Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Control the policy controller monitoring resources from chart, enhanc… #1687

Open
wants to merge 13 commits into
base: main
Choose a base branch
from

Conversation

senanz
Copy link

@senanz senanz commented Nov 3, 2024

…ment for the current implmentation to hadd all the resources by default, The new change add avail to pass resourcesNames through the chart with list of resources comma sperataed for which resources to be monitored by the policy controller, the default is all resources if the flag wasn't presented in the chart

This PR resolves #1388

Signed-off-by: Senan Zedan (EXT-Nokia) [email protected]

Summary

The new change add avail to pass resourcesNames through the chart with list of resources comma sperataed for which resources to be monitored by the policy controller, the default is all resources if the flag wasn't presented in the chart

codysoyland and others added 3 commits November 3, 2024 15:06
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Senan Zedan (EXT-Nokia) <[email protected]>
…store#1683)

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 2.1.6 to 2.1.7.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](google-github-actions/auth@8254fb7...6fc4af4)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Senan Zedan (EXT-Nokia) <[email protected]>
…ment for the current implmentation to hadd all the resources by default, The new change add avail to pass resourcesNames through the chart with list of resources comma sperataed for which resources to be monitored by the policy controller, the default is all resources if the flag wasn't presented in the chart

Signed-off-by: Senan Zedan (EXT-Nokia) <[email protected]>
@senanz
Copy link
Author

senanz commented Nov 11, 2024

@vaikas - Could you please look into this?

@vaikas
Copy link
Collaborator

vaikas commented Nov 11, 2024

Could you add some tests, maybe here: https://github.com/sigstore/policy-controller/tree/main/test

@senanz
Copy link
Author

senanz commented Nov 12, 2024

@vaikas - per your request, test added.

@vaikas
Copy link
Collaborator

vaikas commented Nov 12, 2024

@vaikas - per your request, test added.

That does not really test any of this new code. You'd have to add a test that launches policy controller with these new flags, here's one example where we change the policy-controller behaviour by the flags:

# Install policy-controller that does not have TUF embedded or installed.

So, create a new kustomize file that launches policy controller with say --resource-name=pods, and customize it like here:

kustomize build test/kustomize-no-tuf | kubectl apply -f -

And then after the policy-controller has been started with the flags under test, you'd run your new test:

./test/e2e_test_cluster_image_policy_with_tsa.sh

It should at the bare minimum have a negative test and a positive test. So, if you're using resource-name pods, then launching a deployment with a failing config should succeed if you instead launch a pod.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Verify only pods
3 participants