Closed ereslibre closed 3 years ago
I partially agree, let me explain.
Preamble:
kwctl annotate
. The policy metadata includes information about what kind of runtime has to be used (see https://github.com/kubewarden/kwctl/issues/57)Having said that, I think it would be nice to allow a cli flag as the one you described. This can be handy when doing quick prototyping of a policy. When the user provides this flag, the policy-evaluator will ignore the metadata (if present) and just use the runtime specified by the user
+1, we are in agreement. I also mention that this new flag is optional, and by default will honor the metadata in the policy.
To recap:
--runtime-mode
: kwctl will use this information to pick the right runtime--runtime-mode
: we error out if the value provided by the user does not match with the value inside of the wasm metadata--runtime-mode
flag:input
and data
variables)--runtime-mode
flag: we use the runtime the user specified
Depends on: https://github.com/kubewarden/policy-evaluator/issues/21
In
kwctl
, an optional--runtime-mode
flag has to be exposed with options:autodetect
(default),kubewarden-wapc
,opa
andopa-gatekeeper
that will be forwarded to thepolicy-evaluator
. Ifautodetect
is used (the default), the thepolicy-evaluator
will be the responsible for running the given heuristics defined in https://github.com/kubewarden/policy-evaluator/issues/21.