Skip to content

genpolicy: pick up improvements from upstream #149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jan 21, 2024
Merged

genpolicy: pick up improvements from upstream #149

merged 7 commits into from
Jan 21, 2024

Conversation

@danmihai1
Copy link

@danmihai1 danmihai1 commented Jan 20, 2024
edited
Loading

Pick up recent improvements from upstream:

genpolicy: add SPDX license header
genpolicy: "cargo fmt -- --check" clean-up
genpolicy: cargo clippy fixes
tools: genpolicy static checks
genpolicy: use root path from cbl-mariner Guest VM
genpolicy: ignore pod DNS settings

Also:

policy: update sample files

@danmihai1
genpolicy: add SPDX license header
b14986e 
Add SPDX license header to rules.rego.

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1
genpolicy: "cargo fmt -- --check" clean-up
9edeeae 
Fixes: kata-containers#8816

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1 danmihai1 added the upstream/merged PRs that have been merged upstream label Jan 20, 2024
@danmihai1 danmihai1 requested review from a team as code owners January 20, 2024 18:32
@danmihai1
genpolicy: cargo clippy fixes
2cf24ec 
Clean up cargo clippy errors.

Fixes: kata-containers#8818

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1
tools: genpolicy static checks
b6d73f7 
Package genpolicy and enable static checks for it.

Fixes: kata-containers#8813

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1
genpolicy: use root path from cbl-mariner Guest VM
4917895 
Adjust genpolicy-settings.json to match the container root path from
the main branch + cbl-mariner Guest VMs.

This configuration might have to be adjusted again when other types of
Guest VMs will be tested during CI using genpolicy, in the future.

Also, improve logging from allow_root_path(), to easier debug these
issues in the future.

Fixes: kata-containers#8835

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1
genpolicy: ignore pod DNS settings
42830f8 
Ignore pod DNS settings because policing the network traffic is
currently outside the scope of the Agent Policy.

Example from Kata CI: pod-custom-dns.yaml

Fixes: kata-containers#8832

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1
policy: update sample files
9e91b21 
Update sample files after genpolicy changes.

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1 danmihai1 force-pushed the danmihai/pick-up-upstream branch from 6d1717b to 9e91b21 Compare January 20, 2024 20:53
@danmihai1 danmihai1 merged commit 34b8f61 into msft-main Jan 21, 2024
@danmihai1 danmihai1 deleted the danmihai/pick-up-upstream branch April 26, 2024 22:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sprt sprt Awaiting requested review from sprt

@Redent0r Redent0r Awaiting requested review from Redent0r

@arc9693 arc9693 Awaiting requested review from arc9693

Assignees

No one assigned

Labels

upstream/merged PRs that have been merged upstream

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danmihai1