├── docs ├── releases │ ├── v0.1.md │ ├── v1.0.4.md │ ├── v1.0.3.md │ ├── v1.0.6.md │ ├── v1.0.7.md │ ├── v0.3.0.md │ ├── v1.0.11.md │ ├── v1.0.14.md │ ├── v1.0.12.md │ ├── v1.0.13.md │ ├── v1.0.9.md │ ├── v1.0.5.md │ ├── v1.0.8.md │ ├── v0.2.md │ ├── v1.0.2.md │ ├── v1.0.1.md │ ├── v1.0.0.md │ ├── v0.4.0.md │ ├── v0.4.2.md │ ├── v1.0.10.md │ ├── v0.4.1.md │ ├── v1.1.0.md │ ├── v0.5.1.md │ └── v0.5.0.md └── assets │ └── logo.svg ├── app ├── web-client │ ├── .env │ ├── public │ │ ├── robots.txt │ │ ├── favicon.ico │ │ ├── logo192.png │ │ ├── logo512.png │ │ ├── touch-icon.png │ │ ├── manifest.json │ │ └── index.html │ ├── src │ │ ├── assets │ │ │ ├── fonts │ │ │ │ ├── Poppins-Bold.ttf │ │ │ │ ├── Poppins-Light.ttf │ │ │ │ ├── Poppins-Medium.ttf │ │ │ │ ├── Poppins-Regular.ttf │ │ │ │ ├── JetBrainsMono-Bold.ttf │ │ │ │ ├── Poppins-SemiBold.ttf │ │ │ │ └── JetBrainsMono-Regular.ttf │ │ │ ├── shield-active.svg │ │ │ ├── shield-inactive.svg │ │ │ ├── github-logo.svg │ │ │ └── gpm-logo.svg │ │ ├── react-app-env.d.ts │ │ ├── pages │ │ │ ├── ConstraintTemplates │ │ │ │ ├── Style.scss │ │ │ │ ├── index.ts │ │ │ │ └── types.ts │ │ │ ├── Home │ │ │ │ ├── index.ts │ │ │ │ └── Component.tsx │ │ │ ├── Error │ │ │ │ ├── index.ts │ │ │ │ ├── types.ts │ │ │ │ └── Component.tsx │ │ │ ├── Logout │ │ │ │ ├── index.ts │ │ │ │ └── Component.tsx │ │ │ ├── NotFound │ │ │ │ ├── index.ts │ │ │ │ └── Component.tsx │ │ │ ├── Constraints │ │ │ │ ├── index.ts │ │ │ │ ├── Style.scss │ │ │ │ └── types.ts │ │ │ ├── Configurations │ │ │ │ ├── index.ts │ │ │ │ ├── Style.scss │ │ │ │ ├── types.ts │ │ │ │ └── Component.tsx │ │ │ ├── theme.ts │ │ │ └── types.ts │ │ ├── components │ │ │ ├── Footer │ │ │ │ ├── index.ts │ │ │ │ ├── Style.scss │ │ │ │ └── Component.tsx │ │ │ └── Header │ │ │ │ ├── index.ts │ │ │ │ ├── Style.scss │ │ │ │ └── Component.tsx │ │ ├── setupTests.ts │ │ ├── App.test.tsx │ │ ├── hooks │ │ │ ├── useScrollToHash.tsx │ │ │ └── useCurrentElementInView.tsx │ │ ├── reportWebVitals.ts │ │ ├── theme.ts │ │ ├── AppContext.ts │ │ ├── index.tsx │ │ ├── utils.tsx │ │ ├── App.tsx │ │ ├── App.scss │ │ ├── index.scss │ │ └── AppContextProvider.tsx │ ├── fork-ts-checker.config.js │ ├── .gitignore │ ├── tsconfig.json │ ├── package.json │ └── README.md ├── requirements.txt ├── constraints.txt └── templates │ └── constraints-report.html ├── renovate.json ├── .dockerignore ├── screenshots ├── 01-home.png ├── 07-configs.png ├── 04-constraints.png ├── 05-constraints.png ├── 06-constraints.png ├── 08-multicluster.png ├── 02-constrainttemplates.png └── 03-constrainttemplates.png ├── CHANGELOG.md ├── tests ├── e2e │ ├── tests │ │ ├── home.spec.ts-snapshots │ │ │ └── page-home-snapshot-1-linux.png │ │ ├── constraints.spec.ts-snapshots │ │ │ └── page-constraints-snapshot-1-linux.png │ │ ├── configurations.spec.ts-snapshots │ │ │ └── page-configurations-snapshot-1-linux.png │ │ ├── constrainttemplates.spec.ts-snapshots │ │ │ └── page-constrainttemplates-snapshot-1-linux.png │ │ ├── home.spec.ts │ │ ├── configurations.spec.ts │ │ ├── constraints.spec.ts │ │ └── constrainttemplates.spec.ts │ ├── .gitignore │ ├── playwright.config.js │ ├── package.json │ ├── README.md │ └── yarn.lock ├── deploy-patch.yaml ├── kustomization.yaml ├── helper.bash ├── e2e-tests.yaml └── tests.sh ├── .gitignore ├── chart ├── templates │ ├── secret-multicluster.yaml │ ├── secret-oidc.yaml │ ├── secret.yaml │ ├── serviceaccount.yaml │ ├── service.yaml │ ├── hpa.yaml │ ├── rbac.yaml │ ├── NOTES.txt │ ├── ingress.yaml │ ├── _helpers.tpl │ └── deployment.yaml ├── .frigate ├── Chart.yaml ├── LICENSE ├── README.md └── values.yaml ├── manifests ├── service.yaml ├── multi-cluster.yaml ├── ingress.yaml ├── rbac.yaml ├── deployment.yaml └── enable-oidc.yaml ├── .bumpversion.cfg ├── .github ├── dependabot.yml ├── ISSUE_TEMPLATE │ ├── feature_request.md │ └── bug_report.md └── pull_request_template.md ├── .rules └── .htmlhintrc ├── Dockerfile ├── kustomization.yaml ├── LICENSE ├── MAINTENANCE.md ├── .drone.yml └── README.md /docs/releases/v0.1.md: -------------------------------------------------------------------------------- 1 | # v0.1 2 | 3 | First release. 4 | -------------------------------------------------------------------------------- /app/web-client/.env: -------------------------------------------------------------------------------- 1 | REACT_APP_LOCAL_GPM_SERVER_URL=http://localhost:5000/ 2 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": [ 3 | "config:base" 4 | ] 5 | } 6 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | **/node_modules 2 | **/build 3 | **/chart 4 | **/manifests 5 | **/screenshots 6 | **/tests 7 | -------------------------------------------------------------------------------- /app/web-client/public/robots.txt: -------------------------------------------------------------------------------- 1 | # https://www.robotstxt.org/robotstxt.html 2 | User-agent: * 3 | Disallow: 4 | -------------------------------------------------------------------------------- /screenshots/01-home.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/screenshots/01-home.png -------------------------------------------------------------------------------- /screenshots/07-configs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/screenshots/07-configs.png -------------------------------------------------------------------------------- /screenshots/04-constraints.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/screenshots/04-constraints.png -------------------------------------------------------------------------------- /screenshots/05-constraints.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/screenshots/05-constraints.png -------------------------------------------------------------------------------- /screenshots/06-constraints.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/screenshots/06-constraints.png -------------------------------------------------------------------------------- /screenshots/08-multicluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/screenshots/08-multicluster.png -------------------------------------------------------------------------------- /app/web-client/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/app/web-client/public/favicon.ico -------------------------------------------------------------------------------- /app/web-client/public/logo192.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/app/web-client/public/logo192.png -------------------------------------------------------------------------------- /app/web-client/public/logo512.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/app/web-client/public/logo512.png -------------------------------------------------------------------------------- /app/web-client/public/touch-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/app/web-client/public/touch-icon.png -------------------------------------------------------------------------------- /screenshots/02-constrainttemplates.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/screenshots/02-constrainttemplates.png -------------------------------------------------------------------------------- /screenshots/03-constrainttemplates.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/screenshots/03-constrainttemplates.png -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Gatekeeper Policy Manager Changelog 2 | 3 | Changelog has been moved to [docs/releases](docs/releases). There you'll find a file for each version. 4 | -------------------------------------------------------------------------------- /app/web-client/src/assets/fonts/Poppins-Bold.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/app/web-client/src/assets/fonts/Poppins-Bold.ttf -------------------------------------------------------------------------------- /app/web-client/src/assets/fonts/Poppins-Light.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/app/web-client/src/assets/fonts/Poppins-Light.ttf -------------------------------------------------------------------------------- /app/web-client/src/assets/fonts/Poppins-Medium.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/app/web-client/src/assets/fonts/Poppins-Medium.ttf -------------------------------------------------------------------------------- /app/web-client/src/assets/fonts/Poppins-Regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/app/web-client/src/assets/fonts/Poppins-Regular.ttf -------------------------------------------------------------------------------- /app/web-client/src/assets/fonts/JetBrainsMono-Bold.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/app/web-client/src/assets/fonts/JetBrainsMono-Bold.ttf -------------------------------------------------------------------------------- /app/web-client/src/assets/fonts/Poppins-SemiBold.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/app/web-client/src/assets/fonts/Poppins-SemiBold.ttf -------------------------------------------------------------------------------- /app/web-client/src/assets/fonts/JetBrainsMono-Regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/app/web-client/src/assets/fonts/JetBrainsMono-Regular.ttf -------------------------------------------------------------------------------- /tests/e2e/tests/home.spec.ts-snapshots/page-home-snapshot-1-linux.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/tests/e2e/tests/home.spec.ts-snapshots/page-home-snapshot-1-linux.png -------------------------------------------------------------------------------- /docs/releases/v1.0.4.md: -------------------------------------------------------------------------------- 1 | # GPM v1.0.4 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.4. 4 | 5 | This is a maintenance release including improved error messages and updates to all GPM dependencies. 6 | 7 | -------------------------------------------------------------------------------- /tests/e2e/tests/constraints.spec.ts-snapshots/page-constraints-snapshot-1-linux.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/tests/e2e/tests/constraints.spec.ts-snapshots/page-constraints-snapshot-1-linux.png -------------------------------------------------------------------------------- /app/requirements.txt: -------------------------------------------------------------------------------- 1 | -c constraints.txt 2 | Flask==3.1.2 3 | Flask-pyoidc==3.14.3 4 | flask-cors==6.0.1 5 | gunicorn==23.0.0 6 | kubernetes==33.1.0 7 | setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability 8 | -------------------------------------------------------------------------------- /tests/e2e/tests/configurations.spec.ts-snapshots/page-configurations-snapshot-1-linux.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/tests/e2e/tests/configurations.spec.ts-snapshots/page-configurations-snapshot-1-linux.png -------------------------------------------------------------------------------- /tests/e2e/tests/constrainttemplates.spec.ts-snapshots/page-constrainttemplates-snapshot-1-linux.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/HEAD/tests/e2e/tests/constrainttemplates.spec.ts-snapshots/page-constrainttemplates-snapshot-1-linux.png -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | env 2 | .venv 3 | .vscode 4 | __pycache__ 5 | launch.json 6 | app/static-content/* 7 | !app/static-content/semantic.min.css 8 | tests/e2e/test-results 9 | build/ 10 | node_modules/ 11 | static-content/ 12 | *.tgz 13 | pyrightconfig.json 14 | .mise.toml -------------------------------------------------------------------------------- /docs/releases/v1.0.3.md: -------------------------------------------------------------------------------- 1 | # GPM v1.0.3 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.3. 4 | 5 | This is a patch release including updates to all GPM dependencies and moving to Python 3.11. 6 | 7 | No changes have been done to GPM istself. 