docs: cleanup (kyverno#203)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
eddycharly · Nov 7, 2024 · eb70536 · eb70536
1 parent f27caf6
commit eb70536
Show file tree

Hide file tree

Showing 25 changed files with 306 additions and 1,356 deletions.
diff --git a/docs/RELEASE.md → .docs/RELEASE.md b/docs/RELEASE.md → .docs/RELEASE.md
diff --git a/manifests/cert-manager/cluster-issuer.yaml → .manifests/cert-manager/cluster-issuer.yaml b/manifests/cert-manager/cluster-issuer.yaml → .manifests/cert-manager/cluster-issuer.yaml
diff --git a/...sts/policies/demo-policy.example.com.yaml → ...sts/policies/demo-policy.example.com.yaml b/...sts/policies/demo-policy.example.com.yaml → ...sts/policies/demo-policy.example.com.yaml
diff --git a/Makefile b/Makefile
@@ -318,7 +318,7 @@ install-cert-manager: $(HELM)
 install-cluster-issuer: ## Install cert-manager cluster issuer
 install-cluster-issuer:
 	@echo Install cert-manager cluster issuer... >&2
-	@kubectl apply -f manifests/cert-manager/cluster-issuer.yaml
+	@kubectl apply -f .manifests/cert-manager/cluster-issuer.yaml
 
 #########
 # ISTIO #
@@ -353,7 +353,6 @@ install-kyverno-sidecar-injector: $(HELM)
 .PHONY: install-kyverno-authz-server
 install-kyverno-authz-server: ## Install kyverno-authz-server chart
 install-kyverno-authz-server: kind-load-image
-install-kyverno-authz-server: codegen-crds
 install-kyverno-authz-server: $(HELM)
 	@echo Install CRDs... >&2
 	@kubectl apply -f $(CRDS_PATH)

diff --git a/docs/quick_start.yaml b/docs/quick_start.yaml
diff --git a/pkg/authz/cel/libs/jwt/lib.go b/pkg/authz/cel/libs/jwt/lib.go
@@ -33,7 +33,7 @@ func (*lib) extendEnv(env *cel.Env) (*cel.Env, error) {
 	// build our function overloads
 	libraryDecls := map[string][]cel.FunctionOpt{
 		"jwt.Decode": {
-			cel.Overload("decode_string_string", []*cel.Type{types.StringType, types.StringType}, TokenType, cel.BinaryBinding(decode)),
+			cel.Overload("decode_string_string", []*cel.Type{types.StringType, types.StringType}, types.DynType, cel.BinaryBinding(decode)),
 		},
 	}
 	// create env options corresponding to our function overloads
@@ -54,11 +54,15 @@ func decode(token ref.Val, key ref.Val) ref.Val {
 	if !ok {
 		return types.MaybeNoSuchOverloadErr(key)
 	}
-	out, err := jwt.Parse(string(t), func(*jwt.Token) (any, error) {
+	parsed, err := jwt.Parse(string(t), func(*jwt.Token) (any, error) {
 		return []byte(k), nil
 	})
 	if err != nil {
-		return types.WrapErr(err)
+		return types.DefaultTypeAdapter.NativeToValue(nil)
 	}
-	return Token{Token: out}
+	return types.DefaultTypeAdapter.NativeToValue(map[string]any{
+		"header": parsed.Header,
+		"claims": parsed.Claims.(jwt.MapClaims),
+		"valid":  parsed.Valid,
+	})
 }
diff --git a/pkg/policy/provider.go b/pkg/policy/provider.go
@@ -69,6 +69,7 @@ func (r *policyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 	}
 	compiled, err := r.compiler.Compile(policy)
 	if err != nil {
+		fmt.Println(err)
 		// TODO: not sure we should retry it
 		return ctrl.Result{}, err
 	}

diff --git a/website/docs/cel-extensions/jwt.md b/website/docs/cel-extensions/jwt.md
@@ -22,7 +22,7 @@ kind: AuthorizationPolicy
 metadata:
   name: demo
 spec:
-  failurePolicy: Ignore
+  failurePolicy: Fail
   variables:
   - name: token
     expression: >

diff --git a/website/docs/jp.md b/website/docs/jp.md