gatekeeper
gatekeeper copied to clipboard
Specify parameters in gator Suites
Describe the solution you'd like Looks like gator Suites don't have a field for specifying parameters to pass to the template: https://github.com/open-policy-agent/gatekeeper/blob/8393e15b909cafe95dd745edfd8c6842cd64baee/pkg/gator/suite.go#L37-L54
The way this is worked around currently is that people will just put a default parameter inside the constraint.yaml
file, and then just never test any other parameter values: https://github.com/open-policy-agent/gatekeeper-library/blob/master/library/general/disallowanonymous/samples/no-anonymous-bindings/constraint.yaml
You could workaround this issue by creating a new constraint2.yaml
file and a new file named suite2.yaml
(apparently adding a second Suite inside the same yaml file will be ignored, maybe another issue to consider) which references it, but that causes extra duplication. Seems like allowing this extra convenience might help encourage more thorough testing of constraints that accept parameters. Thoughts?
Environment:
- Gatekeeper version: alpha
- Kubernetes version: (use
kubectl version
): n/a
Suite files should be able to accept multiple constraints to test against:
https://github.com/open-policy-agent/gatekeeper-library/blob/6e3d6b48a51274af1e120204f534ccbd2ac517d9/library/general/uniqueingresshost/suite.yaml
Might be worth exploring how to denormalize things further, but that would depend on relative benefit vs. maintaining enough syntax to denormalize things properly.
It also might be cool to embed the resource contents directly into the suite.yaml to avoid the need for separate files.
Making it as easy as possible to enumerate/test many scenarios is definitely the goal. Also, suite.yaml can be useful for generating examples for documentation.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.