8 | -------------------------------------------------------------------------------- /app/web-client/src/react-app-env.d.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | /// 8 | -------------------------------------------------------------------------------- /app/web-client/src/pages/ConstraintTemplates/Style.scss: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | /* stylelint-disable-next-line selector-class-pattern */ 8 | -------------------------------------------------------------------------------- /app/web-client/src/pages/Home/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import HomeComponent from "./Component"; 8 | 9 | export { HomeComponent as Home }; 10 | -------------------------------------------------------------------------------- /app/web-client/src/pages/Error/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import ErrorComponent from "./Component"; 8 | 9 | export { ErrorComponent as Error }; 10 | -------------------------------------------------------------------------------- /docs/releases/v1.0.6.md: -------------------------------------------------------------------------------- 1 | # GPM v1.0.6 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.6 🎉 4 | 5 | This is a maintenance release including: 6 | 7 | - Bumped all JavaScript and Python dependencies 8 | - Helm Chart: Added support for annotations to the Kuberntes service (thanks @Markieta for the PR) 9 | 10 | -------------------------------------------------------------------------------- /app/web-client/src/pages/Logout/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import LogoutComponent from "./Component"; 8 | 9 | export { LogoutComponent as Logout }; 10 | -------------------------------------------------------------------------------- /app/web-client/src/components/Footer/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import FooterComponent from "./Component"; 8 | 9 | export { FooterComponent as Footer }; 10 | -------------------------------------------------------------------------------- /app/web-client/src/components/Header/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import HeaderComponent from "./Component"; 8 | 9 | export { HeaderComponent as Header }; 10 | -------------------------------------------------------------------------------- /app/web-client/src/pages/NotFound/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import NotFoundComponent from "./Component"; 8 | 9 | export { NotFoundComponent as NotFound }; 10 | -------------------------------------------------------------------------------- /app/web-client/src/pages/Constraints/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import ConstraintsComponent from "./Component"; 8 | 9 | export { ConstraintsComponent as Constraints }; 10 | -------------------------------------------------------------------------------- /docs/releases/v1.0.7.md: -------------------------------------------------------------------------------- 1 | # GPM v1.0.7 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.7 🎉 4 | 5 | This is a maintenance release including: 6 | 7 | - Bumped all JavaScript and Python dependencies 8 | - Helm Chart: Added support for specifing a custom command and arguments for GPM's container (thanks @Markieta for the PR) 9 | 10 | -------------------------------------------------------------------------------- /app/web-client/src/pages/Configurations/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import ConfigurationsComponent from "./Component"; 8 | 9 | export { ConfigurationsComponent as Configurations }; 10 | -------------------------------------------------------------------------------- /app/web-client/src/pages/ConstraintTemplates/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import ConstraintTemplatesComponent from "./Component"; 8 | 9 | export { ConstraintTemplatesComponent as ConstraintTemplates }; 10 | -------------------------------------------------------------------------------- /app/web-client/src/pages/Error/types.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { BackendError } from "../types"; 8 | 9 | export interface ErrorPageState { 10 | error: BackendError; 11 | entity: string; 12 | } 13 | -------------------------------------------------------------------------------- /docs/releases/v0.3.0.md: -------------------------------------------------------------------------------- 1 | # v0.3.0 2 | 3 | - Added support for offline frontend usage. 4 | - Added favicon. 5 | - Updated base image and pinned OS-level dependencies packages versions. 6 | - Added message when there are no Constraint Templates instead of showing an empty view. 7 | - Fixed crash when constraints don't have any match criteria defined. 8 | - Improved error handling in general 9 | -------------------------------------------------------------------------------- /docs/releases/v1.0.11.md: -------------------------------------------------------------------------------- 1 | # GPM v1.0.11 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.11 🎉 4 | 5 | This is a maintenance and bug-fixing release including: 6 | 7 | - [#1026](https://github.com/sighupio/gatekeeper-policy-manager/pull/1026) Chart: change HPA API version to v2. 8 | - Bumped all JavaScript and Python dependencies to their latest compatible version. 9 | -------------------------------------------------------------------------------- /app/web-client/fork-ts-checker.config.js: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | module.exports = { 8 | logger: { 9 | log: (message) => console.log(message), 10 | error: (message) => console.error(message) 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /chart/templates/secret-multicluster.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.config.multiCluster.enabled -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "gatekeeper-policy-manager.fullname" . }}-multicluster 6 | labels: 7 | {{- include "gatekeeper-policy-manager.labels" . | nindent 4 }} 8 | data: 9 | kubeconfig: {{ .Values.config.multiCluster.kubeconfig | b64enc }} 10 | {{- end -}} -------------------------------------------------------------------------------- /docs/releases/v1.0.14.md: -------------------------------------------------------------------------------- 1 | # GPM v1.0.14 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.14 🎉 4 | 5 | This is a maintenance release including: 6 | 7 | - [[#1899]](https://github.com/sighupio/gatekeeper-policy-manager/pull/1289) Support for rego v1 in constraint templates by @AipNooBest 8 | - Bumped all JavaScript and Python dependencies to their latest compatible version. 9 | -------------------------------------------------------------------------------- /chart/templates/secret-oidc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.config.oidc.enabled .Values.config.oidc.clientSecret -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "gatekeeper-policy-manager.fullname" . }}-oidc 6 | labels: 7 | {{- include "gatekeeper-policy-manager.labels" . | nindent 4 }} 8 | stringData: 9 | clientSecret: {{ .Values.config.oidc.clientSecret }} 10 | {{- end -}} -------------------------------------------------------------------------------- /docs/releases/v1.0.12.md: -------------------------------------------------------------------------------- 1 | # GPM v1.0.12 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.12 🎉 4 | 5 | This is a maintenance release including: 6 | 7 | - [#1026](https://github.com/sighupio/gatekeeper-policy-manager/pull/1156) Chart: allow setting secret key by referencing a present/custom secret 8 | - Bumped all JavaScript and Python dependencies to their latest compatible version. 9 | -------------------------------------------------------------------------------- /manifests/service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | 6 | apiVersion: v1 7 | kind: Service 8 | metadata: 9 | name: gatekeeper-policy-manager 10 | spec: 11 | selector: 12 | app: gatekeeper-policy-manager 13 | ports: 14 | - port: 80 15 | targetPort: http 16 | -------------------------------------------------------------------------------- /chart/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.config.secretKey }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "gatekeeper-policy-manager.fullname" . }} 6 | labels: 7 | {{- include "gatekeeper-policy-manager.labels" . | nindent 4 }} 8 | stringData: 9 | secretKey: {{ required "A valid .Values.config.secretKey entry required! Choose a secure string" .Values.config.secretKey | quote }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /tests/e2e/.gitignore: -------------------------------------------------------------------------------- 1 | # See https://help.github.com/articles/ignoring-files/ for more about ignoring files. 2 | 3 | # dependencies 4 | /node_modules 5 | /.pnp 6 | .pnp.js 7 | 8 | # testing 9 | /coverage 10 | 11 | # production 12 | /build 13 | 14 | # misc 15 | .DS_Store 16 | .env.local 17 | .env.development.local 18 | .env.test.local 19 | .env.production.local 20 | 21 | npm-debug.log* 22 | yarn-debug.log* 23 | yarn-error.log* 24 | -------------------------------------------------------------------------------- /app/web-client/.gitignore: -------------------------------------------------------------------------------- 1 | # See https://help.github.com/articles/ignoring-files/ for more about ignoring files. 2 | 3 | # dependencies 4 | /node_modules 5 | /.pnp 6 | .pnp.js 7 | 8 | # testing 9 | /coverage 10 | 11 | # production 12 | /build 13 | 14 | # misc 15 | .DS_Store 16 | .env.local 17 | .env.development.local 18 | .env.test.local 19 | .env.production.local 20 | 21 | npm-debug.log* 22 | yarn-debug.log* 23 | yarn-error.log* 24 | -------------------------------------------------------------------------------- /chart/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "gatekeeper-policy-manager.serviceAccountName" . }} 6 | labels: 7 | {{- include "gatekeeper-policy-manager.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /app/web-client/src/components/Footer/Style.scss: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | /* stylelint-disable-next-line selector-class-pattern */ 8 | .gpm-footer > .euiFlexGroup { 9 | margin-left: auto; 10 | margin-right: auto; 11 | z-index: 1002; 12 | padding: 0 13%; 13 | } 14 | -------------------------------------------------------------------------------- /tests/deploy-patch.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: apps/v1 6 | kind: Deployment 7 | metadata: 8 | name: gatekeeper-policy-manager 9 | spec: 10 | template: 11 | spec: 12 | containers: 13 | - name: gatekeeper-policy-manager 14 | imagePullPolicy: IfNotPresent 15 | -------------------------------------------------------------------------------- /docs/releases/v1.0.13.md: -------------------------------------------------------------------------------- 1 | # GPM v1.0.13 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.13 🎉 4 | 5 | This is a maintenance release including: 6 | 7 | - Updated e2e tests to verify compatibility with Kubernetes 1.30, 1.31 and latest versions of OPA Gatekeeper 8 | - Switched to Python 3.12 9 | - Switched to `uv` for dependencies management in Dockerfile 10 | - Bumped all JavaScript and Python dependencies to their latest compatible version. 11 | -------------------------------------------------------------------------------- /chart/.frigate: -------------------------------------------------------------------------------- 1 | # Gatekeeper Policy Manager Helm Chart - v{{ version }} 2 | 3 | {{ description }} 4 | 5 | ## Configuration options 6 | 7 | The following table lists the configurable parameters of the Gatekeeper Policy Manager chart and their default values. 