Skip to content

Commit

Permalink
Merge branch 'main' into batch-authservice-checksum-updates
Browse files Browse the repository at this point in the history
  • Loading branch information
UnicornChance authored Oct 18, 2024
2 parents 3c49794 + e73597d commit 148e568
Show file tree
Hide file tree
Showing 32 changed files with 1,371 additions and 58 deletions.
7 changes: 4 additions & 3 deletions .codespellrc
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# Lint Codespell configurations
[codespell]
skip = .codespellrc,.git,node_modules,build,dist,*.zst,CHANGELOG.md
ignore-words-list = NotIn,AKS,LICENS
enable-colors =
skip = .codespellrc,.git,node_modules,build,dist,*.zst,CHANGELOG.md,.playwright,.terraform
ignore-words-list = NotIn,AKS,LICENS,aks
enable-colors =
check-hidden =
29 changes: 23 additions & 6 deletions .eslintrc.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,38 @@
"browser": false,
"es2021": true
},
"extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/recommended"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"project": ["./tsconfig.json"],
"project": [
"./tsconfig.json"
],
"ecmaVersion": 2022
},
"plugins": ["@typescript-eslint"],
"ignorePatterns": ["node_modules", "dist", "jest.*.js"],
"plugins": [
"@typescript-eslint"
],
"ignorePatterns": [
"node_modules",
"dist",
"jest.*.js",
"e2e/"
],
"root": true,
"rules": {
"@typescript-eslint/no-floating-promises": ["error"]
"@typescript-eslint/no-floating-promises": [
"error"
]
},
"overrides": [
{
"files": [ "src/pepr/operator/crd/generated/**/*.ts", "src/pepr/operator/crd/generated/*.ts" ],
"files": [
"src/pepr/operator/crd/generated/**/*.ts",
"src/pepr/operator/crd/generated/*.ts"
],
"rules": {
"@typescript-eslint/no-explicit-any": "off"
}
Expand Down
8 changes: 8 additions & 0 deletions .github/actions/save-logs/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,12 @@ runs:
sudo chown $USER /tmp/uds-*.log || echo ""
shell: bash

- name: Move Playwright Artifacts
run: |
sudo mkdir -p /tmp/playwright
sudo mv e2e/playwright/.playwright/* /tmp/playwright || true
shell: bash

- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: debug-log${{ inputs.suffix }}
Expand All @@ -47,3 +53,5 @@ runs:
/tmp/debug-*.log
/tmp/uds-containerd-logs
/tmp/k3d-uds-*.log
/tmp/playwright/output
/tmp/playwright/reports
4 changes: 2 additions & 2 deletions .github/test-infra/azure/aks/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ variable "cluster_managed_identity_type" {
}

variable "cluster_kubelet_identity_type" {
description = "Type of Managed Identity to be used for Kubelet. If UserAssigned, defaults to Azure automically creating Managaged Identity for Kubelet."
description = "Type of Managed Identity to be used for Kubelet. If UserAssigned, defaults to Azure automatically creating Managaged Identity for Kubelet."
default = "SystemAssigned"
}

Expand All @@ -191,4 +191,4 @@ variable "db_name" {
description = "The name to give the database"
type = string
default = "grafana"
}
}
2 changes: 1 addition & 1 deletion .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ jobs:

- name: Test UDS Core Install
if: ${{ inputs.package == 'all' && inputs.test_type == 'install' }}
run: uds run test-uds-core --set FLAVOR=${{ inputs.flavor }} --no-progress
run: uds run test:uds-core-e2e --set FLAVOR=${{ inputs.flavor }} --no-progress

- name: Compose UDS Core Component Definitions
if: ${{ inputs.package == 'all' && inputs.test_type == 'install' }}
Expand Down
9 changes: 7 additions & 2 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
.cache/
.idea/
build/
build/**
.DS_Store
*.tar.zst
zarf-sbom
zarf-sbom/**
tmp/
env.ts
node_modules/**
**/node_modules
**/node_modules/**
dist
dist/**
insecure*
.env
Expand All @@ -19,3 +22,5 @@ extract-terraform.sh
cluster-config.yaml
**.tfstate
**.backup
**/.playwright/**
**/.playwright
98 changes: 79 additions & 19 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
# Welcome to UDS Core

Thank you for your interest in Defense Unicorns UDS Core!

