gardener · dimityrmirchev · Aug 26, 2024 · Aug 21, 2024 · Aug 21, 2024 · Aug 21, 2024
@@ -17,19 +17,19 @@ issues:
   - indent-error-flow # if block ends with a return statement, so drop this else and outdent its block
   - package-comments
   exclude-rules:
-    - path: 'pkg/provider/gardener/ruleset/disak8sstig/v1r11/'
+    - path: 'pkg/provider/gardener/ruleset/disak8sstig/rules/'
       linters:
         - revive
       text: "exported: exported"
-    - path: 'pkg/provider/managedk8s/ruleset/disak8sstig/v1r11/'
+    - path: 'pkg/provider/managedk8s/ruleset/disak8sstig/rules/'
       linters:
         - revive
       text: "exported: exported"
-    - path: 'pkg/provider/virtualgarden/ruleset/disak8sstig/v1r11/'
+    - path: 'pkg/provider/virtualgarden/ruleset/disak8sstig/rules/'
       linters:
         - revive
       text: "exported: exported"
-    - path: 'pkg/shared/ruleset/disak8sstig/v1r11/'
+    - path: 'pkg/shared/ruleset/disak8sstig/rules/'
       linters:
         - revive
       text: "exported: exported"
@@ -55,12 +55,12 @@ diki run --config=config.yaml --all --output=./report.json
 
 - Run a specific ruleset for a known provider
 ```bash
-diki run --config=config.yaml --provider=gardener --ruleset-id=disa-kubernetes-stig --ruleset-version=v1r11
+diki run --config=config.yaml --provider=gardener --ruleset-id=disa-kubernetes-stig --ruleset-version=v2r1
 ```
 
 - Run a specific rule defined in a ruleset for a known provider
 ```bash
-diki run --config=config.yaml --provider=gardener --ruleset-id=disa-kubernetes-stig --ruleset-version=v1r11 --rule-id=242414
+diki run --config=config.yaml --provider=gardener --ruleset-id=disa-kubernetes-stig --ruleset-version=v2r1 --rule-id=242414
 ```
 
 #### Report

@@ -8,6 +8,7 @@ The `Gardener` provider is capable of accessing a `seed/shoot` environment and r
 
 The `Gardener` provider implements the following `rulesets`:
 - [DISA Kubernetes Security Technical Implementation Guide](../rulesets/disa-k8s-stig.md)
+    - v2r1
     - v1r11
 
 ### Configuration

@@ -8,6 +8,7 @@ The `Managed Kubernetes` provider is capable of accessing a managed Kubernetes e
 
 The `Managed Kubernetes` provider implements the following `rulesets`:
 - [DISA Kubernetes Security Technical Implementation Guide](../rulesets/disa-k8s-stig.md)
+    - v2r1
     - v1r11
 
 ### Configuration

@@ -8,6 +8,7 @@ The `Virtual Garden` provider is capable of accessing a `runtime/virtual garden`
 
 The `Gardener` provider implements the following `rulesets`:
 - [DISA Kubernetes Security Technical Implementation Guide](../rulesets/disa-k8s-stig.md)
+    - v2r1
     - v1r11
 
