Skip to content

Commit

Permalink
Add playground samples (#202)
Browse files Browse the repository at this point in the history 
* add playground samples

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make codegen

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make codegen

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

---------

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
  • Loading branch information
@JimBugwadia
JimBugwadia authored Nov 6, 2023
1 parent 6b96903 commit e1401c0
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 12 deletions.
12 changes: 6 additions & 6 deletions pkg/server/ui/dist/assets/data.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
{
"examples": [
{
"category": "Dockerfile",
"name": "check-dockerfile",
"policy": "apiVersion: json.kyverno.io/v1alpha1\nkind: ValidatingPolicy\nmetadata:\n name: check-dockerfile\nspec:\n rules:\n - name: deny-external-calls\n assert:\n all:\n - message: \"HTTP calls are not allowed\"\n check:\n ~.(Stages[].Commands[].Args[].Value):\n (contains(@, 'https://') || contains(@, 'http://')): false\n - message: \"HTTP calls are not allowed\"\n check:\n ~.(Stages[].Commands[].CmdLine[]):\n (contains(@, 'https://') || contains(@, 'http://')): false\n - message: \"curl is not allowed\"\n check:\n ~.(Stages[].Commands[].CmdLine[]):\n (contains(@, 'curl')): false\n - message: \"wget is not allowed\"\n check:\n ~.(Stages[].Commands[].CmdLine[]):\n (contains(@, 'wget')): false",
"payload": "MetaArgs:\n- DefaultValue: '\"linux/amd64\"'\n Key: BUILD_PLATFORM\n ProvidedValue: null\n Value: '\"linux/amd64\"'\n- DefaultValue: '\"golang:1.20.6-alpine3.18\"'\n Key: BUILDER_IMAGE\n ProvidedValue: null\n Value: '\"golang:1.20.6-alpine3.18\"'\nStages:\n- As: builder\n BaseName: '\"golang:1.20.6-alpine3.18\"'\n Commands:\n - Name: WORKDIR\n Path: /\n - Chmod: \"\"\n Chown: \"\"\n DestPath: ./\n From: \"\"\n Link: false\n Name: COPY\n SourceContents: null\n SourcePaths:\n - .\n - Args:\n - Comment: \"\"\n Key: SIGNER_BINARY_LINK\n Value: '\"https://d2hvyiie56hcat.cloudfront.net/linux/amd64/plugin/latest/notation-aws-signer-plugin.zip\"'\n Name: ARG\n - Args:\n - Comment: \"\"\n Key: SIGNER_BINARY_FILE\n Value: '\"notation-aws-signer-plugin.zip\"'\n Name: ARG\n - CmdLine:\n - wget -O ${SIGNER_BINARY_FILE} ${SIGNER_BINARY_LINK}\n Files: null\n FlagsUsed: []\n Name: RUN\n PrependShell: true\n - CmdLine:\n - apk update \u0026\u0026 apk add unzip \u0026\u0026 unzip -o ${SIGNER_BINARY_FILE}\n Files: null\n FlagsUsed: []\n Name: RUN\n PrependShell: true\n - CmdLine:\n - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=\"-w -s\" -o kyverno-notation-aws\n .