Changed Default output: OPA is the default output.

Author: darryk10

advisor/advisor.go

@@ -3,9 +3,10 @@ package advisor
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/open-policy-agent/opa/ast"
 	"os"
 
+	"github.com/open-policy-agent/opa/ast"
+
 	"github.com/sysdiglabs/kube-policy-advisor/advisor/types"
 
 	"github.com/sysdiglabs/kube-policy-advisor/advisor/processor"

advisor/processor/generate.go

@@ -2,10 +2,11 @@ package processor
 
 import (
 	"fmt"
-	"github.com/open-policy-agent/opa/ast"
 	"sort"
 	"strings"
 
+	"github.com/open-policy-agent/opa/ast"
+
 	"github.com/sysdiglabs/kube-policy-advisor/advisor/report"
 	"github.com/sysdiglabs/kube-policy-advisor/advisor/types"
 	"github.com/sysdiglabs/kube-policy-advisor/generator"

generator/generator.go

@@ -4,13 +4,14 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"github.com/open-policy-agent/opa/ast"
 	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
 	"strconv"
 
+	"github.com/open-policy-agent/opa/ast"
+
 	"k8s.io/client-go/kubernetes/scheme"
 
 	"github.com/ghodss/yaml"
@@ -902,7 +903,7 @@ func (pg *Generator) GenerateOPAWithName(
 
 	mod.Rules = append(mod.Rules, valueSecContextRule)
 
-	rule.Body.Append(ast.MustParseExpr("message := sprintf(\"Workflow or pod compliant with the policy.\", [workload.metadata.name])"))
+	rule.Body.Append(ast.MustParseExpr("message := sprintf(\"Workflow or pod not compliant with the security policy.\", [workload.metadata.name])"))
 	mod.Package = pack
 	mod.Rules = append(mod.Rules, &rule)
 

go.mod

@@ -13,6 +13,7 @@ require (
 	github.com/open-policy-agent/opa v0.32.1
 	github.com/sirupsen/logrus v1.8.1
 	github.com/spf13/cobra v1.2.1
+	golang.org/x/tools v0.1.6 // indirect
 	gopkg.in/inf.v0 v0.9.0 // indirect
 	k8s.io/api v0.0.0-20190816222004-e3a6b8045b0b
 	k8s.io/apimachinery v0.0.0-20190816221834-a9f1d8a9c101

go.sum

@@ -546,6 +546,7 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5 h1:dPmz1Snjq0kmkz159iL7S6WzdahUTHnHB5M56WFVifs=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 go.etcd.io/etcd/api/v3 v3.5.0 h1:GsV3S+OfZEOCNXdtNkBSR7kgLobAa/SO6tCxRa0GAYw=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0 h1:2aQv6F436YnN7I4VbI8PPYrBhu+SmrTaADcf8Mi/6PU=
@@ -661,6 +662,7 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210825183410-e898025ed96a h1:bRuuGXV8wwSdGTB+CtJf+FjgO1APK1CoO39T4BN/XBw=
 golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -743,6 +745,7 @@ golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf h1:2ucpDCmfkl8Bd/FsLtiD653Wf96cW37s+iGx93zsu4k=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -817,6 +820,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.6 h1:SIasE1FVIQOWz2GEAHFOmoW7xchJcqlucjSULTL0Ag4=
+golang.org/x/tools v0.1.6/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

kube-policy-advisor.go

@@ -88,7 +88,7 @@ func convert(podObjFilename string, pspFilename string, OPAformat string, OPAdef
 
 	err = ioutil.WriteFile(pspFilename, []byte(pspString), 0644)
 
-	log.Infof("Wrote generated psp to %s", pspFilename)
+	log.Infof("Wrote generated policy to %s", pspFilename)
 
 	return nil
 }
@@ -168,8 +168,8 @@ func main() {
 
 	var inspectCmd = &cobra.Command{
 		Use:   "inspect",
-		Short: "Inspect a live K8s Environment to generate a PodSecurityPolicy",
-		Long:  "Fetch all objects in the provided namespace to generate a Pod Security Policy",
+		Short: "Inspect a live K8s Environment to generate an OPA Policy (default) or a Pod Security Policy",
+		Long:  "Fetch all objects in the provided namespace to generate an OPA Policy (default) or a Pod Security Policy",
 		Run: func(cmd *cobra.Command, args []string) {
 
 			err := inspect(kubeconfig, namespace, excludeNamespaces, withReport, withGrant, OPAformat, OPAdefaultRule)
@@ -182,8 +182,8 @@ func main() {
 
 	var convertCmd = &cobra.Command{
 		Use:   "convert",
-		Short: "Generate a PodSecurityPolicy from a single K8s Yaml file",
-		Long:  "Generate a PodSecurityPolicy from a single K8s Yaml file containing a pod Spec e.g. DaemonSet, Deployment, ReplicaSet, StatefulSet, ReplicationController, CronJob, Job, or Pod",
+		Short: "Generate an OPA Policy (default) or a Pod Security Policy from a single K8s Yaml file",
+		Long:  "Generate an OPA Policy (default) or a Pod Security Policy from a single K8s Yaml file containing a pod Spec e.g. DaemonSet, Deployment, ReplicaSet, StatefulSet, ReplicationController, CronJob, Job, or Pod",
 		PreRun: func(cmd *cobra.Command, args []string) {
 			if podObjFilename == "" {
 				log.Fatalf("--podFile must be provided")