We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
You can continue the conversation there. Go to discussion →
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Original Requestor: raje.g.995 Original Thread: https://openpolicyagent.slack.com/archives/CBR63TK2A/p1648828146.908049
Message:
Hi, I am trying to use sync.yaml -> config to load some CRDs to evaluate my OPA Gatekeeper in EKS.
I am facing issues in loading those CRDS. I have installed the sync.yaml correctly.
Steps followed -
Installed OPA Installed sync.yaml to load the CRDs dynamically.
Issue :
While evaluating the policy in the constrainttemplate , OPA is not able to list those objects.
Sample sync.yaml
# Sync.yaml apiVersion: http://config.gatekeeper.sh/v1alpha1config.gatekeeper.sh/v1alpha1> kind: Config metadata: name: config namespace: "gatekeeper-system" spec: sync: syncOnly: - group: "http://project.team.orchestrator.predix.ioproject.team.orchestrator.predix.io>" version: "v1alpha1" kind: Environment - group: "http://project.team.orchestrator.predix.ioproject.team.orchestrator.predix.io>" version: "v1alpha1" kind: "DeveloperProjectControl"
Sample policy constrainttemplate
apiVersion: http://templates.gatekeeper.sh/v1beta1templates.gatekeeper.sh/v1beta1> kind: ConstraintTemplate metadata: name: developerprojectcontrolnotexist spec: crd: spec: names: kind: DeveloperProjectControlNotExist targets: - target: admission.k8s.gatekeeper.sh rego: | package developerprojectcontrolnotexist violation[{"msg": msg1}] { input.review.object.kind != "DeveloperProjectControl" ns := input.review.object.metadata.namespace ns != "NS" #msg1 := sprintf("VALUE - %v ", [data.inventory.namespace[ns]["http://project.team.orchestrator.predix.io/v1alpha1project.team.orchestrator.predix.io/v1alpha1>"]]) dpcObject := object.get(data.inventory.namespace[ns]["http://project.team.orchestrator.predix.io/v1alpha1project.team.orchestrator.predix.io/v1alpha1>"],"DeveloperProjectControl", "NOTFOUND") dpcObject == "NOTFOUND" msg1 := sprintf("No developerprojectcontrol object present in the namespace ", [dpcObject]) }
Here the dpcObject value is {} and instead of NOTFOUND , when the corresponding object - DeveloperProjectControl is not present in the namespace.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Original Requestor: raje.g.995
Original Thread: https://openpolicyagent.slack.com/archives/CBR63TK2A/p1648828146.908049
Message:
Hi, I am trying to use sync.yaml -> config to load some CRDs to evaluate my OPA Gatekeeper in EKS.
I am facing issues in loading those CRDS. I have installed the sync.yaml correctly.
Steps followed -
Installed OPA
Installed sync.yaml to load the CRDs dynamically.
Issue :
While evaluating the policy in the constrainttemplate , OPA is not able to list those objects.
Sample sync.yaml
Sample policy constrainttemplate
Here the dpcObject value is {} and instead of NOTFOUND , when the corresponding object - DeveloperProjectControl is not present in the namespace.
The text was updated successfully, but these errors were encountered: