profile
viewpoint
Juan judavi Palet Town Container enthusiast

judavi/docker-pipeseroni 1

Docker for pipeseroni screensavers

judavi/aicoursecoursera 0

Notes from the deeplearning course

judavi/alexa-inis-visa-appointments 0

An small project to use Alexa for let you know about the upcoming INIS appointments

judavi/AzPriceGlitcherFinder 0

Az Price Glitcher Finder

judavi/azure 0

Labs de Azure

judavi/azure-gaming 0

Cloud Gaming Made Easy

judavi/azure-pipelines-task-lib 0

Libraries for writing VSTS and TFS build tasks

judavi/AzureBootcamp2016DeployDemoWP 0

Demo for Azure Bootcamp 2016 about deploy a WP theme

judavi/AzureDevCampsMed 0

First demo for azure devcamps Medellin

push eventjudavi/grafeas-oracle

Judavi

commit sha 2db494fed9f40356bbbc8c3bbc16b806fc08233e

Fix pagination issue

view details

push time in 2 days

created tagjudavi/grafeas-oracle

tag0.3

Oracle integration for Grafeas

created time in 5 days

release judavi/grafeas-oracle

0.3

released time in 5 days

release judavi/grafeas-oracle

0.2

released time in 5 days

created tagjudavi/grafeas-oracle

tag0.2

Oracle integration for Grafeas

created time in 5 days

push eventjudavi/grafeas-oracle

Judavi

commit sha 9f547437485cdc39b33be878d7c27b49e5e29a9a

Removed log information

view details

push time in 5 days

create barnchjudavi/grafeas-oracle

branch : fix-pagination-issue

created branch time in 5 days

issue commentgrafeas/kritis

GRPC Errors from webhook to Grafeas

I think I have found the issue (it's an error on my Oracle DB implementation and the pagination token) but also that made me realize about a small change on: https://github.com/grafeas/kritis/blob/588f70e090ad2ee4c98e65a6d105976ade4aabb2/pkg/kritis/metadata/grafeas/grafeas.go#L244 I'm wondering if instead of evaluating

len(occs) == 0 

it should be

len(resp.0ccurrences) == 0

The reason is that if the response is empty it's not necessary to iterate anymore. And occs is appending the results on each iteration What do you think? https://github.com/grafeas/kritis/blob/588f70e090ad2ee4c98e65a6d105976ade4aabb2/pkg/kritis/metadata/grafeas/grafeas.go#L242

judavi

comment created time in 15 days

issue openedgrafeas/kritis

GRPC Errors from webhook to Grafeas

Hello Kritis Team! I have been playing with the latest version of Grafeas/Kritis and I'm building Kritis from the source. My Grafeas installation, in particular, is behind an Nginx proxy (this also helps me to get an idea of what Kritis requests are being executed) and I notice something in particular:

Kritis webhook log: Kritis is trying to get the Vulnz from Grafeas but is not able to complete the transaction: Capture

For some reason, the GRPC connection is established but also looks like is dropped all the time? I'm able to see something strange is happening on the proxy side because the Grafeas server is flooded by many posts to ListOcurrences

image

I'm already using the "GRPC debugging toolkit" : GRPC_GO_LOG_VERBOSITY_LEVEL = 99, GRPC_GO_LOG_SEVERITY_LEVEL = info, GRPC_VERBOSITY = go

Any suggestion of what else I could try? Thanks!

created time in 15 days

issue closedgrafeas/kritis

Grafeas Project Integration

Hello Kritis team,

I have been following the installation instructions and I notice at this point Kritis is only compatible GCP (https://github.com/grafeas/kritis/blob/master/docs/install.md) so I'm wondering what are the plans for the integration with Grafeas? In case some work needs to be done I'll be happy to help, but first I want to have an idea of the current status and plans for this integration. Thanks!

CC @aysylu @ooq @vtsao

closed time in 21 days

judavi

issue commentgrafeas/kritis

Grafeas Project Integration

Has been resolved! Thanks! :)

judavi

comment created time in 21 days

pull request commentgrafeas/kritis

Update securitypolicy.go

@aysylu I'll say both?

  • Documentation consistency : https://github.com/grafeas/kritis/blob/71a1d2c56f1549e2e15512058e961ab932b8de85/docs/resources.md Captura de Pantalla 2020-01-30 a la(s) 7 57 58 a  m

  • And struct consistency/bug? because in the structs the all the fields/values has the same name in camel case, but this one, in particular, is not following the convention: Captura de Pantalla 2020-01-30 a la(s) 7 59 34 a  m

So because of that, I was struggling a little bit to verify if the image vulnerabilities policy was working correctly or not.

By the way @ooq I'll be happy to add the integration test. But, could you guide me where these tests should be added? and a brief idea of how what we should be testing? I mean, name conventions? or a particular test for MaximumFixUnavailableSeverity?

judavi

comment created time in a month

issue closedgrafeas/kritis

ImageSecurityPolicy Validation

Expected Behavior

The ImageSecurityPolicy should block any new pod that has vulnerabilities reported on Grafeas

Actual Behavior

I'm running the standalone example, but I'm enabling exclusively the ImageSecurityPolicy

➜  kubectl describe ImageSecurityPolicy my-isp

Name:         my-isp
Namespace:    default
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"kritis.grafeas.io/v1beta1","kind":"ImageSecurityPolicy","metadata":{"annotations":{},"name":"my-isp","namespace":"default"}...
API Version:  kritis.grafeas.io/v1beta1
Kind:         ImageSecurityPolicy
Metadata:
  Creation Timestamp:  2020-01-21T14:46:27Z
  Generation:          1
  Resource Version:    17991
  Self Link:           /apis/kritis.grafeas.io/v1beta1/namespaces/default/imagesecuritypolicies/my-isp
  UID:                 cdadd1b9-3c5c-11ea-bd76-6e9893f6ce69
Spec:
  Package Vulnerability Requirements:
    Maximum Severity:  BLOCK_ALL
Events:                <none>

My information in Grafeas looks like, so I have occurrences for the sha256 and for the tag (just in case, I'm still experimenting)

GET https://grafeas-server:443/v1beta1/projects/kritis/occurrences

{
    "occurrences": [
        {
            "name": "projects/kritis/occurrences/40b970ce-98a9-4423-a72a-8974a9b3534e",
            "resource": {
                "name": "",
                "uri": "gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a",
                "contentHash": null
            },
            "noteName": "projects/kritis/notes/CVE-2015-2730",
            "kind": "VULNERABILITY",
            "remediation": "",
            "createTime": "2020-01-21T14:30:15.437255449Z",
            "updateTime": "2020-01-21T14:30:15.437255449Z",
            "vulnerability": {
                "type": "",
                "severity": "MEDIUM",
                "cvssScore": 4.3,
                "packageIssue": [
                    {
                        "affectedLocation": {
                            "cpeUri": "cpe:/o:redhat:enterprise_linux:7",
                            "package": "imagemagick",
                            "version": {
                                "epoch": 8,
                                "name": "6.8.9.9",
                                "revision": "5+deb8u9",
                                "kind": "NORMAL"
                            }
                        },
                        "fixedLocation": {
                            "cpeUri": "cpe:/o:redhat:enterprise_linux:7",
                            "package": "imagemagick",
                            "version": {
                                "epoch": 0,
                                "name": "",
                                "revision": "",
                                "kind": "MAXIMUM"
                            }
                        },
                        "severityName": "LOW"
                    }
                ],
                "shortDescription": "CVE-2015-2730",
                "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "relatedUrls": [
                    {
                        "url": "",
                        "label": "More Info"
                    }
                ],
                "effectiveSeverity": "MEDIUM"
            }
        },
        {
            "name": "projects/kritis/occurrences/d68e75ea-29de-4be3-84b4-11f26fea7006",
            "resource": {
                "name": "",
                "uri": "gcr.io/kritis-tutorial/java-with-vulnz:latest",
                "contentHash": null
            },
            "noteName": "projects/kritis/notes/CVE-2015-2730",
            "kind": "VULNERABILITY",
            "remediation": "",
            "createTime": "2020-01-21T14:25:39.712067151Z",
            "updateTime": "2020-01-21T14:25:39.712067151Z",
            "vulnerability": {
                "type": "",
                "severity": "MEDIUM",
                "cvssScore": 4.3,
                "packageIssue": [
                    {
                        "affectedLocation": {
                            "cpeUri": "cpe:/o:redhat:enterprise_linux:7",
                            "package": "imagemagick",
                            "version": {
                                "epoch": 8,
                                "name": "6.8.9.9",
                                "revision": "5+deb8u9",
                                "kind": "NORMAL"
                            }
                        },
                        "fixedLocation": {
                            "cpeUri": "cpe:/o:redhat:enterprise_linux:7",
                            "package": "imagemagick",
                            "version": {
                                "epoch": 0,
                                "name": "",
                                "revision": "",
                                "kind": "MAXIMUM"
                            }
                        },
                        "severityName": "LOW"
                    }
                ],
                "shortDescription": "CVE-2015-2730",
                "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "relatedUrls": [
                    {
                        "url": "",
                        "label": "More Info"
                    }
                ],
                "effectiveSeverity": "MEDIUM"
            }
        }
    ],
    "nextPageToken": ""
}

And finally my pod:

apiVersion: v1
kind: Pod
metadata:
  name: java
spec:
  containers:
    - name: java
      image: gcr.io/kritis-tutorial/java-with-vulnz:latest
      image: gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a
      ports:
        - containerPort: 80

So when I use

kubectl apply -f pod.yaml

The cluster is accepting the Pod which means Kritis is not stopping the deployment, also when I check the logs:

standalone git:(helmv3-standalone) ✗ kubectl logs -l app=kritis-validation-hook

I0121 15:51:23.594298       1 admission.go:258] Reviewing images for &Pod{ObjectMeta:k8s_io_apimachinery_pkg_apis_meta_v1.ObjectMeta{Name:java,GenerateName:,Namespace:default,SelfLink:,UID:e003b647-3c65-11ea-bd76-6e9893f6ce69,ResourceVersion:,Generation:0,CreationTimestamp:2020-01-21 15:51:23 +0000 UTC,DeletionTimestamp:<nil>,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"java","namespace":"default"},"spec":{"containers":[{"image":"gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a","name":"java","ports":[{"containerPort":80}]}]}}
,},OwnerReferences:[],Finalizers:[],ClusterName:,Initializers:nil,},Spec:PodSpec{Volumes:[{default-token-kqflw {nil nil nil nil nil SecretVolumeSource{SecretName:default-token-kqflw,Items:[],DefaultMode:nil,Optional:nil,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}}],Containers:[{java gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a [] []  [{ 0 80 TCP }] [] [] {map[] map[]} [{default-token-kqflw true /var/run/secrets/kubernetes.io/serviceaccount  <nil>}] [] nil nil nil /dev/termination-log File IfNotPresent nil false false false}],RestartPolicy:Always,TerminationGracePeriodSeconds:*30,ActiveDeadlineSeconds:nil,DNSPolicy:ClusterFirst,NodeSelector:map[string]string{},ServiceAccountName:default,DeprecatedServiceAccount:default,NodeName:,HostNetwork:false,HostPID:false,HostIPC:false,SecurityContext:&PodSecurityContext{SELinuxOptions:nil,RunAsUser:nil,RunAsNonRoot:nil,SupplementalGroups:[],FSGroup:nil,RunAsGroup:nil,Sysctls:[],},ImagePullSecrets:[],Hostname:,Subdomain:,Affinity:nil,SchedulerName:default-scheduler,InitContainers:[],AutomountServiceAccountToken:nil,Tolerations:[{node.kubernetes.io/not-ready Exists  NoExecute 0xc0003c27d0} {node.kubernetes.io/unreachable Exists  NoExecute 0xc0003c27f0}],HostAliases:[],PriorityClassName:,Priority:*0,DNSConfig:nil,ShareProcessNamespace:nil,ReadinessGates:[],},Status:PodStatus{Phase:Pending,Conditions:[],Message:,Reason:,HostIP:,PodIP:,StartTime:<nil>,ContainerStatuses:[],QOSClass:BestEffort,InitContainerStatuses:[],NominatedNodeName:,},} in namespace default: [gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a]
I0121 15:51:23.599125       1 admission.go:267] No Generic Attestation Policies found in namespace default
I0121 15:51:23.602680       1 admission.go:283] Found 1 ISPs to review image against
I0121 15:51:23.603076       1 review.go:105] Validating against ImageSecurityPolicy my-isp
I0121 15:51:23.603091       1 review.go:112] Check if gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a has valid Attestations.
I0121 15:51:23.603098       1 strategy.go:49] Handling attestation via LoggingStrategy
I0121 15:51:23.603102       1 strategy.go:53] No valid attestations found for image gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a. Proceeding with next checks
I0121 15:51:23.603106       1 review.go:124] Getting vulnz for gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a
I0121 15:51:23.612961       1 review.go:137] Found no violations for gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a within ISP my-isp

Is there any way to validate which Grafeas/API call Kritis is doing? Because I have some ideas of why is not working:

  • Is not using the correct project
  • Is not reaching the Grafeas server

Also in the standalone setup, how Kritis know which project needs to use?

Any help will be appreciated. Thanks! cc @ooq @nenaddedic

closed time in a month

judavi

issue commentgrafeas/kritis

ImageSecurityPolicy Validation

Thanks @aysylu your tips were really helpful! I completed the setup for the imageSecurityPolicy successfully! I think now the only missing part is the fix that I proposed in https://github.com/grafeas/kritis/pull/460

judavi

comment created time in a month

push eventjudavi/kritis

Judavi

commit sha 0986ed074bc81b0f726317833c0265e0440f6939

Added Image Security Policy

view details

push time in a month

pull request commentgrafeas/kritis

Update securitypolicy.go

This difference on the name field is related to https://github.com/grafeas/kritis/issues/458

judavi

comment created time in a month

PR opened grafeas/kritis

Update securitypolicy.go

Following the convention of the other fields, this field should be maximumFixUnavailableSeverity. Also following the documentation from here resources.md the field should be maximumFixUnavailableSeverity

+1 -1

0 comment

1 changed file

pr created time in a month

push eventjudavi/kritis

Juan

commit sha e2f1cd8eaa76026eb6aff94634889a69624c85de

Update securitypolicy.go Following the convention of the other fields, this field should be maximumFixUnavailableSeverity. Also following the documentation from here [resources.md](https://github.com/grafeas/kritis/blob/71a1d2c56f1549e2e15512058e961ab932b8de85/docs/resources.md) the field should be maximumFixUnavailableSeverity

view details

push time in a month

create barnchjudavi/kritis

branch : image-security-policy

created branch time in a month

issue commentgrafeas/kritis

ImageSecurityPolicy Validation

The PACKAGE_VULNERABILITY is not an issue but occurrence needs to store the reference.uri with https, something like:

resource:
   uri:"https://gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a"
judavi

comment created time in a month

issue commentgrafeas/kritis

ImageSecurityPolicy Validation

Something else interesting is the Kind used for filtering is "PACKAGE_VULNERABILITY" https://github.com/grafeas/kritis/blob/71a1d2c56f1549e2e15512058e961ab932b8de85/pkg/kritis/metadata/grafeas/grafeas.go#L42 Should be VULNERABILITY instead?

judavi

comment created time in a month

issue commentgrafeas/kritis

ImageSecurityPolicy Validation

For future reference, the default project used when using Grafeas is Kritis https://github.com/grafeas/kritis/blob/71a1d2c56f1549e2e15512058e961ab932b8de85/pkg/kritis/metadata/grafeas/grafeas.go#L44

judavi

comment created time in a month

issue commentgrafeas/kritis

ImageSecurityPolicy Validation

I think I have a clue: The certificates for Grafeas are being generated here: https://github.com/grafeas/kritis/blob/15d2164bdd3e67136ab72378c6f3d704b9fe8a52/docs/standalone/setup_grafeas.sh#L27 But then at the moment of start the Kritis server new certificates are being generated: https://github.com/grafeas/kritis/blob/2dbd5ad002c974ec37e76bfba158e7f469852a8e/docs/standalone/setup_kritis.sh#L39 And are those certificates the ones that are being passed to Kritis : https://github.com/grafeas/kritis/blob/2dbd5ad002c974ec37e76bfba158e7f469852a8e/docs/standalone/setup_kritis.sh#L45

judavi

comment created time in a month

issue commentgrafeas/kritis

ImageSecurityPolicy Validation

Hi @aysylu thanks for the idea of checking the logs of Grafeas! Checking those logs I have found this:

2020/01/22 10:46:48 http: TLS handshake error from 10.240.0.35:33822: EOF
2020/01/22 10:46:49 http: TLS handshake error from 10.240.0.4:57940: EOF
2020/01/22 10:46:49 http: TLS handshake error from 10.240.0.35:50792: EOF
2020/01/22 10:46:52 http: TLS handshake error from 10.240.0.35:33894: EOF

And it continues with the same output... So now I'm thinking how Kritis is configuring the certificates needed to talk with the Grafeas server? The only reference to grafeas.pem is when the note/occurrence is being inserted search Grafeas.pem

judavi

comment created time in a month

issue commentgrafeas/kritis

Grafeas Project Integration

Thanks @aysylu so basically is a service account :) For future reference, this is the link to the message: https://groups.google.com/d/msg/grafeas-users/VLNVZOlZQ7Y/c-DnKBLJDAAJ

judavi

comment created time in a month

pull request commentgrafeas/kritis

Updated cron.go

Sure @ooq !

judavi

comment created time in a month

push eventjudavi/kritis

Juan

commit sha 08de309c211edff89473fc2e4899d0b698bb7333

update tutorial.md

view details

push time in a month

issue openedgrafeas/kritis

ImageSecurityPolicy Validation

Expected Behavior

The ImageSecurityPolicy should block any new pod that has vulnerabilities reported on Grafeas

Actual Behavior

I'm running the standalone example, but I'm enabling exclusively the ImageSecurityPolicy

➜  kubectl describe ImageSecurityPolicy my-isp

Name:         my-isp
Namespace:    default
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"kritis.grafeas.io/v1beta1","kind":"ImageSecurityPolicy","metadata":{"annotations":{},"name":"my-isp","namespace":"default"}...
API Version:  kritis.grafeas.io/v1beta1
Kind:         ImageSecurityPolicy
Metadata:
  Creation Timestamp:  2020-01-21T14:46:27Z
  Generation:          1
  Resource Version:    17991
  Self Link:           /apis/kritis.grafeas.io/v1beta1/namespaces/default/imagesecuritypolicies/my-isp
  UID:                 cdadd1b9-3c5c-11ea-bd76-6e9893f6ce69
Spec:
  Package Vulnerability Requirements:
    Maximum Severity:  BLOCK_ALL
Events:                <none>

My information in Grafeas looks like, so I have occurrences for the sha256 and for the tag (just in case, I'm still experimenting)

GET https://grafeas-server:443/v1beta1/projects/kritis/occurrences

{
    "occurrences": [
        {
            "name": "projects/kritis/occurrences/40b970ce-98a9-4423-a72a-8974a9b3534e",
            "resource": {
                "name": "",
                "uri": "gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a",
                "contentHash": null
            },
            "noteName": "projects/kritis/notes/CVE-2015-2730",
            "kind": "VULNERABILITY",
            "remediation": "",
            "createTime": "2020-01-21T14:30:15.437255449Z",
            "updateTime": "2020-01-21T14:30:15.437255449Z",
            "vulnerability": {
                "type": "",
                "severity": "MEDIUM",
                "cvssScore": 4.3,
                "packageIssue": [
                    {
                        "affectedLocation": {
                            "cpeUri": "cpe:/o:redhat:enterprise_linux:7",
                            "package": "imagemagick",
                            "version": {
                                "epoch": 8,
                                "name": "6.8.9.9",
                                "revision": "5+deb8u9",
                                "kind": "NORMAL"
                            }
                        },
                        "fixedLocation": {
                            "cpeUri": "cpe:/o:redhat:enterprise_linux:7",
                            "package": "imagemagick",
                            "version": {
                                "epoch": 0,
                                "name": "",
                                "revision": "",
                                "kind": "MAXIMUM"
                            }
                        },
                        "severityName": "LOW"
                    }
                ],
                "shortDescription": "CVE-2015-2730",
                "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "relatedUrls": [
                    {
                        "url": "",
                        "label": "More Info"
                    }
                ],
                "effectiveSeverity": "MEDIUM"
            }
        },
        {
            "name": "projects/kritis/occurrences/d68e75ea-29de-4be3-84b4-11f26fea7006",
            "resource": {
                "name": "",
                "uri": "gcr.io/kritis-tutorial/java-with-vulnz:latest",
                "contentHash": null
            },
            "noteName": "projects/kritis/notes/CVE-2015-2730",
            "kind": "VULNERABILITY",
            "remediation": "",
            "createTime": "2020-01-21T14:25:39.712067151Z",
            "updateTime": "2020-01-21T14:25:39.712067151Z",
            "vulnerability": {
                "type": "",
                "severity": "MEDIUM",
                "cvssScore": 4.3,
                "packageIssue": [
                    {
                        "affectedLocation": {
                            "cpeUri": "cpe:/o:redhat:enterprise_linux:7",
                            "package": "imagemagick",
                            "version": {
                                "epoch": 8,
                                "name": "6.8.9.9",
                                "revision": "5+deb8u9",
                                "kind": "NORMAL"
                            }
                        },
                        "fixedLocation": {
                            "cpeUri": "cpe:/o:redhat:enterprise_linux:7",
                            "package": "imagemagick",
                            "version": {
                                "epoch": 0,
                                "name": "",
                                "revision": "",
                                "kind": "MAXIMUM"
                            }
                        },
                        "severityName": "LOW"
                    }
                ],
                "shortDescription": "CVE-2015-2730",
                "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "relatedUrls": [
                    {
                        "url": "",
                        "label": "More Info"
                    }
                ],
                "effectiveSeverity": "MEDIUM"
            }
        }
    ],
    "nextPageToken": ""
}

And finally my pod:

apiVersion: v1
kind: Pod
metadata:
  name: java
spec:
  containers:
    - name: java
      image: gcr.io/kritis-tutorial/java-with-vulnz:latest
      image: gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a
      ports:
        - containerPort: 80

So when I use

kubectl apply -f pod.yaml

The cluster is accepting the Pod which means Kritis is not stopping the deployment, also when I check the logs:

standalone git:(helmv3-standalone) ✗ kubectl logs -l app=kritis-validation-hook

I0121 15:51:23.594298       1 admission.go:258] Reviewing images for &Pod{ObjectMeta:k8s_io_apimachinery_pkg_apis_meta_v1.ObjectMeta{Name:java,GenerateName:,Namespace:default,SelfLink:,UID:e003b647-3c65-11ea-bd76-6e9893f6ce69,ResourceVersion:,Generation:0,CreationTimestamp:2020-01-21 15:51:23 +0000 UTC,DeletionTimestamp:<nil>,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"java","namespace":"default"},"spec":{"containers":[{"image":"gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a","name":"java","ports":[{"containerPort":80}]}]}}
,},OwnerReferences:[],Finalizers:[],ClusterName:,Initializers:nil,},Spec:PodSpec{Volumes:[{default-token-kqflw {nil nil nil nil nil SecretVolumeSource{SecretName:default-token-kqflw,Items:[],DefaultMode:nil,Optional:nil,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}}],Containers:[{java gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a [] []  [{ 0 80 TCP }] [] [] {map[] map[]} [{default-token-kqflw true /var/run/secrets/kubernetes.io/serviceaccount  <nil>}] [] nil nil nil /dev/termination-log File IfNotPresent nil false false false}],RestartPolicy:Always,TerminationGracePeriodSeconds:*30,ActiveDeadlineSeconds:nil,DNSPolicy:ClusterFirst,NodeSelector:map[string]string{},ServiceAccountName:default,DeprecatedServiceAccount:default,NodeName:,HostNetwork:false,HostPID:false,HostIPC:false,SecurityContext:&PodSecurityContext{SELinuxOptions:nil,RunAsUser:nil,RunAsNonRoot:nil,SupplementalGroups:[],FSGroup:nil,RunAsGroup:nil,Sysctls:[],},ImagePullSecrets:[],Hostname:,Subdomain:,Affinity:nil,SchedulerName:default-scheduler,InitContainers:[],AutomountServiceAccountToken:nil,Tolerations:[{node.kubernetes.io/not-ready Exists  NoExecute 0xc0003c27d0} {node.kubernetes.io/unreachable Exists  NoExecute 0xc0003c27f0}],HostAliases:[],PriorityClassName:,Priority:*0,DNSConfig:nil,ShareProcessNamespace:nil,ReadinessGates:[],},Status:PodStatus{Phase:Pending,Conditions:[],Message:,Reason:,HostIP:,PodIP:,StartTime:<nil>,ContainerStatuses:[],QOSClass:BestEffort,InitContainerStatuses:[],NominatedNodeName:,},} in namespace default: [gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a]
I0121 15:51:23.599125       1 admission.go:267] No Generic Attestation Policies found in namespace default
I0121 15:51:23.602680       1 admission.go:283] Found 1 ISPs to review image against
I0121 15:51:23.603076       1 review.go:105] Validating against ImageSecurityPolicy my-isp
I0121 15:51:23.603091       1 review.go:112] Check if gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a has valid Attestations.
I0121 15:51:23.603098       1 strategy.go:49] Handling attestation via LoggingStrategy
I0121 15:51:23.603102       1 strategy.go:53] No valid attestations found for image gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a. Proceeding with next checks
I0121 15:51:23.603106       1 review.go:124] Getting vulnz for gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a
I0121 15:51:23.612961       1 review.go:137] Found no violations for gcr.io/kritis-tutorial/java-with-vulnz@sha256:358687cfd3ec8e1dfeb2bf51b5110e4e16f6df71f64fba01986f720b2fcba68a within ISP my-isp

Is there any way to validate which API call Kritis is doing? Because I have some ideas of why is not working:

  • Is not using the correct project
  • Is not reaching the Grafeas server

Any help will be appreciated. Thanks!

created time in a month

PR opened grafeas/kritis

Updated cron.go

Fixed small typo. It should pod instead of po

+1 -1

0 comment

1 changed file

pr created time in a month

push eventjudavi/kritis

Juan

commit sha 63ea960814daa0054e8d73e9876431d997a4f749

Updated cron.go Fixed small typo. It should pod instead of po

view details

push time in a month

create barnchjudavi/kritis

branch : fix-small-cron-typo

created branch time in a month

create barnchjudavi/kritis

branch : helmv3-standalone

created branch time in a month

issue commentgrafeas/kritis

Grafeas Project Integration

Using the last helm chart (0.2.1) I'm getting better results. Now, there is only one thing that is not clear for me and it's the role of gac.json. In an installation out of GC what should be that secret? for what should be replaced? cc @aysylu @nenaddedic

judavi

comment created time in a month

issue commentgrafeas/grafeas

Filtering feature probably is not working on v1beta1

Hi @aysylu, yes, I'll be happy to check this. Also, I think this proposal could be helpful to tackle filtering in the future: https://groups.google.com/forum/#!topic/grafeas-dev/633z2VFfSeQ I did something similar on the Oracle implementation and has been really helpful https://github.com/judavi/grafeas-oracle/blob/ab721cff62667bb87d6977042c4e98e0f05510be/go/v1beta1/storage/queries.go#L23 Please could you provide some feedback?

cc @vtsao @skelterjohn

judavi

comment created time in a month

fork judavi/kritis

Deploy-time Policy Enforcer for Kubernetes applications

https://github.com/grafeas/kritis/blob/master/docs/binary-authorization.md

fork in a month

issue commentin-toto/demo

Error running Demo

@lukpueh thank you! you suggestion fixed the issue!

judavi

comment created time in a month

issue openedin-toto/demo

Error running Demo

Hello!! I'm trying to follow the demo. I'm running the demo on a clean CentOS machine. I installed virtualenvwrapper and followed each step. But when I reach the step to create the layout I'm getting:

[judavi@grafeas owner_alice]$ python create_layout.py 
Traceback (most recent call last):
  File "create_layout.py", line 1, in <module>
    from in_toto.util import import_rsa_key_from_file
  File "/usr/lib/python2.7/site-packages/in_toto/util.py", line 12, in <module>
    import securesystemslib.gpg.functions
  File "/usr/lib/python2.7/site-packages/securesystemslib/gpg/functions.py", line 21, in <module>
    import securesystemslib.gpg.common
  File "/usr/lib/python2.7/site-packages/securesystemslib/gpg/common.py", line 25, in <module>
    import securesystemslib.gpg.util
  File "/usr/lib/python2.7/site-packages/securesystemslib/gpg/util.py", line 28, in <module>
    import securesystemslib.process
  File "/usr/lib/python2.7/site-packages/securesystemslib/process.py", line 42, in <module>
    DEVNULL = subprocess.DEVNULL
AttributeError: 'module' object has no attribute 'DEVNULL'

Please, could you advise what I'm missing? Thanks!

[judavi@grafeas owner_alice]$ openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017
[judavi@grafeas owner_alice]$ python --version
Python 2.7.5
[judavi@grafeas owner_alice]$ gpg --version
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ?, ?, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

created time in 2 months

pull request commentgrafeas/grafeas

Add in-toto attestations to Grafeas

@adityasaky I'm wondering a couple of things:

  1. Why not store the .links (https://github.com/in-toto/docs/blob/v0.9/in-toto-spec.md#44-file-formats-namekeyid-prefixlink) as occurrences? The note names should be unique and the occurrences are instances of a note and in this case, the note could be the specific step from the layout. Also, I'm imaging the scenario where you execute your pipeline. On every build, you will execute the same step (note) on each execution and then you will have multiple instances of that step (occurrences/.links). Also if you need to query you will see all the occurrences for the specific step under the note.
  2. Is the layout from in-toto also considered to be stored in Grafeas?
adityasaky

comment created time in 2 months

pull request commentgrafeas/grafeas

Add in-toto attestations to Grafeas

@skelterjohn @adityasaky I'll happy to help if something else is needed for complete this integration. I'll love to see in-toto working with Grafeas!

adityasaky

comment created time in 2 months

issue commentgrafeas/kritis

Grafeas Project Integration

@nenaddedic that sounds promising! I'll try that and I'll post my updates. Thanks for the clue!

judavi

comment created time in 2 months

issue commentgrafeas/kritis

Kubernetes 1.16 support

Actually, I doubled checked and I'm running 1.14 and I'm having the same issue, so in some point between 1.9 and 1.14 the helm chart stopped working

gmathes

comment created time in 2 months

issue commentgrafeas/kritis

Kubernetes 1.16 support

@gmathes would you mind to share what kind of changes you need to apply to make it work? I'm struggling to understand what are the errors : https://github.com/grafeas/kritis/issues/428#issuecomment-570559290

gmathes

comment created time in 2 months

issue commentgrafeas/kritis

Grafeas Project Integration

Thanks @aysylu for your response! Now I'm wondering if there is a restriction on the K8s/Helm version? I'm executing the Helm chart and I'm getting the next error:


azureuser@Azure:~/kritis/docs/standalone$ helm install  kritis https://storage.googleapis.com/kritis-charts/repository/kritis-charts-0.2.0.tgz --set certificates.ca="$(cat ca.crt)" --set certificates.cert="$(cat kritis.crt)" --set certificates.key="$(cat kritis.key)" --debug

install.go:148: [debug] Original chart version: ""

install.go:165: [debug] CHART PATH: /home/azureuser/.cache/helm/repository/kritis-charts-0.2.0.tgz

Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(ClusterRole.metadata): unknown field "kritis.grafeas.io/install" in io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta

helm.go:76: [debug] error validating "": error validating data: ValidationError(ClusterRole.metadata): unknown field "kritis.grafeas.io/install" in io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta

I sorted commenting the label in https://github.com/grafeas/kritis/blob/master/kritis-charts/templates/rbac.yaml#L30

But after that the kritis-preinstall pod is failing :

azureuser@Azure:~$ kubectl logs kritis-preinstall
time="2020-01-03T11:43:31Z" level=info msg="contents of /var/run/secrets/kubernetes.io/serviceaccount/namespace: default"
time="2020-01-03T11:43:31Z" level=info msg="running preinstall\nversion v0.2.0\ncommit: 78748a211e58d778f80fa8d116909e8425114913"
Error from server (NotFound): certificatesigningrequests.certificates.k8s.io "tls-webhook-secret-cert" not found
Error from server (NotFound): secrets "tls-webhook-secret" not found
time="2020-01-03T11:43:33Z" level=info msg="[cfssl genkey -]"
time="2020-01-03T11:43:33Z" level=info msg="{\"csr\":\"-----BEGIN CERTIFICATE REQUEST-----\\nMIICFjCCAbwCAQAwADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABM7WJghLeHVP\\nObzhyq+bGi+6C9wKgGesX1I4nTUijrQHb4lmPMW1UxabGbzd0iFJXnqYvb1c9KG5\\n/pDa0lAAFt6gggFYMIIBVAYJKoZIhvcNAQkOMYIBRTCCAUEwggE9BgNVHREEggE0\\nMIIBMIIWa3JpdGlzLXZhbGlkYXRpb24taG9va4Iia3JpdGlzLXZhbGlkYXRpb24t\\naG9vay5rdWJlLXN5c3RlbYIea3JpdGlzLXZhbGlkYXRpb24taG9vay5kZWZhdWx0\\ngiJrcml0aXMtdmFsaWRhdGlvbi1ob29rLmRlZmF1bHQuc3ZjgiJrcml0aXMtdmFs\\naWRhdGlvbi1ob29rLWRlcGxveW1lbnRzgi5rcml0aXMtdmFsaWRhdGlvbi1ob29r\\nLWRlcGxveW1lbnRzLmt1YmUtc3lzdGVtgiprcml0aXMtdmFsaWRhdGlvbi1ob29r\\nLWRlcGxveW1lbnRzLmRlZmF1bHSCLmtyaXRpcy12YWxpZGF0aW9uLWhvb2stZGVw\\nbG95bWVudHMuZGVmYXVsdC5zdmMwCgYIKoZIzj0EAwIDSAAwRQIgIU12J5JFoYMp\\n7dqltlHh4dF5pjNzz2/GTih+mkW8StUCIQDILY9p+2ar7f2gByx+vDF9rN3AHWJ6\\nOfDQajRrBWN+WQ==\\n-----END CERTIFICATE REQUEST-----\\n\",\"key\":\"-----BEGIN EC PRIVATE KEY-----\\nMHcCAQEEIAQYeS/+Dr/F7k5HJF0k9/imHO1GitKZ0O7lKfsMz9xMoAoGCCqGSM49\\nAwEHoUQDQgAEztYmCEt4dU85vOHKr5saL7oL3AqAZ6xfUjidNSKOtAdviWY8xbVT\\nFpsZvN3SIUleepi9vVz0obn+kNrSUAAW3g==\\n-----END EC PRIVATE KEY-----\\n\"}\n"
time="2020-01-03T11:43:33Z" level=info msg="[cfssljson -bare server]"
time="2020-01-03T11:43:33Z" level=info
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
    name: tls-webhook-secret-cert
    labels:
        kritis.grafeas.io/install: ""
spec:
    groups:
    - system:authenticated
    request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ0ZqQ0NBYndDQVFBd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJNN1dKZ2hMZUhWUApPYnpoeXErYkdpKzZDOXdLZ0dlc1gxSTRuVFVpanJRSGI0bG1QTVcxVXhhYkdiemQwaUZKWG5xWXZiMWM5S0c1Ci9wRGEwbEFBRnQ2Z2dnRllNSUlCVkFZSktvWklodmNOQVFrT01ZSUJSVENDQVVFd2dnRTlCZ05WSFJFRWdnRTAKTUlJQk1JSVdhM0pwZEdsekxYWmhiR2xrWVhScGIyNHRhRzl2YTRJaWEzSnBkR2x6TFhaaGJHbGtZWFJwYjI0dAphRzl2YXk1cmRXSmxMWE41YzNSbGJZSWVhM0pwZEdsekxYWmhiR2xrWVhScGIyNHRhRzl2YXk1a1pXWmhkV3gwCmdpSnJjbWwwYVhNdGRtRnNhV1JoZEdsdmJpMW9iMjlyTG1SbFptRjFiSFF1YzNaamdpSnJjbWwwYVhNdGRtRnMKYVdSaGRHbHZiaTFvYjI5ckxXUmxjR3h2ZVcxbGJuUnpnaTVyY21sMGFYTXRkbUZzYVdSaGRHbHZiaTFvYjI5cgpMV1JsY0d4dmVXMWxiblJ6TG10MVltVXRjM2x6ZEdWdGdpcHJjbWwwYVhNdGRtRnNhV1JoZEdsdmJpMW9iMjlyCkxXUmxjR3h2ZVcxbGJuUnpMbVJsWm1GMWJIU0NMbXR5YVhScGN5MTJZV3hwWkdGMGFXOXVMV2h2YjJzdFpHVncKYkc5NWJXVnVkSE11WkdWbVlYVnNkQzV6ZG1Nd0NnWUlLb1pJemowRUF3SURTQUF3UlFJZ0lVMTJKNUpGb1lNcAo3ZHFsdGxIaDRkRjVwak56ejIvR1RpaCtta1c4U3RVQ0lRRElMWTlwKzJhcjdmMmdCeXgrdkRGOXJOM0FIV0o2Ck9mRFFhalJyQldOK1dRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
    usages:
    - digital signature
    - key encipherment
    - server auth
time="2020-01-03T11:43:33Z" level=info msg="[kubectl apply -f -]"
time="2020-01-03T11:43:33Z" level=info
time="2020-01-03T11:43:33Z" level=error msg="error: SchemaError(io.k8s.api.core.v1.PodDNSConfig): invalid object doesn't have additional properties\n"
time="2020-01-03T11:43:33Z" level=fatal msg="exit status 1"

So my assumption is that I need to pass something additional because :

Error from server (NotFound): certificatesigningrequests.certificates.k8s.io "tls-webhook-secret-cert" not found

I will appreciate any advice. Thanks!

judavi

comment created time in 2 months

issue openedgrafeas/kritis

Grafeas Project Integration

Hello Kritis team,

I have been following the installation instructions and I notice at this point Kritis is only compatible GCP (https://github.com/grafeas/kritis/blob/master/docs/install.md) so I'm wondering what are the plans for the integration with Grafeas? In case some work needs to be done I'll be happy to help, but first I want to have an idea of the current status and plans for this integration. Thanks!

CC @aysylu @ooq @vtsao

created time in 2 months

Pull request review commentgrafeas/grafeas

Add oracle storage mention

 creating notes and occurrences in Grafeas. There are client libraries available * The authoritative API for grafeas is the [protobuf files](https://github.com/Grafeas/Grafeas/tree/master/proto/v1beta1). +## Storage++Grafeas could support different storages:

Done!

judavi

comment created time in 2 months

Pull request review commentgrafeas/grafeas

Add oracle storage mention

 creating notes and occurrences in Grafeas. There are client libraries available * The authoritative API for grafeas is the [protobuf files](https://github.com/Grafeas/Grafeas/tree/master/proto/v1beta1). +## Storage

Done!

judavi

comment created time in 2 months

push eventjudavi/grafeas

Judavi

commit sha 0ff8afdf6a3e2e5d34ef8f7edd64a64944fd751b

Updated Readme Updated Readme following the recommendation of rephrase the Storage section

view details

push time in 2 months

issue openedgrafeas/grafeas

What is a good note/occurrence for test results?

