProtectedResourceIntegrityCRDName
// }

func (self *IntegrityShield) GetHelmReleaseMetadataCRDName() string {
return DefaultHelmReleaseMetadataCRDName
Expand Down
2 changes: 0 additions & 2 deletions integrity-shield-operator/config/samples/apis_v1alpha1_integrityshield_sigstore.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,6 @@ spec:
useDefaultRootCert: true
imageVerificationConfig:
enabled: true
verificationURL: "<COSIGN VERIFIER API URL>"
options: {}
signerConfig:
policies:
- namespaces:
Expand Down
20 changes: 10 additions & 10 deletions integrity-shield-operator/controllers/integrityshield.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,11 +163,11 @@ func (r *IntegrityShieldReconciler) createOrUpdateResourceSigningProfileCRD(
return r.createOrUpdateCRD(instance, expected)
}

func (r *IntegrityShieldReconciler) createOrUpdateProtectedResourceIntegrityCRD(
instance *apiv1alpha1.IntegrityShield) (ctrl.Result, error) {
expected := res.BuildProtectedResourceIntegrityCRD(instance)
return r.createOrUpdateCRD(instance, expected)
}
// func (r *IntegrityShieldReconciler) createOrUpdateProtectedResourceIntegrityCRD(
// instance *apiv1alpha1.IntegrityShield) (ctrl.Result, error) {
// expected := res.BuildProtectedResourceIntegrityCRD(instance)
// return r.createOrUpdateCRD(instance, expected)
// }

func (r *IntegrityShieldReconciler) deleteShieldConfigCRD(
instance *apiv1alpha1.IntegrityShield) (ctrl.Result, error) {
Expand Down Expand Up @@ -198,11 +198,11 @@ func (r *IntegrityShieldReconciler) deleteResourceSigningProfileCRD(
return r.deleteCRD(instance, expected)
}

func (r *IntegrityShieldReconciler) deleteProtectedResourceIntegrityCRD(
instance *apiv1alpha1.IntegrityShield) (ctrl.Result, error) {
expected := res.BuildProtectedResourceIntegrityCRD(instance)
return r.deleteCRD(instance, expected)
}
// func (r *IntegrityShieldReconciler) deleteProtectedResourceIntegrityCRD(
// instance *apiv1alpha1.IntegrityShield) (ctrl.Result, error) {
// expected := res.BuildProtectedResourceIntegrityCRD(instance)
// return r.deleteCRD(instance, expected)
// }

/**********************************************

Expand Down
12 changes: 6 additions & 6 deletions integrity-shield-operator/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,12 @@ replace (
github.com/IBM/integrity-enforcer/cmd => ../cmd
github.com/IBM/integrity-enforcer/integrity-shield-operator => ./
github.com/IBM/integrity-enforcer/shield => ../shield
k8s.io/api => k8s.io/api v0.20.2
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.20.2
k8s.io/apimachinery => k8s.io/apimachinery v0.20.2
k8s.io/cli-runtime => k8s.io/cli-runtime v0.20.2
k8s.io/client-go => k8s.io/client-go v0.20.2
k8s.io/kubectl => k8s.io/kubectl v0.20.2
k8s.io/api => k8s.io/api v0.19.0
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.19.0
k8s.io/apimachinery => k8s.io/apimachinery v0.19.0
k8s.io/cli-runtime => k8s.io/cli-runtime v0.19.0
k8s.io/client-go => k8s.io/client-go v0.19.0
k8s.io/kubectl => k8s.io/kubectl v0.19.0
sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.8.3
)

Expand Down
Loading