 ### Configuration

@@ -31,7 +31,7 @@ diki run \
     --config=./example/guides/partial-disa-k8s-stig-shoot.yaml \
     --provider=managedk8s \
     --ruleset-id=disa-kubernetes-stig \
-    --ruleset-version=v1r11 \
+    --ruleset-version=v2r1 \
     --output=disa-k8s-stigs-report.json
 ```
 

@@ -15,7 +15,7 @@ providers:             # contains information about known providers
   rulesets:
   - id: disa-kubernetes-stig
     name: DISA Kubernetes Security Technical Implementation Guide
-    version: v1r11
+    version: v2r1
     # args:
     #   maxRetries: 1 # number of maximum rule run retries. Defaults to 1 
     ruleOptions:

@@ -10,7 +10,7 @@ providers:                   # contains information about known providers
   rulesets:
   - id: disa-kubernetes-stig
     name: DISA Kubernetes Security Technical Implementation Guide
-    version: v1r11
+    version: v2r1
     # args:
     #   maxRetries: 1 # number of maximum rule run retries. Defaults to 1 
     ruleOptions:

@@ -10,7 +10,7 @@ providers:               # contains information about known providers
   rulesets:
   - id: disa-kubernetes-stig
     name: DISA Kubernetes Security Technical Implementation Guide
-    version: v1r11
+    version: v2r1
     # args:
     #   maxRetries: 1 # number of maximum rule run retries. Defaults to 1 
     ruleOptions:

@@ -9,7 +9,7 @@ providers:
   rulesets:
   - id: disa-kubernetes-stig
     name: DISA Kubernetes Security Technical Implementation Guide
-    version: v1r11
+    version: v2r1
     ruleOptions:
     - ruleID: "242393"
       args:

@@ -9,7 +9,7 @@ set -e
 rule_id=""
 provider="gardener"
 ruleset_id="disa-kubernetes-stig"
-ruleset_version="v1r11"
+ruleset_version="v2r1"
 run_all="false"
 
 
@@ -29,7 +29,7 @@ This command runs diki with a specified config file.
                       specified ruleset are executed.
     --provider        Ruleset provider. Defaults to "gardener".
     --ruleset-id      ID of ruleset that will be ran. Defaults to "disa-kubernetes-stig".
-    --ruleset-version Version of ruleset that will be ran. Defaults to "v1r11".
+    --ruleset-version Version of ruleset that will be ran. Defaults to "v2r1".
 
   environment variables:
     IMAGEVECTOR_OVERWRITE Overwrites diki/imagesvector/images.yaml file with specified file path.

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package v1r11
+package rules
 
 import (
 	"context"
@@ -13,7 +13,7 @@ import (
 
 	kubeutils "github.com/gardener/diki/pkg/kubernetes/utils"
 	"github.com/gardener/diki/pkg/rule"
-	sharedv1r11 "github.com/gardener/diki/pkg/shared/ruleset/disak8sstig/v1r11"
+	sharedrules "github.com/gardener/diki/pkg/shared/ruleset/disak8sstig/rules"
 )
 
 var _ rule.Rule = &Rule242377{}
@@ -24,7 +24,7 @@ type Rule242377 struct {
 }
 
 func (r *Rule242377) ID() string {
-	return sharedv1r11.ID242377
+	return sharedrules.ID242377
 }
 
 func (r *Rule242377) Name() string {

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package v1r11_test
+package rules_test
 
 import (
 	"context"
@@ -16,7 +16,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake"
 
-	"github.com/gardener/diki/pkg/provider/gardener/ruleset/disak8sstig/v1r11"
+	"github.com/gardener/diki/pkg/provider/gardener/ruleset/disak8sstig/rules"
 	"github.com/gardener/diki/pkg/rule"
 )
 
@@ -54,7 +54,7 @@ var _ = Describe("#242377", func() {
 	})
 
 	It("should error when kube-scheduler is not found", func() {
-		r := &v1r11.Rule242377{Client: fakeClient, Namespace: namespace}
+		r := &rules.Rule242377{Client: fakeClient, Namespace: namespace}
 
 		ruleResult, err := r.Run(ctx)
 		Expect(err).ToNot(HaveOccurred())
@@ -74,7 +74,7 @@ var _ = Describe("#242377", func() {
 			ksDeployment.Spec.Template.Spec.Containers = []corev1.Container{container}
 			Expect(fakeClient.Create(ctx, ksDeployment)).To(Succeed())
 
-			r := &v1r11.Rule242377{Client: fakeClient, Namespace: namespace}
+			r := &rules.Rule242377{Client: fakeClient, Namespace: namespace}
