Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Update the existing policies to use the new fields #1130

Open
2 tasks done
MariamFahmy98 opened this issue Aug 21, 2024 · 7 comments
Open
2 tasks done

[Feature] Update the existing policies to use the new fields #1130

MariamFahmy98 opened this issue Aug 21, 2024 · 7 comments
Assignees
@Indrranil
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@MariamFahmy98
Copy link
Contributor

MariamFahmy98 commented Aug 21, 2024
edited
Loading

Problem Statement

Starting from Kyverno 1.13, the following fields are deprecated:

  1. spec.validationFailureAction
  2. spec.validationFailureActionOverrides
  3. spec.generateExisting
  4. spec.mutateExisting

The following fields should be used instead:

  1. validate.failureAction (under the validate rule)
  2. validate.failureActionOverrides (under the validate rule)
  3. verifyImage[*].failureAction (under the verifyImage rule)
  4. generate.generateExisting (under the generate rule)
  5. mutate.mutateExisting (under the mutate rule)

Solution Description

Use the following fields under their corresponding rules:

  1. failureAction
  2. failureActionOverrides
  3. generateExisting
  4. mutateExisting

Example "Good" Resource

No response

Example "Bad" Resource

No response

Other Comments

No response

Slack discussion

No response

Troubleshooting
@MariamFahmy98 MariamFahmy98 added enhancement New feature or request help wanted Extra attention is needed good first issue Good for newcomers labels Aug 21, 2024
@siddhikhapare
Copy link
Contributor

@MariamFahmy98 I would like to work on this.

@Indrranil
Copy link

Hi, could this issue be assigned to me?

@Indrranil
Copy link

Should we update each policy file manually or is there a preferred automated approach for updating the deprecated fields?
@realshuting @MariamFahmy98

@realshuting
Copy link
Member

Nothing is automated per my knowledge.

@Indrranil
Copy link

Getting a strict decoding error while testing the updated validation failure action field:

Original:

spec:
 validationFailureAction: Audit

Updated as per issue description:

spec:
 rules:
   - name: require-image-tag
     validate:
       failureAction: Audit

Error when running chainsaw test:
"strict decoding error: unknown field 'spec.rules[0].validate.failureAction'"

Could you help with the correct field structure that works with chainsaw testing? Wasn't able to find relevant examples in the docs.

Indrranil added a commit to Indrranil/policies that referenced this issue Dec 29, 2024
@Indrranil
feat: update deprecated fields in disallow-latest-tag policy (kyverno…
8374f34 
…#1130)
Indrranil added a commit to Indrranil/policies that referenced this issue Dec 29, 2024
@Indrranil
feat: update deprecated fields in disallow-latest-tag policy (kyverno…
034ae86 
…#1130)

Signed-off-by: Indrranil Pawar <[email protected]>
@Indrranil Indrranil mentioned this issue Dec 29, 2024
Open
3 tasks
@Indrranil
Copy link

Hi,

I’ve submitted a PR ##1213 that updates the deprecated field spec.validationFailureAction to validate.failureAction in the disallow-latest-tag policy.

This is my initial attempt to ensure I’m following the correct way before moving forward. I’ve verified the following for this PR:

  • It passed Kyverno engine tests.
  • It passed Chainsaw tests with the updated test files.

Please review this PR, Once confirmed i will proceed with the remaining files and fields.

@realshuting @MariamFahmy98

@Indrranil
Copy link

@realshuting @MariamFahmy98

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Indrranil Indrranil

Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed
Projects
Good First Issues
Status: No status
Milestone
No milestone
Development

No branches or pull requests
4 participants
@realshuting @MariamFahmy98 @siddhikhapare @Indrranil