-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat: Opa provider + Kubernetes data source + E2E test #82
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Big fan of putting the validation rule in the oscal where you say this is how we are meeting X control. Should eliminate any confusion on proving you're doing what you just said you're doing.
E2E testing works with make test and using kind locally for me.
Only question/comment I have is using the sha instead of version tag for github actions but that can be updated when we setup rennovate to make sure its all the same versions etc.
A lot to discuss here and a lot to learn. I understand there is a lot of tribal knowledge around OSCAL and such - mainly looking for any red flags as it pertains to the code.
Core focus of review would be around:
Testing made it more obvious that we may want to break down the validate logic further - more library code outside the CLI and maybe finding ways to further utilize or remove the ReportObject reference.
If I am breaking fundamental best practices anywhere - please let me know. I have a lot to learn in the space of Kubernetes API/types and more Golang best practices.
Working on the actual payload in OSCAL currently as an urgent priority - so expecting the payload location in OSCAL to change.