Comments (9)
Do you suggest merging the associated PR for this and fixing this for now and opening a new issue to fix a greater problem?
or do you want to close this issue without merging the PR and open a new issue to fix a greater problem?
No concerns with the current PR. :) More a point that the tests are working as intended, so the PR is a workaround for what is really a documentation gap. So we should have an open issue to fix that regardless.
from gatekeeper-library.
Hi Everyone!
There are three independent tests cases/samples, the resources aren't shared between them:
- name: example-allowed
object: samples/unique-ingress-host/example_allowed.yaml
assertions:
- violations: no
- name: example-disallowed
object: samples/unique-ingress-host/example_disallowed.yaml
inventory:
- samples/unique-ingress-host/example_inventory_disallowed.yaml
assertions:
- violations: yes
- name: example-disallowed2
object: samples/unique-ingress-host/example_disallowed2.yaml
inventory:
- samples/unique-ingress-host/example_inventory_disallowed2.yaml
assertions:
- violations: yes
example-allowed: (0 violations)
example-disallowed: (1 violation)
example-disallowed2: (1 violation)
@JaydipGabani - These tests appears to be working as intended to me, can you confirm?
from gatekeeper-library.
@apeabody I think the issue refers to the information that is directly user-facing on the library website where the available allowed
and disallowed
examples appear to have not been violating the policy.
As in if user if trying out the policy,
- user applies the policy
- user applies
allowed
example - then user applies
disallowed
example expecting it to generate violation/get denied - the host does not match currently betweenallowed
anddisallowed
- but thedisallowed
object gets created leaving the user thinking the policy is faulty
The tests are working as intended as inventory
is in direct conflict with examples
however inventory
objects are not part of the policy documentation on the website. So on the website, naming examples allowed
and disallowed
makes it so that user might think these provided examples are supposed to be conflicting - that is the case for many policies that do not require sync as far as I can tell.
from gatekeeper-library.
Thanks @JaydipGabani!
I think the issue refers to the information that is directly user-facing on the library website where the available allowed and disallowed examples appear to have not been violating the policy.
Got it, makes total sense. Would it perhaps be more sustainable to automate inclusion of the "missing inventory
resources into the documentation examples? This gap could potentially apply to all templates/samples which use data.inventory
, and it might not be feasible to manually "fix" all of them in this manner. Nor do we have any sort of automated testing to avoid drift in the future.
from gatekeeper-library.
@apeabody Agreed! I took a look and there are some policies that uses data,inventory
. For instance - hpa policy requires additional nginx
deployment to exists out of box.
Do you suggest merging the associated PR for this and fixing this for now and opening a new issue to fix a greater problem?
or do you want to close this issue without merging the PR and open a new issue to fix a greater problem?
from gatekeeper-library.
This issue/PR has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
from gatekeeper-library.
still valid
from gatekeeper-library.
Related Issues (20)
- Docs exclude kind: AdmissionReview
- Problem with creating a mutation for deployments HOT 4
- replicalimits unit tests do not include checks for Scale resources HOT 4
- Consider validating pod generic ephemerals in K8sStorageClass HOT 2
- Consolidating Kubernetes PSP-related ConstraintTemplates into a Single Template for Streamlined Migration HOT 1
- bump mutate assign api version from alpha to v1
- Website generator appears to only retain the final mutation sample per directory HOT 2
- Any interest in policies/constraints that apply to custom resources? HOT 6
- Workflow Upload artifacts: overwrites the matrixed job logs HOT 1
- k8spsphostnetworkingports exemptImages does not allow hostNetwork HOT 4
- automount-serviceaccount-token ConstraintTemplate does not reflect ServiceAccount settings HOT 1
- Not able to create statefulset without storageclass with policy k8sallowedstorageclas is used HOT 1
- Should apparmor always view unconfined as complaint? HOT 4
- Add colon in message for consistency
- Example of pod mutation adding init-container HOT 4
- Example k8scontainerlimits does not throw error for a deployment but does on a plain Pod creation HOT 2
- poddisruptionbudget policy query HOT 2
- K8sRequiredResources ConstraintTemplate doesn't work properly HOT 1
- `variables.anyObject` should be used for required labels CEL
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gatekeeper-library.