Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(shield): expose dns detections directly #2110

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+62 −13
Open

feat(shield): expose dns detections directly #2110

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/shield/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@ maintainers:
- name: mavimo
email: [email protected]
type: application
version: 0.5.1
version: 0.5.2
appVersion: "1.0.0"
1 change: 1 addition & 0 deletions charts/shield/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ The following table lists the configurable parameters of the `shield` chart and
| features.vulnerability_management.container_vulnerability_management.registry_ssl.verify | If set to false it allows insecure connections to registries, Such as for registries with self-signed or private certificates. | <code>true</code> |
| features.vulnerability_management.in_use.enabled | Allows to retrieve the list of running packages. | <code>false</code> |
| features.vulnerability_management.in_use.integration_enabled | Allows to store the list of running packages to Sysdig backend. | <code>false</code> |
| features.detections.dns_detections.enabled | | <code>false</code> |
| features.detections.drift_control.enabled | | <code>false</code> |
| features.detections.malware_control.enabled | | <code>false</code> |
| features.detections.ml_policies.enabled | | <code>false</code> |
Expand Down
2 changes: 1 addition & 1 deletion charts/shield/templates/host/_configmap_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
{{- end }}

{{- define "host.configmap.detections" }}
{{- dict "detections" (pick . "ml_policies") | toYaml }}
{{- dict "detections" (pick . "dns_detections" "ml_policies") | toYaml }}
{{- end }}

{{/* Generate the 'host_shield_config.yaml' content */}}
Expand Down
55 changes: 44 additions & 11 deletions charts/shield/tests/host/configmap-host-shield-config_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ tests:
pattern: |
features:
detections:
dns_detections:
enabled: false
ml_policies:
enabled: false
posture:
Expand Down Expand Up @@ -48,6 +50,8 @@ tests:
pattern: |
features:
detections:
dns_detections:
enabled: false
ml_policies:
enabled: false
posture:
Expand Down Expand Up @@ -75,6 +79,8 @@ tests:
pattern: |
features:
detections:
dns_detections:
enabled: false
ml_policies:
enabled: false
posture:
Expand Down Expand Up @@ -102,6 +108,8 @@ tests:
pattern: |
features:
detections:
dns_detections:
enabled: false
ml_policies:
enabled: false
posture:
Expand Down Expand Up @@ -129,6 +137,8 @@ tests:
pattern: |
features:
detections:
dns_detections:
enabled: false
ml_policies:
enabled: false
posture:
Expand All @@ -151,6 +161,8 @@ tests:
pattern: |
features:
detections:
dns_detections:
enabled: false
ml_policies:
enabled: false
posture:
Expand Down Expand Up @@ -181,6 +193,8 @@ tests:
pattern: |-
features:
detections:
dns_detections:
enabled: false
ml_policies:
enabled: false
posture:
Expand Down Expand Up @@ -210,6 +224,8 @@ tests:
pattern: |-
features:
detections:
dns_detections:
enabled: false
ml_policies:
enabled: false
posture:
Expand Down Expand Up @@ -237,6 +253,8 @@ tests:
pattern: |-
features:
detections:
dns_detections:
enabled: false
ml_policies:
enabled: false
posture:
Expand Down Expand Up @@ -264,17 +282,32 @@ tests:
pattern: |-
features:
detections:
dns_detections:
enabled: false
ml_policies:
enabled: true
posture:
host_posture:
enabled: false
responding:
rapid_response:
enabled: false
vulnerability_management:
host_vulnerability_management:
enabled: false
in_use:

- it: Ensure DNS Detections is disabled by default
asserts:
- matchRegex:
path: data['host-shield.yaml']
pattern: |-
features:
detections:
dns_detections:
enabled: false
integration_enabled: false

- it: Enable DNS Detections
set:
features:
detections:
dns_detections:
enabled: true
asserts:
- matchRegex:
path: data['host-shield.yaml']
pattern: |-
features:
detections:
dns_detections:
enabled: true
13 changes: 13 additions & 0 deletions charts/shield/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -680,6 +680,9 @@
"type": "object",
"additionalProperties": false,
"properties": {
"dns_detections": {
"$ref": "#/$defs/FeatureGroupDetections/$defs/DNSDetections"
},
"drift_control": {
"$ref": "#/$defs/FeatureGroupDetections/$defs/DriftControl"
},
Expand All @@ -694,6 +697,16 @@
}
},
"$defs": {
"DNSDetections": {
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"description": "Specify if the DNS Detections feature is enabled"
}
}
},
"DriftControl": {
"type": "object",
"additionalProperties": true,
Expand Down
2 changes: 2 additions & 0 deletions charts/shield/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,8 @@ features:
# Allows to store the list of running packages to Sysdig backend.
integration_enabled: false
detections:
dns_detections:
enabled: false
drift_control:
enabled: false
malware_control:
Expand Down
Loading