Skip to content

genpolicy sync upstream [2/3] #172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 9, 2024
Merged

genpolicy sync upstream [2/3] #172

merged 3 commits into from
Apr 9, 2024

Conversation

@Redent0r
Copy link

@Redent0r Redent0r commented Apr 9, 2024
edited
Loading

Merge Checklist
  • Followed patch format from upstream recommendation: https://github.com/kata-containers/community/blob/main/CONTRIBUTING.md#patch-format
    • Included a single commit in a given PR - at least unless there are related commits and each makes sense as a change on its own.
  • Aware about the PR to be merged using "create a merge commit" rather than "squash and merge" (or similar)
  • genPolicy only: Ensured the tool still builds on Windows
  • genPolicy only: Updated sample YAMLs' policy annotations, if applicable
  • The upstream-missing label (or upstream-not-needed) has been set on the PR.
Summary

genpolicy sync upstream [2/3]

Test Methodology

https://dev.azure.com/mariner-org/mariner/_build/results?buildId=547205&view=ms.vss-test-web.build-test-results-tab [pass]

malt3 and others added 3 commits April 9, 2024 12:35
@malt3 @Redent0r
genpolicy: allow separate paths for rules and settings files
c608826 
Using custom input paths with -i is counter-intuitive. Simplify path handling with explicit flags for rules.rego and genpolicy-settings.json.

Fixes: kata-containers#8568

Signed-Off-By: Malte Poll <[email protected]>
@danmihai1 @Redent0r
genpolicy: support non-default namespace name
97fac86 
Allow users to specify in genpolicy-settings.json a default cluster
namespace other than "default". For example, Kata CI uses as default
namespace: "kata-containers-k8s-tests".

Fixes: kata-containers#8976

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1 @Redent0r
genpolicy: ignore empty YAML as input
2b3408d 
Kata CI's pod-sandbox-vcpus-allocation.yaml ends with "---", so the
empty YAML document following that line should be ignored.

To test this fix:

genpolicy -u -y pod-sandbox-vcpus-allocation.yaml

Fixes: kata-containers#8895

Signed-off-by: Dan Mihai <[email protected]>
Redent0r
Redent0r commented Apr 9, 2024
View reviewed changes
@Redent0r Redent0r marked this pull request as ready for review April 9, 2024 22:50
@Redent0r Redent0r requested review from a team as code owners April 9, 2024 22:50
@Redent0r Redent0r added the upstream/not-needed PRs that will not be upstreamed (e.g. internal) label Apr 9, 2024
@Redent0r Redent0r merged commit 11c3296 into msft-main Apr 9, 2024
@Redent0r Redent0r deleted the saulparedes/genpolicy_sync_2 branch April 9, 2024 23:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danmihai1 danmihai1 danmihai1 approved these changes

Assignees

No one assigned

Labels

upstream/not-needed PRs that will not be upstreamed (e.g. internal)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Redent0r @danmihai1 @malt3