frameworks
frameworks copied to clipboard
open-policy-agent
Basic debug capabilities exist, but more is better including: - Improved output for the dump of module contents so code is human readable (currently the output is one giant string)...
If/when clients start multiplexing requests across targets, the error handling becomes non-trivial. We should come up with some best practices and document them in the README.
This PR implements changes for multi ea/ep design For gatekeeper changes and CI tests refer to [PR gatekeeper/3321](https://github.com/open-policy-agent/gatekeeper/pull/3321)
Bumps the k8s group in /constraint with 5 updates: | Package | From | To | | --- | --- | --- | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.28.3` | `0.29.3` |...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
> TODO(ritazh): default for now until the feature is safe to fail close > TODO(ritazh): default for now until we can safely expose these to users
From the sample, I think the field should be `crd` instead of `validation`.
It seems that the ConstraintTemplatePodStatus could be better homed in Gatekeeper: https://github.com/open-policy-agent/frameworks/blob/3eb381ce6cbedf3c1adedf2bfb20aa5e491c5baa/constraint/pkg/core/templates/constrainttemplate_types.go#L78-L100 If that's possible we should consider making that change.
The provider CRD expects the cabundle to be a [pem base64 encoded string](https://github.com/open-policy-agent/frameworks/blob/96753a21c26fe5d719dd8a9bd51435850c711a93/constraint/config/crds/externaldata.gatekeeper.sh_providers.yaml#L41C19-L41C19). Unfortunately, this doesn't work well for using tools like cert manager or vault to manage certs for...
