-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: revisit AdmissionResponse of policy groups #909
base: main
Are you sure you want to change the base?
fix: revisit AdmissionResponse of policy groups #909
Conversation
5ea003d
to
8319169
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #909 +/- ##
==========================================
- Coverage 63.47% 63.11% -0.36%
==========================================
Files 17 17
Lines 1043 1052 +9
==========================================
+ Hits 662 664 +2
- Misses 381 388 +7
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
8319169
to
7324377
Compare
Overall LGTM, some integration tests are failing due to the updated |
The API Server puts some limitations on the warnings: - they cannot exceed 256 characters - the size of all the warnings cannot exceed 4096 characters - they are returned as HTTP headers, hence not all characters are allowed Because of these reasons, starting from now, we use the warning struct only to tell the user whether a member policy was evaluated or not. When it was evaluated we just tell the outcome (allow/reject). The details of each policy evaluation are returned as part of the `AdmissionResponse.status.details.causes`. Notes: the warning messages are always shown, regardless of the request being accepted or rejected. The `AdmissionResponse.status.details.causes` are shown only when the request is rejected. `kubectl` shows them only when run with verbose major or equal to 4 (`-v4`). Policy Server always shows the `causes` inside of its logs when running in `debug` mode. The `causes` are always sent as part of the traces emitted by Policy Server. Signed-off-by: Flavio Castelli <[email protected]>
7324377
to
445a710
Compare
everything should be green now, I'll merge the PR once everything passes |
The API Server puts some limitations on the warnings:
Because of these reasons, starting from now, we use the warning struct only to tell the user whether a member policy was evaluated or not. When it was evaluated we just tell the outcome (allow/reject).
The details of each policy evaluation are returned as part of the
AdmissionResponse.status.details.causes
.Notes: the warning messages are always shown, regardless of the request being accepted or rejected.
The
AdmissionResponse.status.details.causes
are shown only when the request is rejected.kubectl
shows them only when run with verbose major or equal to 4 (-v4
).Policy Server always shows the
causes
inside of its logs when running indebug
mode.The
causes
are always sent as part of the traces emitted by Policy Server.