8 | 9 | | Parameter | Description | Default | 10 | | --------- | ----------- | ------- | 11 | {% for (param, comment, default) in values -%} 12 | | `{{ param }}` | {{comment}} | {{ default }} | 13 | {% endfor -%} 14 | -------------------------------------------------------------------------------- /tests/e2e/tests/home.spec.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2023 SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { test, expect } from '@playwright/test'; 8 | 9 | test('page home snapshot', async ({ page }) => { 10 | await page.goto('/'); 11 | await expect(page).toHaveScreenshot({ maxDiffPixels: 100, fullPage: true, mask: [page.locator('.dynamic')] }); 12 | }); -------------------------------------------------------------------------------- /docs/releases/v1.0.9.md: -------------------------------------------------------------------------------- 1 | # GPM v1.0.9 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.9 🎉 4 | 5 | This is a maintenance release including: 6 | 7 | - [#834](https://github.com/sighupio/gatekeeper-policy-manager/pull/834) Fix a multi-cluster view bug: now you can have several tabs opened viewing different clusters and refreshing the page won't change the cluster. 8 | - Bumped all JavaScript and Python dependencies to their latest compatible version 9 | 10 | -------------------------------------------------------------------------------- /app/web-client/src/setupTests.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | // jest-dom adds custom jest matchers for asserting on DOM nodes. 8 | // allows you to do things like: 9 | // expect(element).toHaveTextContent(/react/i) 10 | // learn more: https://github.com/testing-library/jest-dom 11 | import "@testing-library/jest-dom"; 12 | -------------------------------------------------------------------------------- /tests/e2e/playwright.config.js: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2023 SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { defineConfig } from "@playwright/test"; 8 | 9 | export default defineConfig({ 10 | use: { 11 | headless: true, 12 | browserName: "chromium", 13 | ignoreHTTPSErrors: true, 14 | baseURL: "http://localhost:8080", 15 | }, 16 | }); 17 | -------------------------------------------------------------------------------- /app/web-client/src/App.test.tsx: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import React from "react"; 8 | import { render, screen } from "@testing-library/react"; 9 | import App from "./App"; 10 | 11 | test("renders learn react link", () => { 12 | render(); 13 | const linkElement = screen.getByText(/learn react/i); 14 | expect(linkElement).toBeInTheDocument(); 15 | }); 16 | -------------------------------------------------------------------------------- /.bumpversion.cfg: -------------------------------------------------------------------------------- 1 | [bumpversion] 2 | commit = True 3 | tag = True 4 | current_version = 1.1.0 5 | parse = (?P\d+)\.(?P\d+)\.(?P\d+)(\-rc(?P\d+))? 6 | serialize = 7 | {major}.{minor}.{patch}-rc{rc} 8 | {major}.{minor}.{patch} 9 | 10 | [bumpversion:file:README.md] 11 | 12 | [bumpversion:file:kustomization.yaml] 13 | 14 | [bumpversion:file:app/web-client/src/components/Footer/Component.tsx] 15 | 16 | [bumpversion:file:chart/Chart.yaml] 17 | 18 | [bumpversion:file:chart/README.md] 19 | 20 | [bumpversion:file:chart/values.yaml] 21 | -------------------------------------------------------------------------------- /app/web-client/src/assets/shield-active.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/e2e/tests/configurations.spec.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2023 SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { test, expect } from '@playwright/test'; 8 | 9 | test('page configurations snapshot', async ({ page }) => { 10 | await page.goto('configurations/'); 11 | await page.waitForSelector('#config > .euiPanel'); 12 | await expect(page).toHaveScreenshot({ maxDiffPixels: 100, fullPage: true, mask: [page.locator('.dynamic')] }); 13 | }); -------------------------------------------------------------------------------- /docs/releases/v1.0.5.md: -------------------------------------------------------------------------------- 1 | # GPM v1.0.5 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.5 🎉 4 | 5 | This is a minor release including bugfixes and some minor improvements: 6 | 7 | - OIDC Auth is working again ([#728](https://github.com/sighupio/gatekeeper-policy-manager/issues/728)) 8 | - OIDC Auth now supports the `.well-known` endpoint for dynamic provider configuration. 9 | - OIDC Logout does not throw a CORS error anymore ([#725](https://github.com/sighupio/gatekeeper-policy-manager/issues/725)) 10 | - Bumped all JavaScript and Python dependencies 11 | -------------------------------------------------------------------------------- /app/web-client/src/hooks/useScrollToHash.tsx: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { useEffect } from "react"; 8 | import { scrollToElement } from "../utils"; 9 | 10 | export default function useScrollToHash(hash: string, deps: any[]) { 11 | useEffect(() => { 12 | if (hash) { 13 | scrollToElement(hash, false); 14 | } else { 15 | window.scrollTo(0, 0); 16 | } 17 | }, [...deps]); 18 | } 19 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | version: 2 6 | updates: 7 | - package-ecosystem: "pip" # See documentation for possible values 8 | directory: "/app" # Location of package manifests 9 | schedule: 10 | interval: "weekly" 11 | 12 | - package-ecosystem: "npm" # See documentation for possible values 13 | directory: "/app/web-client" # Location of package manifests 14 | schedule: 15 | interval: "weekly" 16 | -------------------------------------------------------------------------------- /tests/e2e/tests/constraints.spec.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2023 SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { test, expect } from '@playwright/test'; 8 | 9 | test('page constraints snapshot', async ({ page }) => { 10 | await page.goto('constraints/'); 11 | // await page.waitForSelector('span[title="Constraints"]'); 12 | await page.waitForSelector('nav'); 13 | await expect(page).toHaveScreenshot({ maxDiffPixels: 100, fullPage: true, mask: [page.locator('.dynamic')] });; 14 | }); -------------------------------------------------------------------------------- /tests/e2e/tests/constrainttemplates.spec.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2023 SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { test, expect } from '@playwright/test'; 8 | 9 | test('page constrainttemplates snapshot', async ({ page }) => { 10 | await page.goto('constrainttemplates/', { timeout: 10000 }); 11 | await page.waitForSelector('span[title="Constraint Templates"]'); 12 | await expect(page).toHaveScreenshot({ maxDiffPixels: 100, fullPage: true, mask: [page.locator('.dynamic')] }); 13 | }); -------------------------------------------------------------------------------- /app/web-client/src/assets/shield-inactive.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "gatekeeper-policy-manager.fullname" . }} 5 | labels: 6 | {{- include "gatekeeper-policy-manager.labels" . | nindent 4 }} 7 | {{- with .Values.service.annotations }} 8 | annotations: 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | type: {{ .Values.service.type }} 13 | ports: 14 | - port: {{ .Values.service.port }} 15 | targetPort: http 16 | protocol: TCP 17 | name: http 18 | selector: 19 | {{- include "gatekeeper-policy-manager.selectorLabels" . | nindent 4 }} 20 | -------------------------------------------------------------------------------- /docs/releases/v1.0.8.md: -------------------------------------------------------------------------------- 1 | # GPM v1.0.8 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.8 🎉 4 | 5 | This is a maintenance release including: 6 | 7 | - [#797](https://github.com/sighupio/gatekeeper-policy-manager/pull/797) Fix Navigation when Constraints have dots or colons in the name (thanks @Markieta for the PR) 8 | - [#804](https://github.com/sighupio/gatekeeper-policy-manager/pull/804) Fix a bug that broke the backend when one or more constraints haven't been audited yet (thanks @Markieta for the PR) 9 | - Bumped all JavaScript and Python dependencies to their latest compatible version 10 | 11 | -------------------------------------------------------------------------------- /app/web-client/public/manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "short_name": "GPM", 3 | "name": "Gatekeeper Policy Manager", 4 | "icons": [ 5 | { 6 | "src": "favicon.ico", 7 | "sizes": "64x64 32x32 24x24 16x16", 8 | "type": "image/x-icon" 9 | }, 10 | { 11 | "src": "logo192.png", 12 | "type": "image/png", 13 | "sizes": "192x192" 14 | }, 15 | { 16 | "src": "logo512.png", 17 | "type": "image/png", 18 | "sizes": "512x512" 19 | } 20 | ], 21 | "start_url": ".", 22 | "display": "standalone", 23 | "theme_color": "#000000", 24 | "background_color": "#ffffff" 25 | } 26 | -------------------------------------------------------------------------------- /docs/releases/v0.2.md: -------------------------------------------------------------------------------- 1 | # v0.2 2 | 3 | We are pleased to announce the release of Gatekeeper Policy Manager v0.2, changes in this new release: 4 | 5 | - Improved layout of violations: now the violations of a Constraint are shown as a table instead of a list, this improves the readability when the count of violations is high. Also, we show a message now when there are no violations. 6 | - Added missing "Scope" to the Constraints match criteria view. 7 | - Show the line numbers in the rego code view ports. 8 | - Added support for Gatekeeper "config" CRDs. Now you can view all the config CRDs as you would with the Constraints and Constraint Templates. 9 | -------------------------------------------------------------------------------- /docs/releases/v1.0.2.md: -------------------------------------------------------------------------------- 1 | # v1.0.2 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.2. 4 | 5 | ## Changes from v1.0.1 6 | 7 | - Enhancement: show a successful logged-out page when logging out instead of asking for login immediately. 8 | - Bugfix: include the selected context in the report download link when in multi-cluster mode. 9 | - Bugfix: improve Constraint violations table display. 10 | - Helm Chart: fix Kubeconfig secret name. 11 | - Helm Chart: delete unused manifests. 12 | - Helm Chart: support for additional custom pod labels. 13 | - Other: updated dependencies. 14 | 15 | ### Breaking changes 16 | 17 | No breaking changes. 18 | -------------------------------------------------------------------------------- /manifests/multi-cluster.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: apps/v1 6 | kind: Deployment 7 | metadata: 8 | name: gatekeeper-policy-manager 9 | spec: 10 | template: 11 | spec: 12 | containers: 13 | - name: gatekeeper-policy-manager 14 | volumeMounts: 15 | - mountPath: /home/gpm/.kube/config 16 | name: kubeconfig 17 | subPath: kubeconfig 18 | volumes: 19 | - name: kubeconfig 20 | secret: 21 | secretName: kubeconfig 22 | -------------------------------------------------------------------------------- /app/web-client/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "target": "es5", 4 | "lib": [ 5 | "dom", 6 | "dom.iterable", 7 | "esnext" 8 | ], 9 | "allowJs": true, 10 | "skipLibCheck": true, 11 | "esModuleInterop": true, 12 | "allowSyntheticDefaultImports": true, 13 | "strict": true, 14 | "forceConsistentCasingInFileNames": true, 15 | "noFallthroughCasesInSwitch": true, 16 | "module": "esnext", 17 | "moduleResolution": "node", 18 | "resolveJsonModule": true, 19 | "isolatedModules": true, 20 | "noEmit": true, 21 | "jsx": "react-jsx" 22 | }, 23 | "include": [ 24 | "src" 25 | ] 26 | } 27 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: enhancement 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /app/web-client/src/reportWebVitals.