This document describes the process and requirements for contributing to this UDS Core repo.
Thank you for your interest in contributing to Defense Unicorns UDS Core! This document will guide you through the contribution process.

## Table of Contents

Expand All @@ -20,35 +18,97 @@ Continuous Delivery is core to our development philosophy. Check out [https://mi

Specifically:

* We do trunk-based development (main) with short-lived feature branches that originate from the trunk, get merged into the trunk, and are deleted after the merge
* We don't merge code into main that isn't releasable
* We perform automated testing on all changes before they get merged to main
* Continuous integration (CI) pipeline tests are definitive
* We create immutable release artifacts
- We practice trunk-based development (main) with short-lived feature branches that are merged and deleted after the merge.
- We don't merge code into main that isn't releasable.
- All changes are tested automatically before being merged into main.
- Continuous integration (CI) pipeline tests are the source of truth.
- We produce immutable release artifacts.

### Pre-Commit Checks

Commits:
We use [codespell](https://github.com/codespell-project/codespell) and [yamllint](https://yamllint.readthedocs.io/en/stable/) for pre-commit checks. Please install these before committing, or your commit may fail.

We use [codespell](https://github.com/codespell-project/codespell) and [yamllint](https://yamllint.readthedocs.io/en/stable/) for our precommit checking. It is recommended to have these installed before attempting to commit to the a branch otherwise your commit will not finalize and you will be shown an error.
To install these tools, run:

```console
uds run lint-check
```

To install both of these tools you can run `uds run lint-check` to install them or utilize `pip` to install them manually.
Alternatively, you can install them with `pip`:

```bash
```console
pip install yamllint codespell
```

## Definition of Done

We apply these general principles to all User Stories and activities contributing to the UDS.
We apply these principles to all User Stories and contributions:

- Automated continuous integration (CI) pipeline tests pass
- CI tests are updated to cover new system changes
- Changes are peer-reviewed
- Acceptance criteria is met
- Documentation is updated to reflect changes

### Testing

Each individual component of UDS Core contains lightweight validations in its own `src/<component>/tasks.yaml` file. These validations focus on the bare minimum functionality, typically covering pod health and endpoint accessibility.

We also place end-to-end tests under the `e2e` folder. In particular we use [Playwright](https://playwright.dev/) for browser based testing and have authentication setup to login to applications with a shared SSO session. Playwright provides a [test recorder](https://playwright.dev/docs/codegen#generate-tests-with-the-playwright-inspector) which can be beneficial to get a quickstart on new tests.

* Automated continuous integration (CI) pipeline tests pass
* CI pipeline tests have been updated to meet system changes
* Changes are peer reviewed
* Acceptance criteria is met
* Documentation is updated to reflect what changed
In general our testing focuses on the unique configuration and setup provided by UDS Core, rather than exhaustive functionality testing. We take this approach since each of the opensource applications we package and configure also have extensive end-to-end testing in their upstream repositories.

## Getting Started

TBD
This section will help you get set up and ready to contribute to UDS Core.

### 1. Prerequisites

Before starting, ensure that you have the following installed:

- **Git**: [Install Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
- **K3d**: [Install K3d](https://k3d.io/#installation)
- **Node.js** (for building and running Pepr): [Install Node.js](https://nodejs.org/en/download/)
- **UDS CLI** (for running tasks and deploying): [Install UDS](https://uds.defenseunicorns.com/cli/quickstart-and-usage/)

### 2. Clone the Repository and Make a Branch

Clone the UDS Core repository to your local machine using Git (note that you may want to [fork](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) this repository):

```console
git clone https://github.com/DefenseUnicorns/uds-core.git
cd uds-core
```

Then make a branch for your changes:

```console
git checkout -b my-feature-branch
```

### 3. Make Changes and Test Locally

Make the changes to add the new feature, bug fix, or other change necessary. Keep in mind any documentation or testing changes that are relevant while making code changes.

When you are ready to test locally you can run the same tests as CI using the below UDS commands:

```console
# Lightweight validations
uds run test-uds-core

# Full e2e tests (run in CI)
uds run test:uds-core-e2e
```

Each of these tasks will create a local k3d cluster, install UDS Core, and run a series of tests against it, the same tests that are run in CI.

If you want to run a subset of core for faster iterations against a specific package, you can use the `LAYER` variable with the below task (example for metrics-server):

