Max Smythe
Max Smythe
**Describe the solution you'd like** The Gator command should be extended to make it easier to profile, debug, write, and trace constraint templates. Including the ability to see the expected...
**Describe the solution you'd like** We should add a notation to log lines that are semantic (i.e. have machine-readable meaning and are subject to backwards-compatibility requirements, as designed by https://docs.google.com/document/d/1ap7AKOupNcR_42s8mkSh5FV9eteXTd4VCqelKst73VY/edit#heading=h.ufjdqaszum9t...
Mutations appear to be developing semantic logging, much like other parts of Gatekeeper. We should figure out which log entries are meant to be machine-readable and formalize their format and...
**Describe the solution you'd like** [A clear and concise description of what you want to happen.] **Anything else you would like to add:** [Miscellaneous information that will assist in solving...
The remaining shared OPA dependency between frameworks and Gatekeeper is storage.Path: https://github.com/open-policy-agent/gatekeeper/blob/21a9de7234137cb9ecd1c9a9f812aed6cfa24a4a/pkg/target/target.go#L118-L129 Removing this will clean up the dependency relationship between OPA/CF/Gatekeeper and make upgrading OPA a bit more straightforward.
Constraint templates do not currently have a maximum name length. It is necessary to cap the maximum possible constraint template name length to leave room for ConstraintTemplateStatus resources. Constraints have...
Basic debug capabilities exist, but more is better including: - Improved output for the dump of module contents so code is human readable (currently the output is one giant string)...
If/when clients start multiplexing requests across targets, the error handling becomes non-trivial. We should come up with some best practices and document them in the README.
Different organizations may have different views of the best setting. What's a good one-size-fits-all value? We should discuss this once all the other work in this milestone is complete.
Add config options for: * Setting the validity duration of generated certs * Lookahead time for the regenerate-when-expiry-is-near trigger We should put off doing this until more frequent cert rotations...