search

open-policy-agent / gatekeeper

🐊 Gatekeeper - Policy Controller for Kubernetes
https://open-policy-agent.github.io/gatekeeper/
Apache License 2.0
3.67k stars 753 forks source link

undefined function external_data #2659

Open fardin01 opened 1 year ago

fardin01 commented 1 year ago

Describe the solution you'd like gator test should be able to somehow handle external data providers.

gator test returns undefined function external_data if external_data is being used in a ConstraintTemplate.

Anything else you would like to add: How is one supposed to test K8s yaml manifests against constraints at build time? It's not ideal to have to merge stuff and deploy and then find out the chart violates some policy.

Environment:

maxsmythe commented 1 year ago

We should default enabling external data to false to avoid unexpected outbound HTTP requests happening to users who run gator in build pipelines, to avoid potential security issues.

I'm open to arguments about defaulting "enabled", but the more conservative option seems safer here.

fardin01 commented 1 year ago

How would the implementation look like?

roeishuster commented 4 months ago

Hey, is it going to be added anytime soon? We can't use Gator to validate externa_data policies.