Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add DiscoveredPolicy adapter #228

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: Add DiscoveredPolicy adapter #228

wants to merge 1 commit into from

Conversation

anurag-rajawat
Copy link
Collaborator

@anurag-rajawat anurag-rajawat commented Jul 19, 2024
edited
Loading

Description

Fixes #85

To test this PR locally

  • Have a cluster running dev2
  • Run dsp module along with dev2
  • Run this adapter 
    make run
  • Apply the network-segmentation intent and binding 
    k apply -f examples/namespaced/net-segment.yaml
  • Wait a minuter or two and then do a get on nimbuspolicy 
    $ k get np
NAME                          STATUS    AGE   POLICIES
network-segmentation-for-ns   Created   16s    2

Describe the nimbuspolicy to know which policies are created.

$ k describe np network-segmentation-for-ns
Name:         network-segmentation-for-ns
Namespace:    default
Labels:       <none>
Annotations:  <none>
API Version:  intent.security.nimbus.com/v1alpha1
Kind:         NimbusPolicy
Metadata:
  Creation Timestamp:  2024-07-19T12:48:55Z
  Generation:          1
  Owner References:
    API Version:           intent.security.nimbus.com/v1alpha1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  SecurityIntentBinding
    Name:                  network-segmentation-for-ns
    UID:                   315e126d-b47a-446b-aa24-750757328185
  Resource Version:        115494
  UID:                     6e500f25-52d2-437f-a830-4e97ae9cba28
Spec:
  Rules:
    Id:  netSegment
    Rule:
      Action:  Audit
  Selector:
    Match Labels:
      App:  httpd
Status:
  Adapter Policies:
    NetworkPolicy/autopol-egress-2464079254
    KubeArmorPolicy/autopol-system-266430746
  Last Updated:                2024-07-19T12:48:55Z
  Number Of Adapter Policies:  2
  Status:                      Created
Events:                        <none>

Does this PR introduce a breaking change?
No.

Checklist

  • PR title follows the <type>: <description> convention
  • I use conventional commits in my commit messages
  • I have updated the documentation accordingly
  • I Keep It Small and Simple: The smaller the PR is, the easier it is to review and have it merged
  • I have performed a self-review of my code
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

Additional information for reviewer

Mention if this PR is part of any design or a continuation of previous PRs

@anurag-rajawat anurag-rajawat marked this pull request as ready for review July 22, 2024 03:56
feat: Add DiscoveredPolicy adapter
95513ac 
Signed-off-by: Anurag Rajawat <[email protected]>
@nandhued
Copy link

Depends on https://github.com/accuknox/dev2/pull/160

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shivaccuknox shivaccuknox shivaccuknox approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Network Segmentation: Addresses Multiple intents
3 participants
@anurag-rajawat @nandhued @shivaccuknox