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { MetricType } from "web-vitals"; 8 | 9 | const reportWebVitals = (onPerfEntry?: (metric: MetricType) => void) => { 10 | if (onPerfEntry && onPerfEntry instanceof Function) { 11 | import("web-vitals").then(({ onCLS, onINP, onFCP, onLCP, onTTFB }) => { 12 | onCLS(onPerfEntry); 13 | onINP(onPerfEntry); 14 | onFCP(onPerfEntry); 15 | onLCP(onPerfEntry); 16 | onTTFB(onPerfEntry); 17 | }); 18 | } 19 | }; 20 | 21 | export default reportWebVitals; 22 | -------------------------------------------------------------------------------- /app/web-client/src/pages/theme.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | export default { 8 | scheme: "sighup", 9 | author: "alessio pragliola (https://github.com/Al-Pragliola)", 10 | base00: "inherit", 11 | base01: "#808280", 12 | base02: "#808280", 13 | base03: "transparent", 14 | base04: "#b4b7b4", 15 | base05: "#c5c8c6", 16 | base06: "#e0e0e0", 17 | base07: "#ffffff", 18 | base08: "#CC342B", 19 | base09: "#F96A38", 20 | base0A: "#FBA922", 21 | base0B: "#373530", 22 | base0C: "#68288C", 23 | base0D: "#68288C", 24 | base0E: "#68288C", 25 | base0F: "#68288C", 26 | }; 27 | -------------------------------------------------------------------------------- /app/web-client/src/theme.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | export const theme = { 8 | themeName: "THEME_KARRIER", 9 | colors: { 10 | LIGHT: { 11 | primary: "#6b2d9f", 12 | customPrimaryDarkShade: "#421959", 13 | }, 14 | DARK: { 15 | primary: "#6b2d9f", 16 | customPrimaryDarkShade: "#421959", 17 | }, 18 | }, 19 | font: { 20 | family: "'Poppins', BlinkMacSystemFont, Helvetica, Arial, sans-serif", 21 | familyCode: "'JetBrains Mono', Menlo, Courier, monospace", 22 | }, 23 | border: { 24 | radius: { 25 | medium: "8px", 26 | }, 27 | }, 28 | }; 29 | -------------------------------------------------------------------------------- /app/constraints.txt: -------------------------------------------------------------------------------- 1 | Beaker==1.13.0 2 | cachetools==5.5.0 3 | certifi==2025.8.3 4 | cffi==1.17.1 5 | charset-normalizer==3.4.3 6 | click==8.1.8 7 | cryptography==45.0.6 8 | defusedxml==0.7.1 9 | future==1.0.0 10 | google-auth==2.40.3 11 | idna==3.10 12 | importlib-resources==6.5.2 13 | itsdangerous==2.2.0 14 | Jinja2==3.1.6 15 | Mako==1.3.10 16 | MarkupSafe==3.0.2 17 | oauthlib==3.3.1 18 | oic==1.6.1 19 | pyasn1==0.6.1 20 | pyasn1-modules==0.4.2 21 | pycparser==2.22 22 | pycryptodomex==3.23.0 23 | pydantic==2.11.7 24 | pyjwkest==1.4.2 25 | python-dateutil==2.9.0.post0 26 | PyYAML==6.0.3 27 | requests==2.32.4 28 | requests-oauthlib==2.0.0 29 | rsa==4.9.1 30 | six==1.17.0 31 | typing-extensions==4.14.1 32 | urllib3==2.5.0 33 | websocket-client==1.8.0 34 | Werkzeug==3.1.3 35 | zipp==3.23.0 36 | -------------------------------------------------------------------------------- /app/web-client/src/pages/Configurations/Style.scss: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | /* stylelint-disable selector-class-pattern, max-line-length */ 8 | .gpm-page-config .euiDescriptionList__title { 9 | max-width: 100px; 10 | text-overflow: ellipsis; 11 | white-space: nowrap; 12 | overflow: hidden; 13 | } 14 | 15 | .gpm-page-config .euiDescriptionList.euiDescriptionList--column.euiDescriptionList--compressed .euiDescriptionList__description, 16 | .gpm-page-config .euiDescriptionList.euiDescriptionList--responsiveColumn.euiDescriptionList--compressed .euiDescriptionList__description { 17 | width: calc(100% - 100px); 18 | } 19 | -------------------------------------------------------------------------------- /app/web-client/src/AppContext.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { createContext } from "react"; 8 | 9 | export interface IApplicationContextData { 10 | apiUrl: string; 11 | k8sContexts: string[]; 12 | currentK8sContext: string; 13 | authEnabled: boolean; 14 | } 15 | 16 | export interface IApplicationContext { 17 | context: IApplicationContextData; 18 | setContext?: (context: Partial) => void; 19 | } 20 | 21 | export const ApplicationContext = createContext({ 22 | context: { 23 | apiUrl: "", 24 | k8sContexts: [], 25 | currentK8sContext: "", 26 | authEnabled: false, 27 | }, 28 | }); 29 | -------------------------------------------------------------------------------- /app/web-client/src/index.tsx: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import React from "react"; 8 | import ReactDOM from "react-dom"; 9 | import reportWebVitals from "./reportWebVitals"; 10 | import App from "./App"; 11 | import { BrowserRouter } from "react-router-dom"; 12 | import "./index.scss"; 13 | 14 | ReactDOM.render( 15 | 16 | 17 | , 18 | document.getElementById("root") 19 | ); 20 | 21 | // If you want to start measuring performance in your app, pass a function 22 | // to log results (for example: reportWebVitals(console.log)) 23 | // or send to an analytics endpoint. Learn more: https://bit.ly/CRA-vitals 24 | reportWebVitals(); 25 | -------------------------------------------------------------------------------- /app/web-client/src/pages/types.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { RenderItem } from "@elastic/eui/src/components/side_nav/side_nav_item"; 8 | import { ReactElement } from "react"; 9 | 10 | export interface ISideNavItem { 11 | name: string; 12 | id: string; 13 | href?: string; 14 | disabled?: boolean; 15 | renderItem?: RenderItem; 16 | icon?: ReactElement; 17 | isSelected?: boolean; 18 | onClick?: () => void; 19 | } 20 | 21 | export interface ISideNav { 22 | name: string; 23 | id: string; 24 | items: ISideNavItem[]; 25 | } 26 | 27 | export interface BackendError { 28 | action: string; 29 | description: string; 30 | error: string; 31 | } 32 | -------------------------------------------------------------------------------- /tests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | namespace: gatekeeper-system 6 | 7 | resources: 8 | # Deploy Gatekeeper from KFD OPA Module 9 | - github.com/sighupio/module-policy/katalog/gatekeeper/core?ref=v1.14.0 10 | - github.com/sighupio/module-policy/katalog/gatekeeper/rules?ref=v1.14.0 11 | - github.com/sighupio/module-policy/katalog/gatekeeper/monitoring?ref=v1.14.0 12 | 13 | # Deploy GPM itself 14 | - ../manifests/rbac.yaml 15 | - ../manifests/deployment.yaml 16 | - ../manifests/service.yaml 17 | 18 | patches: 19 | - path: deploy-patch.yaml 20 | 21 | images: 22 | - name: quay.io/sighup/gatekeeper-policy-manager 23 | newName: gatekeeper-policy-manager 24 | newTag: test 25 | -------------------------------------------------------------------------------- /tests/e2e/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "gpm-e2e", 3 | "version": "1.0.0", 4 | "description": "E2E Testing suite for GPM", 5 | "main": "index.js", 6 | "repository": { 7 | "type": "git", 8 | "url": "git+https://github.com/sighupio/gatekeeper-policy-manager.git" 9 | }, 10 | "author": "Ramiro Algozino", 11 | "license": " BSD-3-Clause", 12 | "bugs": { 13 | "url": "https://github.com/sighupio/gatekeeper-policy-manager/issues" 14 | }, 15 | "homepage": "https://github.com/sighupio/gatekeeper-policy-manager#readme", 16 | "dependencies": { 17 | "playwright": "^1.30.0" 18 | }, 19 | "devDependencies": { 20 | "@playwright/test": "^1.30.0" 21 | }, 22 | "scripts": { 23 | "test": "playwright test", 24 | "gen:snapshot": "rm -rf tests/*-snapshots && playwright test --update-snapshots --config=playwright.config.js" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /.rules/.htmlhintrc: -------------------------------------------------------------------------------- 1 | { 2 | "tagname-lowercase": true, 3 | "attr-lowercase": true, 4 | "attr-value-double-quotes": true, 5 | "attr-value-not-empty": false, 6 | "attr-no-duplication": true, 7 | "tag-pair": true, 8 | "tag-self-close": false, 9 | "id-unique": true, 10 | "src-not-empty": true, 11 | "title-require": true, 12 | "alt-require": true, 13 | "doctype-html5": true, 14 | "style-disabled": false, 15 | "inline-style-disabled": false, 16 | "inline-script-disabled": false, 17 | "space-tab-mixed-disabled": "space", 18 | "id-class-ad-disabled": false, 19 | "href-abs-or-rel": false, 20 | "attr-unsafe-chars": true, 21 | "head-script-disabled": true, 22 | 23 | "__COMMENT__": "From here, custom rules. Jinja2 requires special characters. Also there is some HTML templates.", 24 | 25 | "spec-char-escape": false, 26 | "id-class-value": false, 27 | "doctype-first": false 28 | } 29 | -------------------------------------------------------------------------------- /docs/releases/v1.0.1.md: -------------------------------------------------------------------------------- 1 | # v1.0.1 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.1. 4 | 5 | ## Changes from v1.0.0 6 | 7 | - Enhancement: reintroduced line numbers in the rego code viewports. 8 | - Enhancement: new (better and consistent) icons for the Constraint mode. 9 | - Enhancement: Constraint Templates now show their description if available. 10 | - Enhancement: switched from custom fork for the UI to ElasticUI + Fury theme and deleted old SemanticUI dependencies. 11 | - Bugfix: handle expired OIDC sessions properly and reask for login. 12 | - Bugfix: warn icon now shows its tooltip and is aligned like the rest of the icons in the Constraint navbar. 13 | - Helm Chart: new release pointing to the latest version of GPM. 14 | - Helm Chart: set GPM deployment replicas to 2 by default. 15 | - Other: updated all the dependencies. 16 | 17 | ### Breaking changes 18 | 19 | No breaking changes. 20 | -------------------------------------------------------------------------------- /app/web-client/src/assets/github-logo.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 5 | 10 | 11 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Desktop (please complete the following information):** 27 | - OS: [e.g. iOS] 28 | - Browser [e.g. chrome, safari] 29 | - Version [e.g. 22] 30 | 31 | **Kubernetes (please complete the following information):** 32 | - Kubernetes version: [e.g. 1.30.0] 33 | - OPA Gatekeeper version: [e.g. 3.18.0] 34 | 35 | **Additional context** 36 | Add any other context about the problem here. 37 | -------------------------------------------------------------------------------- /manifests/ingress.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: networking.k8s.io/v1 6 | kind: Ingress 7 | metadata: 8 | annotations: 9 | kubernetes.io/ingress.class: "nginx" 10 | forecastle.stakater.com/expose: "true" 11 | forecastle.stakater.com/appName: "Gatekeeper Policy Manager" 12 | forecastle.stakater.com/icon: "https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/master/docs/assets/logo.svg" 13 | name: gatekeeper-policy-manager 14 | spec: 15 | rules: 16 | # Set the HOST accordingly 17 | - host: gpm.internal.mycompany.com 18 | http: 19 | paths: 20 | - path: / 21 | pathType: ImplementationSpecific 22 | backend: 23 | service: 24 | name: gatekeeper-policy-manager 25 | port: 26 | name: http 27 | -------------------------------------------------------------------------------- /docs/releases/v1.0.0.md: -------------------------------------------------------------------------------- 1 | # v1.0.0-rc0 2 | 3 | Gatekeeper Policy Manager version 1.0.0 4 | 5 | ## Changes from v0.5.1 6 | 7 | - Enhancement: new branding and frontend using the Fury Design System. 8 | - Enhancement: backend now uses ConstraintTemplates v1 API version against Kubernetes API. 9 | - Bugfix: fixed a bug that made the backend logs to not show up in standard output. 10 | - Bugfix: fixed a bug that made GPM not consider the `WARN` mode for Constraints. 11 | - Helm Chart: switched to Ingress networking.k8s.io/v1 from networking.k8s.io/v1beta1 for Kubernetes >1.22 compatibility (thanks @edify42!). 12 | - Helm Chart: it is now published in GitHub pages for easier usage. See the [readme](https://github.com/sighupio/gatekeeper-policy-manager#deploy-using-helm) for instructions. 13 | - Docs: [Added instructions to use AWS IAM authentication](https://github.com/sighupio/gatekeeper-policy-manager#aws-iam-authentication). 14 | - Updated all the dependencies. 15 | 16 | ### Breaking changes 17 | 18 | No breaking changes. 19 | -------------------------------------------------------------------------------- /docs/releases/v0.4.0.md: -------------------------------------------------------------------------------- 1 | # v0.4.0 2 | 3 | ## Changes from v0.3.0 to v0.4.0 4 | 5 | A lot of maintenance and some bug-fixing on this release: 6 | 7 | - Clicking on a violation gets "selected", this could be useful when there are several violations and you want to focus on just one. 8 | - Show a message when violations for a Constraint are unknown instead of saying that there are no violations. 9 | - Fixed double "Go back" button on logout message and better Info message style on Index when Authentication is enabled. 10 | - Updated all Python dependencies to the latest version. 11 | - A lot of work has been done to automate the SLC of the project (thanks @angelbarrera92!! 🎉 ): 12 | - We have now automated E2E testing of the app against a Kubernetes cluster with Gatekeeper installed. 13 | - Automatic dependencies update PRs from renovate bot. 14 | - We have now an automated release notes generation 15 | - Automated linting and format check for all languages 16 | 17 | ## Breaking changes 18 | 19 | No breaking changes. 20 | -------------------------------------------------------------------------------- /docs/releases/v0.4.2.md: -------------------------------------------------------------------------------- 1 | # v0.4.2 2 | 3 | ## Changes from v0.4.1 4 | 5 | Bug fixes: 6 | 7 | - Handle the case of a constraint not having a `spec` section defined. 8 | - Fix several typos on the UI 9 | - Improved Rego syntax highlighting (thanks to the work of @JordanSh on ) 10 | 11 | New features: 12 | 13 | - Highlight the Constraint Template / Constraint that you want to see when following a link. 14 | 15 | ## Updated dependencies 16 | 17 | - astroid==2.5.6 18 | - cachetools==4.2.2 19 | - cffi==1.14.5 20 | - cryptography==3.4.7 21 | - defusedxml==0.7.1 22 | - google-auth==1.30.0 23 | - importlib-metadata==4.0.1 24 | - importlib-resources==5.1.2 25 | - isort==v5.8.0 26 | - Jinja2==2.11.3 27 | - lazy-object-proxy==1.6.0 28 | - Mako==1.1.4 29 | - pycryptodomex==3.10.1 30 | - pylint==2.8.2 31 | - PyYAML==5.4.1 32 | - rsa==4.7.2 33 | - typed-ast==v1.4.3 34 | - urllib3==1.26.4 35 | - websocket-client==v0.58.0 36 | - zipp==3.4.1 37 | 38 | ## Breaking changes 39 | 40 | No breaking changes. 41 | -------------------------------------------------------------------------------- /app/web-client/src/components/Header/Style.scss: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | /* stylelint-disable-next-line selector-class-pattern */ 8 | .gpm-header .euiHeader { 9 | margin-left: auto; 10 | margin-right: auto; 11 | } 12 | 13 | .gpm-header .header-active { 14 | border-bottom: 1px solid #68288c; 15 | } 16 | 17 | /* stylelint-disable-next-line selector-class-pattern */ 18 | .gpm-header .euiHeader.gpm-header--desktop { 19 | z-index: 1002; 20 | padding: 0 13%; 21 | } 22 | 23 | /* stylelint-disable-next-line selector-class-pattern */ 24 | .gpm-header .euiHeader.gpm-header--mobile { 25 | height: 54px; 26 | padding-left: 16px; 27 | padding-right: 16px; 28 | } 29 | 30 | @media screen and (width >= 1365px) { 31 | /* stylelint-disable-next-line selector-class-pattern */ 32 | .gpm-header .euiHeader .gpm-header--desktop { 33 | padding: 0 25%; 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /tests/helper.bash: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bats 2 | 3 | # shellcheck disable=SC2086,SC2154,SC2034 4 | 5 | apply (){ 6 | kustomize build $1 >&2 7 | kustomize build $1 | kubectl apply -f - 2>&3 8 | } 9 | 10 | delete (){ 11 | kustomize build $1 >&2 12 | kustomize build $1 | kubectl delete -f - 2>&3 13 | } 14 | 15 | info(){ 16 | echo -e "${BATS_TEST_NUMBER}: ${BATS_TEST_DESCRIPTION}" >&3 17 | } 18 | 19 | loop_it(){ 20 | retry_counter=0 21 | max_retry=${2:-100} 22 | wait_time=${3:-2} 23 | run ${1} 24 | ko=${status} 25 | loop_it_result=${ko} 26 | while [[ ko -ne 0 ]] 27 | do 28 | if [ $retry_counter -ge $max_retry ]; then 29 | echo "Timeout waiting for the command to success." 30 | echo "Last command output was:" 31 | echo "${output}" 32 | return 1 33 | fi 34 | sleep ${wait_time} && echo "# waiting..." $retry_counter >&3 35 | run ${1} 36 | ko=${status} 37 | loop_it_result=${ko} 38 | loop_it_output=${output} 39 | retry_counter=$((retry_counter + 1)) 40 | done 41 | return 0 42 | } 43 | -------------------------------------------------------------------------------- /app/web-client/src/pages/Constraints/Style.scss: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | /* stylelint-disable selector-class-pattern, max-line-length */ 8 | .gpm-page-constraints .euiAccordion__button:focus { 9 | text-decoration: none !important; 10 | } 11 | 12 | .gpm-page-constraints .euiAccordion__button:hover { 13 | text-decoration: none !important; 14 | } 15 | 16 | .gpm-page-constraints .euiDescriptionList__title { 17 | max-width: 100px; 18 | } 19 | 20 | .gpm-page-constraints .euiPanel .euiBadge svg.euiIcon--small { 21 | width: 14px; 22 | height: 14px; 23 | } 24 | 25 | .gpm-page-constraints .euiDescriptionList.euiDescriptionList--column.euiDescriptionList--compressed .euiDescriptionList__description, 26 | .gpm-page-constraints .euiDescriptionList.euiDescriptionList--responsiveColumn.euiDescriptionList--compressed .euiDescriptionList__description { 27 | width: calc(100% - 100px); 28 | } 29 | -------------------------------------------------------------------------------- /docs/releases/v1.0.10.md: -------------------------------------------------------------------------------- 1 | # GPM v1.0.10 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.0.10 🎉 4 | 5 | This is a maintenance and bug-fixing release including: 6 | 7 | - [#976](https://github.com/sighupio/gatekeeper-policy-manager/pull/976) Fixed an issue in the Helm Chart preventing OIDC configuration discovery to work properly. Now optional OIDC configuration environment variables are set only when their respective values are set as chart values. 8 | - [#981](https://github.com/sighupio/gatekeeper-policy-manager/pull/981) Fixed an issue that failed to recognise the selected context when its name contained special characters like colons or forward slashes, for example the name that EKS gives to the context by default. Now special characters are supported. 9 | - [#982](https://github.com/sighupio/gatekeeper-policy-manager/pull/982) Improved the context selection drop down for long names, now the width is not hardcoded anymore and hovering with the mouse pointer shows a tooltip with the full context name. 10 | - Bumped all JavaScript and Python dependencies to their latest compatible version 11 | 12 | -------------------------------------------------------------------------------- /tests/e2e/README.md: -------------------------------------------------------------------------------- 1 | # GPM UI E2E Tests 2 | 3 | This folder contains the test definitions for testing UI regressions in GPM's frontend. 4 | 5 | The best way to use locally these tests is to run them in a docker container, otherwise, you might get different rendering results. 6 | 7 | > Notice that you'll need to have a working instance of GPM accessible at `http://localhost:8080` 8 | > 9 | > For example with: 10 | > 11 | > ```bash 12 | > kubectl port-forward -n gatekeeper-system svc/gatekeeper-policy-manager 8080:80 13 | > ``` 14 | 15 | 1. Get the container running: 16 | 17 | ```console 18 | docker run --rm -it --network=host -v $PWD:/app mcr.microsoft.com/playwright:v1.30.0-focal 19 | ``` 20 | 21 | 2. Install all the dependencies: 22 | 23 | ```console 24 | cd app/tests/e2e 25 | yarn install 26 | ``` 27 | 28 | 3. compare current status with the baseline: 29 | 30 | ```console 31 | yarn test 32 | ``` 33 | 34 | 4. (optional) create new baseline for the tests: 35 | 36 | ```console 37 | yarn gen:snapshot 38 | ``` 39 | 40 | 5. re-compare current status with the new baseline: 41 | 42 | ```console 43 | yarn test 44 | ``` 45 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | FROM --platform=$BUILDPLATFORM node:lts-alpine AS node 5 | WORKDIR /web-client 6 | COPY app/web-client/package.json app/web-client/yarn.lock ./ 7 | RUN yarn install && yarn cache clean 8 | COPY app/web-client /web-client 9 | RUN yarn build 10 | 11 | 12 | FROM python:3.12-slim 13 | LABEL org.opencontainers.vendor="SIGHUP.io" 14 | LABEL org.opencontainers.image.authors="SIGHUP https://sighup.io" 15 | LABEL org.opencontainers.image.source="https://github.com/sighupio/gatekeeper-policy-manager" 16 | 17 | RUN groupadd -r gpm && useradd --no-log-init -r -g gpm gpm 18 | 19 | WORKDIR /app 20 | COPY --chown=gpm ./app /app 21 | COPY --from=node --chown=gpm /web-client/build/ /app/static-content/ 22 | # hadolint ignore=DL3013 23 | RUN pip install --no-cache-dir uv && uv pip install --system --no-cache-dir -r /app/requirements.txt 24 | USER 999 25 | EXPOSE 8080 26 | CMD ["gunicorn", "--bind=:8080", "--workers=2", "--threads=4", "--worker-class=gthread", "app:app"] 27 | -------------------------------------------------------------------------------- /docs/releases/v0.4.1.md: -------------------------------------------------------------------------------- 1 | # v0.4.1 2 | 3 | ## Changes from v0.4.0 to v0.4.1 4 | 5 | Bug fixes: 6 | 7 | - Add a warning when the amount of violations audits that can be shown is less than the total violations. See #63. 8 | - Increase uWSGI buffer size for headers (see #61 thanks @kg-ops!) 9 | - Fix Label Selector not showing correctly on constraints view (thanks @lnovara for spotting it) 10 | 11 | Updated Python dependencies: 12 | 13 | - cachetools to 4.2.0 14 | - certifi to v2020.12.5 15 | - cffi to 1.14.4 16 | - chardet to 4.0.0 17 | - cryptography to 3.3.1 18 | - cryptography to v3.2.1 19 | - Flask-pyoidc to 3.7.0 20 | - google-auth to 1.24.0 21 | - google-auth to v1.23.0 22 | - importlib-metadata to 3.3.0 23 | - importlib-resources to 4.1.1 24 | - importlib-resources to v3.3.0 25 | - isort to 5.7.0 26 | - kubernetes to 12.0.0 27 | - lazy-object-proxy to 1.5.2 28 | - oic to 1.2.1 29 | - pycryptodomex to v3.9.9 30 | - requests to v2.25.1 31 | - typed-ast to 1.4.2 32 | - urllib3 to 1.26.2 33 | - zipp to v3.4.0 34 | 35 | Updated OS-level dependencies: 36 | 37 | - musl-dev to 1.1.24-r3 38 | 39 | ## Breaking changes 40 | 41 | No breaking changes. 42 | -------------------------------------------------------------------------------- /tests/e2e-tests.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: batch/v1 6 | kind: Job 7 | metadata: 8 | name: e2e-tests 9 | spec: 10 | template: 11 | spec: 12 | containers: 13 | - name: configs 14 | image: docker.io/curlimages/curl 15 | command: ["/bin/sh", "-c"] 16 | args: ["curl -s http://gatekeeper-policy-manager.gatekeeper-system.svc.cluster.local/api/v1/configs/ | grep 'kube-system'"] 17 | - name: constrainttemplates 18 | image: docker.io/curlimages/curl 19 | command: ["/bin/sh", "-c"] 20 | args: ["curl -s http://gatekeeper-policy-manager.gatekeeper-system.svc.cluster.local/api/v1/constrainttemplates/ | grep 'target'"] 21 | - name: constraints 22 | image: docker.io/curlimages/curl 23 | command: ["/bin/sh", "-c"] 24 | args: ["curl -s http://gatekeeper-policy-manager.gatekeeper-system.svc.cluster.local/api/v1/constraints/ | grep 'totalViolations'"] 25 | restartPolicy: Never 26 | backoffLimit: 9 27 | -------------------------------------------------------------------------------- /manifests/rbac.