Closed fgharo closed 2 years ago
@fgharo thank you for reporting this!
The issue is not related to the Policy Generator but is a bug with Kustomize: https://github.com/kubernetes-sigs/kustomize/issues/947
Are you able to make it a multi-line string with |
like you showed above?
If you can't use a multi-line string, you aren't using any of the Kustomize features, and you aren't executing Kustomize as part of the GitHub workflows, you can execute the Policy Generator binary directly with something like:
/path/to/PolicyGenerator ./policy-generator-config.yaml
This will provide the generated policies without the line breaks.
@mprahl Thanks. We are using Kustomize. As I said the oc apply still works and our templates still get rendered with that. So we will continue to use that.
@mprahl However, I was able to verify that with PolicyGenerator directly it doesn't create the line breaks so that convinces me that its not PolicyGenerator perse. I can close this.
$ ~/Downloads/darwin-amd64-PolicyGenerator-v-1.7.0 policy-generator-config.yaml
...
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: v1
data:
case1_blockScalar_literalClip: |
{{ fromConfigMap "default" "logs-config" "log-file" }}
case2_blockScalar_literalStrip: '{{ fromConfigMap "default" "logs-config" "log-file" }}'
case3_blockScalar_literalKeep: |
{{ fromConfigMap "default" "logs-config" "log-file" }}
case4_blockScalar_foldedClip: |
{{ fromConfigMap "default" "logs-config" "log-file" }}
case5_blockScalar_foldedStrip: '{{ fromConfigMap "default" "logs-config" "log-file" }}'
case6_blockScalar_foldedKeep: |
{{ fromConfigMap "default" "logs-config" "log-file" }}
case7_flowScalar_doubleQuotes: '{{ fromConfigMap "default" "logs-config" "log-file" }}'
case8_flowScalar_singleQuotes: '{{ fromConfigMap "default" "logs-config" "log-file" }}'
case9_flowScalar_plain: the-configmap-is-{{ fromConfigMap "default" "logs-config" "log-file" }}
kind: ConfigMap
metadata:
name: demo-of-string-formatting-problem
namespace: default
...
@mprahl What about the line symbols not being respected? I assume this is related to PolicyGenerator as in my last example above I only used PolicyGenerator and the yaml scalar string symbols (|- |+ > >- >+) were not retained in the output. Is there a reason for this or should I open another issue?
@mprahl What about the line symbols not being respected? I assume this is related to PolicyGenerator as in my last example above I only used PolicyGenerator and the yaml scalar string symbols (|- |+ > >- >+) were not retained in the output. Is there a reason for this or should I open another issue?
This is expected because the YAML is parsed into a Go data-structure and then converted back to YAML in the generated policy. The output is equivalent it's just not the same style as the input.
@mprahl Gotcha. Thanks for explaining!
Version(s): PolicyGenerator - v1.7.0 ACM - 2.4.3
Description: The policy generator splits a go template function located in the same input manifest into multiple lines, creating an invalid yaml strings as output. Subsequently, this output can't be pasted into the ACM console -> Governance -> Create Policy -> editor. The editor has a red squiggly line and when I hover over it, it says:
Malformed inline yaml string ('{{ fromConfigMap "default" "logs-config" #57).
Note: The output can still be fed to oc apply -f - and the go template function can still be evaluated so this is a workaround.
Steps to reproduce:
policy-generator-config.yaml:
kustomization.yaml:
Run policy generator with kustomize in the folder with the yaml files.
$ kustomize build --enable-alpha-plugins
The result contains the line breaks like so:
Expected Result:
Extra notes:
For instance when this configmap gets fed into the policy generator it is translated into the subsequent configmap:
before:
after:
For simplicity sake it might be better to focus on the line breaks that are created. And delegate the problem of scalar symbols not being respected to another issue. I would of expected them to appear in the output as opposed to be replaced by | in some cases.
For instance this configmap doesn't get any line breaks: before:
after:
Screenshots: