Skip to content

Commit

Permalink
chore: adding default helm values for pubsub audit connection and cha…
Browse files Browse the repository at this point in the history
…nnel (open-policy-agent#3097)

Signed-off-by: Jaydip Gabani <[email protected]>
Signed-off-by: Jaydipkumar Arvindbhai Gabani <[email protected]>
  • Loading branch information
JaydipGabani authored Oct 26, 2023
1 parent 65df4fe commit 3a83700
Show file tree
Hide file tree
Showing 7 changed files with 336 additions and 305 deletions.
2 changes: 2 additions & 0 deletions cmd/build/helmify/static/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,8 @@ controllerManager:
# cidr: 0.0.0.0/0
audit:
enablePubsub: false
connection: audit-connection
channel: audit-channel
hostNetwork: false
dnsPolicy: ClusterFirst
metricsPort: 8888
Expand Down
2 changes: 2 additions & 0 deletions manifest_staging/charts/gatekeeper/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,8 @@ controllerManager:
# cidr: 0.0.0.0/0
audit:
enablePubsub: false
connection: audit-connection
channel: audit-channel
hostNetwork: false
dnsPolicy: ClusterFirst
metricsPort: 8888
Expand Down
4 changes: 2 additions & 2 deletions pkg/audit/manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,8 @@ var (
auditEventsInvolvedNamespace = flag.Bool("audit-events-involved-namespace", false, "emit audit events for each violation in the involved objects namespace, the default (false) generates events in the namespace Gatekeeper is installed in. Audit events from cluster-scoped resources will still follow the default behavior")
auditMatchKindOnly = flag.Bool("audit-match-kind-only", false, "only use kinds specified in all constraints for auditing cluster resources. if kind is not specified in any of the constraints, it will audit all resources (same as setting this flag to false)")
apiCacheDir = flag.String("api-cache-dir", defaultAPICacheDir, "The directory where audit from api server cache are stored, defaults to /tmp/audit")
auditConnection = flag.String("audit-connection", defaultConnection, "Connection name for publishing audit violation messages")
auditChannel = flag.String("audit-channel", defaultChannel, "Channel name for publishing audit violation messages")
auditConnection = flag.String("audit-connection", defaultConnection, "Connection name for publishing audit violation messages. Defaults to audit-connection")
auditChannel = flag.String("audit-channel", defaultChannel, "Channel name for publishing audit violation messages. Defaults to audit-channel")
emptyAuditResults []updateListEntry
logStatsAudit = flag.Bool("log-stats-audit", false, "(alpha) log stats metrics for the audit run")
)
Expand Down
18 changes: 11 additions & 7 deletions test/pubsub/fake-subscriber/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"encoding/json"
"log"
"os"
"strconv"

"github.com/dapr/go-sdk/service/common"
Expand All @@ -30,15 +31,18 @@ type PubsubMsg struct {
ResourceLabels map[string]string `json:"resourceLabels,omitempty"`
}

var sub = &common.Subscription{
PubsubName: "pubsub",
Topic: "audit",
Route: "/checkout",
}

func main() {
auditChannel := os.Getenv("AUDIT_CHANNEL")
if auditChannel == "" {
auditChannel = "audit-channel"
}
sub := &common.Subscription{
PubsubName: "pubsub",
Topic: auditChannel,
Route: "/checkout",
}
s := daprd.NewService(":6002")
log.Printf("Listening...")
log.Printf("Listening on %s...", auditChannel)
if err := s.AddTopicEventHandler(sub, eventHandler); err != nil {
log.Fatalf("error adding topic subscription: %v", err)
}
Expand Down
3 changes: 3 additions & 0 deletions test/pubsub/fake-subscriber/manifest/subscriber.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,3 +41,6 @@ spec:
- name: go-sub
image: fake-subscriber:latest
imagePullPolicy: Never
env:
- name: AUDIT_CHANNEL
value: "audit-channel"
Loading

0 comments on commit 3a83700

Please sign in to comment.