feat: Convert policies to v1#2467
Merged
shimonp21 merged 1 commit intocloudquery:mainfrom Oct 6, 2022
shimonp21:policy_actual
Merged
feat: Convert policies to v1#2467shimonp21 merged 1 commit intocloudquery:mainfrom shimonp21:policy_actual
shimonp21 merged 1 commit intocloudquery:mainfrom
shimonp21:policy_actual
Conversation
- fixed many issues of duplicate rows. Each resources tested must have a single line in the output (but if our SELECT query joins with subtables, each resource may have many rows... ). - removed endpoint_api_serve_on_secure_port.. The check tested that the k8s-api was served on port 6443 or 443. But obviously the port number has very little to do with security. NSA-Cisa [page 18], of course, doesn't specify that these must be the port numbers. e.g. minikube uses port 8443 instead of 6443. The check also tested the port 'name', but that of course also doesn't necesarrily indicate the actual protocol used... - fixed `default_deny_ingress` and `default_deny_egress` policies to actually work (they always returned fail until now). Also deleted `default_dont_allow_ingress` and `default_dont_deny_egress`, since they seem to be duplicates of the `deny` policy? https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF
disq
approved these changes
Oct 6, 2022
kodiakhq bot
pushed a commit
that referenced
this pull request
Oct 9, 2022
🤖 I have created a release *beep* *boop* --- ## [1.1.0](plugins-source-k8s-v1.0.0...plugins-source-k8s-v1.1.0) (2022-10-09) ### Features * Convert policies to v1 ([#2467](#2467)) ([8ae4547](8ae4547)) ### Bug Fixes * **deps:** Update plugin-sdk for k8s to v0.12.3 ([#2360](#2360)) ([0e61300](0e61300)) * **deps:** Update plugin-sdk for k8s to v0.12.4 ([#2402](#2402)) ([4b8cf59](4b8cf59)) * **deps:** Update plugin-sdk for k8s to v0.12.5 ([#2424](#2424)) ([539aafc](539aafc)) * **deps:** Update plugin-sdk for k8s to v0.12.6 ([#2440](#2440)) ([1d8b267](1d8b267)) * **deps:** Update plugin-sdk for k8s to v0.12.7 ([#2453](#2453)) ([d19d373](d19d373)) * **deps:** Update plugin-sdk for k8s to v0.12.8 ([#2503](#2503)) ([a50ffcc](a50ffcc)) * **deps:** Update plugin-sdk for k8s to v0.12.9 ([#2517](#2517)) ([71cdfe8](71cdfe8)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
kodiakhq bot
pushed a commit
that referenced
this pull request
Oct 14, 2022
🤖 I have created a release *beep* *boop* --- ## [2.0.0](plugins-source-k8s-v1.2.3...plugins-source-k8s-v2.0.0) (2022-10-14) ### ⚠ BREAKING CHANGES * Official v1 release (#2335) ### Features * Convert policies to v1 ([#2467](#2467)) ([8ae4547](8ae4547)) * **k8s:** Add jobs.spec_pod_failure_policy and pods.spec_host_users columns ([#2640](#2640)) ([7b2c4aa](7b2c4aa)) ### Bug Fixes * **deps:** Update plugin-sdk for aws to v0.13.5 ([#2660](#2660)) ([748a0b3](748a0b3)) * **deps:** Update plugin-sdk for azure to v0.13.5 ([#2591](#2591)) ([c36f60a](c36f60a)) * **deps:** Update plugin-sdk for cloudflare to v0.13.5 ([#2593](#2593)) ([ed96887](ed96887)) * **deps:** Update plugin-sdk for digitalocean to v0.13.5 ([#2594](#2594)) ([5570015](5570015)) * **deps:** Update plugin-sdk for gcp to v0.13.5 ([#2595](#2595)) ([ec17c48](ec17c48)) * **deps:** Update