```console
uds run test-single-layer --set LAYER=metrics-server
```

Note you can also specify the `--set FLAVOR=<registry1/unicorn>` flag to test using with either the Iron Bank or Unicorn sourced images instead of the upstream ones.

## Submitting a Pull Request

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
---
title: Exemptions CR (v1alpha1)
tableOfContents:
maxHeadingLevel: 6
---
<a id="Exemptions"></a>
<div style="margin-left: 20px; padding-top: 30px;">

# Exemptions
<table style="width: 100%; table-layout: fixed;">
<thead>
<tr>
<th style="width: 20%; white-space: nowrap;">Field</th>
<th style="width: 25%; white-space: nowrap;">Type</th>
<th style="width: 55%; white-space: nowrap;">Description</th>
</tr>
</thead>
<tbody>
<tr><td style="white-space: nowrap;">spec</td><td style="white-space: nowrap;"><a href="#Spec">Spec</a></td><td></td></tr>
</tbody>
</table>
</div>

<a id="Spec"></a>
<div style="margin-left: 40px; padding-top: 30px;">

## Spec
<table style="width: 100%; table-layout: fixed;">
<thead>
<tr>
<th style="width: 20%; white-space: nowrap;">Field</th>
<th style="width: 25%; white-space: nowrap;">Type</th>
<th style="width: 55%; white-space: nowrap;">Description</th>
</tr>
</thead>
<tbody>
<tr><td style="white-space: nowrap;">exemptions</td><td style="white-space: nowrap;"><a href="#Exemptions">Exemptions[]</a></td><td>Policy exemptions</td></tr>
</tbody>
</table>
</div>

<a id="Exemptions"></a>
<div style="margin-left: 60px; padding-top: 30px;">

### Exemptions
<table style="width: 100%; table-layout: fixed;">
<thead>
<tr>
<th style="width: 20%; white-space: nowrap;">Field</th>
<th style="width: 25%; white-space: nowrap;">Type</th>
<th style="width: 55%; white-space: nowrap;">Description</th>
</tr>
</thead>
<tbody>
<tr><td style="white-space: nowrap;">description</td><td style="white-space: nowrap;">string</td><td>Reasons as to why this exemption is needed</td></tr><tr><td style="white-space: nowrap;">matcher</td><td style="white-space: nowrap;"><a href="#Matcher">Matcher</a></td><td>Resource to exempt (Regex allowed for name)</td></tr><tr><td style="white-space: nowrap;">policies</td><td style="white-space: nowrap;">Policies[] (enum):<ul><li><code>DisallowHostNamespaces</code></li><li><code>DisallowNodePortServices</code></li><li><code>DisallowPrivileged</code></li><li><code>DisallowSELinuxOptions</code></li><li><code>DropAllCapabilities</code></li><li><code>RequireNonRootUser</code></li><li><code>RestrictCapabilities</code></li><li><code>RestrictExternalNames</code></li><li><code>RestrictHostPathWrite</code></li><li><code>RestrictHostPorts</code></li><li><code>RestrictProcMount</code></li><li><code>RestrictSeccomp</code></li><li><code>RestrictSELinuxType</code></li><li><code>RestrictVolumeTypes</code></li></ul></td><td>A list of policies to override</td></tr><tr><td style="white-space: nowrap;">title</td><td style="white-space: nowrap;">string</td><td>title to give the exemption for reporting purposes</td></tr>
</tbody>
</table>
</div>

<a id="Matcher"></a>
<div style="margin-left: 80px; padding-top: 30px;">

#### Matcher
<table style="width: 100%; table-layout: fixed;">
<thead>
<tr>
<th style="width: 20%; white-space: nowrap;">Field</th>
<th style="width: 25%; white-space: nowrap;">Type</th>
<th style="width: 55%; white-space: nowrap;">Description</th>
</tr>
</thead>
<tbody>
<tr><td style="white-space: nowrap;">kind</td><td style="white-space: nowrap;">string (enum):<ul><li><code>pod</code></li><li><code>service</code></li></ul></td><td></td></tr><tr><td style="white-space: nowrap;">name</td><td style="white-space: nowrap;">string</td><td></td></tr><tr><td style="white-space: nowrap;">namespace</td><td style="white-space: nowrap;">string</td><td></td></tr>
</tbody>
</table>
</div>
Loading

0 comments on commit 148e568

Please sign in to comment.