Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(core)!: Update the CRDs scheme #24

Closed
wants to merge 3 commits into from
Closed

feat(core)!: Update the CRDs scheme #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ab941ee
feat(core)!: Update the CRDs scheme
anurag-rajawat Dec 28, 2023
351b7a0
chore: Fix error format
anurag-rajawat Dec 28, 2023
01de08c
chore: Update Security Intent short-name
anurag-rajawat Dec 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 2 additions & 6 deletions cmd/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,8 @@ import (
// Importing custom API types and controllers
intentv1 "github.com/5GSEC/nimbus/pkg/api/v1"
"github.com/5GSEC/nimbus/pkg/controllers"
cleanup "github.com/5GSEC/nimbus/pkg/controllers/cleanup"
general "github.com/5GSEC/nimbus/pkg/controllers/general"
policy "github.com/5GSEC/nimbus/pkg/controllers/policy"
"github.com/5GSEC/nimbus/pkg/controllers/cleanup"
"github.com/5GSEC/nimbus/pkg/controllers/general"

// Importing third-party Kubernetes resource types
ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
Expand Down Expand Up @@ -103,8 +102,6 @@ func main() {
os.Exit(1)
}

policyController := policy.NewPolicyController(mgr.GetClient(), mgr.GetScheme())

// Setting up the SecurityIntentReconciler controller with the manager.
if err = (&controllers.SecurityIntentReconciler{
Client: mgr.GetClient(),
Expand All @@ -119,7 +116,6 @@ func main() {
Client: mgr.GetClient(),
Scheme: mgr.GetScheme(),
GeneralController: generalController,
PolicyController: policyController,
}).SetupWithManager(mgr); err != nil {
setupLog.Error(err, "Unable to create controller", "controller", "SecurityIntentBinding")
os.Exit(1)
Expand Down
17 changes: 4 additions & 13 deletions config/crd/bases/intent.security.nimbus.com_securityintentbindings.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,23 +37,14 @@ spec:
spec:
description: SecurityIntentBindingSpec defines the desired state of SecurityIntentBinding
properties:
intentRequests:
intents:
items:
description: IntentRequest defines the request for a specific SecurityIntent
properties:
description:
type: string
intentName:
type: string
mode:
type: string
type:
name:
type: string
required:
- description
- intentName
- mode
- type
- name
type: object
type: array
selector:
Expand Down Expand Up @@ -104,7 +95,7 @@ spec:
type: array
type: object
required:
- intentRequests
- intents
- selector
type: object
status:
Expand Down
205 changes: 32 additions & 173 deletions config/crd/bases/intent.security.nimbus.com_securityintents.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ spec:
listKind: SecurityIntentList
plural: securityintents
shortNames:
- sit
- si
singular: securityintent
scope: Namespaced
versions:
Expand All @@ -37,187 +37,46 @@ spec:
description: SecurityIntentSpec defines the desired state of SecurityIntent
properties:
intent:
description: Intent defines the security policy details
description: Intent defines a security intention that can be used
to generate multiple security policies.
properties:
action:
description: Action defines how the security policy will be enforced.
type: string
description:
description: Description is human-readable explanation of the
intent's purpose.
type: string
resource:
id:
description: ID is predefined in Security Intent pool. It uniquely
identifies a specific security intent.
type: string
mode:
description: Mode defines the enforcement behavior of the intent.
Defaults to best-effort.
type: string
params:
additionalProperties:
items:
type: string
type: array
description: Params are key-value pairs that allows fine-tuning
of intents to specific requirements.
type: object
severity:
description: Severity defines the potential impact of a security
violation related to the intent. Defaults to Low.
type: string
tags:
description: Tags are additional metadata for categorization and
grouping of intents. Facilitates searching, filtering, and management
of security policies.
items:
description: Resource defines the resources that the security
policy applies to
properties:
capabilities:
items:
description: Capabilities defines the capabilities-related
policies
properties:
matchCapabilities:
items:
description: MatchCapability defines a capability
for capabilities policies
properties:
capability:
type: string
type: object
type: array
type: object
type: array
file:
items:
description: File defines the file-related policies
properties:
matchDirectories:
items:
description: MatchDirectory defines a directory
for process or file policies
properties:
dir:
type: string
fromSource:
items:
description: FromSource defines a source path
for directory-based policies
properties:
path:
type: string
type: object
type: array
recursive:
type: boolean
type: object
type: array
matchPaths:
items:
description: MatchPath defines a path for process
or file policies
properties:
path:
type: string
type: object
type: array
type: object
type: array
fromCIDRSet:
items:
description: CIDRSet defines CIDR ranges for network policies
properties:
cidr:
type: string
type: object
type: array
network:
items:
description: Network defines the network-related policies
properties:
matchProtocols:
items:
description: MatchProtocol defines a protocol for
network policies
properties:
fromSource:
items:
description: FromSource defines a source path
for directory-based policies
properties:
path:
type: string
type: object
type: array
protocol:
type: string
type: object
type: array
type: object
type: array
process:
items:
description: Process defines the process-related policies
properties:
matchDirectories:
items:
description: MatchDirectory defines a directory
for process or file policies
properties:
dir:
type: string
fromSource:
items:
description: FromSource defines a source path
for directory-based policies
properties:
path:
type: string
type: object
type: array
recursive:
type: boolean
type: object
type: array
matchPaths:
items:
description: MatchPath defines a path for process
or file policies
properties:
path:
type: string
type: object
type: array
matchPatterns:
items:
description: MatchPattern defines a pattern for
process policies
properties:
pattern:
type: string
type: object
type: array
type: object
type: array
syscalls:
items:
description: Syscalls defines the syscalls-related policies
properties:
matchSyscalls:
items:
description: MatchSyscall defines a syscall for
syscall policies
properties:
syscalls:
items:
type: string
type: array
type: object
type: array
type: object
type: array
toPorts:
items:
description: ToPort defines ports and protocols for network
policies
properties:
ports:
items:
description: Port defines a network port and its
protocol
properties:
port:
type: string
protocol:
type: string
type: object
type: array
type: object
type: array
type: object
type: string
type: array
type:
type: string
required:
- action
- resource
- type
- id
type: object
required:
- intent
Expand Down
Loading
Loading