\n Files: null\n FlagsUsed: []\n Name: RUN\n PrependShell: true\n Comment: \"\"\n From:\n Image: '\"golang:1.20.6-alpine3.18\"'\n Location:\n - End:\n Character: 0\n Line: 4\n Start:\n Character: 0\n Line: 4\n Name: builder\n Platform: $BUILD_PLATFORM\n SourceCode: FROM --platform=$BUILD_PLATFORM $BUILDER_IMAGE as builder\n- BaseName: gcr.io/distroless/static:nonroot\n Commands:\n - Name: WORKDIR\n Path: /\n - Env:\n - Key: PLUGINS_DIR\n Value: /plugins\n Name: ENV\n - Chmod: \"\"\n Chown: \"\"\n DestPath: plugins/com.amazonaws.signer.notation.plugin/notation-com.amazonaws.signer.notation.plugin\n From: builder\n Link: false\n Name: COPY\n SourceContents: null\n SourcePaths:\n - notation-com.amazonaws.signer.notation.plugin\n - Chmod: \"\"\n Chown: \"\"\n DestPath: kyverno-notation-aws\n From: builder\n Link: false\n Name: COPY\n SourceContents: null\n SourcePaths:\n - kyverno-notation-aws\n - CmdLine:\n - /kyverno-notation-aws\n Files: null\n Name: ENTRYPOINT\n PrependShell: false\n Comment: \"\"\n From:\n Image: gcr.io/distroless/static:nonroot\n Location:\n - End:\n Character: 0\n Line: 20\n Start:\n Character: 0\n Line: 20\n Name: \"\"\n Platform: \"\"\n SourceCode: FROM gcr.io/distroless/static:nonroot\n"
},
{
"category": "Terraform",
"name": "terraform-s3",
Expand All @@ -11,12 +17,6 @@
"name": "pod-no-latest",
"policy": "apiVersion: json.kyverno.io/v1alpha1\nkind: ValidatingPolicy\nmetadata:\n name: test\nspec:\n rules:\n - name: pod-no-latest\n context:\n - name: tag\n variable: :latest\n match:\n any:\n - apiVersion: v1\n kind: Pod\n identifier: \"metadata.name\"\n assert:\n all:\n - check:\n spec:\n ~foo.containers-\u003efoos:\n (at($foos, $foo).image)-\u003efoo:\n # an image tag is required\n (contains($foo, ':')): true\n # using a mutable image tag e.g. 'latest' is not allowed\n (ends_with($foo, $tag)): false\n - check:\n spec:\n ~.containers-\u003efoo:\n image:\n # an image tag is required\n (contains(@, ':')): true\n # using a mutable image tag e.g. 'latest' is not allowed\n (ends_with(@, ':latest')): false\n - check:\n ~index.(spec.containers[*].image)-\u003eimages:\n # an image tag is required\n (contains(@, ':')): true\n # using a mutable image tag e.g. 'latest' is not allowed\n (ends_with(@, ':latest')): false\n",
"payload": "apiVersion: v1\nkind: Pod\nmetadata:\n name: webserver\nspec:\n containers:\n - name: webserver-1\n image: nginx:latest\n ports:\n - containerPort: 80\n - name: webserver-2\n image: nginx:latest\n ports:\n - containerPort: 80\n - name: webserver-3\n image: nginx:latest\n ports:\n - containerPort: 80\n"
},
{
"category": "Dockerfile",
"name": "check-dockerfile",
"policy": "apiVersion: json.kyverno.io/v1alpha1\nkind: ValidatingPolicy\nmetadata:\n name: check-dockerfile\nspec:\n rules:\n - name: deny-external-calls\n assert:\n all:\n - message: \"HTTP calls are not allowed\"\n check:\n ~.(Stages[].Commands[].Args[].Value):\n (contains(@, 'https://') || contains(@, 'http://')): false\n - message: \"HTTP calls are not allowed\"\n check:\n ~.(Stages[].Commands[].CmdLine[]):\n (contains(@, 'https://') || contains(@, 'http://')): false\n - message: \"curl is not allowed\"\n check:\n ~.(Stages[].Commands[].CmdLine[]):\n (contains(@, 'curl')): false\n - message: \"wget is not allowed\"\n check:\n ~.(Stages[].Commands[].CmdLine[]):\n (contains(@, 'wget')): false",
