Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

genpolicy: pick up improvements from upstream #149

Merged
merged 7 commits into from
Jan 21, 2024
Merged

genpolicy: pick up improvements from upstream #149

merged 7 commits into from
Jan 21, 2024

Conversation

danmihai1
Copy link

@danmihai1 danmihai1 commented Jan 20, 2024
edited
Loading

Pick up recent improvements from upstream:

genpolicy: add SPDX license header
genpolicy: "cargo fmt -- --check" clean-up
genpolicy: cargo clippy fixes
tools: genpolicy static checks
genpolicy: use root path from cbl-mariner Guest VM
genpolicy: ignore pod DNS settings

Also:

policy: update sample files

@danmihai1
genpolicy: add SPDX license header
b14986e 
Add SPDX license header to rules.rego.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
@danmihai1
genpolicy: "cargo fmt -- --check" clean-up
9edeeae 
Fixes: kata-containers#8816

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
@danmihai1 danmihai1 added the upstream/merged PRs that have been merged upstream label Jan 20, 2024
@danmihai1 danmihai1 requested review from a team as code owners January 20, 2024 18:32
@danmihai1
genpolicy: cargo clippy fixes
2cf24ec 
Clean up cargo clippy errors.

Fixes: kata-containers#8818

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
@danmihai1
tools: genpolicy static checks
b6d73f7 
Package genpolicy and enable static checks for it.

Fixes: kata-containers#8813

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
@danmihai1
genpolicy: use root path from cbl-mariner Guest VM
4917895 
Adjust genpolicy-settings.json to match the container root path from
the main branch + cbl-mariner Guest VMs.

This configuration might have to be adjusted again when other types of
Guest VMs will be tested during CI using genpolicy, in the future.

Also, improve logging from allow_root_path(), to easier debug these
issues in the future.

Fixes: kata-containers#8835

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
@danmihai1
genpolicy: ignore pod DNS settings
42830f8 
Ignore pod DNS settings because policing the network traffic is
currently outside the scope of the Agent Policy.

Example from Kata CI: pod-custom-dns.yaml

Fixes: kata-containers#8832

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
@danmihai1
policy: update sample files
9e91b21 
Update sample files after genpolicy changes.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
@danmihai1 danmihai1 merged commit 34b8f61 into msft-main Jan 21, 2024
79 of 102 checks passed
@danmihai1 danmihai1 deleted the danmihai/pick-up-upstream branch April 26, 2024 22:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sprt sprt Awaiting requested review from sprt

@Redent0r Redent0r Awaiting requested review from Redent0r

@arc9693 arc9693 Awaiting requested review from arc9693

Assignees
No one assigned
Labels
upstream/merged PRs that have been merged upstream
Projects
None yet
Milestone
No milestone
1 participant
@danmihai1