Skip to content

Commit

Permalink
fix!: renames "url" field into "module".
Browse files Browse the repository at this point in the history 
Renames the "url" field into "module". This makes the field name the same
of the name used in the CRDs.

Signed-off-by: José Guilherme Vanz <jguilhermevanz@suse.com>
  • Loading branch information
@jvanz
jvanz committed Jan 3, 2025
1 parent 10938df commit 6847459
Show file tree
Hide file tree
Showing 7 changed files with 59 additions and 59 deletions.
18 changes: 9 additions & 9 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,11 @@ This is an example of the policies file:

```yml
psp-apparmor:
url: registry://ghcr.io/kubewarden/policies/psp-apparmor:v0.1.3
module: registry://ghcr.io/kubewarden/policies/psp-apparmor:v0.1.3
psp-capabilities:
url: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.3
module: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.3
namespace_simple:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
settings:
valid_namespace: kubewarden-approved
```
Expand Down Expand Up @@ -98,22 +98,22 @@ This is an example of the policies file with a policy group:
pod-image-signatures: # policy group
policies:
- name: sigstore_pgp
url: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
module: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
settings:
signatures:
- image: "*"
pubKeys:
- "-----BEGIN PUBLIC KEY-----xxxxx-----END PUBLIC KEY-----"
- "-----BEGIN PUBLIC KEY-----xxxxx-----END PUBLIC KEY-----"
- name: sigstore_gh_action
url: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
module: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
settings:
signatures:
- image: "*"
githubActions:
owner: "kubewarden"
- name: reject_latest_tag
url: ghcr.io/kubewarden/policies/trusted-repos-policy:v0.1.12
module: ghcr.io/kubewarden/policies/trusted-repos-policy:v0.1.12
settings:
tags:
reject:
Expand All @@ -133,7 +133,7 @@ that is allowed to access:
strict-ingress-checks:
policies:
- name: unique_ingress
url: ghcr.io/kubewarden/policies/cel-policy:latest
module: ghcr.io/kubewarden/policies/cel-policy:latest
contextAwareResources:
- apiVersion: networking.k8s.io/v1
kind: Ingress
Expand All @@ -154,13 +154,13 @@ strict-ingress-checks:
!variables.knownHost.exists_one(hosts, sets.intersects(hosts, variables.desiredHosts))
message: "Cannot reuse a host across multiple ingresses"
- name: https_only
url: ghcr.io/kubewarden/policies/ingress:latest
module: ghcr.io/kubewarden/policies/ingress:latest
settings:
requireTLS: true
allowPorts: [443]
denyPorts: [80]
- name: http_only
url: ghcr.io/kubewarden/policies/ingress:latest
module: ghcr.io/kubewarden/policies/ingress:latest
settings:
requireTLS: false
allowPorts: [80]
Expand Down
10 changes: 5 additions & 5 deletions policies.yml.example
View file
Original file line number Diff line number Diff line change
@@ -1,30 +1,30 @@
psp-apparmor:
url: registry://ghcr.io/kubewarden/policies/psp-apparmor:v0.1.7
module: registry://ghcr.io/kubewarden/policies/psp-apparmor:v0.1.7
psp-capabilities:
url: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.7
module: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.7
allowedToMutate: true
settings:
allowed_capabilities: ["*"]
required_drop_capabilities: ["KILL"]
pod-image-signatures: # policy group
policies:
sigstore_pgp:
url: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
module: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
settings:
signatures:
- image: "*"
pubKeys:
- "-----BEGIN PUBLIC KEY-----xxxxx-----END PUBLIC KEY-----"
- "-----BEGIN PUBLIC KEY-----xxxxx-----END PUBLIC KEY-----"
sigstore_gh_action:
url: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
module: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
settings:
signatures:
- image: "*"
githubActions:
owner: "kubewarden"
reject_latest_tag:
url: ghcr.io/kubewarden/policies/trusted-repos-policy:v0.1.12
module: ghcr.io/kubewarden/policies/trusted-repos-policy:v0.1.12
settings:
tags:
reject:
Expand Down
40 changes: 20 additions & 20 deletions src/config.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,7 @@ pub enum PolicyOrPolicyGroupSettings {
#[serde(deny_unknown_fields, rename_all = "camelCase")]
pub struct PolicyGroupMember {
/// Thge URL where the policy is located
pub url: String,
pub module: String,
/// The settings for the policy
pub settings: Option<HashMap<String, serde_yaml::Value>>,
/// The list of Kubernetes resources the policy is allowed to access
Expand All @@ -341,7 +341,7 @@ pub enum PolicyOrPolicyGroup {
#[serde(rename_all = "camelCase")]
Policy {
/// The URL where the policy is located
url: String,
module: String,
#[serde(default)]
/// The mode of the policy
policy_mode: PolicyMode,
Expand Down Expand Up @@ -485,7 +485,7 @@ mod tests {
let policies_yaml = r#"
---
example:
url: ghcr.io/kubewarden/policies/context-aware-policy:0.1.0
module: ghcr.io/kubewarden/policies/context-aware-policy:0.1.0
settings: {}
allowedToMutate: true
contextAwareResources:
Expand All @@ -499,10 +499,10 @@ group_policy:
message: "group policy message"
policies:
policy1:
url: ghcr.io/kubewarden/policies/policy1:0.1.0
module: ghcr.io/kubewarden/policies/policy1:0.1.0
settings: {}
policy2:
url: ghcr.io/kubewarden/policies/policy2:0.1.0
module: ghcr.io/kubewarden/policies/policy2:0.1.0
settings: {}
"#;

