Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple Policy Files #231

Merged
merged 9 commits into from
Apr 5, 2024
Merged

Multiple Policy Files #231

merged 9 commits into from
Apr 5, 2024

Commits on Apr 4, 2024

  1. Update policy app config & config loader to support multiple policy f… 

    …iles. Files are merged and the merged policy document is validated after all files are loaded. Added a check to disallow multiple bindings of the same action to the same type.

Signed-off-by: Jacob See <[email protected]>
    @jacobsee
    jacobsee committed Apr 4, 2024
    Configuration menu
    Copy the full SHA
    51f6b49 View commit details
    Browse the repository at this point in the history

  2. Move else block to new line 

    Signed-off-by: Jacob See <[email protected]>
    @jacobsee
    jacobsee committed Apr 4, 2024
    Configuration menu
    Copy the full SHA
    5c710f4 View commit details
    Browse the repository at this point in the history

  3. Add iapl.md documentation (from IAPL proposal gist), move merge logic… 

    … to a function on the PolicyDocument itself

Signed-off-by: Jacob See <[email protected]>
    @jacobsee
    jacobsee committed Apr 4, 2024
    Configuration menu
    Copy the full SHA
    02231be View commit details
    Browse the repository at this point in the history

  4. Reformat org file structure to markdown 

    Signed-off-by: Jacob See <[email protected]>
    @jacobsee
    jacobsee committed Apr 4, 2024
    Configuration menu
    Copy the full SHA
    e99bb56 View commit details
    Browse the repository at this point in the history

Commits on Apr 5, 2024

  1. Instead of accepting a policy config map name and assuming that it co… 

    …ntains one file called policy.yaml, accept a config map (and mount point for it) and don't set the file by environment variable at all. The list of policy files to be read by permissions-api should instead be set as a list in the configuration file, exactly the same as it is for local development.

Signed-off-by: Jacob See <[email protected]>
    @jacobsee
    jacobsee committed Apr 5, 2024
    Configuration menu
    Copy the full SHA
    cfbbe76 View commit details
    Browse the repository at this point in the history

  2. Add example & description of policyConfigMapMountPoint and policyFile… 

    …s to values.yaml

Signed-off-by: Jacob See <[email protected]>
    @jacobsee
    jacobsee committed Apr 5, 2024
    Configuration menu
    Copy the full SHA
    c2cd259 View commit details
    Browse the repository at this point in the history

  3. Instead of accepting multiple individual file inputs, just accept a d… 

    …irectory, from which all files are read and interpreted as policy documents. This change was made because it makes it considerably easier to deploy this app as a subchart of another chart, which deploys the actoal policy configmap to be mounted as a volume

Signed-off-by: Jacob See <[email protected]>
    @jacobsee
    jacobsee committed Apr 5, 2024
    Configuration menu
    Copy the full SHA
    d967658 View commit details
    Browse the repository at this point in the history

  4. Remove policy file in root dir - it should only exist in the policies… 

    … dir now

Signed-off-by: Jacob See <[email protected]>
    @jacobsee
    jacobsee committed Apr 5, 2024
    Configuration menu
    Copy the full SHA
    2d58dd1 View commit details
    Browse the repository at this point in the history

  5. Only accept yml or yaml extensions when scanning for policy files. 

    Signed-off-by: Jacob See <[email protected]>
    @jacobsee
    jacobsee committed Apr 5, 2024
    Configuration menu
    Copy the full SHA
    4a968cc View commit details
    Browse the repository at this point in the history