-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Guardrails policies (M1) #2970
Guardrails policies (M1) #2970
Conversation
… example and test policy to create a base code pr" This reverts commit 08d377d.
* rego unit test and gator test polishing * lint fix * rego lint fix
* add new policy for machine config modification * reformat yaml * revise api group logic
* update generate.sh to support single dir gen * update scripts to support params * update README
7876f22
to
5761127
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Questions I have here shouldn't be considered blocking. Just questions from the perspective of being very new to the project.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. But I don't have owner or anything so we still need some one with the powers for merge.
Which issue this PR addresses:
Fixes:
https://issues.redhat.com/browse/ARO-2560
https://issues.redhat.com/browse/ARO-2885
https://issues.redhat.com/browse/ARO-2222
https://issues.redhat.com/browse/ARO-2322
https://issues.redhat.com/browse/ARO-2146
https://issues.redhat.com/browse/ARO-1393
What this PR does / why we need it:
added 4 Guardrails policies:
aro-deny-host-mount
aro-deny-labels
aro-deny-master-toleration-taints
aro-deny-privileged-namespace
under path
Test plan for issue:
policies have been tested with opa, gator, and on different dev clusters
Is there any documentation that needs to be updated for this PR?
partially refer to readme
Cx facing doc will be addressed separately in another jira https://issues.redhat.com/browse/ARO-3203