gatekeeper-library icon indicating copy to clipboard operation
gatekeeper-library copied to clipboard

Published 20 hours ago verified publisher icon open-policy-agent

add cel-based policies

Open sozercan opened this issue 1 year ago • 5 comments

sozercan avatar Aug 16 '23 16:08 sozercan

This issue/PR has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Oct 15 '23 22:10 stale[bot]

still salient

maxsmythe avatar Oct 17 '23 00:10 maxsmythe

Notes from March 13, 2024 community meeting:

  • ~User configurable priority for rego vs vap~ (use-vap is a better option here so no need)
  • ~Max to find which min version of gk is required for multiple policies per CT~ min version required is v3.12 (see below)
  • Gator unit and conformance tests for K8sNativeValidation CEL (need flag to enable)
  • Rely on gator only instead of standalone unit tests
  • If multiple versions, add K8sNativeValidation CEL to last version only
  • Rego and cel must be in parity for pr for existing CTs
  • New policies will need to have both K8sNativeValidation CEL and Rego for a TBD period
  • Update website and ArtifactHub to indicate “supports K8sNativeValidation CEL/Rego”

sozercan avatar Mar 13 '24 18:03 sozercan

WRT min version for multiple languages per CT:

  • This was the commit: https://github.com/open-policy-agent/gatekeeper/pull/2616
  • v3.12.0 added recognition of multi-engine schema (Rego still required to avoid validation errors)

maxsmythe avatar Mar 19 '24 02:03 maxsmythe

Tracking the migration with #541

JaydipGabani avatar Jun 05 '24 16:06 JaydipGabani