fix: procmount should allow empty values #621
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JaydipGabani
approved these changes
Jan 10, 2025
|
@Agalin Please sign the commit to fix DCO CI failure. |
Agalin
force-pushed
the
proc-mount-missing-fix
branch
from
688b0d5 to
89a04df
Compare
|
Sure thing! Added. |
auto-merge was automatically disabled
January 16, 2025 11:57
Head branch was pushed to by a user without write access
Agalin
force-pushed
the
proc-mount-missing-fix
branch
from
89a04df to
d49a7a8
Compare
|
@JaydipGabani looks like it was stuck waiting on automerge, I've rebased it. 🤷 |
|
Looks like this failure is also happenning on the master branch. |
|
@Agalin CI issues is now fixed, if you rebase/merge msater CI should pass now. |
There is a mismatch between existing Rego and CEL implementation. Rego allows not providing proc mount value at all while CEL needs a value. Both fail if procMount is set to `null` despite it being a valid value equivalent to not defining the key at all. Signed-off-by: Szymon Soloch <[email protected]>
Agalin
force-pushed
the
proc-mount-missing-fix
branch
from
d49a7a8 to
5519039
Compare
|
@JaydipGabani rebased, hopefully we'll be able to merge it now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
There is a mismatch between existing Rego and CEL implementation. Rego allows not providing proc mount value at all while CEL needs a value. Both fail if procMount is set to
nulldespite it being a valid value equivalent to not defining the key at all.This mismatch actually causes admission errors after updating to the version with CEL logic for all pods with not defined procMount (i.e. vast majority).
Which issue(s) does this PR fix (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when the PR gets merged):Fixes #
Special notes for your reviewer: