Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kubewarden/go-wasi-context-aware-test-policy

A test context-aware policy written using Go Wasi
https://github.com/kubewarden/go-wasi-context-aware-test-policy

hacktoberfest kubernetes kubernetes-security kubewarden-policy policy-as-code webassembly

Last synced: 2 months ago
JSON representation

A test context-aware policy written using Go Wasi

Host: GitHub
URL: https://github.com/kubewarden/go-wasi-context-aware-test-policy
Owner: kubewarden
License: apache-2.0
Created: 2024-01-12T11:23:14.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-12-04T07:48:47.000Z (3 months ago)
Last Synced: 2024-12-04T08:35:09.100Z (3 months ago)
Topics: hacktoberfest, kubernetes, kubernetes-security, kubewarden-policy, policy-as-code, webassembly
Language: Go
Homepage: https://kubewarden.io
Size: 110 KB
Stars: 1
Watchers: 8
Forks: 2
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

[![Kubewarden Policy Repository](https://github.com/kubewarden/community/blob/main/badges/kubewarden-policies.svg)](https://github.com/kubewarden/community/blob/main/REPOSITORIES.md#policy-scope)
[![Stable](https://img.shields.io/badge/status-stable-brightgreen?style=for-the-badge)](https://github.com/kubewarden/community/blob/main/REPOSITORIES.md#stable)

> **WARNING:** this is not the recommended way to write Kubewarden
> policies using Go. Please read [this](https://docs.kubewarden.io/writing-policies/wasi)
> section of the Kubewarden documentation for more information.

This is the template of a plain WASI policy written using Go. The policy is
then compiled with the official Go compiler.
Moreover, this is a context aware policy. Meaning, it makes queries against the Kubernetes API server.

This is a port of [this Rust policy](https://github.com/kubewarden/context-aware-test-policy).

## Description

This is a test policy used in the policy-evaluator integration tests.
Every time a deployment with the label `app.kubernetes.io/component: "api"` is created or updated it checks the following:

- The Deployment must have a `customer-id` label set.
- The value of the `customer-id` label of the deployment must match the value of the `customer-id` namespace where the deployment has been created.
- A deployment with the label `app.kubernetes.io/component: database` must exist in the deployment namespace.
- A deployment with the label `app.kubernetes.io/component: frontend` must exist in the deployment namespace.
- A service named `api-auth-service` with the label `app.kubernetes.io/part-of: api` must exist in the deployment namespace.

## Settings

This policy has no configurable settings.