Tag 0.2.1

Update deps, metadata and fix GH release action. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
kubewarden · Jan 19, 2023 · 30b5a3b · 30b5a3b
1 parent 1e0d5ea
commit 30b5a3b
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 61 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -26,5 +26,3 @@ jobs:
     uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-go.yml@v1
     with:
       oci-target: ghcr.io/${{ github.repository_owner }}/policies/safe-annotations
-    secrets:
-      workflow-pat: ${{ secrets.WORKFLOW_PAT }}
diff --git a/README.md b/README.md
@@ -1,9 +1,3 @@
- Continuous integration | License
- -----------------------|--------
-[![Unit Tests](https://github.com/kubewarden/safe-annotations-policy/actions/workflows/unit-tests.yml/badge.svg)](https://github.com/kubewarden/safe-annotations-policy/actions/workflows/unit-tests.yml) [![end to end tests](https://github.com/kubewarden/safe-annotations-policy/actions/workflows/e2e-tests.yml/badge.svg)](https://github.com/kubewarden/safe-annotations-policy/actions/workflows/e2e-tests.yml) | [![License: Apache 2.0](https://img.shields.io/badge/License-Apache2.0-brightgreen.svg)](https://opensource.org/licenses/Apache-2.0)
-
-# How the policy works
-
 This policy validates the annotations of generic Kubernetes objects.
 
 The policy rejects all the resources that use one or more annotations on the
@@ -84,46 +78,3 @@ regardless of their contents:
 constrained_annotations:
   mandatory-annotation: ".*" # <- this annotation must be present, we don't care about its value
 ```
-
-# Obtain policy
-
-The policy is automatically published as an OCI artifact inside of
-[this](https://github.com/orgs/kubewarden/packages/container/package/policies%2Fsafe-annotations)
-container registry.
-
-# Using the policy
-
-The easiest way to use this policy is through the [kubewarden-controller](https://github.com/kubewarden/kubewarden-controller).
-
-# Testing
-
-This policy comes with a set of unit tests implemented using the Go testing
-framework.
-
-As usual, the tests are defined inside of the `_test.go` files. Given these
-tests are not part of the final WebAssembly binary, the official Go compiler
-can be used to run them. Hence they can take advantage of the `encoding/json`
-package to reduce some testing boiler plate.
-
-The unit tests can be run via a simple command:
-
-```shell
-make test
-```
-
-It's also important the test the final result of the TinyGo compilation:
-the actual WebAssembly module.
-
-This is done by a second set of end-to-end tests. These tests use the
-`policicy-testdrive` cli provided by the Kubewarden project to load and execute
-the policy.
-
-The e2e tests are implemented using [bats](https://github.com/sstephenson/bats):
-the Bash Automated Testing System.
-
-The end-to-end tests are defined inside of the `e2e.bats` file and can
-be run via this commmand:
-
-```shell
-make e2e-tests
-```
diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml
@@ -1,25 +1,19 @@
 ---
-version: 0.2.0
+version: 0.2.1
 name: safe-annotations
 displayName: Safe Annotations
-createdAt: '2022-07-19T16:06:43+02:00'
+createdAt: '2023-01-19T14:46:21+02:00'
 description: A policy that validates Kubernetes' resource annotations
 license: Apache-2.0
 homeURL: https://github.com/kubewarden/safe-annotations-policy
 containersImages:
 - name: policy
-  image: ghcr.io/kubewarden/policies/safe-annotations:v0.2.0
-install: |
-  The policy can be obtained using [`kwctl`](https://github.com/kubewarden/kwctl/):
-
-  ```console
-  kwctl pull ghcr.io/kubewarden/policies/safe-annotations:v0.2.0
-  ```
+  image: ghcr.io/kubewarden/policies/safe-annotations:v0.2.1
 keywords:
 - annotations
 links:
 - name: policy
-  url: https://github.com/kubewarden/safe-annotations-policy/releases/download/v0.2.0/policy.wasm
+  url: https://github.com/kubewarden/safe-annotations-policy/releases/download/v0.2.1/policy.wasm
 - name: source
   url: https://github.com/kubewarden/safe-annotations-policy
 provider:
@@ -30,3 +24,45 @@ annotations:
   kubewarden/resources: "*"
   kubewarden/mutation: false
   kubewarden/contextAware: false
+  kubewarden/rules: |
+    rules:
+    - apiGroups: ["*"]
+      apiVersions: ["*"]
+      resources: ["*"]
+      operations: ["CREATE", "UPDATE"]
+  kubewarden/questions-ui: |
+    questions:
+    - default: null
+      description: >-
+        This policy validates the labels of generic Kubernetes objects. It rejects
+        all the resources that use one or more labels on the deny list. It also
+        allows you to put constraints on specific labels. The constraints are
+        expressed as regular expression. It will also allow you to require specific
+        labels to be part of the resource.
+      group: Settings
+      label: Description
+      required: false
+      hide_input: true
+      type: map
+      variable: description
+    - default: []
+      description: A list of labels that cannot be used
+      group: Settings
+      label: Denied labels
+      required: false
+      type: array[
+      variable: denied_labels
+    - default: []
+      description: A list of labels that must be defined
+      group: Settings
+      label: Mandatory labels
+      required: false
+      type: array[
+      variable: mandatory_labels
+    - default: []
+      tooltip: Annotations that are validated with user-defined RegExp
+      group: Settings
+      label: Constrained labels
+      target: true
+      type: map[
+      variable: constrained_labels
diff --git a/questions-ui.yml b/questions-ui.yml
@@ -0,0 +1,35 @@
+questions:
+- default: null
+  description: >-
+    This policy validates the labels of generic Kubernetes objects. It rejects
+    all the resources that use one or more labels on the deny list. It also
+    allows you to put constraints on specific labels. The constraints are
+    expressed as regular expression. It will also allow you to require specific
+    labels to be part of the resource.
+  group: Settings
+  label: Description
+  required: false
+  hide_input: true
+  type: map
+  variable: description
+- default: []
+  description: A list of labels that cannot be used
+  group: Settings
+  label: Denied labels
+  required: false
+  type: array[
+  variable: denied_labels
+- default: []
+  description: A list of labels that must be defined
+  group: Settings
+  label: Mandatory labels
+  required: false
+  type: array[
+  variable: mandatory_labels
+- default: []
+  tooltip: Annotations that are validated with user-defined RegExp
+  group: Settings
+  label: Constrained labels
+  target: true
+  type: map[
+  variable: constrained_labels