-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add generate command #42
Conversation
Thanks @hennersz for the contribution! I'll do some testing but I believe this would be a beneficial capability to have available via the CLI. For your situational awareness - Lula is undergoing some preparatory steps for transitioning resources to full-time and establishing office-hours and other points of communication for collaboration. |
The only other issue that I believe would block this being a useful contribution (and wasn't part of the code added/modified here) is that the generated name for the
This is largely due to the name currently being uppercase from the UUID generation. We haven't encountered this yet due to it not mattering for the Kyverno Logic to execute an audit. I believe if we wrapped |
@brandtkeller I have applied the change you suggested, and installing generated policies into a real cluster now works. Sorry, probably should have checked end 2 end that this works before submitting. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes provide minimum requirement for generation of a Kyverno ClusterPolicy
from the OSCAL source.
The generation can handle creation of directories that do-not exist and accommodating directories that do exist. The Policies tested were able to be applied to the cluster running Kyverno with the required CRD's without any issue.
Thank you @hennersz for the contribution. It is highly aligned with the vision of Lula and the role it plays in integrating with a policy enforcement engine. Lula is gearing up to commit more dedicated resources into the development of the project. We will likely be evaluating current project structure and moving some logic around for clarity purposes. In the event you would like to join us on this adventure - we will ensure the issues tab is populated with where we would like to take the project and good issues for others to grab and implement. If you have questions about the addition of other logic/testing/etc - please feel free to create an issue for discussion. |
Current Behavior
Kyverno policies that are generated for auditing a cluster are deleted after the audit is done
Proposed Behavior
This adds a generate command to output the kyverno policies from OCSAL definitions