Expand All @@ -516,7 +516,7 @@ group_policy:
(
"example".to_owned(),
PolicyOrPolicyGroup::Policy {
url: "ghcr.io/kubewarden/policies/context-aware-policy:0.1.0".to_owned(),
module: "ghcr.io/kubewarden/policies/context-aware-policy:0.1.0".to_owned(),
policy_mode: PolicyMode::Protect,
allowed_to_mutate: Some(true),
settings: Some(HashMap::new()),
Expand All @@ -542,15 +542,15 @@ group_policy:
(
"policy1".to_owned(),
PolicyGroupMember {
url: "ghcr.io/kubewarden/policies/policy1:0.1.0".to_owned(),
module: "ghcr.io/kubewarden/policies/policy1:0.1.0".to_owned(),
settings: Some(HashMap::new()),
context_aware_resources: BTreeSet::new(),
},
),
(
"policy2".to_string(),
PolicyGroupMember {
url: "ghcr.io/kubewarden/policies/policy2:0.1.0".to_owned(),
module: "ghcr.io/kubewarden/policies/policy2:0.1.0".to_owned(),
settings: Some(HashMap::new()),
context_aware_resources: BTreeSet::new(),
},
Expand All @@ -568,30 +568,30 @@ group_policy:
r#"
---
example:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
settings: {}
"#, json!({})
)]
#[case::settings_missing(
r#"
---
example:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
"#, json!({})
)]
#[case::settings_null(
r#"
---
example:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
settings: null
"#, json!({})
)]
#[case::settings_provided(
r#"
---
example:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
settings:
"counter": 1
"items": ["a", "b"]
Expand All @@ -617,7 +617,7 @@ example:
let policies_yaml = r#"
---
example:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
settings: {}
"#;
let mut temp_file = NamedTempFile::new().unwrap();
Expand Down Expand Up @@ -654,17 +654,17 @@ example:
r#"
---
example:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
settings: {}
group_policy:
expression: "true"
message: "group policy message"
policies:
policy1:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
settings: {}
policy2:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
settings: {}
"#,
true
Expand All @@ -673,7 +673,7 @@ group_policy:
r#"
---
example/invalid:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
settings: {}
"#,
false
Expand All @@ -682,17 +682,17 @@ example/invalid:
r#"
---
example:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
settings: {}
group_policy:
expression: "true"
message: "group policy message"
policies:
policy1/a:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
settings: {}
policy2:
url: file:///tmp/namespace-validate-policy.wasm
module: file:///tmp/namespace-validate-policy.wasm
settings: {}
"#,
false
Expand Down
24 changes: 12 additions & 12 deletions src/evaluation/evaluation_environment.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ impl<'engine, 'precompiled_policies> EvaluationEnvironmentBuilder<'engine, 'prec

match policy {
PolicyOrPolicyGroup::Policy {
url,
module: url,
policy_mode,
allowed_to_mutate,
context_aware_resources,
Expand Down Expand Up @@ -297,7 +297,7 @@ impl<'engine, 'precompiled_policies> EvaluationEnvironmentBuilder<'engine, 'prec
if let Err(e) = self.bootstrap_policy(
&mut eval_env,
policy_id.clone(),
&policy.url,
&policy.module,

