Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Khulnasoft #143

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Khulnasoft #143

wants to merge 6 commits into from

Conversation

NxPKG
Copy link
Contributor

@NxPKG NxPKG commented Jan 26, 2025
edited by sourcery-ai bot
Loading

Addresses issue: #

Changes proposed in this pull request:

  • Change 1
  • Change 2
  • Change 3

Summary by Sourcery

Update dependencies and container images, add support for GKE 1.6, and fix path issues in various CIS benchmark versions.

Enhancements:

  • Add support for GKE 1.6.0.

Build:

  • Update the base Docker image from golang:1.22.7 to golang:1.23.4.
  • Add findutils to the Docker image.
  • Add bash to the Docker image.
  • Update kubectl to version 1.31.0.
  • Copy check_files_owner_in_dir.sh into the Docker image and make it executable.
  • Update the base Docker image from alpine:3.20.3 to alpine:3.21.0.

Tests:

  • Update the expected output data for integration tests.

@sourcery-ai Sourcery AI
Copy link

sourcery-ai bot commented Jan 26, 2025
edited
Loading

Reviewer's Guide by Sourcery

This pull request updates dependencies, adds a new GKE benchmark, and modifies configurations and scripts for improved security and functionality.

Class diagram for updated configuration structures

classDiagram
    class KubeletConfig {
        +bool anonymousAuth
        +string authorizationMode
        +string clientCAFile
        +int readOnlyPort
        +string streamingConnectionIdleTimeout
        +bool makeIPTablesUtilChains
        +int eventRecordQPS
        +bool rotateCertificates
        +bool rotateKubeletServerCertificate
    }
    class SecurityConfig {
        +bool enableBinauthz
        +bool enableShieldedNodes
        +bool enableWorkloadIdentity
        +bool enableSecurityPosture
        +bool enablePrivateEndpoint
    }
    class NetworkingConfig {
        +bool enableVPCNative
        +bool enablePrivateNodes
        +bool enableFlowLogs
        +bool enableSSLCertificates
    }
    SecurityConfig -- KubeletConfig
    NetworkingConfig -- KubeletConfig
Loading

