-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: adding scopedenforcementactions #403
base: master
Are you sure you want to change the base?
Conversation
0c29c4c
to
b09049c
Compare
7bea138
to
8a991c7
Compare
Signed-off-by: Jaydip Gabani <gabanijaydip@gmail.com>
Signed-off-by: Jaydip Gabani <gabanijaydip@gmail.com>
Signed-off-by: Jaydip Gabani <gabanijaydip@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! A few comments, but looking good.
val = append(val, &types.Result{ | ||
Msg: r.error.Error(), | ||
Constraint: r.constraint, | ||
EnforcementAction: action, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should probably just update EnforcementAction
to be an array, otherwise we use RAM storing duplicate messages.
Signed-off-by: Jaydip Gabani <gabanijaydip@gmail.com>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #403 +/- ##
==========================================
- Coverage 54.68% 53.93% -0.75%
==========================================
Files 71 104 +33
Lines 5241 6726 +1485
==========================================
+ Hits 2866 3628 +762
- Misses 2073 2729 +656
- Partials 302 369 +67
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
@maxsmythe Sorry for the delay. I have addressed all the comments and implemented the feedback. PTAL. |
Signed-off-by: Jaydipkumar Arvindbhai Gabani <gabanijaydip@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No worries! Sorry for the delay on my end. Getting close!
if err != nil { | ||
return nil, err | ||
} | ||
if len(actionsForEP[apiconstraints.WebhookEnforcementPoint]) == 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should VAP be its own enforcement point?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that makes sense and the actions will be mapped as: deny, warn, audit as part of the generated vap resource.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does enforcementPoints validation.gatekeeper.sh -> gatekeeper webhook & admission.k8s.io -> VAP
work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe? Probably best to bikeshed on naming at the community meeting. Admission webhooks are their own concept in K8s, IIRC.
vap.k8s.io?
Signed-off-by: Jaydip Gabani <gabanijaydip@gmail.com>
Signed-off-by: Jaydip Gabani <gabanijaydip@gmail.com>
Signed-off-by: Jaydip Gabani <gabanijaydip@gmail.com>
Signed-off-by: Jaydip Gabani <gabanijaydip@gmail.com>
This PR implements changes for multi ea/ep design
For gatekeeper changes and CI tests refer to PR gatekeeper/3321