Check warning on line 300 in src/evaluation/evaluation_environment.rs

View check run for this annotation

Codecov / codecov/patch

src/evaluation/evaluation_environment.rs#L300 

Added line #L300 was not covered by tests
policy_evaluation_settings,
eval_ctx,
) {
Expand Down Expand Up @@ -820,7 +820,7 @@ mod tests {
policies.insert(
policy_id.to_string(),
PolicyOrPolicyGroup::Policy {
url: policy_url.clone(),
module: policy_url.clone(),
policy_mode: PolicyMode::Protect,
allowed_to_mutate: None,
settings: None,
Expand All @@ -838,7 +838,7 @@ mod tests {
policies: vec![(
"happy_policy_1".to_string(),
PolicyGroupMember {
url: "file:///tmp/happy_policy_1.wasm".to_string(),
module: "file:///tmp/happy_policy_1.wasm".to_string(),
settings: None,
context_aware_resources: BTreeSet::new(),
},
Expand All @@ -865,7 +865,7 @@ mod tests {
policies: vec![(
"happy_policy_1".to_string(),
PolicyGroupMember {
url: "file:///tmp/happy_policy_1.wasm".to_string(),
module: "file:///tmp/happy_policy_1.wasm".to_string(),
settings: None,
context_aware_resources: BTreeSet::new(),
},
Expand Down Expand Up @@ -902,7 +902,7 @@ mod tests {
policies: vec![(
"happy_policy_1".to_string(),
PolicyGroupMember {
url: "file:///tmp/happy_policy_1.wasm".to_string(),
module: "file:///tmp/happy_policy_1.wasm".to_string(),
settings: None,
context_aware_resources: BTreeSet::new(),
},
Expand All @@ -921,23 +921,23 @@ mod tests {
(
"happy_policy_1".to_string(),
PolicyGroupMember {
url: "file:///tmp/happy_policy_1.wasm".to_string(),
module: "file:///tmp/happy_policy_1.wasm".to_string(),
settings: None,
context_aware_resources: BTreeSet::new(),
},
),
(
"unhappy_policy_1".to_string(),
PolicyGroupMember {
url: "file:///tmp/unhappy_policy_1.wasm".to_string(),
module: "file:///tmp/unhappy_policy_1.wasm".to_string(),
settings: None,
context_aware_resources: BTreeSet::new(),
},
),
(
"unhappy_policy_2".to_string(),
PolicyGroupMember {
url: "file:///tmp/unhappy_policy_1.wasm".to_string(),
module: "file:///tmp/unhappy_policy_1.wasm".to_string(),
settings: None,
context_aware_resources: BTreeSet::new(),
},
Expand All @@ -959,23 +959,23 @@ mod tests {
(
"happy_policy_1".to_string(),
PolicyGroupMember {
url: "file:///tmp/happy_policy_1.wasm".to_string(),
module: "file:///tmp/happy_policy_1.wasm".to_string(),
settings: None,
context_aware_resources: BTreeSet::new(),
},
),
(
"unhappy_policy_1".to_string(),
PolicyGroupMember {
url: "file:///tmp/unhappy_policy_1.wasm".to_string(),
module: "file:///tmp/unhappy_policy_1.wasm".to_string(),
settings: None,
context_aware_resources: BTreeSet::new(),
},
),
(
"unhappy_policy_2".to_string(),
PolicyGroupMember {
url: "file:///tmp/unhappy_policy_1.wasm".to_string(),
module: "file:///tmp/unhappy_policy_1.wasm".to_string(),
settings: None,
context_aware_resources: BTreeSet::new(),
},
Expand Down
Loading

0 comments on commit 6847459

Please sign in to comment.