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: v1 6 | kind: ServiceAccount 7 | metadata: 8 | name: gatekeeper-policy-manager 9 | 10 | --- 11 | 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: ClusterRole 14 | metadata: 15 | name: gatekeeper-policy-manager-crd-view 16 | rules: 17 | - apiGroups: ["constraints.gatekeeper.sh"] 18 | resources: ["*"] 19 | verbs: ["get", "list", "watch"] 20 | - apiGroups: ["templates.gatekeeper.sh"] 21 | resources: ["*"] 22 | verbs: ["get", "list", "watch"] 23 | - apiGroups: ["config.gatekeeper.sh"] 24 | resources: ["*"] 25 | verbs: ["get", "list", "watch"] 26 | 27 | --- 28 | 29 | apiVersion: rbac.authorization.k8s.io/v1 30 | kind: ClusterRoleBinding 31 | metadata: 32 | name: gatekeeper-policy-manager-crd-view 33 | roleRef: 34 | apiGroup: rbac.authorization.k8s.io 35 | kind: ClusterRole 36 | name: gatekeeper-policy-manager-crd-view 37 | subjects: 38 | - kind: ServiceAccount 39 | name: gatekeeper-policy-manager 40 | namespace: gatekeeper-system 41 | -------------------------------------------------------------------------------- /app/web-client/src/hooks/useCurrentElementInView.tsx: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { MutableRefObject, useEffect } from "react"; 8 | 9 | export default function useCurrentElementInView( 10 | refs: MutableRefObject, 11 | cb: (id: string) => any, 12 | offset = 0 13 | ) { 14 | const observer = new IntersectionObserver((entries, observer) => { 15 | const elementVisible = entries.filter((element) => { 16 | const top = element.boundingClientRect.top; 17 | 18 | return top + offset >= 0 && top - offset <= window.innerHeight; 19 | }) 20 | 21 | if (elementVisible.length > 0) { 22 | cb(elementVisible[0].target.id); 23 | } 24 | 25 | observer.disconnect(); 26 | }); 27 | 28 | const onScroll = () => { 29 | refs.current.forEach(el => { 30 | observer.observe(el); 31 | }) 32 | }; 33 | 34 | useEffect(() => { 35 | document.addEventListener("scroll", onScroll, true); 36 | return () => document.removeEventListener("scroll", onScroll, true); 37 | }, []); 38 | } 39 | -------------------------------------------------------------------------------- /chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | type: application 3 | name: gatekeeper-policy-manager 4 | description: 5 | A Helm chart for Gatekeeper Policy Manager, a simple to use, read-only web UI for 6 | viewing OPA Gatekeeper policies' status in a Kubernetes Cluster. 7 | home: https://sighup.io 8 | sources: 9 | - https://github.com/sighupio/gatekeeper-policy-manager/ 10 | icon: https://raw.githubusercontent.com/sighupio/gatekeeper-policy-manager/main/docs/assets/logo.svg 11 | maintainers: 12 | - name: Ramiro Algozino 13 | email: ramiro@sighup.io 14 | keywords: 15 | ["opa", "gatekeeper", "policy", "ui", "dashboard", "web", "rego", "webapp"] 16 | 17 | # This is the chart version. This version number should be incremented each time you make changes 18 | # to the chart and its templates, including the app version. 19 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 20 | version: "0.15.0" 21 | 22 | # This is the version number of the application being deployed. This version number should be 23 | # incremented each time you make changes to the application. Versions are not expected to 24 | # follow Semantic Versioning. They should reflect the version the application is using. 25 | appVersion: "v1.1.0" 26 | -------------------------------------------------------------------------------- /app/web-client/src/pages/Configurations/types.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | export interface IGVK { 8 | group: string; 9 | version: string; 10 | kind: string; 11 | } 12 | 13 | export interface ITrace { 14 | user: string; 15 | kind: IGVK; 16 | dump: string; 17 | } 18 | 19 | export interface IConfigSpecSync { 20 | syncOnly: IGVK[]; 21 | } 22 | 23 | export interface IConfigSpecValidation { 24 | traces: ITrace[]; 25 | } 26 | 27 | export interface IConfigSpecMatch { 28 | processes: string[]; 29 | excludedNamespaces: string[]; 30 | } 31 | 32 | export interface IConfigSpecReadiness { 33 | statsEnabled: boolean; 34 | } 35 | 36 | export interface IConfigSpec { 37 | sync?: IConfigSpecSync; 38 | validation?: IConfigSpecValidation; 39 | match?: IConfigSpecMatch[]; 40 | readiness?: IConfigSpecReadiness; 41 | } 42 | 43 | export interface IConfig { 44 | apiVersion: string; 45 | kind: string; 46 | metadata: { 47 | name: string; 48 | namespace: string; 49 | creationTimestamp: string; 50 | }; 51 | spec?: IConfigSpec; 52 | status?: any; 53 | } 54 | -------------------------------------------------------------------------------- /docs/releases/v1.1.0.md: -------------------------------------------------------------------------------- 1 | # GPM v1.1.0 2 | 3 | Welcome to the release of Gatekeeper Policy Manager version 1.1.0 🎉 4 | 5 | This is a minor release including user experience improvements, new features and dependencies maintenance: 6 | 7 | - [[#1327]](https://github.com/sighupio/gatekeeper-policy-manager/pull/1327) UX improvements: 8 | - Allow sorting, searching and filtering in the constraints violations table. 9 | - Make the navigation bar for Constraints and Constraints Templates sticky, so it will scroll with the view. 10 | - Clicking a link now scrolls to the top of the item instead of the middle. 11 | - Active item indicator seems to be working properly. 12 | - Disabled text truncating in the Constraints nav bar, is not great but better that not seeing the whole name. 13 | - Rebranding: Kubernetes Fury Distribution to SIGHUP Distribution 14 | - [[#1328]](https://github.com/sighupio/gatekeeper-policy-manager/pull/1328) GPM now uses ConstraintsTemplates `v1` API, this could be a breaking change if you are using older versions of OPA Gatekeeper that were still on v1beta1. `v1` has been available since [Gatekeeper v3.6.0](https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.6.0). 15 | - Bumped all JavaScript and Python dependencies to their latest compatible version. 16 | -------------------------------------------------------------------------------- /kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | apiVersion: kustomize.config.k8s.io/v1beta1 5 | kind: Kustomization 6 | 7 | namespace: gatekeeper-system 8 | 9 | resources: 10 | - manifests/rbac.yaml 11 | - manifests/deployment.yaml 12 | - manifests/service.yaml 13 | # Uncomment the following line to create an ingress if you want to expose the 14 | # the app to the outside. Remember to edit the file and set the host accordingly. 15 | # - manifests/ingress.yaml 16 | 17 | # Uncomment the following line if you are using some of the patches below. 18 | #patchesStrategicMerge: 19 | # Uncomment the following patch to enable multi-cluster support. 20 | # - manifests/multi-cluster.yaml 21 | # Uncomment the following patch to enable OIDC authentication. 22 | # Remember to edit the file to set the right values. 23 | # - manifests/enable-oidc.yaml 24 | 25 | # Example secretGenerator to create a secret with the kubeconfig: 26 | # secretGenerator: 27 | # - name: kubeconfig 28 | # namespace: gatekeeper-system 29 | # files: 30 | # - kubeconfig # or the path to your file. 31 | 32 | images: 33 | - name: quay.io/sighup/gatekeeper-policy-manager 34 | newTag: v1.1.0 35 | -------------------------------------------------------------------------------- /chart/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "gatekeeper-policy-manager.fullname" . }} 6 | labels: 7 | {{- include "gatekeeper-policy-manager.labels" . | nindent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ include "gatekeeper-policy-manager.fullname" . }} 13 | minReplicas: {{ .Values.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- with .Values.autoscaling.metrics }} 17 | {{- toYaml . | nindent 4 }} 18 | {{- else }} 19 | {{- with .Values.autoscaling.targetMemoryUtilizationPercentage }} 20 | - type: Resource 21 | resource: 22 | name: memory 23 | target: 24 | type: Utilization 25 | averageUtilization: {{ . }} 26 | {{- end }} 27 | {{- with .Values.autoscaling.targetCPUUtilizationPercentage }} 28 | - type: Resource 29 | resource: 30 | name: cpu 31 | target: 32 | type: Utilization 33 | averageUtilization: {{ . }} 34 | {{- end }} 35 | {{- end }} 36 | {{- with .Values.autoscaling.behavior }} 37 | behavior: 38 | {{- toYaml . | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /tests/e2e/yarn.lock: -------------------------------------------------------------------------------- 1 | # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. 2 | # yarn lockfile v1 3 | 4 | 5 | "@playwright/test@^1.30.0": 6 | version "1.30.0" 7 | resolved "https://registry.yarnpkg.com/@playwright/test/-/test-1.30.0.tgz#8c0c4930ff2c7be7b3ec3fd434b2a3b4465ed7cb" 8 | integrity sha512-SVxkQw1xvn/Wk/EvBnqWIq6NLo1AppwbYOjNLmyU0R1RoQ3rLEBtmjTnElcnz8VEtn11fptj1ECxK0tgURhajw== 9 | dependencies: 10 | "@types/node" "*" 11 | playwright-core "1.30.0" 12 | 13 | "@types/node@*": 14 | version "18.11.18" 15 | resolved "https://registry.yarnpkg.com/@types/node/-/node-18.11.18.tgz#8dfb97f0da23c2293e554c5a50d61ef134d7697f" 16 | integrity sha512-DHQpWGjyQKSHj3ebjFI/wRKcqQcdR+MoFBygntYOZytCqNfkd2ZC4ARDJ2DQqhjH5p85Nnd3jhUJIXrszFX/JA== 17 | 18 | playwright-core@1.30.0: 19 | version "1.30.0" 20 | resolved "https://registry.yarnpkg.com/playwright-core/-/playwright-core-1.30.0.tgz#de987cea2e86669e3b85732d230c277771873285" 21 | integrity sha512-7AnRmTCf+GVYhHbLJsGUtskWTE33SwMZkybJ0v6rqR1boxq2x36U7p1vDRV7HO2IwTZgmycracLxPEJI49wu4g== 22 | 23 | playwright@^1.30.0: 24 | version "1.30.0" 25 | resolved "https://registry.yarnpkg.com/playwright/-/playwright-1.30.0.tgz#b1d7be2d45d97fbb59f829f36f521f12010fe072" 26 | integrity sha512-ENbW5o75HYB3YhnMTKJLTErIBExrSlX2ZZ1C/FzmHjUYIfxj/UnI+DWpQr992m+OQVSg0rCExAOlRwB+x+yyIg== 27 | dependencies: 28 | playwright-core "1.30.0" 29 | -------------------------------------------------------------------------------- /docs/releases/v0.5.1.md: -------------------------------------------------------------------------------- 1 | # v0.5.1 2 | 3 | Gatekeeper Policy Manager version 0.5.1 4 | 5 | ## Changes from v0.5.0 6 | 7 | - Increased default memory limits in Kubernetes manifests and the Helm chart due to reports of missbehaviour with the previous values. 8 | - Update to Python 3.10 9 | - Set explicitly the replica count for Kubernetes deployment 10 | - Fix error on Constraint Templates view when the Template doesn't have a `Properties` key under the OpenAPIv3 Schema. 11 | - Switched `master` to `main` 12 | 13 | ### Updated dependencies 14 | 15 | Backend: 16 | 17 | - Python 3.9 -> 3.10 18 | - cachetools 4.2.2 -> 4.2.4 19 | - certifi 2021.5.30 -> 2021.10.8 20 | - cffi 1.14.6 -> 1.15.0 21 | - charset-normalizer 2.0.4 -> 2.0.7 22 | - click 8.0.1 -> 8.0.3 23 | - cryptography 3.4.7 -> 36.0.1 24 | - Flask-pyoidc 3.7.0 -> 3.8.0 25 | - google-auth 2.0.0 -> 2.3.3 26 | - idna 3.2 -> 3.3 27 | - importlib-resources 5.2.2 -> 5.4.0 28 | - Jinja2 3.0.1 -> 3.0.3 29 | - Mako 1.1.4 -> 1.1.5 30 | - pycparser 2.20 -> 2.21 31 | - pycryptodomex 3.10.1 -> 3.12.0 32 | - PyYAML 5.4.1 -> 6.0 33 | - requests 2.26.0 -> 2.27.1 34 | - rsa 4.7.2 -> 4.8 35 | - typing-extensions 3.10.0.0 -> 4.0.1 36 | - urllib3 1.26.6 -> 1.26.8 37 | - websocket-client 1.2.1 -> 1.2.3 38 | - Werkzeug 2.0.1 -> 2.0.2 39 | - zipp 3.5.0 -> 3.7.0 40 | 41 | Frontend: 42 | 43 | - fomantic-ui 2.8.7 -> 2.8.8 44 | 45 | ### Breaking changes 46 | 47 | No breaking changes. 48 | -------------------------------------------------------------------------------- /app/web-client/src/pages/Logout/Component.tsx: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { 8 | EuiButton, 9 | EuiFlexGroup, 10 | EuiFlexItem, 11 | EuiPage, 12 | EuiSpacer, 13 | EuiText, 14 | } from "@elastic/eui"; 15 | 16 | function LogoutComponent() { 17 | return ( 18 | 28 | 33 | 34 | 35 |

