New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge csp-security-policies into cloudbeat repo #1405

Merged

oren-zohar merged 252 commits into elastic:main from orestisfl:add-csp-security-policies

Oct 30, 2023

Contributor

orestisfl commented Oct 11, 2023 •

edited

Loading

Summary of your changes

Merge csp-security-policies into cloudbeat. Benefits are:

Less PRs for new rules / rule updates
Less steps in release process
Developer QoL improvement as codebase is in one repo
Less duplication and more consistency in linting and CIs

I've cleaned up some of the history of the repo and added a tag in all commits.

To bulk-rename the commits I used git filter-repo:

git checkout -b rebase
git filter-repo --message-callback '
return b"[Security Policies] " + message' --force
git push

To add the subtree:

git subtree add --prefix security-policies https://github.com/orestisfl/csp-security-policies rebase

I suggest to review by mostly checking the last commit which are the differences I had to make post-merge for everything to work.

Related Issues

Fixes: Merge csp-security-policies into cloudbeat #1341

Checklist

I have added tests that prove my fix is effective or that my feature works
I have added the necessary README/documentation (if appropriate)
Make sure latest commit from csp-security-policies is merged into cloudbeat
Squash merge needs to be temporarily disabled to preserve history
Squash fixes in merge commit to avoid "broken" commit post-merge

orestisfl self-assigned this

mergify bot added the backport-skip label

elastic deleted a comment from mergify bot

github-actions bot commented Oct 11, 2023 •

edited

Loading

📊 Allure Report - 💚 No failures were reported.

Result	Count
🟥 Failed	0
🟩 Passed	39
⬜ Skipped	1

orestisfl force-pushed the add-csp-security-policies branch 4 times, most recently from f096d49 to d2ffd38 Compare

October 11, 2023 17:14

oren-zohar and others added 22 commits

October 11, 2023 20:31


          [Security Policies] CIS 1.1.2

b775ea3

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] file_ownership_match fail case

e54baed

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] edit .gitignore

77e1226

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] add general tags to cis.rego

f30505c

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] move common functions to common.rego

fbbb9df

fields -> evidence


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] test infra

da95d0e

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] remove 1.1.11

769d4dc

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] naming conventions

89dd762

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] CR changes

b035da6

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] Update README.md

396d93e

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] pre-commit hooks

67e8f13

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] [new rule] Master Node Configuration File permiss…

…ions rules

elastic/csp-security-policies#2

Master Node Configuration File permissions rules


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] Create pre-commit.yml

f5e7ae5

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] [Infra] test data generator

d3ab8d9

elastic/csp-security-policies#6


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] [new rule] File ownerships

818a31f

elastic/csp-security-policies#5


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] Add test coverage

80abd63

elastic/csp-security-policies#23


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] [New Rules] Folder rules (1.1.11, 1.1.12, 1.1.19)

ffe0a59

elastic/csp-security-policies#7


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] [New Rule] Api server first automated rule (1.2.2)

76df5dd

elastic/csp-security-policies#11


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] Add test coverage CI

7588eb4

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] Update common.rego

6158b17

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] [New field] opa_version field

19bac37

elastic/csp-security-policies#27


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] Update README.md

35d32be

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405

orestisfl and others added 4 commits

October 12, 2023 10:05


          [Security Policies] CIS Azure: Implement 7.2, 7.3

29e684c

elastic/csp-security-policies#320


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] Start implementation of vault rules

e89d492

elastic/csp-security-policies#323


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] add mergify config for 8.11

elastic/csp-security-policies#324


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] CIS Azure: Change type for subType

06558dc

elastic/csp-security-policies#325


---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405

orestisfl pushed a commit to orestisfl/csp-security-policies that referenced this pull request


          [Security Policies] first commit

cc8150c

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic/cloudbeat#1405

orestisfl force-pushed the add-csp-security-policies branch 2 times, most recently from 5340839 to 87759a9 Compare

October 12, 2023 08:16

orestisfl requested a review from a team as a code owner

October 12, 2023 08:16

orestisfl requested a review from kfirpeled

October 12, 2023 08:16

orestisfl force-pushed the add-csp-security-policies branch from 87759a9 to 8e24ce6 Compare

October 12, 2023 08:19

orestisfl commented

View reviewed changes

.github/workflows/test-opa-policies.yml

		@@ -0,0 +1,35 @@
		name: Test OPA Policies

Contributor Author

orestisfl Oct 16, 2023

Maybe not necessary because of pre-commit

orestisfl commented

View reviewed changes

security-policies/bundle/compliance/cis_aws/rules/cis_2_1_5/data.yaml

@@ @@ -123,7 +123,8 @@ metadata: @@
                 impact: |-
                   When you apply Block Public Access settings to an account, the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.
                 default_value: ''
-                references: 1. https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access-account.html
+                references: 1.

Contributor Author

orestisfl Oct 16, 2023

TODO: check this formatting

Contributor Author

orestisfl Oct 17, 2023

Side effect of updating ruamel.yaml. Tested E2E and no differences detected.

orestisfl force-pushed the add-csp-security-policies branch from 8e24ce6 to 1a20fe0 Compare

October 16, 2023 17:15

oren-zohar requested review from orouz and removed request for kfirpeled

October 17, 2023 07:41

orestisfl force-pushed the add-csp-security-policies branch from 1a20fe0 to ccb3721 Compare

October 19, 2023 12:36

orestisfl removed the request for review from a team

October 19, 2023 15:54

jeniawhite added 2 commits

October 30, 2023 13:33


          [Security Policies] Fixing rules after QA

5fc900c

elastic/csp-security-policies#328

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405


          [Security Policies] Property change

89f86a6

elastic/csp-security-policies#330

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic#1405

orestisfl force-pushed the add-csp-security-policies branch from ccb3721 to f8e3420 Compare

October 30, 2023 13:37

oren-zohar approved these changes

View reviewed changes

orestisfl added 2 commits

October 30, 2023 13:49


          Add 'security-policies/' from commit '89f86a6e2af1b0b7688169b891029d8…

611f797

…3bb4c5b9d'

git-subtree-dir: security-policies
git-subtree-mainline: 0226706
git-subtree-split: 89f86a6


          Add csp-security-policies

556153c

orestisfl force-pushed the add-csp-security-policies branch from f8e3420 to 556153c Compare

October 30, 2023 13:49

oren-zohar merged commit 65ef3b3 into elastic:main

26 checks passed

orestisfl deleted the add-csp-security-policies branch

October 30, 2023 14:27

This was referenced Oct 30, 2023

Applying Pre-Commit Hooks on all files elastic/csp-security-policies#315

Closed

Add Regal Rego linting to project elastic/csp-security-policies#326

Closed

Depracate this repository elastic/csp-security-policies#332

Merged

mage: BuildOpaBundle: Clean-up some leftover code #1518

Merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels