Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add other policies in CEL expressions - Part 1 #946

Merged
merged 36 commits into from
May 15, 2024

Conversation

Chandan-DK
Copy link
Contributor

@Chandan-DK Chandan-DK commented Mar 18, 2024

Related Issue(s)

Partially addresses #891

Description

This PR includes the conversion of policies in the other folder to Kyverno CEL policies. Conversion of the policies will be done in multiple PRs

Policies converted in this PR:

  • allowed-annotations
  • allowed-pod-priorities
  • block-ephemeral-containers
  • check-env-vars
  • check-node-for-cve-2022-0185
  • check-serviceaccount-secrets
  • deny-secret-service-account-token-type
  • disallow-all-secrets
  • disallow-localhost-services
  • disallow-secrets-from-env-vars
  • docker-socket-requires-label

Checklist

  • I have read the policy contribution guidelines.
  • I have added test manifests and resources covering both positive and negative tests that prove this policy works as intended.
  • I have added the artifacthub-pkg.yml file and have verified it is complete and correct.

@Chandan-DK Chandan-DK force-pushed the other-policies-cel-part-1 branch from 8fadcd9 to ea63ef2 Compare March 20, 2024 08:39
@Chandan-DK Chandan-DK force-pushed the other-policies-cel-part-1 branch from af946a9 to d691d7b Compare March 21, 2024 13:53
@Chandan-DK Chandan-DK force-pushed the other-policies-cel-part-1 branch from 6e77485 to 4a892f6 Compare March 21, 2024 16:55
@MariamFahmy98 MariamFahmy98 self-requested a review March 25, 2024 17:32
@MariamFahmy98 MariamFahmy98 self-assigned this Mar 25, 2024
Copy link
Contributor

@MariamFahmy98 MariamFahmy98 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a missing kyverno test in the allowed-pod-priorities and block-ephemeral-containers.

@Chandan-DK Chandan-DK force-pushed the other-policies-cel-part-1 branch from 2f00bff to 548d800 Compare March 26, 2024 10:32
@Chandan-DK
Copy link
Contributor Author

There is a missing kyverno test in the allowed-pod-priorities and block-ephemeral-containers.

We can't have kyverno tests for allowed-pod-priorities at the moment because support for parameter resources in CLI tests has to be added (Issue)

@Chandan-DK Chandan-DK marked this pull request as ready for review March 30, 2024 17:31
@MariamFahmy98
Copy link
Contributor

It seems that there are some flake tests. Could you please check?

@Chandan-DK
Copy link
Contributor Author

Sure. Will take a look soon

Copy link
Contributor

@MariamFahmy98 MariamFahmy98 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Thank you!

@JimBugwadia
Copy link
Member

@Chandan-DK - can you please help resolve the conflicts?

@Chandan-DK
Copy link
Contributor Author

@Chandan-DK - can you please help resolve the conflicts?

Sure 👍

@Chandan-DK
Copy link
Contributor Author

The conflicts have been resolved

@JimBugwadia JimBugwadia merged commit 8e31d60 into kyverno:main May 15, 2024
159 checks passed
@Chandan-DK Chandan-DK deleted the other-policies-cel-part-1 branch May 15, 2024 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

3 participants