You've been successfully logged out!

36 | 37 | 38 | 39 | 45 | Go to home 46 | 47 | 48 | 49 | 50 | 51 | ); 52 | } 53 | 54 | export default LogoutComponent; 55 | -------------------------------------------------------------------------------- /app/web-client/src/utils.tsx: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | export function scrollToElement(hash: string, smooth: boolean = false) { 8 | const element = document.querySelector(hash.replace(/:|\./g, '\\$&')); 9 | 10 | if (!element) { 11 | return; 12 | } 13 | 14 | element?.firstElementChild?.classList.toggle("highlighted"); 15 | 16 | if (smooth) { 17 | element.scrollIntoView({ behavior: "smooth", block: "start" }); 18 | } else { 19 | element.scrollIntoView({ block: "start" }); 20 | } 21 | 22 | setTimeout(() => { 23 | element?.firstElementChild?.classList.toggle("highlighted"); 24 | }, 1000); 25 | } 26 | 27 | export function autoLink(text: string) { 28 | const delimiter = /((?:https?:\/\/)(?:(?:[a-z0-9]?(?:[a-z0-9\-]{1,61}[a-z0-9])?\.[^\.|\s])+[a-z\.]*[a-z]+|(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3})(?::\d{1,5})*[a-z0-9.,_\/~#&=;%+?\-\\(\\)]*)/gi; 29 | return ( 30 | <> 31 | {text.split(delimiter).map(word => { 32 | const match = word.match(delimiter); 33 | if (match) { 34 | const url = match[0]; 35 | return ( 36 | {url} 37 | ); 38 | } 39 | return word; 40 | })} 41 | 42 | ); 43 | }; -------------------------------------------------------------------------------- /manifests/deployment.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022 SIGHUP s.r.l All rights reserved. 2 | # Use of this source code is governed by a BSD-style 3 | # license that can be found in the LICENSE file. 4 | 5 | apiVersion: apps/v1 6 | kind: Deployment 7 | metadata: 8 | name: gatekeeper-policy-manager 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: gatekeeper-policy-manager 14 | template: 15 | metadata: 16 | labels: 17 | app: gatekeeper-policy-manager 18 | spec: 19 | serviceAccountName: gatekeeper-policy-manager 20 | containers: 21 | - name: gatekeeper-policy-manager 22 | image: quay.io/sighup/gatekeeper-policy-manager 23 | imagePullPolicy: Always 24 | resources: 25 | requests: 26 | memory: "128Mi" 27 | cpu: "100m" 28 | limits: 29 | memory: "256Mi" 30 | cpu: "500m" 31 | livenessProbe: 32 | httpGet: 33 | path: /health 34 | port: http 35 | readinessProbe: 36 | httpGet: 37 | path: /health 38 | port: http 39 | ports: 40 | - containerPort: 8080 41 | name: http 42 | securityContext: 43 | privileged: false 44 | runAsNonRoot: true 45 | allowPrivilegeEscalation: false 46 | seccompProfile: 47 | type: RuntimeDefault 48 | capabilities: 49 | drop: 50 | - ALL 51 | -------------------------------------------------------------------------------- /chart/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.rbac.create (eq .Values.clusterRole.create true) -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ template "gatekeeper-policy-manager.clusterRoleName" . }} 6 | labels: 7 | app: {{ template "gatekeeper-policy-manager.name" . }} 8 | chart: {{ template "gatekeeper-policy-manager.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | rules: 12 | - apiGroups: ["constraints.gatekeeper.sh"] 13 | resources: ["*"] 14 | verbs: ["get", "list", "watch"] 15 | - apiGroups: ["templates.gatekeeper.sh"] 16 | resources: ["*"] 17 | verbs: ["get", "list", "watch"] 18 | - apiGroups: ["config.gatekeeper.sh"] 19 | resources: ["*"] 20 | verbs: ["get", "list", "watch"] 21 | --- 22 | apiVersion: rbac.authorization.k8s.io/v1 23 | kind: ClusterRoleBinding 24 | metadata: 25 | name: {{ template "gatekeeper-policy-manager.clusterRoleName" . }} 26 | labels: 27 | app: {{ template "gatekeeper-policy-manager.name" . }} 28 | chart: {{ template "gatekeeper-policy-manager.chart" . }} 29 | release: {{ .Release.Name }} 30 | heritage: {{ .Release.Service }} 31 | roleRef: 32 | apiGroup: rbac.authorization.k8s.io 33 | kind: ClusterRole 34 | name: {{ template "gatekeeper-policy-manager.clusterRoleName" . }} 35 | subjects: 36 | - name: {{ template "gatekeeper-policy-manager.serviceAccountName" . }} 37 | namespace: {{ .Release.Namespace | quote }} 38 | kind: ServiceAccount 39 | {{- end -}} -------------------------------------------------------------------------------- /app/web-client/src/pages/NotFound/Component.tsx: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { 8 | EuiButton, 9 | EuiFlexGroup, 10 | EuiFlexItem, 11 | EuiPage, 12 | EuiSpacer, 13 | EuiText, 14 | } from "@elastic/eui"; 15 | 16 | function NotFoundComponent() { 17 | return ( 18 | 28 | 33 | 34 | 35 |

