Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add policy exception validation webhook #5679

Merged
merged 11 commits into from
Dec 15, 2022
Merged

feat: add policy exception validation webhook #5679

merged 11 commits into from
Dec 15, 2022

Conversation

eddycharly
Copy link
Member

Signed-off-by: Charles-Edouard Brétéché charles.edouard@nirmata.com

Explanation

This PR adds a policy exception validation webhook.

@eddycharly
feat: add policy exception validation webhook
333a8d0 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
@codecov
Copy link

codecov bot commented Dec 13, 2022
edited

Codecov Report

Merging #5679 (919fa2a) into main (8c0325b) will decrease coverage by 0.06%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #5679      +/-   ##
==========================================
- Coverage   34.48%   34.41%   -0.07%     
==========================================
  Files         189      191       +2     
  Lines       21113    21151      +38     
==========================================
  Hits         7280     7280              
- Misses      13032    13070      +38     
  Partials      801      801
Impacted Files Coverage Δ
api/kyverno/v2alpha1/policy_exception_types.go 0.00% <0.00%> (ø)
pkg/config/config.go 0.00% <ø> (ø)
pkg/utils/admission/exception.go 0.00% <0.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@eddycharly
fix
71bd6b7 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
@Eileen-Yu Eileen-Yu mentioned this pull request Dec 13, 2022
Merged
9 tasks
eddycharly and others added 2 commits December 13, 2022 23:56
@eddycharly
handler
cdc0b8a 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
@eddycharly
Merge branch 'main' into exception-validate
6b6cb0f
@eddycharly eddycharly marked this pull request as draft December 13, 2022 22:58
@eddycharly eddycharly added this to the Kyverno Release 1.9.0 milestone Dec 13, 2022
@eddycharly
Merge branch 'main' into exception-validate
1f1b021
@eddycharly
validation
7e5d857 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
@eddycharly eddycharly marked this pull request as ready for review December 14, 2022 09:33
@Eileen-Yu Eileen-Yu mentioned this pull request Dec 14, 2022
Closed
20 tasks
JimBugwadia
JimBugwadia approved these changes Dec 14, 2022
View reviewed changes
Copy link
Member

@JimBugwadia JimBugwadia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor comments...

api/kyverno/v2alpha1/policy_exception_types.go
// errs = append(errs, p.ExcludeResources.Validate(path.Child("exclude"), namespaced, clusterResources)...)
// }
// errs = append(errs, p.ValidateMatchExcludeConflict(path)...)
return errs
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please remove commented lines

pkg/webhooks/exception/validate.go
admissionv1 "k8s.io/api/admission/v1"
)

// TODO: wrap this into an interface passed at server creation time
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this a valid TODO?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we don’t want the server to directly call the implementation, it should go through an interface.

@eddycharly eddycharly enabled auto-merge (squash) December 15, 2022 07:54
@eddycharly eddycharly merged commit 4618dc3 into kyverno:main Dec 15, 2022
@eddycharly eddycharly deleted the exception-validate branch December 15, 2022 08:35
MdSahil-oss pushed a commit to MdSahil-oss/kyverno that referenced this pull request Dec 29, 2022
@eddycharly @JimBugwadia @MdSahil-oss
feat: add policy exception validation webhook (kyverno#5679)
315aa96 
* feat: add policy exception validation webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* handler

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* validation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>
MdSahil-oss pushed a commit to MdSahil-oss/kyverno that referenced this pull request Jan 11, 2023
@eddycharly @JimBugwadia @MdSahil-oss
feat: add policy exception validation webhook (kyverno#5679)
7262e6a 
* feat: add policy exception validation webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* handler

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* validation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
MdSahil-oss pushed a commit to MdSahil-oss/kyverno that referenced this pull request Jan 11, 2023
@eddycharly @JimBugwadia @MdSahil-oss
feat: add policy exception validation webhook (kyverno#5679)
0797445 
* feat: add policy exception validation webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* handler

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* validation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JimBugwadia JimBugwadia JimBugwadia approved these changes

@treydock treydock Awaiting requested review from treydock

@prateekpandey14 prateekpandey14 Awaiting requested review from prateekpandey14

@chipzoller chipzoller Awaiting requested review from chipzoller

Assignees
No one assigned
Labels
milestone 1.9.0
Projects
None yet
Milestone
Kyverno Release 1.9.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@eddycharly @JimBugwadia