open-policy-agent
Support namespaceObject in CEL
Describe the solution you'd like
Gatekeeper's CEL engine seems to lack the top-level namespaceObject defined by Kubernetes docs. It should give access to the request namespace object, including its labels.
Anything else you would like to add:
Didn't check if authorizer object works as expected, others seem to be fine. Note that I've used Gator tests to validate this, didn't deploy to a cluster.
This is already supported in Kyverno (https://github.com/kyverno/kyverno/issues/8070).
Environment:
- Gatekeeper version: 3.18.2
- Kubernetes version: (use
kubectl version): N/A
@maxsmythe @ritazh do you recall why this was not added in CEL engine?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.