addressed review comments.
Signed-off-by: Evan <chaol@vmware.com>
This commit is contained in:
parent
49254dc97e
commit
945343ea6b
|
@ -2,7 +2,6 @@ package policychecker_test
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"github.com/concourse/concourse/atc/policy/policyfakes"
|
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
|
@ -12,6 +11,7 @@ import (
|
||||||
"github.com/concourse/concourse/atc/api/policychecker"
|
"github.com/concourse/concourse/atc/api/policychecker"
|
||||||
"github.com/concourse/concourse/atc/api/policychecker/policycheckerfakes"
|
"github.com/concourse/concourse/atc/api/policychecker/policycheckerfakes"
|
||||||
"github.com/concourse/concourse/atc/policy"
|
"github.com/concourse/concourse/atc/policy"
|
||||||
|
"github.com/concourse/concourse/atc/policy/policyfakes"
|
||||||
|
|
||||||
. "github.com/onsi/ginkgo"
|
. "github.com/onsi/ginkgo"
|
||||||
. "github.com/onsi/gomega"
|
. "github.com/onsi/gomega"
|
||||||
|
|
|
@ -17,7 +17,7 @@ type OpaConfig struct {
|
||||||
URL string `long:"opa-url" description:"OPA policy check endpoint."`
|
URL string `long:"opa-url" description:"OPA policy check endpoint."`
|
||||||
Timeout time.Duration `long:"opa-timeout" default:"5s" description:"OPA request timeout."`
|
Timeout time.Duration `long:"opa-timeout" default:"5s" description:"OPA request timeout."`
|
||||||
ResultAllowedKey string `long:"opa-result-allowed-key" description:"Key name of if pass policy check in OPA returned result. Expects a boolean value." default:"result.allowed"`
|
ResultAllowedKey string `long:"opa-result-allowed-key" description:"Key name of if pass policy check in OPA returned result. Expects a boolean value." default:"result.allowed"`
|
||||||
ResultShouldBlockKey string `long:"opa-result-should-block-key" description:"Key name of if should block current action in OPA returned result. Expects a boolean value."`
|
ResultShouldBlockKey string `long:"opa-result-should-block-key" description:"Key name of if should block current action in OPA returned result. Expects a boolean value." default:"result.block"`
|
||||||
ResultMessagesKey string `long:"opa-result-messages-key" description:"Key name of messages in OPA returned result." default:"result.reasons"`
|
ResultMessagesKey string `long:"opa-result-messages-key" description:"Key name of messages in OPA returned result." default:"result.reasons"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -12,6 +12,9 @@ services:
|
||||||
CONCOURSE_POLICY_CHECK_FILTER_HTTP_METHODS: PUT,POST
|
CONCOURSE_POLICY_CHECK_FILTER_HTTP_METHODS: PUT,POST
|
||||||
|
|
||||||
# uncomment to configure
|
# uncomment to configure
|
||||||
|
# CONCOURSE_OPA_RESULT_ALLOW_KEY: result.allowed
|
||||||
|
# CONCOURSE_OPA_RESULT_SHOULD_BLOCK_KEY: result.block
|
||||||
|
# CONCOURSE_OPA_RESULT_MESSAGES_KEY: result.reasons
|
||||||
# CONCOURSE_POLICY_CHECK_FILTER_ACTION: ListWorkers,ListContainers,UseImage,SaveConfig
|
# CONCOURSE_POLICY_CHECK_FILTER_ACTION: ListWorkers,ListContainers,UseImage,SaveConfig
|
||||||
# CONCOURSE_POLICY_CHECK_FILTER_ACTION_SKIP: PausePipeline,UnpausePipeline
|
# CONCOURSE_POLICY_CHECK_FILTER_ACTION_SKIP: PausePipeline,UnpausePipeline
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue