Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle OPA/Gatekeeper policies #76

Closed
Tracked by #14
flavio opened this issue Jul 12, 2021 · 1 comment
Closed
Tracked by #14

Handle OPA/Gatekeeper policies #76

flavio opened this issue Jul 12, 2021 · 1 comment
Assignees
@ereslibre
Labels
area/rego
Projects
Development

Comments

@flavio
Copy link
Member

flavio commented Jul 12, 2021

This card is part of kubewarden/policy-evaluator#14.

Policy server should be able to load and evaluate Wasm modules that have been originated by opa build and have been then annotated via kwctl (see kubewarden/kwctl#55).

Admission criteria

  • policy server will load Rego-based policies that have been annotated by kwctl
  • A Rego-based policy that has NOT been annotated by kwctl will not be loaded, and will cause the server to exit with an error
  • policy server will prepare the right values expected by OPA and Gatekeeper policies
@flavio flavio mentioned this issue Jul 12, 2021
Closed
4 tasks
@flavio
Copy link
Member Author

flavio commented Jul 21, 2021

To be more specific:

  • policy-server requires all the wasm policies to be annotated via kwctl annotate. This is the current behavior and we don't intend to change it
  • If the kubewarden metadata includes information about the runtime to use: we will use this information to pick the right runtime (kubewarden/opa/gatekeeper)
  • If the kubewarden metadata does NOT include information about the runtime to use (such as all the policies that currently exist), then we will assume the policy is a kubewarden one, and use that runtime

@flavio flavio added this to TODO in Development Aug 16, 2021
@ereslibre ereslibre self-assigned this Aug 18, 2021
@ereslibre ereslibre moved this from TODO to In progress in Development Aug 18, 2021
@ereslibre ereslibre mentioned this issue Aug 18, 2021
Merged
@ereslibre ereslibre moved this from In progress to Pending review in Development Aug 18, 2021
@ereslibre ereslibre moved this from Pending review to Done in Development Aug 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ereslibre ereslibre

Labels
area/rego
Projects
No open projects
Development
Done (weekly)
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ereslibre @flavio