feat(helm): support custom policies with built-in scanner #1144
Conversation
| @@ -468,3 +468,19 @@ nodeSelector: {} | |||
| tolerations: [] | |||
|
|
|||
| affinity: {} | |||
|
|
|||
| additionalPolicies: | |||
There was a problem hiding this comment.
As far as I know, the Conftest is deprecated and planned for removal. If that's not the case, perhaps it would be good to unify this with conftest.library and conftest.policy.
There was a problem hiding this comment.
I'm also not attached to this name, but it seems to follow in the tradition of other charts in the wild.
| @@ -863,3 +863,12 @@ data: | |||
| kubernetes.namespace]))\n\n\tres := {\n\t\t\"msg\": msg,\n\t\t\"id\": __rego_metadata__.id,\n\t\t\"title\": | |||
| __rego_metadata__.title,\n\t\t\"severity\": __rego_metadata__.severity,\n\t\t\"type\": | |||
| __rego_metadata__.type,\n\t}\n}\n" | |||
| {{- with .Values.additionalPolicies }} | |||
There was a problem hiding this comment.
It would be interesting to try to prevent collisions here. Otherwise our beloved YAML will let the last instance of a duplicate key win, which might produce unexpected results.
Codecov Report
@@ Coverage Diff @@
## main #1144 +/- ##
==========================================
- Coverage 57.90% 57.84% -0.07%
==========================================
Files 71 71
Lines 9325 9325
==========================================
- Hits 5400 5394 -6
- Misses 3374 3379 +5
- Partials 551 552 +1
Continue to review full report at Codecov.
|
|
For my use case, this could be obviated by #1145, but I imagine others might prefer this simpler approach. Supporting both seems prudent. |
yurrriq
force-pushed
the
custom-policies-with-builtin-scanner
branch
from
da6e720
to
d7f03df
Compare
yurrriq
force-pushed
the
custom-policies-with-builtin-scanner
branch
from
d7f03df
to
ca46f4c
Compare
Description
Add support for custom policies when using the custom scanner.
Related issues
Remove this section if you don't have related PRs.
Checklist