search

kubewarden / policy-server

Webhook server that evaluates WebAssembly policies to validate Kubernetes requests
https://kubewarden.io
Apache License 2.0
139 stars 18 forks source link

Feature Request: strict policies.yml parsing, disallow unknown keys #845

Open fabriziosestito opened 3 months ago

fabriziosestito commented 3 months ago

Is your feature request related to a problem?

The parsing of policies.yml is not strict enough. This can be prone to errors.

For instance, at the time of writing, this configuration is valid:

psp-capabilities:
  url: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.7
  allowedToMutate: true
  policyModel: monitor # note: "policyModel" should be "policyMode" 
  settings:
  ...

However, as the policyMode key is not found, the policy will be configured in Protect mode.

Also, we could clean up the tests by using fixtures and/or merging tests together in one test with multiple cases of reading configurations.

Solution you'd like

No response

Alternatives you've considered

No response

Anything else?

No response

flavio commented 3 months ago

Keep in mind there's currently a serde bug that prevents that from being done. See https://github.com/kubewarden/policy-server/pull/827/commits/7316fc93bc5d53dc0a3277b63f937bfe2973dc6a