 			ruleResult, err := r.Run(ctx)
 			Expect(err).To(errorMatcher)
 

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package v1r11
+package rules
 
 import (
 	"cmp"
@@ -27,7 +27,7 @@ import (
 	"github.com/gardener/diki/pkg/shared/images"
 	"github.com/gardener/diki/pkg/shared/provider"
 	"github.com/gardener/diki/pkg/shared/ruleset/disak8sstig/option"
-	sharedv1r11 "github.com/gardener/diki/pkg/shared/ruleset/disak8sstig/v1r11"
+	sharedrules "github.com/gardener/diki/pkg/shared/ruleset/disak8sstig/rules"
 )
 
 var _ rule.Rule = &Rule242400{}
@@ -44,7 +44,7 @@ type Rule242400 struct {
 }
 
 func (r *Rule242400) ID() string {
-	return sharedv1r11.ID242400
+	return sharedrules.ID242400
 }
 
 func (r *Rule242400) Name() string {
@@ -189,7 +189,7 @@ func (r *Rule242400) checkKubeProxy(
 	var (
 		checkResults     []rule.CheckResult
 		additionalLabels = map[string]string{pod.LabelInstanceID: r.InstanceID}
-		podName          = fmt.Sprintf("diki-%s-%s", r.ID(), sharedv1r11.Generator.Generate(10))
+		podName          = fmt.Sprintf("diki-%s-%s", r.ID(), sharedrules.Generator.Generate(10))
 		execPodTarget    = rule.NewTarget("cluster", "shoot", "name", podName, "namespace", "kube-system", "kind", "pod")
 	)
 

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package v1r11_test
+package rules_test
 
 import (
 	"bytes"
@@ -27,10 +27,10 @@ import (
 	fakestrgen "github.com/gardener/diki/pkg/internal/stringgen/fake"
 	"github.com/gardener/diki/pkg/kubernetes/pod"
 	fakepod "github.com/gardener/diki/pkg/kubernetes/pod/fake"
-	"github.com/gardener/diki/pkg/provider/gardener/ruleset/disak8sstig/v1r11"
+	"github.com/gardener/diki/pkg/provider/gardener/ruleset/disak8sstig/rules"
 	"github.com/gardener/diki/pkg/rule"
 	"github.com/gardener/diki/pkg/shared/ruleset/disak8sstig/option"
-	sharedv1r11 "github.com/gardener/diki/pkg/shared/ruleset/disak8sstig/v1r11"
+	sharedrules "github.com/gardener/diki/pkg/shared/ruleset/disak8sstig/rules"
 )
 
 var _ = Describe("#242400", func() {
@@ -70,7 +70,7 @@ var _ = Describe("#242400", func() {
 	)
 
 	BeforeEach(func() {
-		sharedv1r11.Generator = &fakestrgen.FakeRandString{Rune: 'a'}
+		sharedrules.Generator = &fakestrgen.FakeRandString{Rune: 'a'}
 		fakeClusterClient = fakeclient.NewClientBuilder().Build()
 		fakeControlPlaneClient = fakeclient.NewClientBuilder().Build()
 
@@ -148,7 +148,7 @@ var _ = Describe("#242400", func() {
 		}
 
 		dikiPod = plainPod.DeepCopy()
-		dikiPod.Name = fmt.Sprintf("diki-%s-%s", sharedv1r11.ID242400, "aaaaaaaaaa")
+		dikiPod.Name = fmt.Sprintf("diki-%s-%s", sharedrules.ID242400, "aaaaaaaaaa")
 		dikiPod.Labels = map[string]string{}
 		Expect(fakeClusterClient.Create(ctx, dikiPod)).To(Succeed())
 	})
@@ -239,7 +239,7 @@ var _ = Describe("#242400", func() {
 		executeReturnStrings := [][]string{{mounts, allowedKubeProxyConfig, mounts, notAllowedKubeProxyConfig, mounts, ""}}
 		executeReturnErrors := [][]error{{nil, nil, nil, nil, nil, nil}}
 		fakePodContext = fakepod.NewFakeSimplePodContext(executeReturnStrings, executeReturnErrors)
-		r := &v1r11.Rule242400{
+		r := &rules.Rule242400{
 			InstanceID:            instanceID,
 			ClusterClient:         fakeClusterClient,
 			ControlPlaneClient:    fakeControlPlaneClient,
@@ -312,7 +312,7 @@ var _ = Describe("#242400", func() {
 			}),
 		}
 		fakePodContext = fakepod.NewFakeSimplePodContext([][]string{{}}, [][]error{{}})
-		r := &v1r11.Rule242400{
+		r := &rules.Rule242400{
 			ClusterClient:         fakeClusterClient,
 			ControlPlaneClient:    fakeControlPlaneClient,
 			ControlPlaneNamespace: controlPlaneNamespace,
@@ -347,7 +347,7 @@ var _ = Describe("#242400", func() {
 				return &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(bytes.NewReader([]byte(podSecurityNotSetNodeConfig)))}, nil
 			}),
 		}
-		r := &v1r11.Rule242400{
+		r := &rules.Rule242400{
 			ClusterClient:         fakeClusterClient,
