Skip to content

agent: use regorus instead of opa #184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 30, 2024
Merged

agent: use regorus instead of opa #184

merged 2 commits into from
Apr 30, 2024

Conversation

@danmihai1
Copy link

@danmihai1 danmihai1 commented Apr 26, 2024
edited
Loading

Implement Agent Policy using the regorus crate instead of the OPA daemon.

The OPA daemon will be removed from the Guest rootfs in a future PR.

Fixes: kata-containers#9388

@danmihai1
agent: lock anyhow version to 1.0.58
38ebfa9 
Lock anyhow version to 1.0.58 because:

- Versions between 1.0.59 - 1.0.76 have not been tested yet using
  Kata CI. However, those versions pass "make test" for the
  Kata Agent.

- Versions 1.0.77 or newer fail during "make test" - see
  kata-containers#9538.

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1
agent: use regorus instead of opa
11f78ae 
Implement Agent Policy using the regorus crate instead of the OPA
daemon.

The OPA daemon will be removed from the Guest rootfs in a future PR.

Fixes: kata-containers#9388

Signed-off-by: Dan Mihai <[email protected]>
@danmihai1 danmihai1 requested review from a team as code owners April 26, 2024 00:49
@danmihai1 danmihai1 changed the title Danmihai1/msft regorus agent: use regorus instead of opa Apr 26, 2024
@sprt sprt added the upstream/merged PRs that have been merged upstream label Apr 26, 2024
@sprt
Copy link

sprt commented Apr 26, 2024

Conformance run: https://dev.azure.com/mariner-org/mariner/_build/results?buildId=558485&view=results

@danmihai1
Copy link
Author

danmihai1 commented Apr 26, 2024

Conformance run: https://dev.azure.com/mariner-org/mariner/_build/results?buildId=558485&view=results

Thanks for helping with this!

@Redent0r
Copy link

Redent0r commented Apr 26, 2024
edited
Loading

Updated conformance run for image build: https://dev.azure.com/mariner-org/mariner/_build/results?buildId=558539&view=results

Previous one (https://dev.azure.com/mariner-org/mariner/_build/results?buildId=558518&view=results) triggered with the wrong m-a-p branch/ fork branch tag

Edit: it passed all but one internal e2e test_invalid_policy_container_should_not_run where it expected UpdateInterfaceRequest is blocked by policy but got FailedCreatePodSandBox https://dev.azure.com/mariner-org/mariner/_build/results?buildId=558539&view=logs&j=011e1ec8-6569-5e69-4f06-baf193d1351e&t=07ba3131-9dbf-5d34-279b-d3a6aa521384&l=320

Edit: updated test to support improved error reporting behavior

@Redent0r Redent0r merged commit 02f03b3 into msft-main Apr 30, 2024
@danmihai1 danmihai1 deleted the danmihai1/msft-regorus branch August 2, 2024 19:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Redent0r Redent0r Redent0r approved these changes

@sprt sprt Awaiting requested review from sprt

+1 more reviewer

@manuelh-dev manuelh-dev manuelh-dev approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

upstream/merged PRs that have been merged upstream

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

agent: use the regorus crate instead of opa

5 participants

@danmihai1 @sprt @Redent0r @manuelh-dev