You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Retrieve and evaluate the permissions of individual users and groups (disabled by default, enabled through the new --violations flag).
Control the indent of JSON output with the new --json-indent flag, useful for shrinking output size.
Slight performance improvements.
Breaking changes
Policies now use a targets set to define the violations they produce, instead of the checkXXX variables. A policy that defined checkServiceAccounts := true and checkNodes := true for example, would now need to replace these with targets := {"serviceAccounts", "nodes"}. The policy library has been updated. Custom policies can be updated using the ./utils/update_policy_to_use_targets.py script.
The --no-XXX-violations flags have been replaced with a new --violations flag, see configure-violation-types.
df5f672 Add script that updates policies to use the new 'targets' set
abbfef4 purge dangeling roles & identities before passing input to policies
b3ad5e5 Stop indenting collect's out to save disk space
3e1a3e6 Recreate store buffer for each policy evalutation
cd2fd6b Collect user & group roles and produce user & group violations, BREAKING minor policy format change, BREAKING replace old --no-XXX-violations flags with new --violations flag
