Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / open-policy-agent/gatekeeper-library issues and pull requests

#451 - Any interest in policies/constraints that apply to custom resources?

Issue - State: closed - Opened by Speeddymon 12 months ago - 7 comments
Labels: stale

#390 - add cel-based policies

Issue - State: open - Opened by sozercan over 1 year ago - 5 comments
Labels: triaged

#210 - Allow reuse of rego snippets

Issue - State: closed - Opened by grosser over 4 years ago - 19 comments
Labels: enhancement, stale

#176 - Create documentation aimed at "constraint admins"

Issue - State: open - Opened by tsandall almost 6 years ago - 1 comment
Labels: help wanted, docs, triaged

#97 - Fix k8spsphostfilesystem path matching

Pull Request - State: closed - Opened by philsphicas over 3 years ago - 2 comments

#96 - Incorrect handling of "/" in k8spsphostfilesystem policy

Issue - State: closed - Opened by philsphicas over 3 years ago

#95 - add type to openapischema

Pull Request - State: closed - Opened by willbeason over 3 years ago

#94 - update test matrix and dependencies

Pull Request - State: closed - Opened by sozercan over 3 years ago

#93 - Pod template does not always evaluate against OPA Gatekeeper policy

Issue - State: closed - Opened by ghost over 3 years ago - 1 comment

#92 - Pod does not always get evaluated against the OPA policy

Issue - State: closed - Opened by sreeprayagas over 3 years ago

#90 - Please help with input.review.kind.kind and input.review.object.kind for ingress-whitelist.rego

Issue - State: closed - Opened by AlexeyKukin over 3 years ago - 4 comments
Labels: stale

#89 - Add "requiredannotations"

Pull Request - State: closed - Opened by gabops over 3 years ago

#88 - Update SELinux based on PSP replacement policy

Issue - State: closed - Opened by ritazh over 3 years ago - 1 comment
Labels: stale

#87 - Minor: Typo in name s/disallowed/allowed/

Pull Request - State: closed - Opened by dbaker-rh over 3 years ago - 1 comment

#86 - tolerations & nodeselectors

Issue - State: closed - Opened by kfox1111 over 3 years ago - 7 comments
Labels: stale

#85 - allowedrepos test case fails in my local

Issue - State: closed - Opened by Dentrax over 3 years ago - 4 comments
Labels: stale

#84 - fix curl image

Pull Request - State: closed - Opened by sozercan over 3 years ago

#83 - Provided Uniqueingresshost constrainttemplaete/constraint doesn't work

Issue - State: closed - Opened by vkumar3891 over 3 years ago - 1 comment

#81 - Add anchoring to allowedrepos example

Pull Request - State: closed - Opened by maxsmythe over 3 years ago - 1 comment

#80 - using `startwith` in allowedrepos policy may allow for bypass

Issue - State: closed - Opened by raesene over 3 years ago - 3 comments

#79 - seccomp policy doesn't take account of new format.

Issue - State: closed - Opened by raesene over 3 years ago

#78 - How to manipulate GK policies on the basis of cluster roles?

Issue - State: closed - Opened by smartaquarius10 over 3 years ago - 14 comments
Labels: stale

#77 - Remove annotation "kubernetes.io/ingress.allow-http" check in k8shttpsonly policy

Issue - State: closed - Opened by ivanthelad over 3 years ago - 11 comments
Labels: stale

#76 - update test matrix

Pull Request - State: closed - Opened by sozercan over 3 years ago

#75 - fix uniqueserviceselector behavior if service selector is missing

Pull Request - State: closed - Opened by bovy89 over 3 years ago - 3 comments

#74 - Add policy to check timeoutSeconds field is present in probes

Pull Request - State: closed - Opened by reetasingh over 3 years ago - 5 comments

#72 - add mutation pod security policies

Pull Request - State: closed - Opened by sozercan over 3 years ago - 3 comments

#71 - Image Content Signature Check Policy

Issue - State: closed - Opened by developer-guy over 3 years ago - 3 comments
Labels: stale

#70 - Adding some library policies for Windows workloads

Pull Request - State: closed - Opened by marosset over 3 years ago - 10 comments
Labels: stale

#69 - excludedNamespaces with wildcard for gatekeeper constraint object

Issue - State: closed - Opened by igorkchyts over 3 years ago - 2 comments

#68 - debuggability

Issue - State: closed - Opened by part-time-githubber over 3 years ago - 1 comment
Labels: stale

#67 - Is gatekeeper-policy namespace is mandate?

