Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add conftest utility for validating opa policy files #177

Merged
merged 225 commits into from
Feb 10, 2021
Merged

add conftest utility for validating opa policy files #177

merged 225 commits into from
Feb 10, 2021

Conversation

rawc0der
Copy link
Contributor

Conftest can be run as part of the 'otomi validate-policies' command, which will check defined
policy files from 'policies' folder against all generated manifests for current the defined values

@rawc0der
feat(conftest): add conftest utility for validating opa policy files
d80d024 
Conftest can be run as part of the 'otomi validate-policies' command, which will check defined
policy files from 'policies' folder against all generated manifests for current the defined values
@Morriz
Copy link
Contributor

Morriz commented Oct 22, 2020

No, just move it in with validate-templates

@Morriz Morriz self-requested a review October 22, 2020 16:06
@Morriz
Copy link
Contributor

Morriz commented Oct 22, 2020

Forget what I said, having it as a separate otomi validate-policies step is fine. Makes it easier to distinguish

Morriz
Morriz reviewed Oct 22, 2020
View reviewed changes
bin/validate-policies.sh Outdated Show resolved Hide resolved
Morriz
Morriz approved these changes Oct 22, 2020
View reviewed changes
Copy link
Contributor

@Morriz Morriz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looking good so far...after this we have to make gatekeeper-operator work with these files. I propose to remove charts/gatekeeper-operator-configs and put it's templates in values/gatekeeper-operator/config.gotmpl and iterate over those policies and inject them. We need a hash table of $name: $policyFilename in the top so we can dryly spit them out.

@rawc0der rawc0der marked this pull request as ready for review October 22, 2020 16:32
Morriz
Morriz reviewed Oct 23, 2020
View reviewed changes
.demo/env/clusters.yaml Outdated Show resolved Hide resolved
Morriz
Morriz suggested changes Oct 23, 2020
View reviewed changes
Copy link
Contributor

@Morriz Morriz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please keep the review policies, so we can easily strip the .review.object part

@Morriz Morriz added the Task Scrum task label Oct 27, 2020
@Morriz Morriz removed the Task Scrum task label Oct 27, 2020
@Morriz Morriz linked an issue Oct 27, 2020 that may be closed by this pull request
Implement conftest #153
Closed
5 tasks
@Morriz
Copy link
Contributor

Morriz commented Feb 3, 2021

Ok, too many spaces converted to tabs, leading to too much to review. Pffff. Can you revert that?

I've added the regolint vscode extension which formats all .rego files changed. I can't revert that.

Then don't use that plugin? Is the OPA vscode plugin not doing what you want? It seems to lint beautifully. The plexsystems one you are now using is from a one man show, has 0 issues in it's git repo, and thus seems to not have many users.

@rawc0der
Copy link
Contributor Author

rawc0der commented Feb 8, 2021

Ok, too many spaces converted to tabs, leading to too much to review. Pffff. Can you revert that?

I've added the regolint vscode extension which formats all .rego files changed. I can't revert that.

Then don't use that plugin? Is the OPA vscode plugin not doing what you want? It seems to lint beautifully. The plexsystems one you are now using is from a one man show, has 0 issues in it's git repo, and thus seems to not have many users.

Hi, so i didn't use the official plugin because I never managed to evaluate policies using their embedded feature. Opened an issue here.
While evaluating policies or rego code is not working, formatting does and it was the only thing I needed, which was working OK with the other lighter version of the plugin.

@Morriz
Copy link
Contributor

Morriz commented Feb 10, 2021

Any progress @rawc0der ? Can I do a review? I see a conflict in bin/otomi which I will resolve for you now.

@Morriz
Copy link
Contributor

Morriz commented Feb 10, 2021

I fixed quite some issues because you did not rebase often. Please merge with master often!

@rawc0der
Copy link
Contributor Author

Hi, you can review now. probably will add some extra .demo values, but the overall work is done.

@rawc0der rawc0der requested a review from Morriz February 10, 2021 14:59
Morriz
Morriz approved these changes Feb 10, 2021
View reviewed changes
Copy link
Contributor

@Morriz Morriz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

made some fixes myself so it can pass

README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Show resolved Hide resolved
bin/common.sh Outdated Show resolved Hide resolved
@Morriz Morriz merged commit 85848db into master Feb 10, 2021
@delete-merged-branch delete-merged-branch bot deleted the conftest branch February 10, 2021 19:39
Dunky13 pushed a commit that referenced this pull request May 27, 2021
@rawc0der
add conftest utility for validating opa policy files (#177)
72b297e 
Conftest can be run as part of the 'otomi validate-policies' command, which will check defined
policy files from 'policies' folder against generated manifests.

* feat: add modularization for policies and constraint templates
* feat: add extended Konstraint library for unified rego file syntax

Co-authored-by: Maurice Faber <maurice.faber@redkubes.com>
Ani1357 pushed a commit that referenced this pull request Oct 25, 2023
@rawc0der
add conftest utility for validating opa policy files (#177)
a26e5bf 
Conftest can be run as part of the 'otomi validate-policies' command, which will check defined
policy files from 'policies' folder against generated manifests.

* feat: add modularization for policies and constraint templates
* feat: add extended Konstraint library for unified rego file syntax

Co-authored-by: Maurice Faber <maurice.faber@redkubes.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0-sv 0-sv 0-sv left review comments

@Morriz Morriz Morriz approved these changes

@j-zimnowoda j-zimnowoda Awaiting requested review from j-zimnowoda

Assignees

@rawc0der rawc0der

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement conftest
4 participants
@rawc0der @Morriz @j-zimnowoda @0-sv