Hi @aysylu, Hi @vtsao I have been searching on which kind of note/occurrence could be a good candidate to store test execution results, however, I haven't found anything that could fit in the test results area. I'm using this document as reference: https://cloud.google.com/container-registry/docs/reference/rest/v1beta1/projects.notes

What is your recommendation for that kind of metadata? or should I propose a new proto for this use case? Thanks for the help.

created time in 3 months

PR opened grafeas/grafeas

Add oracle storage

Added the mention to the Oracle implementation. This will close https://github.com/grafeas/grafeas/issues/403

+8 -0

0 comment

1 changed file

pr created time in 3 months

push eventjudavi/grafeas

Judavi

commit sha 5014585c8cd9476c6e227cefa2b7029750c5f5fe

Updated Readme Updated readme to add Oracle storage

view details

push time in 3 months

create barnchjudavi/grafeas

branch : add-oracle-storage

created branch time in 3 months

issue openedtypeorm/typeorm

Column names should not be escaped for Oracle

Issue type:

[ ] question

[X ] bug report

[ ] feature request

[ ] documentation issue

Database system/driver:

[ ] cordova

[ ] mongodb

[ ] mssql

[ ] mysql / mariadb

[X ] oracle

[ ] postgres

[ ] cockroachdb

[ ] sqlite

[ ] sqljs

[ ] react-native

[ ] expo

TypeORM version:

[X ] latest

[ ] @next

[ ] 0.x.x (or put your version here)

Steps to reproduce or a small repository showing the problem:

Having a simple view like:


create table NOTES

(

    NOTE_NAME    VARCHAR2(3000) not null

)

And an entity like:


import {ViewEntity, ViewColumn} from "typeorm";

 

@ViewEntity({

    expression: `

      SELECT NOTE_NAME FROM NOTES WHERE PROJECT_NAME = 'twistlock'

    `,

    materialized: false,

    name: "TNOTES"

})

export class Tnotes {

 

    @ViewColumn()

    note_name!: string;

 

}

And a simple query:


connection.getRepository(Tnotes).find();

TypeOrm will fail with the next error:


query: SELECT "Tnotes"."note_name" AS "Tnotes_note_name" FROM "TNOTES" "Tnotes"

PlatformTools.ts:222

query failed: SELECT "Tnotes"."note_name" AS "Tnotes_note_name" FROM "TNOTES" "Tnotes"

PlatformTools.ts:226

error:

PlatformTools.ts:226

Error: ORA-00904: "Tnotes"."note_name": invalid identifier

The query should be


SELECT "Tnotes".note_name AS "Tnotes_note_name" FROM "TNOTES" "Tnotes"

In case you need an Oracle DB for testing:


docker run -d -p 8080:8080 -p 1521:1521 quay.io/maksymbilenko/oracle-12c

 

"type": "oracle",

        "host": "localhost",

        "port": 1521,

        "username": "system",

        "password": "oracle",

        "sid": "xe",

Thanks for the help!

created time in 3 months

created tagjudavi/grafeas-oracle

tagv0.1.2

Oracle integration for Grafeas

created time in 3 months

release judavi/grafeas-oracle

v0.1.2

released time in 3 months

create barnchjudavi/grafeas

branch : ccc-experimental

created branch time in 3 months

push eventjudavi/grafeas-oracle

Juan David Gomez

commit sha 8582b446d57eb4aea0fe910f957ee2da209f3b76

Use data field as JSON

view details

Juan

commit sha ab721cff62667bb87d6977042c4e98e0f05510be

Merge pull request #1 from judavi/data-json-field Use data field as JSON

view details

push time in 3 months

PR merged judavi/grafeas-oracle

Use data field as JSON

Adding JSON validation to the data field so if it is necessary to query information from the data fields will be easier.

+23 -12

0 comment

2 changed files

judavi

pr closed time in 3 months

PR opened judavi/grafeas-oracle

Use data field as JSON
+23 -12

0 comment

2 changed files

pr created time in 3 months

create barnchjudavi/grafeas-oracle

branch : data-json-field

created branch time in 3 months

startedMaksymBilenko/docker-oracle-12c

started time in 3 months

created tagjudavi/grafeas-oracle

tagv0.1-alpha

Oracle integration for Grafeas

created time in 3 months

release judavi/grafeas-oracle

v0.1-alpha

released time in 3 months

created tagjudavi/grafeas

tag0.1.5

Artifact Metadata API

created time in 3 months

release judavi/grafeas

0.1.5

released time in 3 months

PR closed grafeas/grafeas-pgsql

Move pgsql (dont' merge yet)

This is related to https://github.com/grafeas/grafeas/issues/341

@aysylu On this PR I also moved queries.go because it belongs to pgsql too. I think I'm close to having this working I'm just having an issue with the ptypes references that I'm not sure how to fix it. I'll appreciate your advice on what I could do to make it work. Thanks! Captura de pantalla 2019-08-15 a la(s) 10 18 15 a  m

+1155 -5

1 comment

4 changed files

judavi

pr closed time in 3 months

issue commentgrafeas/grafeas

Move PostgreSQL storage implementation to `grafeas-pgsql`

I can resume the work on this issue based on the experience that I got working on Grafeas-oracle

aysylu

comment created time in 3 months

issue openedgrafeas/grafeas

Support Oracle 11g as storage backend

Hello @aysylu @vtsao ! I'm not sure how to propose this change so I decided to go with an issue in the repo. I completed an implementation of Grafeas using Oracle 11G as the storage backend grafeas-oracle What do you prefer for these custom implementations? I'm cool moving my repo under Grafeas or adding a link from the principal project. What do you think? Thanks!

created time in 3 months

push eventjudavi/grafeas-oracle

Juan

commit sha 9498a5a9f0d8eccb37145953a5225c3cd7017276

Update README.md

view details

push time in 3 months

push eventjudavi/grafeas-oracle

Judavi

commit sha 363baee3483c3539435f3a656ccf92dfac45baac

Update in Readme.md about compose

view details

push time in 3 months

push eventjudavi/grafeas-oracle

Judavi

commit sha 113a997cca499a54519b5d72c60fd7e45c2360d0

Fixed Oracle Seq

view details

push time in 3 months

push eventjudavi/grafeas-oracle

Judavi

commit sha 84b950d39e88bcc01964545b006603cb0828359a

Use Oracle Image

view details

push time in 3 months

push eventjudavi/grafeas-oracle

Judavi

commit sha 164ec34bd17d87b490354e0f2e34b2d153426ea0

Change build

view details

push time in 3 months

push eventjudavi/grafeas-oracle

Judavi

commit sha 0eb2b4b2dcfabed8750b02acd861a4fac29d1537

Fixed Dockerfile

view details

push time in 3 months

push eventjudavi/grafeas

Judavi

commit sha 04bb9a8547ff511799de661c4271d91c30201dc9

Fix update notes and occurrences The parameters needs to be in order to make it work

view details

Aysylu Greenberg

commit sha 7c27e7c19d535fecde2dfe6918265b7f893803d0

Merge pull request #402 from judavi/updates-fix-occurrences-notes Update occurrences and notes

view details

Juan

commit sha 4a2c393da9c08594671ad9e04d8de78ab16aa5a7

Merge pull request #4 from grafeas/master Merge from base master

view details

push time in 3 months

PR merged judavi/grafeas

Merge from base master
+4 -4

0 comment

2 changed files

judavi

pr closed time in 3 months

PR opened judavi/grafeas

Merge from base master
+4 -4

0 comment

2 changed files

pr created time in 3 months

push eventjudavi/grafeas-oracle

Judavi

commit sha a03235d1d69598c6100e94289b576f6d65605f41

Fixed Dockerfile

view details

push time in 3 months

push eventjudavi/grafeas-oracle

Judavi

commit sha 2c482ff12865a9d750fabab345086e73931e1af0

Fix Makefile

view details

push time in 3 months

PR opened grafeas/grafeas

Updates occurrences and notes

Hello @aysylu I'm submitting this fix because the parameters needs to be in order otherwise the note and the occurrence will not be updated. Thanks!

