diff --git a/CHANGELOG.md b/CHANGELOG.md index a6f1b98a..f9d32223 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -305,7 +305,7 @@ * Policy Reporter * New `certificate` config for `loki`, `elasticsearch`, `teams`, `webhook` and `ui`, to set the path to your custom certificate for the related client. * New `skipTLS` config for `loki`, `elasticsearch`, `teams`, `webhook` and `ui`, to skip tls if needed for the given target. - * New `secretRef` for targets to reference a secret with the related `username`, `password`, `webhook`, `host`, `accessKeyID`, `secretAccessKey` information of the given target, instead of configure your credentials directly. + * New `secretRef` for targets to reference a secret with the related `username`, `password`, `webhook`, `host`, `accessKeyId`, `secretAccessKey` information of the given target, instead of configure your credentials directly. * Policy Reporter UI * New value `refreshInterval` to configure the default refresh interval for API polling. Set `0` to disable polling. * Policy Reporter Kyverno Plugin diff --git a/charts/policy-reporter/README.md b/charts/policy-reporter/README.md index b21312aa..c873dfa4 100644 --- a/charts/policy-reporter/README.md +++ b/charts/policy-reporter/README.md @@ -227,7 +227,7 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get | target.webhook.filter | object | `{}` | | | target.webhook.channels | list | `[]` | | | target.telegram.token | string | `""` | | -| target.telegram.chatID | string | `""` | | +| target.telegram.chatId | string | `""` | | | target.telegram.host | string | `""` | | | target.telegram.certificate | string | `""` | | | target.telegram.skipTLS | bool | `false` | | @@ -252,7 +252,7 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get | target.googleChat.customFields | object | `{}` | | | target.googleChat.filter | object | `{}` | | | target.googleChat.channels | list | `[]` | | -| target.s3.accessKeyID | string | `""` | | +| target.s3.accessKeyId | string | `""` | | | target.s3.secretAccessKey | string | `""` | | | target.s3.secretRef | string | `""` | | | target.s3.mountedSecret | string | `""` | | @@ -270,7 +270,7 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get | target.s3.customFields | object | `{}` | | | target.s3.filter | object | `{}` | | | target.s3.channels | list | `[]` | | -| target.kinesis.accessKeyID | string | `""` | | +| target.kinesis.accessKeyId | string | `""` | | | target.kinesis.secretAccessKey | string | `""` | | | target.kinesis.secretRef | string | `""` | | | target.kinesis.mountedSecret | string | `""` | | @@ -283,7 +283,7 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get | target.kinesis.customFields | object | `{}` | | | target.kinesis.filter | object | `{}` | | | target.kinesis.channels | list | `[]` | | -| target.securityHub.accessKeyID | string | `""` | | +| target.securityHub.accessKeyId | string | `""` | | | target.securityHub.secretAccessKey | string | `""` | | | target.securityHub.secretRef | string | `""` | | | target.securityHub.mountedSecret | string | `""` | | diff --git a/charts/policy-reporter/templates/_helpers.tpl b/charts/policy-reporter/templates/_helpers.tpl index 00a546a0..1fcdd4b7 100644 --- a/charts/policy-reporter/templates/_helpers.tpl +++ b/charts/policy-reporter/templates/_helpers.tpl @@ -191,7 +191,7 @@ config: {{- define "target.telegram" -}} config: - chatID: {{ .chatID | quote }} + chatId: {{ .chatId | quote }} token: {{ .token | quote }} webhook: {{ .webhook | quote }} certificate: {{ .certificate | quote }} @@ -205,7 +205,7 @@ config: {{- define "target.s3" -}} config: - accessKeyID: {{ .accessKeyID }} + accessKeyId: {{ .accessKeyId }} secretAccessKey: {{ .secretAccessKey }} region: {{ .region }} endpoint: {{ .endpoint }} @@ -220,7 +220,7 @@ config: {{- define "target.kinesis" -}} config: - accessKeyID: {{ .accessKeyID }} + accessKeyId: {{ .accessKeyId }} secretAccessKey: {{ .secretAccessKey }} region: {{ .region }} endpoint: {{ .endpoint }} @@ -230,11 +230,11 @@ config: {{- define "target.securityhub" -}} config: - accessKeyID: {{ .accessKeyID }} + accessKeyId: {{ .accessKeyId }} secretAccessKey: {{ .secretAccessKey }} region: {{ .region }} endpoint: {{ .endpoint }} - accountID: {{ .accountID }} + accountId: {{ .accountId }} productName: {{ .productName }} companyName: {{ .companyName }} delayInSeconds: {{ .delayInSeconds }} diff --git a/charts/policy-reporter/values.yaml b/charts/policy-reporter/values.yaml index 27e112ee..6156da79 100644 --- a/charts/policy-reporter/values.yaml +++ b/charts/policy-reporter/values.yaml @@ -169,7 +169,7 @@ reportFilter: sourceConfig: [] # - selector: # source: kyverno -# customID: +# customId: # enabled: true # fields: ["resource", "policy", "rule", "category", "result", "message"] @@ -475,7 +475,7 @@ target: # telegram bot token token: "" # telegram chat id - chatID: "" + chatId: "" # optional telegram proxy host host: "" # path to your custom certificate @@ -531,10 +531,10 @@ target: s3: # S3 access key - accessKeyID: "" + accessKeyId: "" # S3 secret access key secretAccessKey: "" - # receive the accessKeyID and/or secretAccessKey from an existing secret instead + # receive the accessKeyId and/or secretAccessKey from an existing secret instead secretRef: "" # Mounted secret path by Secrets Controller, secret should be in json format mountedSecret: "" @@ -569,10 +569,10 @@ target: kinesis: # AWS access key - accessKeyID: "" + accessKeyId: "" # AWS secret access key secretAccessKey: "" - # receive the accessKeyID and/or secretAccessKey from an existing secret instead + # receive the accessKeyId and/or secretAccessKey from an existing secret instead secretRef: "" # Mounted secret path by Secrets Controller, secret should be in json format mountedSecret: "" @@ -597,10 +597,10 @@ target: securityHub: # AWS access key - accessKeyID: "" + accessKeyId: "" # AWS secret access key secretAccessKey: "" - # receive the accessKeyID and/or secretAccessKey from an existing secret instead + # receive the accessKeyId and/or secretAccessKey from an existing secret instead secretRef: "" # Mounted secret path by Secrets Controller, secret should be in json format mountedSecret: "" @@ -608,8 +608,8 @@ target: region: "" # AWS SecurityHub endpoint (optional) endpoint: "" - # AWS accountID - accountID: "" + # AWS accountId + accountId: "" # Used product name, defaults to "Polilcy Reporter" productName: "" # minimum severity "" < info < low < medium < high < critical diff --git a/pkg/api/v2/views.go b/pkg/api/v2/views.go index e61ca2ae..0cdd9f8c 100644 --- a/pkg/api/v2/views.go +++ b/pkg/api/v2/views.go @@ -645,7 +645,7 @@ func MapTelegramToTarget(ta *target.Config[target.TelegramOptions]) *Target { t.Host = ta.Config.Webhook t.SkipTLS = ta.Config.SkipTLS