From 305e84839acad657e2870079bee25f2b78594957 Mon Sep 17 00:00:00 2001
From: TzlilSwimmer123 <51244810+TzlilSwimmer123@users.noreply.github.com>
Date: Sun, 23 Jul 2023 11:56:54 +0300
Subject: [PATCH 1/3] fix: make cel expression policy work (#963)
Co-authored-by: teselil
---
examples/CEL/policy.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/examples/CEL/policy.yaml b/examples/CEL/policy.yaml
index 7a418fbde..c5043ea09 100755
--- a/examples/CEL/policy.yaml
+++ b/examples/CEL/policy.yaml
@@ -3,7 +3,7 @@ policies:
- name: CEL_policy
isDefault: true
rules:
- - identifier: CUSTOM_DEPLOYMENT_BILLING_LABEL_EXISTS
+ - identifier: CUSTOM_WORKLOADS_BILLING_LABEL_EXISTS
messageOnFailure: "workloads labels should contain billing label"
- identifier: CUSTOM_SECRET_ENVIRONMENT_LABEL_EXISTS
messageOnFailure: "secret labels should contain environment label"
@@ -24,9 +24,9 @@ customRules:
- Pod
then:
CELDefinition:
- - expression: "object.kind != 'Deployment' || (has(object.metadata.labels) && has(object.metadata.labels.billing))"
+ - expression: "has(object.metadata.labels) && has(object.metadata.labels.billing)"
message: "deployment labels should contain billing label"
- - expression: "object.kind != 'Pod' || (has(object.metadata.labels) && has(object.metadata.labels.billing))"
+ - expression: "has(object.metadata.labels) && has(object.metadata.labels.billing)"
message: "pod labels should contain billing label"
- identifier: CUSTOM_SECRET_ENVIRONMENT_LABEL_EXISTS
name: Ensure Secret has environment label [CUSTOM RULE]
From 0b673002f9cd7e2711f2c8cf05aa069a0a91d822 Mon Sep 17 00:00:00 2001
From: Eng Zer Jun
Date: Mon, 24 Jul 2023 18:02:50 +0800
Subject: [PATCH 2/3] perf(httpClient): compare strings with
`strings.EqualFold` (#962)
Comparing two strings to the same case with `strings.ToLower` is more
computational expensive than `strings.EqualFold`.
Sample benchmark:
func BenchmarkToLower(b *testing.B) {
for i := 0; i < b.N; i++ {
if strings.ToLower("CONTENT-TYPE") != strings.ToLower("content-type") {
b.Fail()
}
}
}
func BenchmarkEqualFold(b *testing.B) {
for i := 0; i < b.N; i++ {
if !strings.EqualFold("CONTENT-TYPE", "content-type") {
b.Fail()
}
}
}
goos: linux
goarch: amd64
pkg: github.com/datreeio/datree/pkg/httpClient
cpu: AMD Ryzen 7 PRO 4750U with Radeon Graphics
BenchmarkToLower-16 8183317 192.1 ns/op 16 B/op 1 allocs/op
BenchmarkEqualFold-16 82634701 12.92 ns/op 0 B/op 0 allocs/op
PASS
ok github.com/datreeio/datree/pkg/httpClient 4.181s
Reference: https://staticcheck.dev/docs/checks/#SA6005
Signed-off-by: Eng Zer Jun
---
pkg/httpClient/client.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pkg/httpClient/client.go b/pkg/httpClient/client.go
index 9cf3eb5e8..9a78de210 100644
--- a/pkg/httpClient/client.go
+++ b/pkg/httpClient/client.go
@@ -162,7 +162,7 @@ func (c *Client) parseBody(body interface{}) (io.ReadWriter, error) {
func (c *Client) getValueOfHeader(headers map[string]string, header string) string {
for currentHeader, currentValue := range headers {
- if strings.ToLower(currentHeader) == strings.ToLower(header) {
+ if strings.EqualFold(currentHeader, header) {
return currentValue
}
}
From 0c3b63e6ce9688cdb5ad3bf06768875664cf15be Mon Sep 17 00:00:00 2001
From: Eyar Zilberman
Date: Tue, 1 Aug 2023 09:42:26 +0300
Subject: [PATCH 3/3] docs: deprecation notice (#964)
---
README.md | 76 +++++++++----------------------------------------------
1 file changed, 12 insertions(+), 64 deletions(-)
diff --git a/README.md b/README.md
index 6fe8e3e7f..32890890b 100644
--- a/README.md
+++ b/README.md
@@ -9,52 +9,27 @@
-
-
-
-
-
-
Explore the docs »
-# Datree
-
-[Datree](https://www.datree.io/) (pronounced `/da-tree/`) secures your Kubernetes by blocking the deployment of misconfigured resources.
