UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Commit f9f7c142 authored by Michael McLeroy's avatar Michael McLeroy
Browse files

Merge gatekeeper lists

parent f88db948
No related branches found
No related tags found
1 merge request!829Merge gatekeeper lists
Hide whitespace changes
Inline Side-by-side
chart/templates/gatekeeper/values.yaml
+ 29
1
View file @ f9f7c142
{{- if or .Values.gatekeeper.enabled .Values.clusterAuditor.enabled }}
{{- include "values-secret" (dict "root" $ "package" .Values.gatekeeper "name" "gatekeeper" "defaults" (include "bigbang.defaults.gatekeeper" .)) }}
{{- include "values-secret" (dict "root" $ "package" (dict "values" (fromYaml (include "bigbang.overlays.gatekeeper" .))) "name" "gatekeeper" "defaults" (include "bigbang.defaults.gatekeeper" .)) }}
{{- end }}
{{- define "bigbang.defaults.gatekeeper" -}}
......@@ -107,3 +107,31 @@ violations: # Try to keep this in alpha order to make it easier to find keys
{{- end }}
{{- end }}
{{- end -}}
{{- /* This function merges defaults in lists from above into overlays */ -}}
{{- /* The end user will not have to replicate exclusions/repos from above when providing an overlay */ -}}
{{- /* There is a hidden flag `skipOverlayMerge` that can be added to any constraint to ignore the defaults */ -}}
{{- define "bigbang.overlays.gatekeeper" }}
{{- $defaults := fromYaml (include "bigbang.defaults.gatekeeper" .) }}
{{- $overlays := dig "values" dict .Values.gatekeeper }}
{{- range $constraint, $default := $defaults.violations }}
{{- $overlay := (dig "violations" $constraint dict $overlays) }}
# Only continue if an overlay matches a default constriant and hidden "skipOverlayMerge" is not set
{{- if and $overlay (not $overlay.skipOverlayMerge) }}
# Add any default excludedNamespaces to overlay
{{- if and (dig "match" "excludedNamespaces" list $default) (dig "match" "excludedNamespaces" list $overlay) }}
{{ $_ := set $overlay.match "excludedNamespaces" (concat $default.match.excludedNamespaces $overlay.match.excludedNamespaces) }}
{{- end }}
# Add any default excludedResources to overlay
{{- if and (dig "parameters" "excludedResources" list $default) (dig "parameters" "excludedResources" list $overlay) }}
{{ $_ := set $overlay.parameters "excludedResources" (concat $default.parameters.excludedResources $overlay.parameters.excludedResources) }}
{{- end }}
# Special case to add registries for allowed registries to overlay
{{- if and (dig "parameters" "repos" list $default) (dig "parameters" "repos" list $overlay) }}
{{ $_ := set $overlay.parameters "repos" (concat $default.parameters.repos $overlay.parameters.repos) }}
{{- end }}
{{- end }}
{{- end }}
{{ toYaml $overlays }}
{{- end }}
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED - NO CUI