plugin-sdk for k8s to v0.12.10 ([#2552](#2552)) ([1c0c2a7](1c0c2a7)) * **deps:** Update plugin-sdk for k8s to v0.12.3 ([#2360](#2360)) ([0e61300](0e61300)) * **deps:** Update plugin-sdk for k8s to v0.12.4 ([#2402](#2402)) ([4b8cf59](4b8cf59)) * **deps:** Update plugin-sdk for k8s to v0.12.5 ([#2424](#2424)) ([539aafc](539aafc)) * **deps:** Update plugin-sdk for k8s to v0.12.6 ([#2440](#2440)) ([1d8b267](1d8b267)) * **deps:** Update plugin-sdk for k8s to v0.12.7 ([#2453](#2453)) ([d19d373](d19d373)) * **deps:** Update plugin-sdk for k8s to v0.12.8 ([#2503](#2503)) ([a50ffcc](a50ffcc)) * **deps:** Update plugin-sdk for k8s to v0.12.9 ([#2517](#2517)) ([71cdfe8](71cdfe8)) * **deps:** Update plugin-sdk for k8s to v0.13.1 ([#2598](#2598)) ([85c5ec7](85c5ec7)) * **deps:** Update plugin-sdk for k8s to v0.13.6 ([#2730](#2730)) ([6debcec](6debcec)) * **deps:** Update plugin-sdk for k8s to v0.13.8 ([#2786](#2786)) ([c2786d3](c2786d3)) * **k8s:** Structure plugin so version is embedded by Go Releaser ([#2759](#2759)) ([8666bee](8666bee)) * Update all source plugin to v0.12.2 ([#2316](#2316)) ([5099dcf](5099dcf)) * Upgrade source SDK versions to v0.13.5 ([#2610](#2610)) ([611868e](611868e)) ### Miscellaneous Chores * Official v1 release ([#2335](#2335)) ([e32de23](e32de23)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
daniel-garcia
pushed a commit
to infobloxopen/ibcq-source-k8s
that referenced
this pull request
Feb 24, 2026
🤖 I have created a release *beep* *boop* --- ## [1.1.0](cloudquery/cloudquery@plugins-source-k8s-v1.0.0...plugins-source-k8s-v1.1.0) (2022-10-09) ### Features * Convert policies to v1 ([#2467](cloudquery/cloudquery#2467)) ([6a780bb](cloudquery/cloudquery@6a780bb)) ### Bug Fixes * **deps:** Update plugin-sdk for k8s to v0.12.3 ([#2360](cloudquery/cloudquery#2360)) ([42ca91e](cloudquery/cloudquery@42ca91e)) * **deps:** Update plugin-sdk for k8s to v0.12.4 ([#2402](cloudquery/cloudquery#2402)) ([bca3c9a](cloudquery/cloudquery@bca3c9a)) * **deps:** Update plugin-sdk for k8s to v0.12.5 ([#2424](cloudquery/cloudquery#2424)) ([9a7d488](cloudquery/cloudquery@9a7d488)) * **deps:** Update plugin-sdk for k8s to v0.12.6 ([#2440](cloudquery/cloudquery#2440)) ([8730905](cloudquery/cloudquery@8730905)) * **deps:** Update plugin-sdk for k8s to v0.12.7 ([#2453](cloudquery/cloudquery#2453)) ([908ec82](cloudquery/cloudquery@908ec82)) * **deps:** Update plugin-sdk for k8s to v0.12.8 ([#2503](cloudquery/cloudquery#2503)) ([dbc945f](cloudquery/cloudquery@dbc945f)) * **deps:** Update plugin-sdk for k8s to v0.12.9 ([#2517](cloudquery/cloudquery#2517)) ([4912b2b](cloudquery/cloudquery@4912b2b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
daniel-garcia
pushed a commit
to infobloxopen/ibcq-source-k8s
that referenced
this pull request
Feb 24, 2026
