Resolve "Errors capturing violations"
General MR
Summary
(Summarize the purpose of the MR)
Relevant logs/screenshots
COVERAGE:
Linked Issue
Upgrade Notices
(Include any relevant notes about upgrades here or write "N/A" if there are none)
Closes #261 (closed)
Merge request reports
Activity
added botmr kindbug priority2 teamTools & Automation labels
assigned to @leedarrien
added statusdoing label
added 2 commits
added 1 commit
- 66e966d8 - adjusted test for new param, fixed pipeline issue
added 1 commit
- d4b94962 - added case for empty message, adjusted parsing test only
added 1 commit
- 30fd5ab4 - added logic to fix test cases, fixed existing tests
added 1 commit
- e7fc86f9 - removed dirty comments, removed old parsing logic
requested review from @nicole.dupree, @ryan.daily, @leedarrien, @daniel.dides, @ryan.lesher, @chris.oconnell, @rehank125, @andrewshoell, @dpritchettrm, @mgoloski, and @jfoster
added 1 commit
- 99c6fa4c - removed unnecessary checks, increased coverage
removed botmr label
removed statusdoing label
added statusreview label
removed review request for @leedarrien
- Resolved by Darrien Lee
Can send a full copy of example output from dogfood and my own test deployment. I am open to suggestions on how we can parse these violations differently.
Here's just a few examples as it stands currently:
- name: authservice-xxx kind: Pod namespace: authservice policy: "" constraint: container resource management message: container <update-ca-bundle> has no resource requests action: dryrun timestamp: "2024-09-17T22:22:22Z" - name: neuvector-controller-pod-xxx kind: Pod namespace: neuvector policy: "" constraint: disallowed user/group message: 'Container neuvector-controller-pod is attempting to run as disallowed user 0. Allowed runAsUser: {"rule": "MustRunAsNonRoot"}' action: dryrun timestamp: "2024-09-17T22:22:22Z" - name: authservice-authservice-redis-bb-master-0 kind: Pod namespace: authservice policy: "" constraint: securityContext not configured message: 'Container metrics is attempting to run without a required securityContext/supplementalGroups. Allowed supplementalGroups: {"ranges": [{"max": 65535, "min": 1000}], "rule": "MustRunAs"}' action: dryrun timestamp: "2024-09-17T22:22:22Z" - name: tempo-tempo-0 kind: Pod namespace: tempo policy: "" constraint: container resource management message: 'Seccomp profile ''not configured'' is not allowed for container ''tempo-query''. Found at: no explicit profile found. Allowed profiles: {"RuntimeDefault", "runtime/default"}' action: dryrun timestamp: "2024-09-17T22:22:22Z" - name: neuvector-scanner-pod-xxx kind: Pod namespace: neuvector policy: "" constraint: readiness, liveness, and/or startup probe message: Container <neuvector-scanner-pod> in your <Pod> <neuvector-scanner-pod-xxx> has no <readinessProbe> action: dryrun timestamp: "2024-09-17T22:22:22Z"Edited by Darrien Lee - Last reply by Darrien Lee
mentioned in commit e49d3b40