+4 -4

0 comment

2 changed files

pr created time in 3 months

create barnchjudavi/grafeas

branch : updates-fix-occurrences-notes

created branch time in 3 months

push eventjudavi/grafeas-oracle

Judavi

commit sha 63765a9ba45b20f2ea15f062e9bd7dad20c2182b

Fix Makefile

view details

Judavi

commit sha ed0f51829056acfc090ea458297a5a66825ea914

Merge branch 'master' of https://github.com/judavi/grafeas-oracle

view details

push time in 3 months

push eventjudavi/grafeas-oracle

Juan

commit sha 599807a6448bc9afec2ec8b03a6d36572e2b711b

Create main.yml

view details

push time in 3 months

push eventjudavi/grafeas-oracle

Juan

commit sha ad98d07a066aad514b998b71f10dd9fd3f4190dc

added build.yaml

view details

push time in 3 months

push eventjudavi/grafeas-oracle

Judavi

commit sha e87f5379928a973258f388b25c7ee048017ea43d

Refactored Table creation For some reason Oracle doesn't accept the creation of all the tables in one hit. It complains even for the ; separator of each query. So I decided to split each operation :(. But fortunately it works!!

view details

push time in 3 months

push eventjudavi/grafeas-oracle

Judavi

commit sha b63a81b481a855f9af28853e24c2402d38f9422b

Query complete

view details

push time in 3 months

push eventjudavi/grafeas-oracle

Judavi

commit sha 2a4c37f9cb8dda4e3e50b682f557cbf6ed354965

Implemented methods

view details

push time in 3 months

push eventjudavi/grafeas-oracle

Judavi

commit sha d331853a4827ac6cfb45e72b11ad452da170a00b

First commit

view details

push time in 3 months

create barnchjudavi/grafeas-oracle

branch : master

created branch time in 3 months

created repositoryjudavi/grafeas-oracle

Oracle integration for Grafeas

created time in 3 months

push eventjudavi/grafeas-mongodb

Judavi

commit sha 46685fe8511f1dd1e15ad1aaf000eb179cfb3940

Partially implemented

view details

push time in 3 months

push eventjudavi/grafeas-mongodb

Juan

commit sha b2a2ce5d70c1e3dcba3e6b3aa0fd615c3cdac3a8

Added Github Action

view details

push time in 3 months

create barnchjudavi/grafeas-mongodb

branch : master

created branch time in 3 months

created repositoryjudavi/grafeas-mongodb

MongoDb integration for Grafeas

created time in 3 months

push eventjudavi/grafeas

Judavi

commit sha 04621d5bf00bc569f021271043c4f5879d5fd073

go-generate support OS X Fix to address OS X Protobuf compiler download #393

view details

Judavi

commit sha eae8cf7ffa9e203b4c911ac2124c262490d90f63

Updated server.go This will address the issue from #389

view details

Aysylu Greenberg

commit sha cb4b2e27ff4a621b16377298a202b2139efac9b2

Merge pull request #394 from judavi/multiplatform-compiler-download Multiplatform Protobuf compiler download

view details

Aysylu Greenberg

commit sha ce9f3ee1cc2afcd9cfdbfdf37c4acf1e3b02a289

Merge branch 'master' into Rest-fix

view details

aalsabag

commit sha 9fd384730a7dd7e3428aa932bafc1f8c500929af

Ill-formed json regarding issue #396

view details

Vincent

commit sha fe7755b34c961a48d56f55fb57bc191455c6168f

Merge pull request #397 from aalsabag/fixDocumentation Ill-formed json regarding issue #396

view details

Aysylu Greenberg

commit sha c0eb9341781277458b881a1790f32f40898eb813

Merge branch 'master' into Rest-fix

view details

Aysylu Greenberg

commit sha 1becf47b24227b50ac1daa1bd55e4dd4e40ec74e

Merge pull request #395 from judavi/Rest-fix Rest endpoint fix

view details

Aysylu Greenberg

commit sha 00423fd4dfc7b575fd44224327879710a3e2ecbe

checked in v1beta1 go generated protos

view details

Aysylu Greenberg

commit sha 3acd293c620a1079f4ddabfe787dd61fda4590c3

Merge pull request #398 from aysylu/master Checked in v1beta1 go generated protos

view details

Aysylu Greenberg

commit sha 0fc7f6ebb9a5ece81ea9071f0786d92d7042cd85

v0.1.4 release

view details

Aysylu Greenberg

commit sha c5257337b0b4174c142aa9793c52e738a7c329f7

Merge pull request #399 from aysylu/master v0.1.4 release

view details

Vincent Tsao

commit sha c147ef1f8f7a351a16e3414610a6cffee01b20a8

Effective severity should be output only.

view details

Aysylu Greenberg

commit sha d29519873b2283ace6895e7f866fdf2f751d2147

Merge pull request #400 from grafeas/s Effective severity should be output only.

view details

Vincent Tsao

commit sha 21cdb65962bde895e5b5f7f85c85dad6872455cc

Reverting output only comment on effective severity for now.

view details

Aysylu Greenberg

commit sha c1485d9336bd52a00060d26bfc4b9f4cf58d15cd

Merge pull request #401 from grafeas/s2 Reverting output only comment on effective severity for now.

view details

Juan

commit sha 8ab5b883308fe4bd3d4862b9d2d10c91a346c8d9

Merge pull request #3 from grafeas/master Merge from master

view details

push time in 3 months

PR merged judavi/grafeas

Merge from master
+9206 -13

0 comment

24 changed files

judavi

pr closed time in 3 months

PR opened judavi/grafeas

Merge from master
+9206 -13

0 comment

24 changed files

pr created time in 3 months

pull request commentgrafeas/grafeas

Rest endpoint fix

Hi @aysylu ! I took inspiration from this answer https://github.com/grpc-ecosystem/grpc-gateway/issues/727#issuecomment-413715690 and one of the comments "Without tls all works fine with cmux, i can connect without certs to grpc server and do some rest requests, but with tls enabled I'm always have timeouts"

judavi

comment created time in 4 months

PR opened grafeas/grafeas

Rest endpoint fix

Hello @aysylu ! This will address the issue from #389 :)

+2 -2

0 comment

1 changed file

pr created time in 4 months

create barnchjudavi/grafeas

branch : Rest-fix

created branch time in 4 months

issue commentgrpc-ecosystem/grpc-gateway

how to do tls auth in grpc+grpc-gateway

@vtolstov thanks!! your example helped me to solve an issue!!

vtolstov

comment created time in 4 months

more