Add more tutorials

[eddycharly]

• API/service call
• ConfigMap context
• UPDATE operation
• DELETE operation
• imageReferences context
• Subject
• ClusterRole
• Namespace labels
• verifyImages signature
• verifyImages attestation
• Custom Resource (like cert-manager or Policy Exception)

[chipzoller]

For UPDATE and DELETE tests, how would this support providing an oldObject resource? That is a requirement to making these types of policies fully functional.

[fjogeleit]

I think the general support in the backend part is not a big deal. More important is how we would integrate it in the UI.

• Providing a new Panel for it and when where to place it?
• Could image a switch icon for the resource panel in a diff mode -> oldObject left updated one right. (Like the diff editor for mutation details). But Resources panel is already small, maybe we should change the space division to 50% / 50%.

Is for deletion the oldObject == current resource? Because a deletion don't change the resource beforehand?

[chipzoller]

A couple ideas on where/how to provide oldObject:

1. Provide a second panel called "Old Resource" which is either collapsed by default and visible (the bar only), or have this be accessible only if a user goes to the Options menu to enable Old Resource. If so, at that time it will be made visible.
2. In the existing Resources panel, perhaps we could come up with some special field markers, comments, or something which indicate the next resource is the old resource. In this way, we reuse the Resources panel and don't clutter the screen further.

Is for deletion the oldObject == current resource? Because a deletion don't change the resource beforehand?

Yes, that is correct, so probably don't need oldObject specifically. Engine should interpret the provided resource(s) as the old object.

[chipzoller]

Could image a switch icon for the resource panel in a diff mode -> oldObject left updated one right. (Like the diff editor for mutation details). But Resources panel is already small, maybe we should change the space division to 50% / 50%.

This is also a good idea.

[fjogeleit]

rough test how it would look like:

maybe we can switch it automatically when the operation is "UPDATE"

[chipzoller]

I think that's reasonable. Needs to be a banner/title to show which split pane is new and which is old.

maybe we can switch it automatically when the operation is "UPDATE"

That's going to be basically impossible as there are many ways the operation can be specified. I don't think we want to try and be this smart but instead give users a button where they can click if they know they need an oldObject. And then if it tests and one isn't supplied, throw an error during testing that the oldObject is missing.

[fjogeleit]

okay, will discuss with @eddycharly how we can implement/validate it.

[eddycharly]

Looks good but should not block the current milestone IMO.

I wonder if we want to keep the context in yaml form or switch to a dialog/form ?