nimbus icon indicating copy to clipboard operation
nimbus copied to clipboard

Published 20 hours ago verified publisher icon 5GSEC

feat: Add DiscoveredPolicy adapter

Open anurag-rajawat opened this issue 1 year ago • 1 comments
trafficstars

Description

Fixes #85

To test this PR locally

  • Have a cluster running dev2
  • Run dsp module along with dev2
  • Run this adapter 
    make run
  • Apply the network-segmentation intent and binding 
    k apply -f examples/namespaced/net-segment.yaml
  • Wait a minuter or two and then do a get on nimbuspolicy 
    $ k get np
NAME                          STATUS    AGE   POLICIES
network-segmentation-for-ns   Created   16s    2

Describe the nimbuspolicy to know which policies are created.

$ k describe np network-segmentation-for-ns
Name:         network-segmentation-for-ns
Namespace:    default
Labels:       <none>
Annotations:  <none>
API Version:  intent.security.nimbus.com/v1alpha1
Kind:         NimbusPolicy
Metadata:
  Creation Timestamp:  2024-07-19T12:48:55Z
  Generation:          1
  Owner References:
    API Version:           intent.security.nimbus.com/v1alpha1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  SecurityIntentBinding
    Name:                  network-segmentation-for-ns
    UID:                   315e126d-b47a-446b-aa24-750757328185
  Resource Version:        115494
  UID:                     6e500f25-52d2-437f-a830-4e97ae9cba28
Spec:
  Rules:
    Id:  netSegment
    Rule:
      Action:  Audit
  Selector:
    Match Labels:
      App:  httpd
Status:
  Adapter Policies:
    NetworkPolicy/autopol-egress-2464079254
    KubeArmorPolicy/autopol-system-266430746
  Last Updated:                2024-07-19T12:48:55Z
  Number Of Adapter Policies:  2
  Status:                      Created
Events:                        <none>

Does this PR introduce a breaking change? No.

Checklist

  • [x] PR title follows the <type>: <description> convention
  • [x] I use conventional commits in my commit messages
  • [ ] I have updated the documentation accordingly
  • [ ] I Keep It Small and Simple: The smaller the PR is, the easier it is to review and have it merged
  • [x] I have performed a self-review of my code
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • [x] New and existing unit tests pass locally with my changes

Additional information for reviewer

  • ⚠️ Hold Merge: Depends on https://github.com/accuknox/dev2/pull/160
  • Helm chart is also not added.
  • Since this adapter leverages the DiscoveredPolicies feature. As DiscoveredPolicies hasn't been merged yet, it's currently excluded from the build-adapter-image and release-adapters-image jobs.

Mention if this PR is part of any design or a continuation of previous PRs

anurag-rajawat avatar Jul 19 '24 13:07 anurag-rajawat

Depends on https://github.com/accuknox/dev2/pull/160

nandhued avatar Oct 14 '24 03:10 nandhued