search

open-policy-agent / frameworks

Apache License 2.0
120 stars 50 forks source link

chore: adding generateVAP field on template #427

Closed JaydipGabani closed 2 months ago

JaydipGabani commented 4 months ago

Replacing use-vap annotation by GenerateVAP field on templates.

codecov-commenter commented 3 months ago

Codecov Report

Attention: Patch coverage is 69.23077% with 4 lines in your changes missing coverage. Please review.

Project coverage is 52.88%. Comparing base (76869f8) to head (5aa2182). Report is 21 commits behind head on master.

Files Patch % Lines
constraint/pkg/client/drivers/k8scel/driver.go 63.63% 3 Missing and 1 partial :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #427 +/- ## ========================================== - Coverage 54.68% 52.88% -1.80% ========================================== Files 71 104 +33 Lines 5241 6535 +1294 ========================================== + Hits 2866 3456 +590 - Misses 2073 2716 +643 - Partials 302 363 +61 ``` | [Flag](https://app.codecov.io/gh/open-policy-agent/frameworks/pull/427/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=open-policy-agent) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/open-policy-agent/frameworks/pull/427/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=open-policy-agent) | `52.88% <69.23%> (-1.80%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=open-policy-agent#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

ritazh commented 3 months ago

@JaydipGabani Can you please update the design doc with the latest decision and timestamp?

From Slack thread:

vap-enforcement flag to define a global behavior when the driver field on CT is missing - do not generate when field is missing for alpha/beta generate when field is missing for GA C inherits the behavior from CT. When vap/vapb generation is disabled, and VAP ep is included in scopedEA we error out on C saying VAPB is not enabled for this C on admission.

ritazh commented 3 months ago

Seeing this failure consistently in all the PRs:

unable to start control plane itself: failed to start the controlplane. retried 5 times: fork/exec /app/.tmp/bin/k8s/1.28.7-linux-amd64/etcd: exec format error