404

36 | 37 | 38 | 39 | 40 |

Page not found

41 | 42 | 43 | 44 | 50 | Go to home 51 | 52 | 53 | 54 | 55 | 56 | ); 57 | } 58 | 59 | export default NotFoundComponent; 60 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2020, SIGHUP 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | * Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | * Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- /chart/LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2020, SIGHUP 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | * Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | * Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- /app/web-client/src/pages/ConstraintTemplates/types.ts: -------------------------------------------------------------------------------- 1 | import { IConstraint } from "../Constraints/types"; 2 | 3 | /** 4 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 5 | * Use of this source code is governed by a BSD-style 6 | * license that can be found in the LICENSE file. 7 | */ 8 | 9 | export interface IConstraintTemplateSpecTarget { 10 | rego?: string; 11 | libs?: string[]; 12 | target: string; 13 | code?: IConstraintTemplateSpecTargetCode[]; 14 | } 15 | 16 | export interface IConstraintTemplateSpecTargetCode { 17 | engine: string; 18 | source: { 19 | rego: string; 20 | version: string; 21 | }; 22 | } 23 | 24 | export interface IConstraintTemplateSpecStatusPod { 25 | id: string; 26 | observedGeneration: number; 27 | operations: string[]; 28 | templateUID: string; 29 | } 30 | 31 | export interface IConstraintTemplate { 32 | apiVersion: string; 33 | kind: string; 34 | metadata: { 35 | name: string; 36 | namespace: string; 37 | creationTimestamp: string; 38 | labels: { 39 | [key: string]: string; 40 | }; 41 | annotations?: { 42 | [key: string]: string; 43 | }; 44 | }; 45 | spec: { 46 | crd: { 47 | spec: { 48 | names: { 49 | kind: string; 50 | }; 51 | validation: any; 52 | }; 53 | }; 54 | targets: IConstraintTemplateSpecTarget[]; 55 | }; 56 | status: { 57 | byPod: IConstraintTemplateSpecStatusPod[]; 58 | created: boolean; 59 | }; 60 | } 61 | 62 | export interface IRelatedConstraints { 63 | [key: string]: IConstraint[]; 64 | } 65 | 66 | export interface IConstraintTemplateResponse { 67 | constrainttemplates: IConstraintTemplate[]; 68 | constraints_by_constrainttemplates: IRelatedConstraints; 69 | } 70 | -------------------------------------------------------------------------------- /app/web-client/src/pages/Constraints/types.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | export interface IConstraintStatusPod { 8 | id: string; 9 | observedGeneration: number; 10 | operations: string[]; 11 | enforced: boolean; 12 | constraintUID: string; 13 | } 14 | 15 | export interface IConstraintStatusViolation { 16 | enforcementAction: string; 17 | kind: string; 18 | message: string; 19 | name: string; 20 | namespace: string; 21 | } 22 | 23 | export interface IConstraintSpecMatchKinds { 24 | apiGroups: string[]; 25 | kinds: string[]; 26 | } 27 | 28 | export interface IConstraintSpecMatchLabelSelector { 29 | matchExpressions?: { 30 | key: string; 31 | operator: string; 32 | values: string[]; 33 | }[]; 34 | matchLabels?: { 35 | [key: string]: string; 36 | }; 37 | } 38 | 39 | export interface IConstraintSpec { 40 | enforcementAction: string; 41 | match?: { 42 | kinds?: IConstraintSpecMatchKinds[]; 43 | scope?: string; 44 | namespaces?: string[]; 45 | excludedNamespaces?: string[]; 46 | labelSelector?: IConstraintSpecMatchLabelSelector; 47 | namespaceSelector?: IConstraintSpecMatchLabelSelector; 48 | name?: string; 49 | }; 50 | parameters: { 51 | [key: string]: any; 52 | }; 53 | } 54 | 55 | export interface IConstraint { 56 | apiVersion: string; 57 | kind: string; 58 | metadata: { 59 | name: string; 60 | creationTimestamp: string; 61 | }; 62 | spec?: IConstraintSpec; 63 | status: { 64 | byPod: IConstraintStatusPod[]; 65 | auditTimestamp: string; 66 | totalViolations?: number; 67 | violations: IConstraintStatusViolation[]; 68 | }; 69 | } 70 | -------------------------------------------------------------------------------- /app/web-client/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "gatekeeper-policy-manager-frontend", 3 | "version": "1.0.0", 4 | "description": "Gatekeeper Policy Manager Frontend", 5 | "author": "Ramiro Algozino ", 6 | "license": "BSD-2-Clause", 7 | "repository": { 8 | "type": "git", 9 | "url": "https://github.com/sighupio/gatekeeper-policy-manager" 10 | }, 11 | "dependencies": { 12 | "@elastic/eui": "^99.1.0", 13 | "@emotion/css": "^11.13.5", 14 | "@emotion/react": "^11.14.0", 15 | "@testing-library/jest-dom": "^6.8.0", 16 | "@testing-library/react": "^12.1.5", 17 | "@testing-library/user-event": "^14.6.1", 18 | "@types/jest": "^30.0.0", 19 | "@types/node": "^24.3.0", 20 | "@types/react": "^17.0.20", 21 | "@types/react-dom": "^17.0.2", 22 | "lodash.clonedeep": "^4.5.0", 23 | "prop-types": "^15.8.1", 24 | "react": "^17.0.2", 25 | "react-dom": "^17.0.2", 26 | "react-json-tree": "^0.20.0", 27 | "react-router-dom": "^6.30.2", 28 | "react-scripts": "5.0.1", 29 | "sass": "^1.90.0", 30 | "typescript": "^5.9.2", 31 | "web-vitals": "^5.1.0" 32 | }, 33 | "resolutions": { 34 | "fork-ts-checker-webpack-plugin": "^8.0.0", 35 | "@typescript-eslint/parser": "^6.7.0", 36 | "@typescript-eslint/eslint-plugin": "^6.7.0", 37 | "eslint": "^8.49.0" 38 | }, 39 | "scripts": { 40 | "start": "react-scripts start", 41 | "build": "react-scripts build", 42 | "test": "react-scripts test", 43 | "eject": "react-scripts eject" 44 | }, 45 | "eslintConfig": { 46 | "extends": [ 47 | "react-app", 48 | "react-app/jest" 49 | ] 50 | }, 51 | "browserslist": { 52 | "production": [ 53 | ">0.2%", 54 | "not dead", 55 | "not op_mini all" 56 | ], 57 | "development": [ 58 | "last 1 chrome version", 59 | "last 1 firefox version", 60 | "last 1 safari version" 61 | ] 62 | }, 63 | "devDependencies": { 64 | "@elastic/datemath": "^5.0.3", 65 | "@types/lodash.clonedeep": "^4.5.9", 66 | "@types/react-router-dom": "^5.3.3", 67 | "moment": "^2.30.1" 68 | } 69 | } -------------------------------------------------------------------------------- /app/web-client/src/pages/Home/Component.tsx: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { 8 | EuiButton, 9 | EuiFlexGroup, 10 | EuiFlexItem, 11 | EuiImage, 12 | EuiPage, 13 | EuiSpacer, 14 | EuiText, 15 | } from "@elastic/eui"; 16 | import logo from "../../assets/gpm-logo.svg"; 17 | import { useContext } from "react"; 18 | import { ApplicationContext } from "../../AppContext"; 19 | 20 | function HomeComponent() { 21 | const appContextData = useContext(ApplicationContext); 22 | 23 | return ( 24 | 34 | 39 | 40 | 41 | 42 | 43 | 44 |

Welcome!

45 | 46 | 47 | 48 | 49 |

50 | Gatekeeper Policy Manager is a simple to use web-based tool to see 51 | the policies deployed in your cluster and their status 52 |

53 | 54 | 55 | 56 | 62 | See Constraints status 63 | 64 | 65 | 66 | 67 | 68 | ); 69 | } 70 | 71 | export default HomeComponent; 72 | -------------------------------------------------------------------------------- /app/web-client/public/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 19 | 20 | 24 | 25 | 34 | Gatekeeper Policy Manager 35 | 36 | 37 | 38 |
39 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /chart/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | Thank you for installing SIGHUP Gatekeeper Policy Manager, part of the SIGHUP Distribution 3 | https://docs.sighup.com | https://sighup.io 4 | 5 | This is open source software <3 check out the source code at: 6 | https://github.com/sighupio/gatekeeper-policy-manager 7 | 8 | Feel free to send us feedback and report if you find any issue. Contributions are always apreciated. 9 | 10 | 1. Get the application URL by running these commands: 11 | {{- if .Values.ingress.enabled }} 12 | {{- range $host := .Values.ingress.hosts }} 13 | {{- range .paths }} 14 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} 15 | {{- end }} 16 | {{- end }} 17 | {{- else if contains "NodePort" .Values.service.type }} 18 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "gatekeeper-policy-manager.fullname" . }}) 19 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 20 | echo http://$NODE_IP:$NODE_PORT 21 | {{- else if contains "LoadBalancer" .Values.service.type }} 22 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 23 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "gatekeeper-policy-manager.fullname" . }}' 24 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "gatekeeper-policy-manager.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 25 | echo http://$SERVICE_IP:{{ .Values.service.port }} 26 | {{- else if contains "ClusterIP" .Values.service.type }} 27 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "gatekeeper-policy-manager.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 28 | export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") 29 | echo "Visit http://127.0.0.1:8080 to use your application" 30 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /app/web-client/README.md: -------------------------------------------------------------------------------- 1 | # Getting Started with Create React App 2 | 3 | This project was bootstrapped with [Create React App](https://github.com/facebook/create-react-app). 4 | 5 | ## Available Scripts 6 | 7 | In the project directory, you can run: 8 | 9 | ### `yarn start` 10 | 11 | Runs the app in the development mode.\ 12 | Open [http://localhost:3000](http://localhost:3000) to view it in the browser. 13 | 14 | The page will reload if you make edits.\ 15 | You will also see any lint errors in the console. 16 | 17 | ### `yarn test` 18 | 19 | Launches the test runner in the interactive watch mode.\ 20 | See the section about [running tests](https://facebook.github.io/create-react-app/docs/running-tests) for more information. 21 | 22 | ### `yarn build` 23 | 24 | Builds the app for production to the `build` folder.\ 25 | It correctly bundles React in production mode and optimizes the build for the best performance. 26 | 27 | The build is minified and the filenames include the hashes.\ 28 | Your app is ready to be deployed! 29 | 30 | See the section about [deployment](https://facebook.github.io/create-react-app/docs/deployment) for more information. 31 | 32 | ### `yarn eject` 33 | 34 | **Note: this is a one-way operation. Once you `eject`, you can’t go back!** 35 | 36 | If you aren’t satisfied with the build tool and configuration choices, you can `eject` at any time. This command will remove the single build dependency from your project. 37 | 38 | Instead, it will copy all the configuration files and the transitive dependencies (webpack, Babel, ESLint, etc) right into your project so you have full control over them. All of the commands except `eject` will still work, but they will point to the copied scripts so you can tweak them. At this point you’re on your own. 39 | 40 | You don’t have to ever use `eject`. The curated feature set is suitable for small and middle deployments, and you shouldn’t feel obligated to use this feature. However we understand that this tool wouldn’t be useful if you couldn’t customize it when you are ready for it. 41 | 42 | ## Learn More 43 | 44 | You can learn more in the [Create React App documentation](https://facebook.github.io/create-react-app/docs/getting-started). 45 | 46 | To learn React, check out the [React documentation](https://reactjs.org/). 47 | -------------------------------------------------------------------------------- /app/web-client/src/components/Footer/Component.tsx: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import { 8 | EuiFlexGroup, 9 | EuiFlexItem, 10 | EuiIcon, 11 | EuiLink, 12 | EuiSpacer, 13 | EuiText, 14 | } from "@elastic/eui"; 15 | import githubLogo from "../../assets/github-logo.svg"; 16 | import "./Style.scss"; 17 | 18 | function FooterComponent() { 19 | return ( 20 |
21 | 22 | 23 | 24 |

25 | Gatekeeper Policy Manager v1.1.0 26 |

27 | 28 | 29 |

A simple to use web-based Gatekeeper policies manager

30 | 31 | 32 | 33 | 34 |

35 | Proud part of the{" "} 36 | 37 | SIGHUP Distribution 38 | 39 |

40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 |

48 |   49 | 53 | Source Code 54 | 55 |

56 | 57 | 58 | 59 | 60 | 61 | 62 |
63 | ); 64 | } 65 | 66 | export default FooterComponent; 67 | -------------------------------------------------------------------------------- /app/web-client/src/App.tsx: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. 3 | * Use of this source code is governed by a BSD-style 4 | * license that can be found in the LICENSE file. 5 | */ 6 | 7 | import React from "react"; 8 | import ContextProvider from "./AppContextProvider"; 9 | import { EuiProvider } from "@elastic/eui"; 10 | import { Routes, Route, useLocation } from "react-router-dom"; 11 | import { Home } from "./pages/Home"; 12 | import { Header } from "./components/Header"; 13 | import { Footer } from "./components/Footer"; 14 | import { ConstraintTemplates } from "./pages/ConstraintTemplates"; 15 | import { Constraints } from "./pages/Constraints"; 16 | import { Configurations } from "./pages/Configurations"; 17 | import { Error } from "./pages/Error"; 18 | import { Logout } from "./pages/Logout"; 19 | import { NotFound } from "./pages/NotFound"; 20 | import { theme } from "./theme"; 21 | import "./App.scss"; 22 | 23 | function App() { 24 | const { pathname } = useLocation(); 25 | 26 | return ( 27 | 31 | 32 | {pathname === "/logout" ? null :
} 33 | 34 | 35 | } /> 36 | } /> 37 | 38 | 39 | } /> 40 | } /> 41 | 42 | 43 | } /> 44 | } /> 45 | 46 | 47 | } /> 48 | } /> 49 | 50 | } /> 51 | } /> 52 | } /> 53 | 54 |