Issue - State: closed - Opened by Rishikeshpal over 3 years ago - 2 comments

#66 - Is it possible to allow exemption for a given sidecar container only

Issue - State: closed - Opened by araj-cloud over 3 years ago - 2 comments
Labels: stale

#65 - Adding missing kustomization resources

Pull Request - State: closed - Opened by vfarcic over 3 years ago

#64 - Check timeoutSeconds for readinessProbe and livenessProbe

Issue - State: closed - Opened by ritazh over 3 years ago - 3 comments
Labels: stale

#63 - Add type checking for regos with json schema

Issue - State: closed - Opened by ritazh over 3 years ago - 1 comment
Labels: stale

#62 - add mutation examples for PSP

Pull Request - State: closed - Opened by sozercan over 3 years ago - 6 comments

#61 - Handle false security context values correctly

Pull Request - State: closed - Opened by maxsmythe over 3 years ago

#60 - mustRunAsNonRoot evaluations will error out in some cases

Issue - State: closed - Opened by wc-s over 3 years ago - 2 comments

#59 - Update capabilities psp to handle securityContext dropping "ALL"

Pull Request - State: closed - Opened by antoinedeschenes over 3 years ago - 5 comments

#58 - Add min/max constraint examples for Deployments

Pull Request - State: closed - Opened by Caprowni almost 4 years ago - 6 comments

#57 - update release branch for e2e

Pull Request - State: closed - Opened by sozercan almost 4 years ago

#56 - provide docs for K8s PSP to Gatekeeper policy adoption

Issue - State: closed - Opened by sozercan almost 4 years ago - 2 comments
Labels: stale

#55 - defaultAllowPrivilegeEscalation Support

Issue - State: closed - Opened by marshallford over 4 years ago - 9 comments
Labels: stale

#54 - Add new template to block a set of disallowed tags in the container image

Pull Request - State: closed - Opened by arapulido almost 4 years ago - 3 comments

#53 - change to privileged: true otherwise disallowed pod still deploys

Issue - State: closed - Opened by hilliao almost 4 years ago - 2 comments

#52 - PodDisruptionBudget check

Issue - State: closed - Opened by kfox1111 almost 4 years ago - 10 comments
Labels: help wanted

#51 - Helm chart

Issue - State: closed - Opened by kfox1111 almost 4 years ago - 20 comments
Labels: stale

#50 - Add runAsNonRoot securityContext check

Pull Request - State: closed - Opened by sanderma almost 4 years ago - 5 comments

#49 - runAsNonRoot SecurityContext

Issue - State: closed - Opened by sanderma almost 4 years ago - 7 comments

#48 - Readme.md instructions invalid

Issue - State: closed - Opened by hilliao almost 4 years ago - 1 comment
Labels: stale

#47 - Releasing of Gatekeeper-Library

Issue - State: closed - Opened by FabiusE almost 4 years ago - 3 comments
Labels: stale

#46 - exclude kube-system namespace in K8sPSPPrivilegedContainer example

Pull Request - State: closed - Opened by katze120 almost 4 years ago

#45 - Cve 2020 8554

Pull Request - State: closed - Opened by AbirHamzi almost 4 years ago - 7 comments

#44 - Correct annotations in externalip

Pull Request - State: closed - Opened by ctab almost 4 years ago

#43 - Update sync YAML config file

Pull Request - State: closed - Opened by JonnieDoe almost 4 years ago - 6 comments

#42 - Update Config to include the latest Kubernetes 1.19 API group

Issue - State: closed - Opened by JonnieDoe almost 4 years ago - 1 comment
Labels: stale

#41 - Add descriptions to templates

Pull Request - State: closed - Opened by ctab almost 4 years ago - 1 comment

#40 - Revert "Update usage instructions to new directory layout"

Pull Request - State: closed - Opened by maxsmythe almost 4 years ago

#39 - External IP constraints

Pull Request - State: closed - Opened by tallclair almost 4 years ago

#38 - Policy to HPA

Issue - State: closed - Opened by krish512 almost 4 years ago - 2 comments
Labels: stale

#37 - Update usage instructions to new directory layout

Pull Request - State: closed - Opened by lwindolf almost 4 years ago - 2 comments