+# Datree [DEPRECATED]
-## ✌️ Quick-start in two steps
+[Datree](https://www.datree.io/) (pronounced `/da-tree/`) was built to secure Kubernetes workloads by blocking the deployment of misconfigured resources. **Since July 2023, the commercial company that supports and actively maintains this project has been closed.**
-Install Datree to get insights on the status of your cluster and enforce your desired policies on new resources.
+## Migrating to the (fully) open-source version of Datree
-> **NOTE:**
-> By default, Datree does not block misconfigured resources, it only monitors and alerts about them.
-> To enable **enforcement mode**, see the [documentation](https://hub.datree.io/setup/behavior#options).
+For existing users, it is still possible to run Datree as a standalone: https://hub.datree.io/cli/offline-mode
-### 1. Add the Datree Helm repository
-Run the following command in your terminal:
-```terminal
-helm repo add datree-webhook https://datreeio.github.io/admission-webhook-datree
-helm repo update
-```
+## What will not be available anymore
-### 2. Install Datree on your cluster
-Replace `` with the token from your [dashboard](https://app.datree.io/), and run the following command in your terminal:
-
-```terminal
-helm install -n datree datree-webhook datree-webhook/datree-admission-webhook --debug \
---create-namespace \
---set datree.token= \
---set datree.clusterName=$(kubectl config current-context)
-```
-
-This will create a new namespace (datree), where Datree’s services and application resources will reside. `datree.token` is used to connect your dashboard to your cluster. Note that the installation can take up to 5 minutes.
-
-**Looking for a different installation method?**
-
-Datree also supports installation via **ArgoCD**, **Flux** and **Openshift**. See our [documentation](https://hub.datree.io/) for instructions.
+All the archived open source repositories under datreeio org will no longer be maintained and accept any new code changes, including any security patches.
+In addition, the following key capabilities will not longer be available anymore:
+* Centralized policy registry
+* Automatic Kubernetes schema validation
+* Access to the dashboard and all of its components (e.g. activity-log page, token management, etc.)
## ⚙️ How it works
@@ -64,35 +39,8 @@ Datree comes with over 100 rules covering various use-cases, such as workload se
In addition to our built-in rules, you can write [any custom rule you wish](https://hub.datree.io/custom-rules-overview) and then run it against your Kubernetes configurations to check for rule violations. Custom rules can be written in [JSON schema](https://hub.datree.io/custom-rules/custom-rules-overview) or in [Rego](https://hub.datree.io/custom-rules/rego-support).
-## 📊 Management dashboard (web application)
-
-Datree's dashboard provides valuable information about your clusters' health and stability. It details the resources that failed your policy checks, and shows you how to fix each violation.
-
-Datree can be configured via code or via the dashboard. The dashboard offers the following capabilities in an intuitive visual interface:
-* Control Datree's configuration:
- * Default action on failure - set whether resources that failed the policy check should be blocked or only monitored
- * Set which policy to use for your checks
- * Define resources and/or namespaces to ignore
-* Create & customize policies
-* Edit rules' failure message
-* Issue tokens
-* View policy check history
-* Configure Kubernetes schema version
-
-
-
-## 🤩 Additional features
-
-Datree offers a suite of features to make adoption seamless:
-* **Monitoring** - By default, Datree is installed in monitoring mode and does not block deployments until you decide to do so.
-* [**CLI**](https://hub.datree.io/cli/getting-started) - Help your developers find misconfigurations in their configs before deploying them, by integrating Datree into their CI.
-* **Simple integrations** - Datree works seamlessly with popular CD tools such as ArgoCD and FluxCD, and comes with ready-made integrations for various CI platforms.
-* **Cluster score** - Rank the stability of your cluster based on the number of detected misconfigurations.
-
## Contributing
-[Contributions](https://github.com/datreeio/datree/issues?q=is%3Aissue+is%3Aopen+label%3A%22up+for+grabs%22) are welcome!
-
+We want to thank our contributors for helping us build Datree ❤️
+
[![Contributors](https://contrib.rocks/image?repo=datreeio/datree)](https://github.com/datreeio/datree/graphs/contributors)
-
-Thank you to all the people who already contributed to Datree ❤️