-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplify Disallow hostPorts in CEL expressions #1108
base: main
Are you sure you want to change the base?
Conversation
Hi @lavishpal - Thanks for the contribution! We can create a variable validate:
cel:
variables:
- name: allContainers
expression: >-
object.spec.containers +
object.spec.?initContainers.orValue([]) +
object.spec.?ephemeralContainers.orValue([]) We can then use this variable and simplify expressions:
- expression: >-
variables.allContainers.all(container,
container.?ports.orValue([]).all(port, port.?hostPort.orValue(0) == 0)) |
Yes we can use variable, but we can also directly use optional . |
Yes, using the optional syntax directly in the expression is a valid approach and works well. However, it's easier to read the expression when we can generalize a large expression like this into a variable. object.spec.containers + object.spec.?initContainers.orValue([]) + object.spec.?ephemeralContainers.orValue([]) The newer CEL policies in the library make use of the |
cc : @JimBugwadia |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Multiple tests failing.
237e5a2
to
3b925f4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tests are failing.
3b925f4
to
ab6d073
Compare
Can you guide me how to fix these test. |
Once CI completes, go look at the failing tests and see the logged messages. |
ab6d073
to
6382933
Compare
Signed-off-by: Lavish pal <[email protected]>
5045ac9
to
5688761
Compare
All |
Yeah i figured out that there is indentation mistake in YAML. |
@lavishpal - are you fixing it? |
Yeah i will fix it till tomorrow. |
Signed-off-by: Lavish Pal <[email protected]>
Related Issue(s)
fixes #1093
Description
This PR simplify the CEL expression by removing the repeated terms.
Checklist