Skip to content

[RuleSet] add support for annotations and labels #271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Jun 27, 2023
Merged

[RuleSet] add support for annotations and labels #271

merged 10 commits into from
Jun 27, 2023

Conversation

fin09pcap
Copy link
Member

Adds support for generation of additional metadata when using the bundle as the source for a ruleSet.
When validating bundles, this update include all annotations and labels in the RuleSet.

# test.spec.yaml
# yaml-language-server: $schema=https://github.com/elastic/harp/blob/main/api/jsonschema/harp.bundle.v1/Template.json
apiVersion: harp.elastic.co/v1
kind: BundleTemplate

meta:
  name: "example"
  owner: test@example.com
  description: "exmaple bundle"

spec:
  selector:
    quality: "production"
    platform: "testPlatform"
    product: "testProduct"
    version: "v1.0.0"

  namespaces:
    platform:
      - region: "us-east-1"
        components:
        - name: "testComponent"
          secrets:
          - suffix: "testCredentials"
            description: "test credentials"
            labels:
                vendor: "true"
            annotations:
              infosec.elastic.co/rotationPeriod: "90d"
            template: |-
              {
                "foo": "{{ noSymbolPassword }}"
              }

The expected output should include all defined annotations and labels for the secret.

$ bin/harp-darwin-arm64 from bundle-template --in test.spec.yaml --out - \
| bin/harp-darwin-arm64 to ruleset --in -

apiVersion: harp.elastic.co/v1
kind: RuleSet
meta:
  description: Generated from bundle content
  name: cxDVHHkKEFbD8jjjMIVOQGP1pbbx8yo2hR_56i8WIo1jhpGDp_EYT42PGak9Q8PwNzt-huFL4ehsEgaXm7D7rg
spec:
  rules:
  - constraints:
    - p.match_label("vendor")
    - p.match_annotation("infosec.elastic.co/rotationPeriod")
    - p.has_secret("foo")
    name: LINT-cxDVHH-1
    path: platform/production/testPlatform/us-east-1/testComponent/testCredentials
$ bin/harp-darwin-arm64 from bundle-template --in test.spec.yaml --out - \
| bin/harp-darwin-arm64 to ruleset --in - --out ruleset.yaml

Validate against the generated bundle.

$ bin/harp-darwin-arm64 from bundle-template --in test.spec.yaml --out - \
| bin/harp-darwin-arm64 bundle lint --in - --spec ruleset.yaml

@fin09pcap fin09pcap self-assigned this May 28, 2023
@fin09pcap fin09pcap requested review from sover02, ghcoi2ck and dgolja May 28, 2023 00:15
renanvice
renanvice previously requested changes May 29, 2023
View reviewed changes
Copy link
Member

@renanvice renanvice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some changes to allow it to pass lint

fin09pcap added 10 commits June 27, 2023 15:54
@fin09pcap
chore: spelling
1dd435c 
Signed-off-by: Ben Stickel <ben.stickel@elastic.co>
@fin09pcap
fix: add support to process annotations for the ruleset
06982d2 
Signed-off-by: Ben Stickel <ben.stickel@elastic.co>
@fin09pcap
fix: add support to process labels
9d890cd 
Signed-off-by: Ben Stickel <ben.stickel@elastic.co>
@fin09pcap
chore: lint
ea2a58d 
Signed-off-by: Ben Stickel <ben.stickel@elastic.co>
@fin09pcap
test: add test for ruleset generation from bundle
da2b28d 
Signed-off-by: Ben Stickel <ben.stickel@elastic.co>
@fin09pcap
test: add bundle with labels and annotations
3fb13ae 
Signed-off-by: Ben Stickel <ben.stickel@elastic.co>
@fin09pcap
test: update test to match expected values
13c1c00 
Signed-off-by: Ben Stickel <ben.stickel@elastic.co>
@fin09pcap
fix: update ruleset FromBundle to use Labels and Annotations
7cc46d0 
Signed-off-by: Ben Stickel <ben.stickel@elastic.co>
@fin09pcap
test: update use to proto.Equal versus reflect.DeepEqual
3270481 
Signed-off-by: Ben Stickel <ben.stickel@elastic.co>
@fin09pcap
chore: lint & format
5f6d466 
Signed-off-by: Ben Stickel <ben.stickel@elastic.co>
@fin09pcap fin09pcap force-pushed the ruleset/add_support_for_annotations_and_labels branch from 8524d46 to 5f6d466 Compare June 27, 2023 23:21
@fin09pcap fin09pcap requested a review from renanvice June 27, 2023 23:24
renanvice
renanvice approved these changes Jun 27, 2023
View reviewed changes
Copy link
Member

@renanvice renanvice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fin09pcap fin09pcap merged commit 186f399 into elastic:main Jun 27, 2023
@fin09pcap fin09pcap deleted the ruleset/add_support_for_annotations_and_labels branch June 27, 2023 23:36
@fin09pcap fin09pcap mentioned this pull request Jul 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renanvice renanvice renanvice approved these changes

@sover02 sover02 Awaiting requested review from sover02

@ghcoi2ck ghcoi2ck Awaiting requested review from ghcoi2ck

@dgolja dgolja Awaiting requested review from dgolja

Assignees

@fin09pcap fin09pcap

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fin09pcap @renanvice