Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⭐️ Allow loading policies from an s3 bucket. #988

Merged
merged 2 commits into from
Dec 8, 2023
Merged

⭐️ Allow loading policies from an s3 bucket. #988

merged 2 commits into from
Dec 8, 2023

Conversation

preslavgerchev
Copy link
Contributor

@preslavgerchev preslavgerchev commented Dec 7, 2023
edited by chris-rock
Loading

Introduce a BundleResolver interface and 2 concrete implementations:

  • A local (file) resolver
  • An s3 resolver

The BundleFromPaths will iterate through the possible resolvers and find the right one for the target we're specifying

This allows for pulling policies from an s3 bucket:

~/go/bin/cnspec scan -f s3://mysupernotexistingbucket1234567

Or local (like before, unchanged)

~/go/bin/cnspec scan -f packs.yaml

It also supports pulling a specific s3 item:

~/go/bin/cnspec scan -f s3://mysupernotexistingbucket1234567/packs.mql.yaml

It also works with both at the same time:

// s3 bucket + local
~/go/bin/cnspec scan -f s3://mysupernotexistingbucket1234567 -f packs.yaml

// s3 key + local
~/go/bin/cnspec scan -f s3://mysupernotexistingbucket1234567/pol.mql.yaml -f packs.yaml

@preslavgerchev preslavgerchev force-pushed the preslav/s3-pull-support branch 2 times, most recently from e56d9ee to c56751f Compare December 7, 2023 17:45
chris-rock
chris-rock reviewed Dec 7, 2023
View reviewed changes
policy/bundle_s3_resolver.go Outdated Show resolved Hide resolved
policy/bundle_s3_resolver.go Outdated Show resolved Hide resolved
policy/bundle_s3_resolver.go Show resolved Hide resolved
@preslavgerchev preslavgerchev force-pushed the preslav/s3-pull-support branch from b8ff242 to 97cb46d Compare December 7, 2023 20:33
chris-rock
chris-rock reviewed Dec 7, 2023
View reviewed changes
go.mod Outdated Show resolved Hide resolved
policy/bundle_file_resolver.go Outdated Show resolved Hide resolved
chris-rock
chris-rock approved these changes Dec 7, 2023
View reviewed changes
Copy link
Member

@chris-rock chris-rock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @preslavgerchev Great work.

Can you please fix the nits and add some tests for the bundle resolver?

@preslavgerchev preslavgerchev force-pushed the preslav/s3-pull-support branch from 7634df6 to 742a502 Compare December 8, 2023 08:22
@preslavgerchev preslavgerchev force-pushed the preslav/s3-pull-support branch from 77210eb to 3f966b5 Compare December 8, 2023 09:21
@preslavgerchev preslavgerchev merged commit a7e8a32 into main Dec 8, 2023
9 checks passed
@preslavgerchev preslavgerchev deleted the preslav/s3-pull-support branch December 8, 2023 10:42
@github-actions github-actions bot locked and limited conversation to collaborators Dec 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@chris-rock chris-rock chris-rock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@preslavgerchev @chris-rock