Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: mvp #5

Merged
merged 8 commits into from
Feb 1, 2024
Merged

feat: mvp #5

merged 8 commits into from
Feb 1, 2024

Conversation

fabriziosestito
Copy link
Contributor

@fabriziosestito fabriziosestito commented Jan 31, 2024
edited
Loading

Description

This is the MVP of a policy that can run CEL expression.
It accepts variables and validations with the same syntax as the ValidatingAdmissionPolicy Kubernetes resource.
It acts as a DSL, meaning that creating new policies is possible by configuring new settings and it does not need compilation or wasm toolkit.
The policy requires context-aware capabilities since it needs to get the namespace object of the request to populate the namespaceObject variable.

Test

Settings validation unit tests are adapted from the Kubernetes codebase.
Furthermore, Validation unit tests and e2e tests are added.

Additional Information

Tradeoff

At the moment the policy does not support:

  • authz extension: we need to implement this extension by using context-aware capabilities
  • typed namespace object and request variables: waiting for this PR to be merged: ext.NativeTypes: Recursively add sub-types google/cel-go#892 so we can bind our k8s-objects to the CEL environment as types
  • third-party package: cherry-picking cel extensions from the Kubewarden codebase was needed to reduce the wasm binary size, this could be changed to a fork and automated.

@fabriziosestito fabriziosestito self-assigned this Jan 31, 2024
@fabriziosestito fabriziosestito requested a review from a team January 31, 2024 11:34
@fabriziosestito fabriziosestito changed the title Initial commit feat: mvp Jan 31, 2024
flavio
flavio approved these changes Jan 31, 2024
View reviewed changes
Copy link
Member

@flavio flavio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Congrats, that quite an achievement! 👏

I left some minor notes, but I think this is good to be merged and released

README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
internal/cel/cel.go Outdated Show resolved Hide resolved
internal/cel/cel.go Show resolved Hide resolved
metadata.yml Outdated Show resolved Hide resolved
jvanz
jvanz reviewed Jan 31, 2024
View reviewed changes
renovate.json Outdated Show resolved Hide resolved
viccuad
viccuad reviewed Feb 1, 2024
View reviewed changes
README.md Show resolved Hide resolved
viccuad
viccuad reviewed Feb 1, 2024
View reviewed changes
metadata.yml Outdated Show resolved Hide resolved
viccuad
viccuad approved these changes Feb 1, 2024
View reviewed changes
Copy link
Member

@viccuad viccuad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great, congrats :).

@fabriziosestito
feat: mvp
11dd6fe 
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito
ci: bump github actions
fd5856b 
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito
feat: add quantity library
6b46708 
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito
docs: change third_party README
9ad6658 
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito
test: add library tests
618650f 
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito
docs: remove quantity library limitation from README
1dae6b4 
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito
docs: clarify how expressions are evaluated under the hood
d387269 
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito @jvanz
chore: update renovate.json
1eb26aa 
Co-authored-by: José Guilherme Vanz <jvanz@jvanz.com>
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@flavio
Copy link
Member

flavio commented Feb 1, 2024

LGTM, thanks for having implemented also Quantity

Ship it! 🚀

@fabriziosestito fabriziosestito merged commit af48bd6 into kubewarden:main Feb 1, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flavio flavio Awaiting requested review from flavio

@viccuad viccuad Awaiting requested review from viccuad

@jvanz jvanz Awaiting requested review from jvanz

Assignees

@fabriziosestito fabriziosestito

Labels
None yet
Projects
Kubewarden
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fabriziosestito @flavio @jvanz @viccuad