Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for proxy container if kube-proxy is not present #325

Merged
merged 15 commits into from
Oct 22, 2024
Merged

Check for proxy container if kube-proxy is not present #325

merged 15 commits into from
Oct 22, 2024

Conversation

georgibaltiev
Copy link
Contributor

@georgibaltiev georgibaltiev commented Oct 22, 2024
edited
Loading

What this PR does / why we need it:
This PR modifies the GetContainerCommand and GetContainerID util functions to be variadic and accept more than one possible container name for matching. Along with those modifications, rules that utilize the functions (242400, 242447, 242448) are also modified to search for "proxy" containers if "kube-proxy" containers are absent. Additional unit tests are added to validate the new modification.

Which issue(s) this PR fixes:
Fixes #314

Special notes for your reviewer:
NONE

Release note:

A bug causing DISA Kubernetes STIG rules that check the `kube-proxy` container to fail to find the container, when the container name is `proxy`, was fixed.

@georgibaltiev georgibaltiev requested a review from a team as a code owner October 22, 2024 08:56
@gardener-robot gardener-robot added needs/review Needs review size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) labels Oct 22, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Oct 22, 2024
@AleksandarSavchev AleksandarSavchev self-requested a review October 22, 2024 09:05
AleksandarSavchev
AleksandarSavchev requested changes Oct 22, 2024
View reviewed changes
@gardener-robot gardener-robot added the needs/changes Needs (more) changes label Oct 22, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Oct 22, 2024
@dimityrmirchev
Copy link
Member

/assign

AleksandarSavchev
AleksandarSavchev requested changes Oct 22, 2024
View reviewed changes
Copy link
Member

@AleksandarSavchev AleksandarSavchev left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just a few nits from last review and a new one

@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Oct 22, 2024
@georgibaltiev georgibaltiev force-pushed the kube-proxy-additional-proxy-check branch from 1b7b8b2 to f52f9f6 Compare October 22, 2024 14:32
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Oct 22, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Oct 22, 2024
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Oct 22, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Oct 22, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Oct 22, 2024
AleksandarSavchev
AleksandarSavchev approved these changes Oct 22, 2024
View reviewed changes
Copy link
Member

@AleksandarSavchev AleksandarSavchev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/cc @dimityrmirchev

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/changes Needs (more) changes needs/review Needs review labels Oct 22, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Oct 22, 2024
@georgibaltiev georgibaltiev merged commit 146e8ee into gardener:main Oct 22, 2024
9 checks passed
@georgibaltiev georgibaltiev deleted the kube-proxy-additional-proxy-check branch October 22, 2024 15:12
@georgibaltiev georgibaltiev mentioned this pull request Oct 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AleksandarSavchev AleksandarSavchev AleksandarSavchev approved these changes

Assignees

@dimityrmirchev dimityrmirchev

Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/lgtm Has approval for merging reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) size/m Size of pull request is medium (see gardener-robot robot/bots/size.py)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check for proxy container if kube-proxy is not present
7 participants
@georgibaltiev @dimityrmirchev @AleksandarSavchev @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot