-
Notifications
You must be signed in to change notification settings - Fork 471
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhance syntax to support whitelisted resources #38
Comments
Can you give a few examples using the current goss JSON structure on how this would look like. I'm having a hard time visualizing where this will fit. |
This is possibly dependent on #31 |
Syntax is the tricky part. Keeping things clean and backward compatible. Here are some ideas; none of which are particularly great, but perhaps they will spark some inspiration ;)
|
Hmm, that clarifies a lot, and I think I'll use a similar syntax as the one I take in issue #31. The only magical piece about this is feature is keying off of the attribute that determines Existence, similar to autoadd (ex. File.Exists, Port.Listening, Package.Installed). All your examples made sense to me except for one:
I'm not really understanding the expected behavior for this, would that ensure port 80 is NOT listening and all other ports are listening, or is it the same as no ports are listening. |
Oops ... that was a copy/paste error. Should have been |
Now that #31 is shipped, I'm wondering if this should be a separate resource all together. Something like: user:
nobody:
exists: true
uid: 99
gid: 99
groups:
- nobody
home: /
whitelist:
users: [nobody, root]
ports: { have-len: 0 }
packages: { have-len: 2 } or package-whitelist:
kernel:
installed: true
openssh:
installed: true
port-whitelist: {}
user-whitelist:
nobody:
exists: true
uid: 99
gid: 99
groups:
- nobody
home: /
root:
exists: true |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
For certain resource types, it would be very useful to specify a white list. e.g. only users 'apache' and 'root' should exist. This whitelist might be the null set. e.g. no ports should be listening.
The text was updated successfully, but these errors were encountered: