-
Notifications
You must be signed in to change notification settings - Fork 236
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplified CEL Expressions for Pod Security (CEL) Baseline policies #1127
Conversation
Signed-off-by: epasham <ekambaram.pasham@gmail.com>
Signed-off-by: epasham <ekambaram.pasham@gmail.com>
pod-security-cel/baseline/disallow-privileged-containers/disallow-privileged-containers.yaml
Outdated
Show resolved
Hide resolved
pod-security-cel/baseline/disallow-privileged-containers/artifacthub-pkg.yml
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@epasham, in the future, please use closing keywords to link your PR to issues it closes, and please complete the full PR template including check boxes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but will defer final review to @MariamFahmy98.
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: epasham <ekambaram.pasham@gmail.com>
Signed-off-by: epasham <ekambaram.pasham@gmail.com>
Signed-off-by: epasham <ekambaram.pasham@gmail.com>
…low-privileged-containers.yaml Co-authored-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Ekambaram Pasham <ekambaram.pasham@gmail.com>
Signed-off-by: epasham <ekambaram.pasham@gmail.com>
…ntainer types in a pod (#1111) * Update disallow-helm-tiller.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update artifacthub-pkg.yml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update disallow-latest-tag.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update artifacthub-pkg.yml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-pod-latest-fail-first.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-pod-latest-success-first.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-pod-no-tag.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update good-pod.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-deploy.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-pod-fail-first.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-pod.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-pod-success-first.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update good-deploy.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update good-pod.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update disallow-latest-tag.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update disallow-helm-tiller.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update artifacthub-pkg.yml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update artifacthub-pkg.yml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update artifacthub-pkg.yml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update artifacthub-pkg.yml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update artifacthub-pkg.yml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update artifacthub-pkg.yml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update good-pod.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-deploy.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-pod-fail-first.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-pod-success-first.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-pod.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update good-deploy.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update resource.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-pod-latest-fail-first.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-pod-latest-success-first.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update bad-pod-no-tag.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update good-pod.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> * Update resource.yaml Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com> --------- Signed-off-by: Dolis Sharma <71091713+dolisss@users.noreply.github.com>
am closing this pull request. I need to sign the commits using my infosys email id. |
Related Issue(s)
Closes #1096
Closes #1097
Closes #1090
Description
There are redundant expressions in CEL expression to validate the containers, init containers and ephemeral containers in a pod definition.
What does this PR do?
Updated CEL expression using variable and optionals. Removed the redundant expressions
The validation expression is now simplified
Checklist