-
Notifications
You must be signed in to change notification settings - Fork 774
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add policy exception validation webhook #5679
Conversation
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Codecov Report
@@ Coverage Diff @@
## main #5679 +/- ##
==========================================
- Coverage 34.48% 34.41% -0.07%
==========================================
Files 189 191 +2
Lines 21113 21151 +38
==========================================
Hits 7280 7280
- Misses 13032 13070 +38
Partials 801 801
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor comments...
// errs = append(errs, p.ExcludeResources.Validate(path.Child("exclude"), namespaced, clusterResources)...) | ||
// } | ||
// errs = append(errs, p.ValidateMatchExcludeConflict(path)...) | ||
return errs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please remove commented lines
admissionv1 "k8s.io/api/admission/v1" | ||
) | ||
|
||
// TODO: wrap this into an interface passed at server creation time |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this a valid TODO?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we don’t want the server to directly call the implementation, it should go through an interface.
* feat: add policy exception validation webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * handler Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>
* feat: add policy exception validation webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * handler Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
* feat: add policy exception validation webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * handler Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
Signed-off-by: Charles-Edouard Brétéché charles.edouard@nirmata.com
Explanation
This PR adds a policy exception validation webhook.