🤖 I have created a release *beep* *boop* --- ## [2.0.0](cloudquery/cloudquery@plugins-source-k8s-v1.2.3...plugins-source-k8s-v2.0.0) (2022-10-14) ### ⚠ BREAKING CHANGES * Official v1 release (#2335) ### Features * Convert policies to v1 ([#2467](cloudquery/cloudquery#2467)) ([6a780bb](cloudquery/cloudquery@6a780bb)) * **k8s:** Add jobs.spec_pod_failure_policy and pods.spec_host_users columns ([#2640](cloudquery/cloudquery#2640)) ([a669fdc](cloudquery/cloudquery@a669fdc)) ### Bug Fixes * **deps:** Update plugin-sdk for aws to v0.13.5 ([#2660](cloudquery/cloudquery#2660)) ([748a0b3](cloudquery/cloudquery@748a0b3)) * **deps:** Update plugin-sdk for azure to v0.13.5 ([#2591](cloudquery/cloudquery#2591)) ([c36f60a](cloudquery/cloudquery@c36f60a)) * **deps:** Update plugin-sdk for cloudflare to v0.13.5 ([#2593](cloudquery/cloudquery#2593)) ([ed96887](cloudquery/cloudquery@ed96887)) * **deps:** Update plugin-sdk for digitalocean to v0.13.5 ([#2594](cloudquery/cloudquery#2594)) ([5570015](cloudquery/cloudquery@5570015)) * **deps:** Update plugin-sdk for gcp to v0.13.5 ([#2595](cloudquery/cloudquery#2595)) ([ec17c48](cloudquery/cloudquery@ec17c48)) * **deps:** Update plugin-sdk for k8s to v0.12.10 ([#2552](cloudquery/cloudquery#2552)) ([233580b](cloudquery/cloudquery@233580b)) * **deps:** Update plugin-sdk for k8s to v0.12.3 ([#2360](cloudquery/cloudquery#2360)) ([42ca91e](cloudquery/cloudquery@42ca91e)) * **deps:** Update plugin-sdk for k8s to v0.12.4 ([#2402](cloudquery/cloudquery#2402)) ([bca3c9a](cloudquery/cloudquery@bca3c9a)) * **deps:** Update plugin-sdk for k8s to v0.12.5 ([#2424](cloudquery/cloudquery#2424)) ([9a7d488](cloudquery/cloudquery@9a7d488)) * **deps:** Update plugin-sdk for k8s to v0.12.6 ([#2440](cloudquery/cloudquery#2440)) ([8730905](cloudquery/cloudquery@8730905)) * **deps:** Update plugin-sdk for k8s to v0.12.7 ([#2453](cloudquery/cloudquery#2453)) ([908ec82](cloudquery/cloudquery@908ec82)) * **deps:** Update plugin-sdk for k8s to v0.12.8 ([#2503](cloudquery/cloudquery#2503)) ([dbc945f](cloudquery/cloudquery@dbc945f)) * **deps:** Update plugin-sdk for k8s to v0.12.9 ([#2517](cloudquery/cloudquery#2517)) ([4912b2b](cloudquery/cloudquery@4912b2b)) * **deps:** Update plugin-sdk for k8s to v0.13.1 ([#2598](cloudquery/cloudquery#2598)) ([2c49a3a](cloudquery/cloudquery@2c49a3a)) * **deps:** Update plugin-sdk for k8s to v0.13.6 ([#2730](cloudquery/cloudquery#2730)) ([0aac238](cloudquery/cloudquery@0aac238)) * **deps:** Update plugin-sdk for k8s to v0.13.8 ([#2786](cloudquery/cloudquery#2786)) ([0bb2a97](cloudquery/cloudquery@0bb2a97)) * **k8s:** Structure plugin so version is embedded by Go Releaser ([#2759](cloudquery/cloudquery#2759)) ([70a54a5](cloudquery/cloudquery@70a54a5)) * Update all source plugin to v0.12.2 ([#2316](cloudquery/cloudquery#2316)) ([bbfb5fa](cloudquery/cloudquery@bbfb5fa)) * Upgrade source SDK versions to v0.13.5 ([#2610](cloudquery/cloudquery#2610)) ([bdeded1](cloudquery/cloudquery@bdeded1)) ### Miscellaneous Chores * Official v1 release ([#2335](cloudquery/cloudquery#2335)) ([e68f50c](cloudquery/cloudquery@e68f50c)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
[draft for easier reviewing at https://github.com//pull/2466]
default_deny_ingressanddefault_deny_egresspolicies to actually work (they always returned fail until now). Also deleteddefault_dont_allow_ingressanddefault_dont_deny_egress, since they seem to be duplicates of thedenypolicy?https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF
Summary