Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Commodore provides opinionated tenant-aware management of Kapitan inventories and templates. Commodore uses Kapitan for the heavy lifting of rendering templates and resolving a hierachical configuration structure.
This repository is part of Project Syn. For documentation on Project Syn and this component, see https://syn.tools.
See GitHub Releases for changelogs of each release version of Commodore.
See DockerHub for pre-built Docker images of Commodore.
Commodore is published on PyPI
Commodore provides opinionated tenant-aware management of Kapitan inventories and templates. Commodore uses Kapitan for the heavy lifting of rendering templates and resolving a hierachical configuration structure.
Commodore introduces the concept of a component, which is a bundle of Kapitan templates and associated Kapitan classes which describe how to render the templates. Commodore fetches any components that are required for a given configuration before running Kapitan, and sets up symlinks so Kapitan can find the component classes.
Commodore also supports additional processing on the output of Kapitan, such as patching in the desired namespace for a Helm chart which has been rendered using helm template
.
python3-dev
and python3-venv
updatedlibmagic
(install with brew install libmagic
on macOS)Recommended: create a new virtual environment
python3 -m venv venv
source venv/bin/activate
Install commodore from PyPI
pip install syn-commodore
Download jsonnet-bundler from projectsyn/jsonnet-bundler/releases and put the binary in your $PATH
as jb
.
For Commodore to work, you need to run an instance of Lieutenant somewhere (locally is fine too).
Setup a .env
file to configure Commodore (don't use quotes):
# URL of Lieutenant API
COMMODORE_API_URL=https://lieutenant-api.example.com/
# Lieutenant API token
COMMODORE_API_TOKEN=<my-token>
# Your local user ID to be used in the container (optional, defaults to root)
USER_ID=<your-user-id>
# Your username to be used in the commits (optional, defaults to your local git config)
COMMODORE_USERNAME=<your name>
# Your user email to be used in the commits (optional, defaults to your local git config)
COMMODORE_USERMAIL=<your email>
Run commodore
commodore
Install requirements
Install poetry according to the upstream documentation.
Create the Commodore environment:
poetry install
Download jsonnet-bundler from projectsyn/jsonnet-bundler/releases and put the binary in your $PATH
as jb
.
Finish setup as described above
Run Commodore
poetry run commodore
Start hacking on Commodore
poetry shell
Note: Commodore uses the Black code formatter, and its formatting is encforced by CI.
Run linting and tests
Auto format with autopep8
poetry run autopep
List all Tox targets
poetry run tox -lv
Run all linting and tests
poetry run tox
Run just a specific target
poetry run tox -e py38
IMPORTANT: After checking out this project, run mkdir -p catalog inventory dependencies
in it before running any Docker commands.
This will ensure the folders are writable by the current user in the context of the Docker container.
A docker-compose setup enables running Commodore in a container.
The environment variables are picked up from the local .env
file.
By default your ~/.ssh/
directory is mounted into the container and an ssh-agent
is started.
You can skip starting an agent by setting the SSH_AUTH_SOCK
env variable and mounting the socket into the container.
docker-compose build
docker-compose run commodore catalog compile $CLUSTER_ID
Documentation for this component is written using Asciidoc and Antora. It is located in the docs/ folder. The Divio documentation structure is used to organize its content.
Run the make docs-serve
command in the root of the project, and then browse to http://localhost:2020 to see a preview of the current state of the documentation.
After writing the documentation, please use the make docs-vale
command and correct any warnings raised by the tool.
This library is licensed under BSD-3-Clause. For information about how to contribute see CONTRIBUTING.
FAQs
Commodore provides opinionated tenant-aware management of Kapitan inventories and templates. Commodore uses Kapitan for the heavy lifting of rendering templates and resolving a hierachical configuration structure.
We found that syn-commodore demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.