Closed eyarz closed 1 year ago
amustaque97
commented
1 year ago Hey @eyarz, I can work on this issue. If I understand the problem statement correctly, all we need to do is support strict mode. In the current datree version we run kubeconform in non-strict mode and now we want to support strict mode by passing --strict flag
eyarz
commented
1 year ago Exactly the opposite 😅
Today, we pass the -strict flag by default to kubeconform.
We need to add a new flag to datree that will override this default behavior and will call kubeconform w/o the -strict flag.
Open question - how should we call this flag? How about --not-strict-schema?
amustaque97
commented
1 year ago Ah, got it 👍🏻
In my opinion --no-strict should suffice — short and simple. WDYT?
hadar-co
commented
1 year ago --not-strict
eyarz
commented
1 year ago @amustaque97 @hadar-co I'm afraid that it can be confusing.
All the other flags that are related to the schema validation, have the word "schema" in them (e.g. --schema-version, --schema-location, etc.).
Also, remember that now we have a new policy called "strict", so it will be hard to understand this command: datree test [manifest] -p strict --not-strict
hadar-co
commented
1 year ago @eyarz
Good point, how about:
--schema-not-strict
or
--permissive-schema
eyarz
commented
1 year ago I like --permissive-schema
@amustaque97 WDYT?
amustaque97
commented
1 year ago I like
--permissive-schema@amustaque97 WDYT?
I'm okay with the flag. Please assign this issue to me. I will raise a PR soon 🙂
Is your feature request related to a problem? Please describe. today, I can't add additional properties to my K8s objects because it will fail the schema step (example)
Describe the solution you'd like a flag to pass the CLI to use none strict schema for the schema validation step
Describe alternatives you've considered n/a
Additional context By default, kubeconform runs in a none strict mode. We pass the
--strictflag to force the strict mode in every schema validation check.