Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

genpolicy sync upstream [2/3] #172

Merged
merged 3 commits into from
Apr 9, 2024
Merged

genpolicy sync upstream [2/3] #172

merged 3 commits into from
Apr 9, 2024

Conversation

Redent0r
Copy link

@Redent0r Redent0r commented Apr 9, 2024
edited
Loading

Merge Checklist
  • Followed patch format from upstream recommendation: https://github.com/kata-containers/community/blob/main/CONTRIBUTING.md#patch-format
    • Included a single commit in a given PR - at least unless there are related commits and each makes sense as a change on its own.
  • Aware about the PR to be merged using "create a merge commit" rather than "squash and merge" (or similar)
  • genPolicy only: Ensured the tool still builds on Windows
  • genPolicy only: Updated sample YAMLs' policy annotations, if applicable
  • The upstream-missing label (or upstream-not-needed) has been set on the PR.
Summary

genpolicy sync upstream [2/3]

Test Methodology

https://dev.azure.com/mariner-org/mariner/_build/results?buildId=547205&view=ms.vss-test-web.build-test-results-tab [pass]

malt3 and others added 3 commits April 9, 2024 12:35
@malt3 @Redent0r
genpolicy: allow separate paths for rules and settings files
c608826 
Using custom input paths with -i is counter-intuitive. Simplify path handling with explicit flags for rules.rego and genpolicy-settings.json.

Fixes: kata-containers#8568

Signed-Off-By: Malte Poll <1780588+malt3@users.noreply.github.com>
@danmihai1 @Redent0r
genpolicy: support non-default namespace name
97fac86 
Allow users to specify in genpolicy-settings.json a default cluster
namespace other than "default". For example, Kata CI uses as default
namespace: "kata-containers-k8s-tests".

Fixes: kata-containers#8976

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
@danmihai1 @Redent0r
genpolicy: ignore empty YAML as input
2b3408d 
Kata CI's pod-sandbox-vcpus-allocation.yaml ends with "---", so the
empty YAML document following that line should be ignored.

To test this fix:

genpolicy -u -y pod-sandbox-vcpus-allocation.yaml

Fixes: kata-containers#8895

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
@Redent0r Redent0r marked this pull request as ready for review April 9, 2024 22:50
@Redent0r Redent0r requested review from a team as code owners April 9, 2024 22:50
@Redent0r Redent0r added the upstream/not-needed PRs that will not be upstreamed (e.g. internal) label Apr 9, 2024
@Redent0r Redent0r merged commit 11c3296 into msft-main Apr 9, 2024
156 of 202 checks passed
@Redent0r Redent0r deleted the saulparedes/genpolicy_sync_2 branch April 9, 2024 23:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danmihai1 danmihai1 danmihai1 approved these changes

Assignees
No one assigned
Labels
upstream/not-needed PRs that will not be upstreamed (e.g. internal)
Projects
None yet
Milestone
No milestone
3 participants
@Redent0r @danmihai1 @malt3