+
Skip to content

Changed policy documentation table layout + fixed few typos #191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Aug 3, 2023
Merged

Changed policy documentation table layout + fixed few typos #191

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e9fec63
Changed policy documentation table layout + fixed few typos
mikouaj Aug 2, 2023
0c5b698
Merge branch 'main' into policy-docs-imp
mikouaj Aug 3, 2023
2a0f0ad
Reverted back scalability in old gke-policies
mikouaj Aug 3, 2023
5e7cac8
Merge branch 'policy-docs-imp' of github.com:google/gke-policy-automa…
mikouaj Aug 3, 2023
68c5084
Updated link in readme
mikouaj Aug 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 44 additions & 44 deletions gke-policies-v2/README.md
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion gke-policies-v2/policy/cluster_gce_csi_driver.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

# METADATA
# title: Use Compute Engine persistent disk CSI driver
# description: Automatic deployment and management of the Compute Engine persisten disk CSI driver. The driver provides support for features like customer managed encryption keys or volume snapshots.
# description: Automatic deployment and management of the Compute Engine persistent disk CSI driver. The driver provides support for features like customer managed encryption keys or volume snapshots.
# custom:
# group: Management
# severity: Medium
Expand Down
2 changes: 1 addition & 1 deletion gke-policies-v2/policy/node_pool_integrity_monitoring.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

# METADATA
# title: Integrity monitoring on the nodes
# description: GKE node pools should have integrity monitoring feature enabled to detect changes in a VM boot measurments
# description: GKE node pools should have integrity monitoring feature enabled to detect changes in a VM boot measurements
# custom:
# group: Security
# severity: Critical
Expand Down
2 changes: 1 addition & 1 deletion gke-policies-v2/scalability/limits_hpas.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

# METADATA
# title: Number of HPAs in a cluster
# description: The optimal number of Horizonal Pod Autoscalers in a cluster
# description: The optimal number of Horizontal Pod Autoscalers in a cluster
# custom:
# group: Scalability
# severity: Medium
Expand Down
80 changes: 44 additions & 36 deletions gke-policies/README.md
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion gke-policies/policy/cluster_gce_csi_driver.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

# METADATA
# title: Use Compute Engine persistent disk CSI driver
# description: Automatic deployment and management of the Compute Engine persisten disk CSI driver. The driver provides support for features like customer managed encryption keys or volume snapshots.
# description: Automatic deployment and management of the Compute Engine persistent disk CSI driver. The driver provides support for features like customer managed encryption keys or volume snapshots.
# custom:
# group: Management
# severity: Medium
Expand Down
2 changes: 1 addition & 1 deletion gke-policies/policy/node_pool_integrity_monitoring.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

# METADATA
# title: Integrity monitoring on the nodes
# description: GKE node pools should have integrity monitoring feature enabled to detect changes in a VM boot measurments
# description: GKE node pools should have integrity monitoring feature enabled to detect changes in a VM boot measurements
# custom:
# group: Security
# severity: Critical
Expand Down
14 changes: 10 additions & 4 deletions internal/outputs/documentation.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,10 @@ import (
"github.com/google/gke-policy-automation/internal/policy"
)

const defaultPolicyDocFileURLPrefix = "../"
const (
defaultPolicyDocFileURLPrefix = "../"
cisGKEURL = "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark"
)

type PolicyDocumentation interface {
GenerateDocumentation() string
Expand Down Expand Up @@ -50,12 +53,15 @@ func (m *MarkdownPolicyDocumentation) GenerateDocumentation() string {
return m.policies[i].Group < m.policies[j].Group
})
var sb strings.Builder

sb.WriteString("|Group|Title|Description|File|\n|-|-|-|-|\n")
sb.WriteString("|Name|Group|Description|CIS Benchmark|\n|-|-|-|-|\n")

for _, p := range m.policies {
policyFileURL := fmt.Sprintf("%s%s", m.policyDocFileURLPrefix, p.File)
sb.WriteString(fmt.Sprintf("|%s|%s|%s|[%s](%s)|\n", p.Group, p.Title, p.Description, p.File, policyFileURL))
cis := ""
if p.CisVersion != "" && p.CisID != "" {
cis = fmt.Sprintf("[CIS GKE](%s) %s: %s", cisGKEURL, p.CisVersion, p.CisID)
}
sb.WriteString(fmt.Sprintf("|[%s](%s)|%s|%s|%s|\n", p.Title, policyFileURL, p.Group, p.Description, cis))
}

return sb.String()
Expand Down
8 changes: 5 additions & 3 deletions internal/outputs/documentation_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ func buildPoliciesMetadata() []*policy.Policy {
Description: "Third description",
Group: "Group 1",
File: "gke-policies/file3.rego",
CisVersion: "1.2",
CisID: "5.3.1",
},
{
Title: "First policy",
Expand All @@ -48,9 +50,9 @@ func buildPoliciesMetadata() []*policy.Policy {

func TestMarkdownDocumention(t *testing.T) {
var sb strings.Builder
fmt.Fprintf(&sb, "|Group 1|First policy|First description|[gke-policies/file1.rego](%sgke-policies/file1.rego)|\n", defaultPolicyDocFileURLPrefix)
fmt.Fprintf(&sb, "|Group 1|Third policy|Third description|[gke-policies/file3.rego](%sgke-policies/file3.rego)|\n", defaultPolicyDocFileURLPrefix)
fmt.Fprintf(&sb, "|Group 2|Second policy|Second description|[gke-policies/file2.rego](%sgke-policies/file2.rego)|\n", defaultPolicyDocFileURLPrefix)
fmt.Fprintf(&sb, "|[First policy](%sgke-policies/file1.rego)|Group 1|First description||\n", defaultPolicyDocFileURLPrefix)
fmt.Fprintf(&sb, "|[Third policy](%sgke-policies/file3.rego)|Group 1|Third description|[CIS GKE](%s) 1.2: 5.3.1|\n", defaultPolicyDocFileURLPrefix, cisGKEURL)
fmt.Fprintf(&sb, "|[Second policy](%sgke-policies/file2.rego)|Group 2|Second description||\n", defaultPolicyDocFileURLPrefix)
expected := sb.String()

generator := NewMarkdownPolicyDocumentation(buildPoliciesMetadata())
Expand Down
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载