feat: add ExemptionManager tests, coverage threshold, and ArtifactHub metadata polish (#82)

* ci: rework E2E infrastructure to use default namespace

Board directive: E2E tests must run in the `default` namespace.
Nothing should persist beyond a test run; no dedicated namespace needed.

Changes:
- e2e-ci-runner-rbac.yaml: retarget Role/RoleBinding to `default`,
  remove ClusterRole/ClusterRoleBinding (no longer needed since we
  don't need cluster-scoped namespace read permission)
- e2e.yaml: set E2E_NAMESPACE=default
- deploy-e2e-headlamp.sh: default namespace to `default`, remove
  namespace existence check (default always exists)
- teardown-e2e-headlamp.sh: default namespace to `default`, remove
  namespace existence check guard
- headlamp-e2e-values.yaml: update usage comment
- e2e/README.md: remove namespace creation prerequisite

Closes #78 #79

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* ci: add RBAC preflight check to deploy-e2e-headlamp.sh

Fails fast with a clear error and remediation hint if the runner SA
lacks configmap delete permission, instead of dying mid-deploy.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat: add ExemptionManager tests, coverage threshold, and ArtifactHub metadata

- Add 22 unit tests for ExemptionManager.tsx covering:
  - Failing checks extraction (pod-level, container-level, ignore-severity, dedup)
  - Dialog open/close, check toggle, exempt-all toggle
  - Apply button enabled/disabled state
  - ApiProxy.request called with correct path (apps/batch/core) and annotation structure
  - Success and error feedback states, in-flight "Applying..." label
- Add vitest coverage config with >=80% threshold (lines/functions/branches/statements)
- Update artifacthub-pkg.yml:
  - Add install section (Headlamp-native plugin installer only)
  - Add appVersion: "5.0" (compatible Polaris dashboard version)
  - Expand distro-compat from "in-cluster" to "in-cluster,web,desktop"
  - Add changes block documenting v1.0 features

Closes privilegedescalation/headlamp-polaris-plugin#81 (partial — test and metadata tasks)

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* style: fix Prettier formatting in ExemptionManager.test.tsx

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* fix: add @vitest/coverage-v8 devDependency for coverage provider

vitest.config.mts specifies coverage.provider: 'v8' but the
@vitest/coverage-v8 package was missing from devDependencies.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Hugh Hackman <hugh@privilegedescalation.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.com>
Co-authored-by: Samuel Stinkpost <samuel@privilegedescalation.dev>
Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev>
This commit was merged in pull request #82.
This commit is contained in:
privilegedescalation-engineer[bot]
2026-03-21 12:53:07 +00:00
committed by GitHub
parent bb1df5f3f6
commit a5398e8409
5 changed files with 571 additions and 1 deletions
+39 -1
View File
@@ -11,6 +11,7 @@ description: >-
`polaris-dashboard` service in the `polaris` namespace.
license: Apache-2.0
homeURL: "https://github.com/privilegedescalation/headlamp-polaris-plugin"
appVersion: "5.0"
category: security
keywords:
- polaris
@@ -24,6 +25,43 @@ links:
url: "https://github.com/privilegedescalation/headlamp-polaris-plugin"
- name: Polaris
url: "https://polaris.docs.fairwinds.com/"
install: |
## Installation
### Prerequisites
1. [Headlamp](https://headlamp.dev) v0.26.0 or later
2. [Fairwinds Polaris](https://polaris.docs.fairwinds.com/) installed and the dashboard running in your cluster
### Install via Headlamp Plugin Catalog
1. Open Headlamp and navigate to **Settings → Plugin Catalog**
2. Search for **"Polaris"**
3. Click **Install** and restart Headlamp when prompted
The plugin is sourced directly from [ArtifactHub](https://artifacthub.io/packages/headlamp/headlamp/headlamp-polaris).
## Usage
After installation, the Polaris plugin adds:
- A **cluster score badge** in the Headlamp app bar
- A **Polaris** section in the sidebar with the full dashboard and namespace drill-downs
- An **inline audit panel** on Deployment, StatefulSet, DaemonSet, Job, and CronJob detail pages
For more information, see the [README](https://github.com/privilegedescalation/headlamp-polaris-plugin/blob/main/README.md).
changes:
- kind: added
description: ExemptionManager — apply Polaris annotation exemptions directly from the resource detail page
- kind: added
description: Inline audit section on workload detail pages with per-check pass/fail breakdown
- kind: added
description: Namespace drill-down view with per-resource score list and filterable check table
- kind: added
description: App bar score badge showing overall cluster Polaris score
- kind: added
description: PolarisSettings page for configuring dashboard refresh interval
- kind: changed
description: Stable public API — routes, sidebar entries, settings schema, and app bar action are frozen
maintainers:
- name: privilegedescalation
email: "chris@farhood.org"
@@ -31,4 +69,4 @@ annotations:
headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v0.7.2/headlamp-polaris-0.7.2.tar.gz"
headlamp/plugin/version-compat: ">=0.26"
headlamp/plugin/archive-checksum: sha256:ce75449a05d3d3dd3c546db36a2257fae3e4601e466108182e64310a1a4f6d71
headlamp/plugin/distro-compat: in-cluster
headlamp/plugin/distro-compat: "in-cluster,web,desktop"