Open jasonrichardsmith opened 6 years ago
We wrote this plugin for Docker itself, before ValidatingWebhooks were a thing.
We simply went with regex blacklists and whitelists, and an example config looks like this:
{
"whitelist": [
"^alpine:",
"^docker\\.elastic\\.co/beats/filebeat:",
"^gcr\\.io/google_containers",
"^mysql:",
"^nginx:",
"^php:",
"^apache:",
"^quay\\.io/calico/cni",
"^quay\\.io/calico/node",
"^quay\\.io/coreos/flannel"
],
"blacklist": [
"^docker:"
],
"defaultAllow": false
}
Anybody in this space can deal with regex and it is powerful enough.
@towolf thanks for your input, I am still weighing the options. Your solution is probably the strongest contender.
Do you wish to add functionality to an existing sentry module? Make more robust options for text matching strategies for source module.