Comments (5)
We thought about supporting this option, but there is one big challenge: what will happen when a user is providing a link to an invalid policies file?
Because the policies file won't necessarily go through a validation process (datree publish
), it can cause major pain to the user experience because it will stop\block all the workflows relying on Datree's policy check.
So, defining policy-as-code in its own CI pipeline creates (a little 😉) more work, but it is worth it because your policies, and the workflows that are relying on them, will be more stable :)
from datree.
We thought about supporting this option, but there is one big challenge: what will happen when a user is providing a link to an invalid policies file?
This was a problem space I honestly didn't put much thought into until you mentioned it. Would it be better for something like a linter to catch invalid policy files? It would be a pain if a merge caused cascading build failures, but I feel like there are options for gracefully handling an invalid policy file that aren't show stoppers. This issue is almost parallel to what products like ArgoCD face where the strategy for remediation is to use the last known good state until someone can remediate the defect.
I'm glad I wasn't the first person to think of defining these policies in CI. Would it be worth documenting creating your own pipeline as an option for managing policies as code? I couldn't find any documents on hub.datree.io that condoned the practice.
from datree.
This issue is almost parallel to what products like ArgoCD face where the strategy for remediation is to use the last known good state until someone can remediate the defect.
And how the user knows that his last ArgoCD config wasn't applied?
Yes, I agree, this is definitely something that we need to add to our docs.
Where do you think will be the best place (on the docs) to mention that?
from datree.
@salineselin following your feedback, I opened an issue to improve our docs (#295).
If you have any suggestions for the docs, feel free to share them there.
from datree.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from datree.
Related Issues (20)
- Dashboard login giving error in verifying token. HOT 7
- Datree installation fails in Minikube due to insufficient cpu HOT 3
- Datree Support for SOPS or ability to skip files where "sops" is contained HOT 5
- Datree installation is failing HOT 1
- could not find schema for PodDisruptionBudget HOT 2
- k8s object names are not displayed during datree kustomize test schema validation HOT 3
- datree fails with yaml anchors on linux HOT 4
- Datree update causing validation errors on non-existent fields in deployment files HOT 2
- Cannot use Policy as code from CLI HOT 12
- Why `Prevent containers from accessing host files by using high UIDs` request uid > 10 000 HOT 8
- Error messages logged to stdout instead of stderr break Json and Yaml output formats HOT 1
- Fail to evaluate custom rule with Rego HOT 3
- showing container name in addition of array index.
- Support skipping on a single container
- Disable some of built-in rules? HOT 1
- Add optional rule to lint kubernetes resource names
- CIS_INVALID_VALUE_SECCOMP_PROFILE Is reporting error when it should not HOT 4
- documentation link is not working properly
- Datree outage? HOT 4
- get.datree.io is down HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from datree.