Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rebase: feat: add more generalized Stats #1

Closed
wants to merge 6 commits into from
Closed

rebase: feat: add more generalized Stats #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ce02d62
Add multi-engine support
maxsmythe Feb 3, 2023
47e3d0c
Address review comments
maxsmythe Feb 23, 2023
8a87bbc
Fix never-nil issue with error maps
maxsmythe Feb 23, 2023
8d38e31
Address review comments
maxsmythe Feb 25, 2023
b11a0fe
feat: add instrumentation primitives
acpana Jan 27, 2023
2183ca9
rework GetDescriptionForStat
acpana Mar 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
# Open Policy Agent Frameworks

Open Policy Agent is a general-purpose policy system designed to policy-enable other projects and services. The OPA Frameworks repository defines opinionated APIs for policy that are less flexible than the OPA API but are well-suited to particular classes of use cases. For example, Role Based Acces Control (RBAC), Attribute Based Access Control, Access Control Lists (ACLs), and IAM can all be implemented on top of the OPA API and its policy language, and could each be defined as an OPA Framework. One analogy from the web development world that seems to help people is that Frameworks are to OPA as Rails is to Ruby.

## Prerequisites

To clone this repository, you need [git-lfs](https://git-lfs.github.com/) installed.
5 changes: 3 additions & 2 deletions constraint/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,8 @@ generate: generate-defaults
# TODO: Once https://github.com/kubernetes/kubernetes/issues/101567 is fixed, update
# conversion-gen and get us back to running `make generate` in our CI pipeline
conversion-gen \
--input-dirs "./pkg/apis/templates/...,./pkg/apis/externaldata/..." \
--input-dirs "./pkg/apis/templates/v1,./pkg/apis/templates/v1beta1,./pkg/apis/templates/v1alpha1,./pkg/apis/externaldata/v1alpha1,./pkg/apis/externaldata/v1beta1" \
--output-base=./ \
--go-header-file=./hack/boilerplate.go.txt \
--output-file-base=zz_generated.conversion \
--extra-dirs=k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
Expand Down Expand Up @@ -125,4 +126,4 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
.PHONY: envtest
envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
$(ENVTEST): $(LOCALBIN)
test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@v0.0.0-20230118154835-9241bceb3098
test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) GCO_ENABLED=0 go install sigs.k8s.io/controller-runtime/tools/setup-envtest@v0.0.0-20230118154835-9241bceb3098
63 changes: 63 additions & 0 deletions constraint/config/crds/templates.gatekeeper.sh_constrainttemplates.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,27 @@ spec:
targets:
items:
properties:
code:
description: The source code options for the constraint template.
"Rego" can only be specified in one place (either here or
in the "rego" field)
items:
properties:
engine:
description: 'The engine used to evaluate the code. Example:
"Rego". Required.'
type: string
source:
description: The source code for the template. Required.
x-kubernetes-preserve-unknown-fields: true
required:
- engine
- source
type: object
type: array
x-kubernetes-list-map-keys:
- engine
x-kubernetes-list-type: map
libs:
items:
type: string
Expand Down Expand Up @@ -168,6 +189,27 @@ spec:
targets:
items:
properties:
code:
description: The source code options for the constraint template.
"Rego" can only be specified in one place (either here or
in the "rego" field)
items:
properties:
engine:
description: 'The engine used to evaluate the code. Example:
"Rego". Required.'
type: string
source:
description: The source code for the template. Required.
x-kubernetes-preserve-unknown-fields: true
required:
- engine
- source
type: object
type: array
x-kubernetes-list-map-keys:
- engine
x-kubernetes-list-type: map
libs:
items:
type: string
Expand Down Expand Up @@ -271,6 +313,27 @@ spec:
targets:
items:
properties:
code:
description: The source code options for the constraint template.
"Rego" can only be specified in one place (either here or
in the "rego" field)
items:
properties:
engine:
description: 'The engine used to evaluate the code. Example:
"Rego". Required.'
type: string
source:
description: The source code for the template. Required.
x-kubernetes-preserve-unknown-fields: true
required:
- engine
- source
type: object
type: array
x-kubernetes-list-map-keys:
- engine
x-kubernetes-list-type: map
libs:
items:
type: string
Expand Down
54 changes: 54 additions & 0 deletions constraint/deploy/crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,24 @@ spec:
targets:
items:
properties:
code:
description: The source code options for the constraint template. "Rego" can only be specified in one place (either here or in the "rego" field)
items:
properties:
engine:
description: 'The engine used to evaluate the code. Example: "Rego". Required.'
type: string
source:
description: The source code for the template. Required.
x-kubernetes-preserve-unknown-fields: true
required:
- engine
- source
type: object
type: array
x-kubernetes-list-map-keys:
- engine
x-kubernetes-list-type: map
libs:
items:
type: string
Expand Down Expand Up @@ -154,6 +172,24 @@ spec:
targets:
items:
properties:
code:
description: The source code options for the constraint template. "Rego" can only be specified in one place (either here or in the "rego" field)
items:
properties:
engine:
description: 'The engine used to evaluate the code. Example: "Rego". Required.'
type: string
source:
description: The source code for the template. Required.
x-kubernetes-preserve-unknown-fields: true
required:
- engine
- source
type: object
type: array
x-kubernetes-list-map-keys:
- engine
x-kubernetes-list-type: map
libs:
items:
type: string
Expand Down Expand Up @@ -249,6 +285,24 @@ spec:
targets:
items:
properties:
code:
description: The source code options for the constraint template. "Rego" can only be specified in one place (either here or in the "rego" field)
items:
properties:
engine:
description: 'The engine used to evaluate the code. Example: "Rego". Required.'
type: string
source:
description: The source code for the template. Required.
x-kubernetes-preserve-unknown-fields: true
required:
- engine
- source
type: object
type: array
x-kubernetes-list-map-keys:
- engine
x-kubernetes-list-type: map
libs:
items:
type: string
Expand Down
20 changes: 20 additions & 0 deletions constraint/pkg/apis/templates/v1/constrainttemplate_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ limitations under the License.
package v1

import (
"github.com/open-policy-agent/frameworks/constraint/pkg/core/templates"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
Expand Down Expand Up @@ -48,6 +49,7 @@ type Validation struct {
// +kubebuilder:validation:Schemaless
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
// +k8s:conversion-gen=false
OpenAPIV3Schema *apiextensionsv1.JSONSchemaProps `json:"openAPIV3Schema,omitempty"`
// +kubebuilder:default=false
LegacySchema *bool `json:"legacySchema,omitempty"` // *bool allows for "unset" state which we need to apply appropriate defaults
Expand All @@ -57,6 +59,24 @@ type Target struct {
Target string `json:"target,omitempty"`
Rego string `json:"rego,omitempty"`
Libs []string `json:"libs,omitempty"`
// The source code options for the constraint template. "Rego" can only
// be specified in one place (either here or in the "rego" field)
// +listType=map
// +listMapKey=engine
// +kubebuilder:validation:Required
Code []Code `json:"code,omitempty"`
}

type Code struct {
// The engine used to evaluate the code. Example: "Rego". Required.
// +kubebuilder:validation:Required
Engine string `json:"engine"`

// +kubebuilder:validation:Required
// +kubebuilder:validation:Schemaless
// +kubebuilder:pruning:PreserveUnknownFields
// The source code for the template. Required.
Source *templates.Anything `json:"source"`
}

// CreateCRDError represents a single error caught during parsing, compiling, etc.
Expand Down
Loading