"payload": "MetaArgs:\n- DefaultValue: '\"linux/amd64\"'\n Key: BUILD_PLATFORM\n ProvidedValue: null\n Value: '\"linux/amd64\"'\n- DefaultValue: '\"golang:1.20.6-alpine3.18\"'\n Key: BUILDER_IMAGE\n ProvidedValue: null\n Value: '\"golang:1.20.6-alpine3.18\"'\nStages:\n- As: builder\n BaseName: '\"golang:1.20.6-alpine3.18\"'\n Commands:\n - Name: WORKDIR\n Path: /\n - Chmod: \"\"\n Chown: \"\"\n DestPath: ./\n From: \"\"\n Link: false\n Name: COPY\n SourceContents: null\n SourcePaths:\n - .\n - Args:\n - Comment: \"\"\n Key: SIGNER_BINARY_LINK\n Value: '\"https://d2hvyiie56hcat.cloudfront.net/linux/amd64/plugin/latest/notation-aws-signer-plugin.zip\"'\n Name: ARG\n - Args:\n - Comment: \"\"\n Key: SIGNER_BINARY_FILE\n Value: '\"notation-aws-signer-plugin.zip\"'\n Name: ARG\n - CmdLine:\n - wget -O ${SIGNER_BINARY_FILE} ${SIGNER_BINARY_LINK}\n Files: null\n FlagsUsed: []\n Name: RUN\n PrependShell: true\n - CmdLine:\n - apk update \u0026\u0026 apk add unzip \u0026\u0026 unzip -o ${SIGNER_BINARY_FILE}\n Files: null\n FlagsUsed: []\n Name: RUN\n PrependShell: true\n - CmdLine:\n - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=\"-w -s\" -o kyverno-notation-aws\n .\n Files: null\n FlagsUsed: []\n Name: RUN\n PrependShell: true\n Comment: \"\"\n From:\n Image: '\"golang:1.20.6-alpine3.18\"'\n Location:\n - End:\n Character: 0\n Line: 4\n Start:\n Character: 0\n Line: 4\n Name: builder\n Platform: $BUILD_PLATFORM\n SourceCode: FROM --platform=$BUILD_PLATFORM $BUILDER_IMAGE as builder\n- BaseName: gcr.io/distroless/static:nonroot\n Commands:\n - Name: WORKDIR\n Path: /\n - Env:\n - Key: PLUGINS_DIR\n Value: /plugins\n Name: ENV\n - Chmod: \"\"\n Chown: \"\"\n DestPath: plugins/com.amazonaws.signer.notation.plugin/notation-com.amazonaws.signer.notation.plugin\n From: builder\n Link: false\n Name: COPY\n SourceContents: null\n SourcePaths:\n - notation-com.amazonaws.signer.notation.plugin\n - Chmod: \"\"\n Chown: \"\"\n DestPath: kyverno-notation-aws\n From: builder\n Link: false\n Name: COPY\n SourceContents: null\n SourcePaths:\n - kyverno-notation-aws\n - CmdLine:\n - /kyverno-notation-aws\n Files: null\n Name: ENTRYPOINT\n PrependShell: false\n Comment: \"\"\n From:\n Image: gcr.io/distroless/static:nonroot\n Location:\n - End:\n Character: 0\n Line: 20\n Start:\n Character: 0\n Line: 20\n Name: \"\"\n Platform: \"\"\n SourceCode: FROM gcr.io/distroless/static:nonroot\n"
}
]
}
12 changes: 6 additions & 6 deletions website/playground/assets/data.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
{
"examples": [
{
"category": "Dockerfile",
"name": "check-dockerfile",