#36 - improvement: enhance selinux policy to account for context rules

Pull Request - State: closed - Opened by rawc0der almost 4 years ago - 8 comments

#35 - Improvement for SELinux Policy

Issue - State: closed - Opened by rawc0der almost 4 years ago - 2 comments
Labels: stale

#34 - Add integration test via example yaml files in each policy direcotry

Pull Request - State: closed - Opened by Kevinma1995 almost 4 years ago - 4 comments

#33 - add testing

Pull Request - State: closed - Opened by grosser about 4 years ago - 3 comments

#32 - streamline readme

Pull Request - State: closed - Opened by grosser about 4 years ago

#31 - Establish /library and /src directory structure

Pull Request - State: closed - Opened by ctab about 4 years ago - 3 comments

#30 - Integration testing via example yaml files in each policy directory

Issue - State: closed - Opened by ctab about 4 years ago - 3 comments

#29 - Unit testing script

Issue - State: closed - Opened by ctab about 4 years ago - 4 comments
Labels: stale

#28 - Script to generate index doc programmatically from template data

Issue - State: closed - Opened by ctab about 4 years ago - 1 comment
Labels: stale

#27 - Build script to insert src.rego into template.yaml files

Issue - State: closed - Opened by ctab about 4 years ago - 2 comments

#26 - Create allowed_example.yaml for every constraint

Issue - State: closed - Opened by ctab about 4 years ago - 2 comments
Labels: stale

#25 - Reorganize file structure to prepare for tooling implementation

Issue - State: closed - Opened by ctab about 4 years ago

#24 - Adding GatewayClass namespaces validation

Pull Request - State: closed - Opened by robscott about 4 years ago - 4 comments
Labels: stale

#23 - Question: Gatekeeper PSP vs Native PSP

Issue - State: closed - Opened by briannd81 about 4 years ago - 15 comments
Labels: stale

#22 - is it possible to check fields directly in Pod spec?

Issue - State: closed - Opened by rlisewski about 4 years ago - 2 comments

#21 - Add an allow list parameter, allowedSysctls, to the Forbidden sysctl constraint template

Pull Request - State: closed - Opened by shomron about 4 years ago - 16 comments

#20 - Update template.yaml

Pull Request - State: closed - Opened by alebsys about 4 years ago - 5 comments

#19 - Duplicated code in template.yaml and src.rego

Issue - State: closed - Opened by jonnylangefeld about 4 years ago - 6 comments

#18 - fix psp templates

Issue - State: closed - Opened by jonny-wg2 almost 5 years ago - 4 comments

#16 - Document at least one way to use this repo

Pull Request - State: closed - Opened by lwindolf about 4 years ago - 2 comments

#14 - Fix indentation in resourceratios template

Pull Request - State: closed - Opened by tobylo about 4 years ago

#13 - Feat/add custom changes for packaging

Pull Request - State: closed - Opened by kg-ops about 4 years ago

#12 - Create basic policy rules

Issue - State: closed - Opened by rite2nikhil about 6 years ago - 1 comment
Labels: stale

#11 - Default behavior for invalid constraint parameters - Allow or deny?

Issue - State: closed - Opened by RamyasreeChakka about 5 years ago - 2 comments
Labels: stale

#10 - Add library policies to e2e

Issue - State: closed - Opened by ritazh about 5 years ago - 6 comments
Labels: stale

#9 - Library structure

Issue - State: closed - Opened by tsandall over 5 years ago - 3 comments
Labels: stale

#8 - Modifying containerlimits constraint to limit request/limit ratio

Issue - State: closed - Opened by yaron-idan over 4 years ago - 5 comments
Labels: stale

#7 - add an example to library that uses deployments kind

Issue - State: closed - Opened by sozercan over 4 years ago - 2 comments
Labels: stale

#6 - Organize PSP policies into standardized buckets

Issue - State: open - Opened by sozercan over 4 years ago - 9 comments
Labels: triaged

#5 - gMSA policy constraint for Windows Pods

Issue - State: closed - Opened by jsturtevant over 4 years ago - 1 comment
Labels: stale

#4 - RunAsUserName Policy Constraint for windows pods

Issue - State: closed - Opened by jsturtevant over 4 years ago - 1 comment
Labels: stale

#3 - A policy definition to audit/deny if a pod's imagepolicy is not **set** to Always

Issue - State: closed - Opened by ivanthelad over 4 years ago - 1 comment
Labels: stale