t.UseTLS = ta.Config.Certificate != "" - t.Properties["chatID"] = ta.Config.ChatID + t.Properties["chatId"] = ta.Config.ChatID return t } diff --git a/pkg/api/v2/views_test.go b/pkg/api/v2/views_test.go index d6040001..0730ab6a 100644 --- a/pkg/api/v2/views_test.go +++ b/pkg/api/v2/views_test.go @@ -225,7 +225,7 @@ func TestV2Views(t *testing.T) { assert.Equal(t, "Telegram", target.Type) assert.Equal(t, "http://telegram.com", target.Host) - assert.Equal(t, "1234567", target.Properties["chatID"]) + assert.Equal(t, "1234567", target.Properties["chatId"]) assert.True(t, target.SkipTLS) assert.True(t, target.UseTLS) assert.False(t, target.Auth) @@ -302,7 +302,7 @@ func TestV2Views(t *testing.T) { assert.Equal(t, "SecurityHub", target.Type) assert.Equal(t, "https://securityhub.aws.com", target.Host) assert.Equal(t, "eu-central-1", target.Properties["region"]) - assert.Equal(t, true, target.Properties["cleanup"]) + assert.Equal(t, true, target.Properties["synchronize"]) assert.True(t, target.Auth) }) diff --git a/pkg/config/config.go b/pkg/config/config.go index 3e6c6f75..55051a98 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -172,7 +172,7 @@ type CustomID struct { type SourceConfig struct { Selector SourceSelector `mapstructure:"selector"` - CustomID `mapstructure:"customID"` + CustomID `mapstructure:"customId"` } // Config of the PolicyReporter diff --git a/pkg/config/resolver_test.go b/pkg/config/resolver_test.go index bd254e39..1b8492cb 100644 --- a/pkg/config/resolver_test.go +++ b/pkg/config/resolver_test.go @@ -185,7 +185,7 @@ var targets = target.Targets{ Endpoint: "https://storage.yandexcloud.net", Region: "ru-central1", }, - AccountID: "AccountID", + AccountID: "AccountId", }, SkipExisting: true, MinimumSeverity: "debug", diff --git a/pkg/kubernetes/secrets/client.go b/pkg/kubernetes/secrets/client.go index dbc99b13..21e0f9ca 100644 --- a/pkg/kubernetes/secrets/client.go +++ b/pkg/kubernetes/secrets/client.go @@ -18,9 +18,9 @@ type Values struct { Username string `json:"username,omitempty"` Password string `json:"password,omitempty"` APIKey string `json:"apiKey,omitempty"` - AccessKeyID string `json:"accessKeyID,omitempty"` + AccessKeyID string `json:"accessKeyId,omitempty"` SecretAccessKey string `json:"secretAccessKey,omitempty"` - AccountID string `json:"accountID,omitempty"` + AccountID string `json:"accountId,omitempty"` KmsKeyID string `json:"kmsKeyId,omitempty"` Token string `json:"token,omitempty"` Credentials string `json:"credentials,omitempty"` @@ -79,7 +79,7 @@ func (c *k8sClient) Get(ctx context.Context, name string) (Values, error) { values.DSN = string(dsn) } - if accessKeyID, ok := secret.Data["accessKeyID"]; ok { + if accessKeyID, ok := secret.Data["accessKeyId"]; ok { values.AccessKeyID = string(accessKeyID) } @@ -91,7 +91,7 @@ func (c *k8sClient) Get(ctx context.Context, name string) (Values, error) { values.KmsKeyID = string(kmsKeyID) } - if accountID, ok := secret.Data["accountID"]; ok { + if accountID, ok := secret.Data["accountId"]; ok { values.AccountID = string(accountID) } diff --git a/pkg/kubernetes/secrets/client_test.go b/pkg/kubernetes/secrets/client_test.go index 6f1b3418..2aa61dd8 100644 --- a/pkg/kubernetes/secrets/client_test.go +++ b/pkg/kubernetes/secrets/client_test.go @@ -27,11 +27,11 @@ func newFakeClient() v1.SecretInterface { "password": []byte("password"), "apiKey": []byte("apiKey"), "webhook": []byte("http://localhost:9200/webhook"), - "accessKeyID": []byte("accessKeyID"), + "accessKeyId": []byte("accessKeyId"), "secretAccessKey": []byte("secretAccessKey"), "kmsKeyId": []byte("kmsKeyId"), "token": []byte("token"), - "accountID": []byte("accountID"), + "accountId": []byte("accountId"), "database": []byte("database"), "dsn": []byte("dsn"), "typelessApi": []byte("false"), @@ -68,7 +68,7 @@ func Test_Client(t *testing.T) { t.Errorf("Unexpected ApiKey: %s", values.APIKey) } - if values.AccessKeyID != "accessKeyID" { + if values.AccessKeyID != "accessKeyId" { t.Errorf("Unexpected AccessKeyID: %s", values.AccessKeyID) } @@ -84,8 +84,8 @@ func Test_Client(t *testing.T) { t.Errorf("Unexpected KmsKeyId: %s", values.KmsKeyID) } - if values.AccountID != "accountID" { - t.Errorf("Unexpected AccountID: %s", values.AccountID) + if values.AccountID != "accountId" { + t.Errorf("Unexpected accountId: %s", values.AccountID) } if values.Database != "database" { diff --git a/pkg/target/factory.go b/pkg/target/factory.go index 5ae12696..9f50ab6c 100644 --- a/pkg/target/factory.go +++ b/pkg/target/factory.go @@ -44,7 +44,7 @@ func (config *Config[T]) Secret() string { } type AWSConfig struct { - AccessKeyID string `mapstructure:"accessKeyID"` + AccessKeyID string `mapstructure:"accessKeyId"` SecretAccessKey string `mapstructure:"secretAccessKey"` Region string `mapstructure:"region"` Endpoint string `mapstructure:"endpoint"` @@ -85,7 +85,7 @@ type HostOptions struct { type TelegramOptions struct { WebhookOptions `mapstructure:",squash"` Token string `mapstructure:"token"` - ChatID string `mapstructure:"chatID"` + ChatID string `mapstructure:"chatId"` } type SlackOptions struct { @@ -127,7 +127,7 @@ type KinesisOptions struct { type SecurityHubOptions struct { AWSConfig `mapstructure:",squash"` - AccountID string `mapstructure:"accountID"` + AccountID string `mapstructure:"accountId"` ProductName string `mapstructure:"productName"` CompanyName string `mapstructure:"companyName"` DelayInSeconds int `mapstructure:"delayInSeconds"` diff --git a/pkg/target/factory/factory_test.go b/pkg/target/factory/factory_test.go index 07432ad2..0af34ddb 100644 --- a/pkg/target/factory/factory_test.go +++ b/pkg/target/factory/factory_test.go @@ -36,9 +36,9 @@ func newFakeClient() v1.SecretInterface { "channel": []byte("general"), "apiKey": []byte("apiKey"), "webhook": []byte("http://localhost:9200/webhook"), - "accountId": []byte("accountID"), + "accountId": []byte("accountId"), "typelessApi": []byte("true"), - "accessKeyID": []byte("accessKeyID"), + "accessKeyId": []byte("accessKeyId"), "secretAccessKey": []byte("secretAccessKey"), "kmsKeyId": []byte("kmsKeyId"), "token": []byte("token"), @@ -57,7 +57,7 @@ func mountSecret() { Username: "username", Password: "password", APIKey: "apiKey", - AccountID: "accountID", + AccountID: "accountId", AccessKeyID: "accessKeyId", SecretAccessKey: "secretAccessKey", KmsKeyID: "kmsKeyId", @@ -426,13 +426,13 @@ func Test_SecurityHubValidation(t *testing.T) { }, } - t.Run("SecurityHub.AccountID", func(t *testing.T) { + t.Run("SecurityHub.AccountId", func(t *testing.T) { if len(factory.CreateClients(&targets).Clients()) != 0 { - t.Error("Expected Client to be nil if no accountID is configured") + t.Error("Expected Client to be nil if no accountId is configured") } }) - targets.SecurityHub.Config.AccountID = "accountID" + targets.SecurityHub.Config.AccountID = "accountId" t.Run("SecurityHub.AccessKey", func(t *testing.T) { if len(factory.CreateClients(&targets).Clients()) != 0 { t.Error("Expected Client to be nil if no accessKey is configured") @@ -514,7 +514,7 @@ func Test_GetValuesFromSecret(t *testing.T) { SecretRef: secretName, Config: &target.SecurityHubOptions{ AWSConfig: target.AWSConfig{Endpoint: "endoint", Region: "region"}, - AccountID: "accountID", + AccountID: "accountId", }, }, GCS: &target.Config[target.GCSOptions]{ @@ -730,7 +730,7 @@ func Test_CustomFields(t *testing.T) { Endpoint: "https://storage.yandexcloud.net", Region: "ru-central1", }, - AccountID: "AccountID", + AccountID: "AccountId", }, CustomFields: map[string]string{"field": "value"}, }, @@ -883,7 +883,7 @@ func Test_GetValuesFromMountedSecret(t *testing.T) { MountedSecret: mountedSecret, Config: &target.SecurityHubOptions{ AWSConfig: target.AWSConfig{Endpoint: "endoint", Region: "region"}, - AccountID: "accountID", + AccountID: "accountId", }, }, GCS: &target.Config[target.GCSOptions]{ diff --git a/pkg/target/securityhub/securityhub_test.go b/pkg/target/securityhub/securityhub_test.go index a830c8b8..5ea020bd 100644 --- a/pkg/target/securityhub/securityhub_test.go +++ b/pkg/target/securityhub/securityhub_test.go @@ -50,7 +50,7 @@ func (c *client) BatchUpdateFindings(ctx context.Context, params *hub.BatchUpdat func TestSecurityHub(t *testing.T) { t.Run("send result", func(t *testing.T) { c := securityhub.NewClient(securityhub.Options{ - AccountID: "accountID", + AccountID: "accountId", Region: "eu-central-1", ProductName: "Policy Reporter", CompanyName: "Kyverno", @@ -63,13 +63,13 @@ func TestSecurityHub(t *testing.T) { finding := findings[0] - if *finding.AwsAccountId != "accountID" { - t.Errorf("unexpected accountID: %s", *finding.AwsAccountId) + if *finding.AwsAccountId != "accountId" { + t.Errorf("unexpected accountId: %s", *finding.AwsAccountId) } if *finding.Id != fixtures.CompleteTargetSendResult.GetID() { t.Errorf("unexpected id: %s", *finding.Id) } - if *finding.ProductArn != "arn:aws:securityhub:eu-central-1:accountID:product/accountID/default" { + if *finding.ProductArn != "arn:aws:securityhub:eu-central-1:accountId:product/accountId/default" { t.Errorf("unexpected product arn: %s", *finding.ProductArn) } if *finding.ProductName != "Policy Reporter" { @@ -88,7 +88,7 @@ func TestSecurityHub(t *testing.T) { h := &client{} c := securityhub.NewClient(securityhub.Options{ - AccountID: "accountID", + AccountID: "accountId", Region: "eu-central-1", ProductName: "Policy Reporter", CompanyName: "Kyverno", @@ -109,7 +109,7 @@ func TestSecurityHub(t *testing.T) { h := &client{} c := securityhub.NewClient(securityhub.Options{ - AccountID: "accountID", + AccountID: "accountId", Region: "eu-central-1", ProductName: "Policy Reporter", CompanyName: "Kyverno", @@ -136,7 +136,7 @@ func TestSecurityHub(t *testing.T) { } c := securityhub.NewClient(securityhub.Options{ - AccountID: "accountID", + AccountID: "accountId", Region: "eu-central-1", ProductName: "Policy Reporter", CompanyName: "Kyverno", @@ -163,7 +163,7 @@ func TestSecurityHub(t *testing.T) { } c := securityhub.NewClient(securityhub.Options{ - AccountID: "accountID", + AccountID: "accountId", Region: "eu-central-1", ProductName: "Policy Reporter", CompanyName: "Kyverno",