"policy": "apiVersion: json.kyverno.io/v1alpha1\nkind: ValidatingPolicy\nmetadata:\n name: check-dockerfile\nspec:\n rules:\n - name: deny-external-calls\n assert:\n all:\n - message: \"HTTP calls are not allowed\"\n check:\n ~.(Stages[].Commands[].Args[].Value):\n (contains(@, 'https://') || contains(@, 'http://')): false\n - message: \"HTTP calls are not allowed\"\n check:\n ~.(Stages[].Commands[].CmdLine[]):\n (contains(@, 'https://') || contains(@, 'http://')): false\n - message: \"curl is not allowed\"\n check:\n ~.(Stages[].Commands[].CmdLine[]):\n (contains(@, 'curl')): false\n - message: \"wget is not allowed\"\n check:\n ~.(Stages[].Commands[].CmdLine[]):\n (contains(@, 'wget')): false",
"payload": "MetaArgs:\n- DefaultValue: '\"linux/amd64\"'\n Key: BUILD_PLATFORM\n ProvidedValue: null\n Value: '\"linux/amd64\"'\n- DefaultValue: '\"golang:1.20.6-alpine3.18\"'\n Key: BUILDER_IMAGE\n ProvidedValue: null\n Value: '\"golang:1.20.6-alpine3.18\"'\nStages:\n- As: builder\n BaseName: '\"golang:1.20.6-alpine3.18\"'\n Commands:\n - Name: WORKDIR\n Path: /\n - Chmod: \"\"\n Chown: \"\"\n DestPath: ./\n From: \"\"\n Link: false\n Name: COPY\n SourceContents: null\n SourcePaths:\n - .\n - Args:\n - Comment: \"\"\n Key: SIGNER_BINARY_LINK\n Value: '\"https://d2hvyiie56hcat.cloudfront.net/linux/amd64/plugin/latest/notation-aws-signer-plugin.zip\"'\n Name: ARG\n - Args:\n - Comment: \"\"\n Key: SIGNER_BINARY_FILE\n Value: '\"notation-aws-signer-plugin.zip\"'\n Name: ARG\n - CmdLine:\n - wget -O ${SIGNER_BINARY_FILE} ${SIGNER_BINARY_LINK}\n Files: null\n FlagsUsed: []\n Name: RUN\n PrependShell: true\n - CmdLine:\n - apk update \u0026\u0026 apk add unzip \u0026\u0026 unzip -o ${SIGNER_BINARY_FILE}\n Files: null\n FlagsUsed: []\n Name: RUN\n PrependShell: true\n - CmdLine:\n - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=\"-w -s\" -o kyverno-notation-aws\n .\n Files: null\n FlagsUsed: []\n Name: RUN\n PrependShell: true\n Comment: \"\"\n From:\n Image: '\"golang:1.20.6-alpine3.18\"'\n Location:\n - End:\n Character: 0\n Line: 4\n Start:\n Character: 0\n Line: 4\n Name: builder\n Platform: $BUILD_PLATFORM\n SourceCode: FROM --platform=$BUILD_PLATFORM $BUILDER_IMAGE as builder\n- BaseName: gcr.io/distroless/static:nonroot\n Commands:\n - Name: WORKDIR\n Path: /\n - Env:\n - Key: PLUGINS_DIR\n Value: /plugins\n Name: ENV\n - Chmod: \"\"\n Chown: \"\"\n DestPath: plugins/com.amazonaws.signer.notation.plugin/notation-com.amazonaws.signer.notation.plugin\n From: builder\n Link: false\n Name: COPY\n SourceContents: null\n SourcePaths:\n - notation-com.amazonaws.signer.notation.plugin\n - Chmod: \"\"\n Chown: \"\"\n DestPath: kyverno-notation-aws\n From: builder\n Link: false\n Name: COPY\n SourceContents: null\n SourcePaths:\n - kyverno-notation-aws\n - CmdLine:\n - /kyverno-notation-aws\n Files: null\n Name: ENTRYPOINT\n PrependShell: false\n Comment: \"\"\n From:\n Image: gcr.io/distroless/static:nonroot\n Location:\n - End:\n Character: 0\n Line: 20\n Start:\n Character: 0\n Line: 20\n Name: \"\"\n Platform: \"\"\n SourceCode: FROM gcr.io/distroless/static:nonroot\n"
},
{
"category": "Terraform",
