Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document policy.spec.rules.context.apiCall #81

Closed
JimBugwadia opened this issue Feb 3, 2021 · 5 comments · Fixed by #86
Closed

Document policy.spec.rules.context.apiCall #81

JimBugwadia opened this issue Feb 3, 2021 · 5 comments · Fixed by #86
Assignees
@JimBugwadia
Milestone
1.3.2

Comments

@JimBugwadia
Copy link
Member

No description provided.

@JimBugwadia JimBugwadia changed the title Document context.apiCall Document spec.context.apiCall Feb 3, 2021
@JimBugwadia
Copy link
Member Author

Sample policy:

apiVersion : kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: limits
spec:
  validationFailureAction: enforce
  rules:
  - name: limit-lb-svc
    match:
      resources:
        kinds:
        - Service
    context:
    - name: serviceCount
      apiCall:
        urlPath: "/api/v1/namespaces/{{ request.object.metadata.namespace }}/services"
        jmesPath: "items[?spec.type == 'LoadBalancer'] | length(@)"    
    preconditions:
    - key: "{{ request.operation }}"
      operator: Equals
      value: "CREATE"
    validate:
      message: "Only one LoadBalancer service is allowed per namespace"
      deny:
        conditions:
        - key: "{{ serviceCount }}"
          operator: Equals
          value: 1

@JimBugwadia
Copy link
Member Author 

λ kubectl explain policy.spec.rules.context.apiCall
KIND:     Policy
VERSION:  kyverno.io/v1

RESOURCE: apiCall <Object>

DESCRIPTION:
     APICall is an API server request to retrieve data

FIELDS:
   jmesPath     <string>
     JMESPath is an optional JSON Match Expression that can be used to transform
     the JSON response from the API server.

   urlPath      <string> -required-
     URLPath is the URL path to be used in the HTTP GET request

@JimBugwadia JimBugwadia changed the title Document spec.context.apiCall Document policy.spec.rules.context.apiCall Feb 3, 2021
@chipzoller
Copy link
Contributor

@JimBugwadia, can you possibly provide some "starter" docs (in this issue is fine; I can pick up the torch) that describes the functions supported in JMESPath, the operators, and if things like wildcards are supported in that and urlPath along with a couple more examples?

@JimBugwadia
Copy link
Member Author

Thanks, Chip! Working on it and will get a PR this weekend. I am thinking of splitting the "Variables" and "External Data Lookups" sections into separate chapters with more details on how variables are processed.

@chipzoller
Copy link
Contributor

Yeah, I think those definitely should be separate pages. I'm hoping to work on the new features in docs this weekend. Also thinking more about how we can version the docs, the pain in doing so, and what value that provides...

@chipzoller chipzoller added this to the 1.3.2 milestone Feb 6, 2021
@JimBugwadia JimBugwadia mentioned this issue Feb 8, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JimBugwadia JimBugwadia

Labels
None yet
Projects
None yet
Milestone
1.3.2
Development

Successfully merging a pull request may close this issue.

docs for APICall kyverno/website
2 participants
@JimBugwadia @chipzoller