frameworks
frameworks copied to clipboard
open-policy-agent
If there's a CT that includes new rego keywords (such as `future`) we should have a `minVersion` annotation that we can use for blocking the deployment of new templates.
Hello! I'm using gatekeeper to validate KCC resources in GKE cluster. I have a library of constraints and templates written for KCC object structure. I would like to extend this...
Constraint templates do not currently have a maximum name length. It is necessary to cap the maximum possible constraint template name length to leave room for ConstraintTemplateStatus resources. Constraints have...
When updating `conversion-gen` to `v0.20.2` in open-policy-agent/frameworks#111, I found a bug. Certain conversion functions were not being included in the generated output. This bug is being tracked (kubernetes/kubernetes#101567) and is...
FYI we can't remove the replace directives until k8s.io/component-base upgrades its opentelemetry version. For now we've gotten lucky as while OPA and k8s.io/component-base use incompatible versions, they don't do this...
Currently, pointing the `kubectl explain` command at a constraint yields no description. `spec` and `status` are also missing descriptions. See this example: ``` ❯ kubectl explain k8srequiredlabels Alias tip: k...
Context: https://github.com/github/renaming I haven't tried this myself, but these are the supposed [steps](https://www.techrepublic.com/article/github-to-replace-master-with-main-starting-in-october-what-developers-need-to-know/#:~:text=This%20change%20across%20the%20tech,time%20to%20get%20used%20to.) to do this: ```bash # Move the master branch to main. $ git branch -m master main...
Function [newConstraintTemplate()](https://github.com/open-policy-agent/frameworks/blob/2e11d4556af8e785768f44222d3792cc845e5c06/constraint/pkg/client/e2e_tests.go#L39) defines a template parameter named `"expected"`: "expected": {Type: "string"}, The [Deny by Parameter](https://github.com/open-policy-agent/frameworks/blob/2e11d4556af8e785768f44222d3792cc845e5c06/constraint/pkg/client/e2e_tests.go#L601) test uses a parameter named `"name"`: cstr := newConstraint("Foo", "ph", map[string]string{"name": "deny_me"}, nil) The tests...
If someone puts a default value in the OpenAPISpec for a ConstraintTemplate, this results in an error. The ConstraintFramework should handle populating the default if present.
The OPA Constraint Framework should follow the Kubernetes CustomResourceDefinitionNames spec for Constraint templates to allow specifying plural, singular, shortnames, etc.. without modifying the CRD after the constraint template is created....
