Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rule update: add back trusted_containers list for backport compatibility #675

Merged
merged 3 commits into from
Jun 17, 2019
Merged

rule update: add back trusted_containers list for backport compatibility #675

merged 3 commits into from
Jun 17, 2019

Conversation

Kaizhe
Copy link
Contributor

@Kaizhe Kaizhe commented Jun 17, 2019

Signed-off-by: kaizhe [email protected]

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind bug

/kind cleanup
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flaky-test

If contributing rules or changes to rules, please make sure to uncomment the appropriate kind

/kind rule/update
/kind rule/create

Any specific area of the project related to this PR?

/area engine
/area rules
/area deployment
/area integrations
/area examples

What this PR does / why we need it:
For backport compatibility

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

N/A

@Kaizhe Kaizhe requested a review from mstemm June 17, 2019 19:13
@poiana poiana requested a review from fntlnz June 17, 2019 19:13
@poiana
Copy link
Contributor

poiana commented Jun 17, 2019

@Kaizhe: There is not a label identifying the kind of this PR.
Please specify it either using /kind <group> or manually from the side menu.
In case you do not know which kind this proposal is please mention the maintainers using @team/maintainers.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@poiana poiana added the size/XS label Jun 17, 2019
mstemm
mstemm requested changes Jun 17, 2019
View reviewed changes
rules/falco_rules.yaml Outdated
@@ -1677,6 +1677,10 @@
- list: trusted_images
items: []

# Backport compatibility
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a longer comment block like the one for trusted_images that specifically says this is only for backwards compatibility and instead the changes should be made to *_privileged_images or _sensitive_mount_images if possible, and *_privileged_containers/_sensitive_mount_containers as a backup?

rules/falco_rules.yaml Outdated
@@ -1677,6 +1677,10 @@
- list: trusted_images
items: []

# Backport compatibility
- list: trusted_containers
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think trusted_containers used to be a macro, right? In that case it should be a macro here and also it should be added to all the rules that might rely on that list.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so it should be

- macro: trusted_containers
  condition: container.image.repository in (trusted_images)

@Kaizhe
more comment
e67c1c9 
Signed-off-by: kaizhe <[email protected]>
@Kaizhe
update to macro
f8d79b3 
Signed-off-by: kaizhe <[email protected]>
@poiana poiana added the lgtm label Jun 17, 2019
@poiana
Copy link
Contributor

poiana commented Jun 17, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mstemm

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana
Copy link
Contributor

poiana commented Jun 17, 2019

LGTM label has been added.

Git tree hash: e2d238079a3a40749ed06041ebd647d4cdede0fc

@poiana poiana merged commit 88ed98c into dev Jun 17, 2019
@poiana poiana deleted the rule-updates-2019-06.v2 branch June 17, 2019 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mstemm mstemm mstemm approved these changes

@fntlnz fntlnz Awaiting requested review from fntlnz

Assignees

@mstemm mstemm

Labels
approved dco-signoff: yes lgtm needs-kind release-note size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Kaizhe @poiana @mstemm