search

kubewarden / policy-sdk-go

Kubewarden Policy SDK for the Go programming language
https://kubewarden.io
Apache License 2.0
8 stars 7 forks source link

Add ExtractPodSpecFromObject #37

Closed KhaledEmaraDev closed 1 year ago

KhaledEmaraDev commented 1 year ago

Description

New method for retrieving a PodSpec given you pass a high level object. Objects supported are: Deployment, ReplicaSet, StatefulSet, DaemonSet, ReplicationController, Job, CronJob, Pod.

This simplifies the evaluation of high level objects. A policy author just need to call this new method and evaluate the PodSpec returned. With this change pod-privileged-policy will reject high level objects (e.g Deployments) instead of allowing them and later rejects the pods

This is to map the Rust feature according to this issue.

Fix #36

Test

Additional Information

Tradeoff

Potential improvement

KhaledEmaraDev commented 1 year ago

Thanks for this PR!

It looks good, but I would put the new ExtractPodSpecFromObject() in kubewarden.go, and not in testing/helpers.go, as this function is a normal lib function that will be consumed by policies.

I would like to have some unit tests too, analogous to https://github.com/kubewarden/policy-sdk-rust/blob/main/src/lib.rs#L397-L674. Would you be up for the task?

Yes, I'm up for it. I'll start working on it.

KhaledEmaraDev commented 1 year ago

@flavio @viccuad I have implemented the tests as agreed and moved the function to the correct place.

CC: @kubewarden/kubewarden-developers

KhaledEmaraDev commented 1 year ago

@flavio Resolved all comments and ran the tests successfully.

CC: @kubewarden/kubewarden-developers

viccuad commented 1 year ago

This is now available on https://github.com/kubewarden/policy-sdk-go/releases/tag/v0.2.4.