Skip to content

Commit

Permalink
feat: Add a cleanup script that can delete all resources (running the…
Browse files Browse the repository at this point in the history 
… script will remove all resources at once)

fix:: Resolve an issue with deleting SIBs
- Fixed code so that when deleting a SIB, logs are properly generated and the created nimberpolicy is also deleted.

�style(cleanup): Add  license

Move script file

Deleted files

feat(api): Add syscalls-related field

feat(config): Add syscalls-related fields

feat: Add go.work to use two mods

feat(config): Add the adapter's config

feat(receiver): Add a receiver for the adapter

feat(core): Add a transformer and Applier for the adapter

feat(adapter): Add adapter-specific main.go and other files

feat(adapter): Add core(converter, enforcer)

feat(adapter): Add applier and modify package name

featgo.mod): go version to use go.work (requires go >= 1.21)

feat(applier): Add license

feat(receiver): Add karmor policy delete

test(v2): Modify ID

Docs: Update Tutorials

fix(go.mod): Resolve lint

fix(gomod): resolve golangci-lint

Update Quick-tutorials.md

Update nimbus-adapter

Delete core directory

fix(adapter): Modify path (main.go)

Update nimbus adapter
  • Loading branch information
@b0m313 @seungsoo-lee
b0m313 authored and seungsoo-lee committed Jan 9, 2024
1 parent cf09d53 commit 7d32d06
Show file tree
Hide file tree
Showing 37 changed files with 1,812 additions and 903 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
*.dylib
bin
Dockerfile.cross
nimbus-kubearmor

# Test binary, build with `go test -c`
*.test
Expand Down
23 changes: 19 additions & 4 deletions api/v1/nimbuspolicy_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ type Rule struct {
MatchProtocols []MatchProtocol `json:"matchProtocols,omitempty"`

// Process: MatchPaths, MatchDirectories, MatchPatterns
// File: MatchPaths, MatchDirectories
// File: MatchPaths, MatchDirectories, MatchPatterns
MatchPaths []MatchPath `json:"matchPaths,omitempty"`
MatchDirectories []MatchDirectory `json:"matchDirectories,omitempty"`
MatchPatterns []MatchPattern `json:"matchPatterns,omitempty"`
Expand All @@ -52,7 +52,8 @@ type Rule struct {
MatchCapabilities []MatchCapability `json:"matchCapabilities,omitempty"`

// Syscalls: MatchSyscalls
MatchSyscalls []MatchSyscall `json:"matchSyscalls,omitempty"`
MatchSyscalls []MatchSyscall `json:"matchSyscalls,omitempty"`
MatchSyscallPaths []MatchSyscallPath `json:"matchSyscallPaths,omitempty"`

FromCIDRSet []CIDRSet `json:"fromCIDRSet,omitempty"`
ToPorts []ToPort `json:"toPorts,omitempty"`
Expand Down Expand Up @@ -97,12 +98,26 @@ type MatchPattern struct {

// MatchSyscall defines a syscall for syscall policies
type MatchSyscall struct {
Syscalls []string `json:"syscalls,omitempty"`
Syscalls []string `json:"syscalls,omitempty"`
FromSource []SyscallFromSource `json:"fromSource,omitempty"`
}

type MatchSyscallPath struct {
Path string `json:"path,omitempty"`
Recursive bool `json:"recursive,omitempty"`
Syscalls []string `json:"syscall,omitempty"`
FromSource []SyscallFromSource `json:"fromSource,omitempty"`
}

type SyscallFromSource struct {
Path string `json:"path,omitempty"`
Dir string `json:"dir,omitempty"`
}

// MatchCapability defines a capability for capabilities policies
type MatchCapability struct {
Capability string `json:"capability,omitempty"`
Capability string `json:"capability,omitempty"`
FromSource []NimbusFromSource `json:"fromSource,omitempty"`
}

// FromSource defines a source path for directory-based policies
Expand Down
13 changes: 11 additions & 2 deletions api/v1/securityintent_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,8 @@ type SecurityIntentParams struct {
MatchCapabilities []SecurityIntentMatchCapability `json:"matchCapabilities,omitempty"`

// Syscalls: MatchSyscalls
MatchSyscalls []SecurityIntentMatchSyscall `json:"matchSyscalls,omitempty"`
MatchSyscalls []SecurityIntentMatchSyscall `json:"matchSyscalls,omitempty"`
MatchSyscallPaths []SecurityIntentMatchSyscallPath `json:"matchSyscallPaths,omitempty"`

FromCIDRSet []SecurityIntentCIDRSet `json:"fromCIDRSet,omitempty"`
ToPorts []SecurityIntentToPort `json:"toPorts,omitempty"`
Expand Down Expand Up @@ -89,7 +90,15 @@ type SecurityIntentMatchPattern struct {

