From 752c64d024265e7b58788fcb5f1be916dbd58153 Mon Sep 17 00:00:00 2001
From: Leonard Cohnen <lc@edgeless.systems>
Date: Tue, 23 Jan 2024 17:04:05 +0100
Subject: [PATCH 1/3] policy: add wildcard to dns names for workloads

---
 cli/policies.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cli/policies.go b/cli/policies.go
index 14de0d7cef..74d392e533 100644
--- a/cli/policies.go
+++ b/cli/policies.go
@@ -116,5 +116,6 @@ func (d deployment) DNSNames() []string {
 	return []string{
 		fmt.Sprintf("%s.%s", d.name, d.namespace),
 		fmt.Sprintf("*.%s", d.namespace),
+		"*",
 	}
 }

From da8f250af604690f2a0f25e8ffad70ba1df80895 Mon Sep 17 00:00:00 2001
From: Leonard Cohnen <lc@edgeless.systems>
Date: Tue, 23 Jan 2024 17:04:25 +0100
Subject: [PATCH 2/3] just: fallback to default namespace for deployments

---
 justfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/justfile b/justfile
index ea0d9bfe8b..35895894d1 100644
--- a/justfile
+++ b/justfile
@@ -26,12 +26,12 @@ generate target=default_deploy_target:
     mkdir -p ./{{ workspace_dir }}
     rm -rf ./{{ workspace_dir }}/*
     cp -R ./deployments/{{ target }} ./{{ workspace_dir }}/deployment
-    echo "{{ target }}${namespace_suffix}" > ./{{ workspace_dir }}/just.namespace
+    echo "{{ target }}${namespace_suffix-}" > ./{{ workspace_dir }}/just.namespace
     nix run .#patch-nunki-image-hashes -- ./{{ workspace_dir }}/deployment
     nix run .#kypatch images -- ./{{ workspace_dir }}/deployment \
         --replace ghcr.io/edgelesssys ${container_registry}
     nix run .#kypatch namespace -- ./{{ workspace_dir }}/deployment \
-        --replace edg-default {{ target }}${namespace_suffix}
+        --replace edg-default {{ target }}${namespace_suffix-}
     t=$(date +%s)
     nix run .#cli -- generate \
         -m ./{{ workspace_dir }}/manifest.json \

From cb9dfb92f876bd6a1a45611df540c5f9f8c421f6 Mon Sep 17 00:00:00 2001
From: Leonard Cohnen <lc@edgeless.systems>
Date: Tue, 23 Jan 2024 17:19:22 +0100
Subject: [PATCH 3/3] policy: allow the editing of dns names for workloads

---
 cli/policies.go | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/cli/policies.go b/cli/policies.go
index 74d392e533..8d68c25e7c 100644
--- a/cli/policies.go
+++ b/cli/policies.go
@@ -92,16 +92,10 @@ func checkPoliciesMatchManifest(policies map[string]deployment, policyHashes map
 			len(policies), len(policyHashes))
 	}
 	for name, deployment := range policies {
-		existingNames, ok := policyHashes[deployment.policy.Hash()]
+		_, ok := policyHashes[deployment.policy.Hash()]
 		if !ok {
 			return fmt.Errorf("policy %s not found in manifest", name)
 		}
-
-		if !slices.Equal(existingNames, deployment.DNSNames()) {
-			return fmt.Errorf("policy %s with hash %s exists in manifest, but with different names %v",
-				name, deployment.policy.Hash(), existingNames,
-			)
-		}
 	}
 	return nil
 }