File-Level Changes

Change Details Files
Dependency updates
  • Updated multiple AWS SDK Go modules.
  • Updated github.com/fatih/color.
  • Updated github.com/golang/glog.
  • Updated github.com/magiconair/properties.
  • Updated github.com/spf13/cobra.
  • Updated github.com/spf13/viper.
  • Updated github.com/stretchr/testify.
  • Updated gorm.io/driver/postgres.
  • Updated gorm.io/gorm.
  • Updated k8s.io/apimachinery.
  • Updated k8s.io/client-go.
  • Updated golang.org/x/crypto.
  • Updated golang.org/x/net.
  • Updated golang.org/x/oauth2.
  • Updated golang.org/x/sync.
  • Updated golang.org/x/sys.
  • Updated golang.org/x/term.
  • Updated golang.org/x/text.
  • Updated google.golang.org/protobuf.
  • Updated k8s.io/api.
  • Updated k8s.io/klog/v2.
  • Updated k8s.io/kube-openapi.
  • Updated k8s.io/utils.
  • Updated sigs.k8s.io/yaml.
 go.mod
go.sum
Added a new GKE benchmark
  • Added configuration files for the new GKE 1.6.0 benchmark.
  • Updated the config.yaml to include the new benchmark.
  • Updated documentation to include the new benchmark.
  • Updated the util file to include the new benchmark.
 cfg/gke-1.6.0/managedservices.yaml
cfg/gke-1.6.0/node.yaml
cfg/gke-1.6.0/policies.yaml
cfg/gke-1.6.0/config.yaml
cfg/gke-1.6.0/master.yaml
cfg/gke-1.6.0/controlplane.yaml
cfg/config.yaml
docs/platforms.md
docs/architecture.md
docs/running.md
cmd/util.go
Modified Dockerfile for build and runtime improvements
  • Updated the base Go image version.
  • Added findutils to the runtime image.
  • Added bash to the runtime image.
  • Added a helper script to the runtime image.
  • Modified the PATH environment variable to include the helper script.
 Dockerfile
Modified configuration files for improved security
  • Updated file paths for checks related to Kubernetes PKI.
  • Modified audit commands to use the new helper script.
  • Updated audit commands to grep for kubelet instead of kube-apiserver in k3s.
  • Updated audit commands to check for the presence of a file before running stat.
  • Updated audit commands to use the correct flag for bind address.
  • Updated audit commands to use the correct flag for tls-cipher-suites.
  • Updated audit commands to use the correct flag for anonymous-auth.
  • Updated audit commands to use the correct flag for authorization-mode.
  • Updated audit commands to use the correct flag for client-ca-file.
  • Updated audit commands to use the correct flag for certificate authorities file permissions.
  • Updated audit commands to use the correct flag for client certificate authorities file ownership.
 cfg/rh-0.7/master.yaml
cfg/rke-cis-1.7/master.yaml
cfg/rke-cis-1.24/master.yaml
cfg/k3s-cis-1.23/node.yaml
cfg/k3s-cis-1.24/node.yaml
cfg/k3s-cis-1.7/node.yaml
cfg/k3s-cis-1.8/node.yaml
cfg/cis-1.24/master.yaml
cfg/rke-cis-1.23/node.yaml
cfg/rke-cis-1.24/node.yaml
cfg/rke-cis-1.7/node.yaml
cfg/ack-1.0/node.yaml
cfg/cis-1.20/node.yaml
cfg/cis-1.23/node.yaml
cfg/cis-1.24-microk8s/node.yaml
cfg/cis-1.24/node.yaml
cfg/cis-1.5/node.yaml
cfg/cis-1.6/node.yaml
cfg/cis-1.7/node.yaml
cfg/cis-1.8/node.yaml
cfg/cis-1.9/node.yaml
cfg/rke-cis-1.23/master.yaml
cfg/rke2-cis-1.23/node.yaml
cfg/rke2-cis-1.24/node.yaml
cfg/rke2-cis-1.7/node.yaml
cfg/tkgi-1.2.53/node.yaml
Modified scripts and documentation
  • Updated the ARN for the AWS Security Hub service.
  • Updated the contributing guidelines.
  • Updated the IAM policy example in the ASFF documentation.
  • Updated the kube-bench image version in the job.yaml.
  • Updated the getPlatformBenchmarkVersion function to include the new GKE benchmark.
  • Updated the makefile to include the new docker org.
  • Updated the mkdocs.yml to include the new github org.
  • Updated the publish workflow to use the correct dockerhub secrets.
  • Updated the goreleaser config to include the new maintainer.
  • Added a helper script to check file ownership.
  • Updated the documentation to include the new GKE benchmark.
  • Updated the documentation to include the new github org.
 check/controls.go
CONTRIBUTING.md
docs/asff.md
job.yaml
cmd/util.go
makefile
mkdocs.yml
check/check.go
check/check_test.go
check/controls_test.go
check/test.go
check/test_test.go
cmd/common.go
cmd/common_test.go
cmd/root.go
cmd/util_test.go
main.go
docs/architecture.md
docs/running.md
.github/workflows/publish.yml
.goreleaser.yml
integration/testdata/Expected_output.data
helper_scripts/check_files_owner_in_dir.sh
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!
  • Generate a plan of action for an issue: Comment @sourcery-ai plan on
    an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@codecov Codecov
Copy link

codecov bot commented Jan 26, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 62.13%. Comparing base (d30538f) to head (6d71a0b).
Report is 56 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #143      +/-   ##
==========================================
- Coverage   64.40%   62.13%   -2.27%     
==========================================
  Files          11       13       +2     
  Lines        1559     1957     +398     
==========================================
+ Hits         1004     1216     +212     
- Misses        499      685     +186     
  Partials       56       56

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@NxPKG @gitworkflows @khulnasoft-bot