Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Control the policy controller monitoring resources from chart, enhanc… #1687

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Control the policy controller monitoring resources from chart, enhanc… #1687

wants to merge 8 commits into from
+76 −14

Conversation

senanz
Copy link

@senanz senanz commented Nov 3, 2024
edited
Loading

…ment for the current implmentation to hadd all the resources by default, The new change add avail to pass resourcesNames through the chart with list of resources comma sperataed for which resources to be monitored by the policy controller, the default is all resources if the flag wasn't presented in the chart

This PR resolves #1388

Signed-off-by: Senan Zedan (EXT-Nokia) senan.zedan.ext@nokia.com

Summary

The new change add avail to pass resourcesNames through the chart with list of resources comma sperataed for which resources to be monitored by the policy controller, the default is all resources if the flag wasn't presented in the chart

codysoyland and others added 3 commits November 3, 2024 15:06
@codysoyland
Add check for ACR registry in ACR credential helper (sigstore#1658)
44b4cc6 
Signed-off-by: Cody Soyland <codysoyland@github.com>
Signed-off-by: Senan Zedan (EXT-Nokia) <senan.zedan.ext@nokia.com>
@dependabot
chore(deps): Bump google-github-actions/auth from 2.1.6 to 2.1.7 (sig…
7895e28 
…store#1683)

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 2.1.6 to 2.1.7.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](google-github-actions/auth@8254fb7...6fc4af4)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Senan Zedan (EXT-Nokia) <senan.zedan.ext@nokia.com>
Control the policy controller monitoring resources from chart, enhanc…
513fa0c 
…ment for the current implmentation to hadd all the resources by default, The new change add avail to pass resourcesNames through the chart with list of resources comma sperataed for which resources to be monitored by the policy controller, the default is all resources if the flag wasn't presented in the chart

Signed-off-by: Senan Zedan (EXT-Nokia) <senan.zedan.ext@nokia.com>
@senanz senanz mentioned this pull request Nov 3, 2024
Open
@senanz
Copy link
Author

senanz commented Nov 11, 2024

@vaikas - Could you please look into this?

@vaikas
Copy link
Collaborator

vaikas commented Nov 11, 2024

Could you add some tests, maybe here: https://github.com/sigstore/policy-controller/tree/main/test

@senanz
Copy link
Author

senanz commented Nov 12, 2024

@vaikas - per your request, test added.

@vaikas
Copy link
Collaborator

vaikas commented Nov 12, 2024

@vaikas - per your request, test added.

That does not really test any of this new code. You'd have to add a test that launches policy controller with these new flags, here's one example where we change the policy-controller behaviour by the flags:

policy-controller/.github/workflows/kind-cluster-image-policy-tsa.yaml

Line 125 in b3af2f0

# Install policy-controller that does not have TUF embedded or installed.

So, create a new kustomize file that launches policy controller with say --resource-name=pods, and customize it like here:

policy-controller/.github/workflows/kind-cluster-image-policy-tsa.yaml

Line 136 in b3af2f0

kustomize build test/kustomize-no-tuf | kubectl apply -f -

And then after the policy-controller has been started with the flags under test, you'd run your new test:

policy-controller/.github/workflows/kind-cluster-image-policy-tsa.yaml

Line 177 in b3af2f0

./test/e2e_test_cluster_image_policy_with_tsa.sh

It should at the bare minimum have a negative test and a positive test. So, if you're using resource-name pods, then launching a deployment with a failing config should succeed if you instead launch a pod.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Verify only pods
3 participants
@senanz @vaikas @codysoyland