containersolutions / argus Goto Github PK
View Code? Open in Web Editor NEWCompliance Overseer. Project argus helps to bring transparency and observability for cloud compliance.
License: Other
Compliance Overseer. Project argus helps to bring transparency and observability for cloud compliance.
License: Other
Metrics should contain TotalAttestations and PassedAttestations. Should contain labels
argus.io/resource
argus.io/requirement
argus.io/implementation
List potential solutions that could solve the WebApp use case.
Resource Attestation should emit controller metrics on whether that specific attestation is a success or a failure.
The metric should be labeled leveraging the following set of labels available on the ResourceAttestation Manifest:
argus.io/resource
argus.io/requirement
argus.io/implementation
argus.io/attestation
We need to have some common definition of all of the 7(8 or 9?) CRDs before starting to actually touch the controllers
scheduling service might not be done independently, and instead be part of the runtime engine (see ADR #x)
This issue serves as control group so that we have a better idea about what exists and how things can be done without Argus.
This use case is composed of the following statements:
Requirement:
Implementation:
Attestation:
Resources:
The existing solution(s) shall evaluate the Attestation for both Resources and verify that Webapp1 is compliant, while Webapp2 is not compliant.
Implementations Controller
ResourceImplementation Controller
These controllers can be implemented as long as resource CRD already exists. They should be fairly simple as they only need to query other CRDs and summarize information.
Has a dependency on ResourceAttestation.
List potential solutions that could solve the AWS Account use case.
Argus must be able to run a custom command to verify if a given attestation is valid.
Argus must support commands to succeed (e.g. running conftest on a terraform definition should pass) or to fail (e.g. deploying a non-compliant resource that should be blocked) as ways to attestate a given Implementation
Command line attestation might be useful for debugging purposes, but may not be essential. If the implementations focus on e.g. a web server, a job despatching / running the attestations should be enough.
ResourceRequirement metrics should be based on NeededImplementations TotalImplementations and ValidImplementations. It should emit the metric with the following labels:
argus.io/resource
argus.io/requirement
formation logic:
NeededImplementations = number of implementations that are described on the Requirement spec
TotalImplementations = number of ResourceImplementations bound to this Requirement (i.e. how many things were said to be implemented)
ValidImplementations = number of Implementations which had their Attestation check passing.
This use case is composed of the following statements:
Requirement:
Implementation:
Attestation:
Resources:
Argus shall evaluate the Attestation for both Resources and verify that AWS 1 is compliant, while AWS 2 is not compliant.
Implementations must be linked to a resource and a specific requirement. The implementation must be the object that represents that a given requirement has been considered and thought of for a given resource.
Requirements that are not applicable for a given resource (e.g. there is no way to configure it) must still have a noOp implementation, or equivalent.
Implementations Must allow for Attestations to be bound there, so Argus can confirm that the given implementation is backed by an artifact.
The runtime registry service might not be done, as depending if the event bus is going to be behind the gateway api or not (see ADR #x). If it is behind the gateway API, there is no point of having a registry service for runtime instances.
As part of Argus, users should be able to register requirements that can then be used to target whatever resource Argus is overseeing.
Users must be able to specify requirements. Argus must properly handle requirement versioning, e.g. by using a git source.
Requirements should be compatible with industry standard requirements.
This use case is composed of the following statements:
Requirement:
Implementation:
Attestation:
Resources:
Argus shall evaluate the Attestation for both Resources and verify that Webapp1 is compliant, while Webapp2 is not compliant.
Test existing solutions.
Solutions to test/tested:
template:
Name - what will focus.
Write short report on the conclusions about each solution.
Report to write/written:
This use case is composed of the following statements:
Requirement:
Implementation:
Attestation:
Resources:
Argus shall evaluate the Attestation for both Resources and verify that Cluster 1 is compliant, while Cluster 2 is not compliant.
Network Attestation provider should work by making http/REST calls to a configurable endpoint.
Resources are objects that Argus monitors. Each resource should have properties to indicate what are the categories they refer to, in order to link them back to which requirements actually apply to those resources.
Resource must be linkable to parent resources, as a way to inherit implementations from the parent resource as well.
Repository will store ADRs, issues, and general project documentation.
This issue serves as control group so that we have a better idea about what exists and how things can be done without Argus.
This use case is composed of the following statements:
Requirement:
Implementation:
Attestation:
Resources:
The existing solution(s) shall evaluate the Attestation for both Resources and verify that Cluster 1 is compliant, while Cluster 2 is not compliant.
Requirements Controller
ResourceRequirements Controller
these ones are fairly easy to implement as long as Resource CRD are defined. Has a dependency on ResourceImplementation
List potential solutions that could solve the Kubernetes use case.
Write short report on the conclusions about each solution.
Report to write/written:
Attestations Controller
ResourceAttestations Controller
These two controllers can be implemented easily as long as Resource and Implementation CRDs are defined.
A tricky bit for this specific Controller is that it should allow from start the usage of AttestationProvider, which needs to be defined by (most likely) another CRD (AttestationProviderClass)?
For starters we can have a AttestationProviderClass which is just a webhook call, with the webhook parameters defined on the class.
Resource Metrics should be generated based on TotalRequirements and ImplementedRequirements field.
It should be labeled with the following label:
argus.io/resource
Test existing solutions.
Solutions to test/tested:
grafana and prometheus operator should be installed by a make deploy.metrics
command
Test existing solutions.
Solutions to test/tested:
This issue serves as control group so that we have a better idea about what exists and how things can be done without Argus.
This use case is composed of the following statements:
Requirement:
Implementation:
Attestation:
Resources:
The existing solution(s) shall evaluate the Attestation for both Resources and verify that AWS 1 is compliant, while AWS 2 is not compliant.
Resource Controller should :
Probably one of the last controllers that we will implement
Write short report on the conclusions about each solution.
Report to write/written:
Argus must be able to verify implementations through verification of Test artifacts available on Github.
Argus should be able to read the test artifact manifest and query for a specific test case to verify if that specific test case has passed or not.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.