 			ControlPlaneClient:    fakeControlPlaneClient,
 			ControlPlaneNamespace: controlPlaneNamespace,
@@ -380,7 +380,7 @@ var _ = Describe("#242400", func() {
 				return &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(bytes.NewReader([]byte(podSecurityNotSetNodeConfig)))}, nil
 			}),
 		}
-		r := &v1r11.Rule242400{
+		r := &rules.Rule242400{
 			ClusterClient:         fakeClusterClient,
 			ControlPlaneClient:    fakeControlPlaneClient,
 			ControlPlaneNamespace: controlPlaneNamespace,
@@ -405,7 +405,7 @@ var _ = Describe("#242400", func() {
 
 	It("should return warning when nodes are not found", func() {
 		fakeRESTClient = &manualfake.RESTClient{}
-		r := &v1r11.Rule242400{
+		r := &rules.Rule242400{
 			ClusterClient:         fakeClusterClient,
 			ControlPlaneClient:    fakeControlPlaneClient,
 			ControlPlaneNamespace: controlPlaneNamespace,

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package v1r11
+package rules
 
 import (
 	"context"
@@ -16,7 +16,7 @@ import (
 	kubeutils "github.com/gardener/diki/pkg/kubernetes/utils"
 	"github.com/gardener/diki/pkg/rule"
 	"github.com/gardener/diki/pkg/shared/ruleset/disak8sstig/option"
-	sharedv1r11 "github.com/gardener/diki/pkg/shared/ruleset/disak8sstig/v1r11"
+	sharedrules "github.com/gardener/diki/pkg/shared/ruleset/disak8sstig/rules"
 )
 
 var _ rule.Rule = &Rule242414{}
@@ -29,7 +29,7 @@ type Rule242414 struct {
 }
 
 func (r *Rule242414) ID() string {
-	return sharedv1r11.ID242414
+	return sharedrules.ID242414
 }
 
 func (r *Rule242414) Name() string {

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package v1r11_test
+package rules_test
 
 import (
 	"context"
@@ -14,7 +14,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake"
 
-	"github.com/gardener/diki/pkg/provider/gardener/ruleset/disak8sstig/v1r11"
+	"github.com/gardener/diki/pkg/provider/gardener/ruleset/disak8sstig/rules"
 	"github.com/gardener/diki/pkg/rule"
 	"github.com/gardener/diki/pkg/shared/ruleset/disak8sstig/option"
 )
@@ -100,7 +100,7 @@ var _ = Describe("#242414", func() {
 	})
 
 	It("should return correct results when all pods pass", func() {
-		r := &v1r11.Rule242414{ClusterClient: fakeShootClient, ControlPlaneClient: fakeSeedClient, ControlPlaneNamespace: seedNamespaceName, Options: &options}
+		r := &rules.Rule242414{ClusterClient: fakeShootClient, ControlPlaneClient: fakeSeedClient, ControlPlaneNamespace: seedNamespaceName, Options: &options}
 		Expect(fakeSeedClient.Create(ctx, seedPod)).To(Succeed())
 		Expect(fakeShootClient.Create(ctx, shootPod)).To(Succeed())
 
@@ -124,7 +124,7 @@ var _ = Describe("#242414", func() {
 	})
 
 	It("should return correct results when a pod fails", func() {
-		r := &v1r11.Rule242414{ClusterClient: fakeShootClient, ControlPlaneClient: fakeSeedClient, ControlPlaneNamespace: seedNamespaceName, Options: &options}
+		r := &rules.Rule242414{ClusterClient: fakeShootClient, ControlPlaneClient: fakeSeedClient, ControlPlaneNamespace: seedNamespaceName, Options: &options}
 		shootPod.Spec.Containers[0].Ports[0].HostPort = 1011
 		Expect(fakeSeedClient.Create(ctx, seedPod)).To(Succeed())
 		Expect(fakeShootClient.Create(ctx, shootPod)).To(Succeed())
@@ -165,7 +165,7 @@ var _ = Describe("#242414", func() {
 			},
 		}
 
-		r := &v1r11.Rule242414{ClusterClient: fakeShootClient, ControlPlaneClient: fakeSeedClient, ControlPlaneNamespace: seedNamespaceName, Options: &options}
+		r := &rules.Rule242414{ClusterClient: fakeShootClient, ControlPlaneClient: fakeSeedClient, ControlPlaneNamespace: seedNamespaceName, Options: &options}
 
 		acceptedShootPod := shootPod.DeepCopy()
 		acceptedShootPod.Name = "accepted-shoot-pod"
-Original file line number
+Diff line change
@@ Expand Up @@
     The `Gardener` provider implements the following `rulesets`:
     - [DISA Kubernetes Security Technical Implementation Guide](../rulesets/disa-k8s-stig.md)
+        - v2r1
         - v1r11
     ### Configuration
@@ Expand Down @@