// MatchSyscall defines a syscall for syscall policies
type SecurityIntentMatchSyscall struct {
Syscalls []string `json:"syscalls,omitempty"`
Syscalls []string `json:"syscalls,omitempty"`
FromSource []SyscallFromSource `json:"fromSource,omitempty"`
}

type SecurityIntentMatchSyscallPath struct {
Path string `json:"path,omitempty"`
Recursive bool `json:"recursive,omitempty"`
Syscalls []string `json:"syscall,omitempty"`
FromSource []SyscallFromSource `json:"fromSource,omitempty"`
}

// MatchCapability defines a capability for capabilities policies
Expand Down
9 changes: 4 additions & 5 deletions api/v1/securityintentbinding_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,11 @@ type SecurityIntentBindingSpec struct {
// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
// Important: Run "make" to regenerate code after modifying this file

// Foo is an example field of SecurityIntentBinding. Edit securityintentbinding_types.go to remove/update
Intents []MatchIntent `json:"intents"`
Selector Selector `json:"selector"`
}

// Intent struct defines the request for a specific SecurityIntent
type MatchIntent struct {
Name string `json:"name"`
}
Expand Down Expand Up @@ -49,9 +49,10 @@ type SecurityIntentBindingStatus struct {
// Important: Run "make" to regenerate code after modifying this file
}

//+kubebuilder:object:root=true
// +kubebuilder:object:root=true
// +kubebuilder:resource: shortName="sib"
//+kubebuilder:subresource:status
// +kubebuilder:subresource:status
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// SecurityIntentBinding is the Schema for the securityintentbindings API
type SecurityIntentBinding struct {
Expand All @@ -61,8 +62,6 @@ type SecurityIntentBinding struct {
Status SecurityIntentBindingStatus `json:"status,omitempty"`
}

//+kubebuilder:object:root=true

// SecurityIntentBindingList contains a list of SecurityIntentBinding
type SecurityIntentBindingList struct {
metav1.TypeMeta `json:",inline"`
Expand Down
42 changes: 41 additions & 1 deletion config/crd/bases/intent.security.nimbus.com_nimbuspolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,15 @@ spec:
properties:
capability:
type: string
fromSource:
items:
description: FromSource defines a source path
for directory-based policies
properties:
path:
type: string
type: object
type: array
type: object
type: array
matchDirectories:
Expand All @@ -91,7 +100,7 @@ spec:
type: array
matchPaths:
description: 'Process: MatchPaths, MatchDirectories, MatchPatterns
File: MatchPaths, MatchDirectories'
File: MatchPaths, MatchDirectories, MatchPatterns'
items:
description: MatchPath defines a path for process or
file policies
Expand Down Expand Up @@ -119,12 +128,43 @@ spec:
type: string
type: object
type: array
matchSyscallPaths:
items:
properties:
fromSource:
items:
properties:
dir:
type: string
path:
type: string
type: object
type: array
path:
type: string
recursive:
type: boolean
syscall:
items:
type: string
type: array
type: object
type: array
matchSyscalls:
description: 'Syscalls: MatchSyscalls'
items:
description: MatchSyscall defines a syscall for syscall
policies
properties:
fromSource:
items:
properties:
dir:
type: string
path:
type: string
type: object
type: array
syscalls:
items:
type: string
Expand Down
3 changes: 1 addition & 2 deletions config/crd/bases/intent.security.nimbus.com_securityintentbindings.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,8 @@ spec:
description: SecurityIntentBindingSpec defines the desired state of SecurityIntentBinding
properties:
intents:
description: Foo is an example field of SecurityIntentBinding. Edit
securityintentbinding_types.go to remove/update
items:
description: Intent struct defines the request for a specific SecurityIntent
properties:
name:
type: string
Expand Down
31 changes: 31 additions & 0 deletions config/crd/bases/intent.security.nimbus.com_securityintents.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,12 +116,43 @@ spec:
type: string
type: object
type: array
matchSyscallPaths:
items:
properties:
fromSource:
items:
properties:
dir:
type: string
path:
type: string
type: object
type: array
path:
type: string
recursive:
type: boolean
syscall:
items:
type: string
type: array
type: object
type: array
matchSyscalls:
description: 'Syscalls: MatchSyscalls'
items:
description: MatchSyscall defines a syscall for syscall
policies
properties:
fromSource:
items:
properties:
dir:
type: string
path:
type: string
type: object
type: array
syscalls:
items:
type: string
Expand Down
Loading

0 comments on commit 7d32d06

Please sign in to comment.