Closed KhaledEmaraDev closed 1 year ago
Thanks for this PR!
It looks good, but I would put the new
ExtractPodSpecFromObject()
in kubewarden.go, and not in testing/helpers.go, as this function is a normal lib function that will be consumed by policies.I would like to have some unit tests too, analogous to https://github.com/kubewarden/policy-sdk-rust/blob/main/src/lib.rs#L397-L674. Would you be up for the task?
Yes, I'm up for it. I'll start working on it.
@flavio @viccuad I have implemented the tests as agreed and moved the function to the correct place.
CC: @kubewarden/kubewarden-developers
@flavio Resolved all comments and ran the tests successfully.
CC: @kubewarden/kubewarden-developers
This is now available on https://github.com/kubewarden/policy-sdk-go/releases/tag/v0.2.4.
Description
New method for retrieving a PodSpec given you pass a high level object. Objects supported are: Deployment, ReplicaSet, StatefulSet, DaemonSet, ReplicationController, Job, CronJob, Pod.
This simplifies the evaluation of high level objects. A policy author just need to call this new method and evaluate the PodSpec returned. With this change pod-privileged-policy will reject high level objects (e.g Deployments) instead of allowing them and later rejects the pods
This is to map the Rust feature according to this issue.
Fix #36
Test
Additional Information
Tradeoff
Potential improvement