"name": "terraform-s3",
Expand All @@ -11,12 +17,6 @@
"name": "pod-no-latest",
"policy": "apiVersion: json.kyverno.io/v1alpha1\nkind: ValidatingPolicy\nmetadata:\n name: test\nspec:\n rules:\n - name: pod-no-latest\n context:\n - name: tag\n variable: :latest\n match:\n any:\n - apiVersion: v1\n kind: Pod\n identifier: \"metadata.name\"\n assert:\n all:\n - check:\n spec:\n ~foo.containers-\u003efoos:\n (at($foos, $foo).image)-\u003efoo:\n # an image tag is required\n (contains($foo, ':')): true\n # using a mutable image tag e.g. 'latest' is not allowed\n (ends_with($foo, $tag)): false\n - check:\n spec:\n ~.containers-\u003efoo:\n image:\n # an image tag is required\n (contains(@, ':')): true\n # using a mutable image tag e.g. 'latest' is not allowed\n (ends_with(@, ':latest')): false\n - check:\n ~index.(spec.containers[*].image)-\u003eimages:\n # an image tag is required\n (contains(@, ':')): true\n # using a mutable image tag e.g. 'latest' is not allowed\n (ends_with(@, ':latest')): false\n",
"payload": "apiVersion: v1\nkind: Pod\nmetadata:\n name: webserver\nspec:\n containers:\n - name: webserver-1\n image: nginx:latest\n ports:\n - containerPort: 80\n - name: webserver-2\n image: nginx:latest\n ports:\n - containerPort: 80\n - name: webserver-3\n image: nginx:latest\n ports:\n - containerPort: 80\n"
},
{
"category": "Dockerfile",
"name": "check-dockerfile",
"policy": "apiVersion: json.kyverno.io/v1alpha1\nkind: ValidatingPolicy\nmetadata:\n name: check-dockerfile\nspec:\n rules:\n - name: deny-external-calls\n assert:\n all:\n - message: \"HTTP calls are not allowed\"\n check:\n ~.(Stages[].Commands[].Args[].Value):\n (contains(@, 'https://') || contains(@, 'http://')): false\n - message: \"HTTP calls are not allowed\"\n check:\n ~.(Stages[].Commands[].CmdLine[]):\n (contains(@, 'https://') || contains(@, 'http://')): false\n - message: \"curl is not allowed\"\n check:\n ~.(Stages[].Commands[].CmdLine[]):\n (contains(@, 'curl')): false\n - message: \"wget is not allowed\"\n check:\n ~.(Stages[].Commands[].CmdLine[]):\n (contains(@, 'wget')): false",
"payload": "MetaArgs:\n- DefaultValue: '\"linux/amd64\"'\n Key: BUILD_PLATFORM\n ProvidedValue: null\n Value: '\"linux/amd64\"'\n- DefaultValue: '\"golang:1.20.6-alpine3.18\"'\n Key: BUILDER_IMAGE\n ProvidedValue: null\n Value: '\"golang:1.20.6-alpine3.18\"'\nStages:\n- As: builder\n BaseName: '\"golang:1.20.6-alpine3.18\"'\n Commands:\n - Name: WORKDIR\n Path: /\n - Chmod: \"\"\n Chown: \"\"\n DestPath: ./\n From: \"\"\n Link: false\n Name: COPY\n SourceContents: null\n SourcePaths:\n - .\n - Args:\n - Comment: \"\"\n Key: SIGNER_BINARY_LINK\n Value: '\"https://d2hvyiie56hcat.cloudfront.net/linux/amd64/plugin/latest/notation-aws-signer-plugin.zip\"'\n Name: ARG\n - Args:\n - Comment: \"\"\n Key: SIGNER_BINARY_FILE\n Value: '\"notation-aws-signer-plugin.zip\"'\n Name: ARG\n - CmdLine:\n - wget -O ${SIGNER_BINARY_FILE} ${SIGNER_BINARY_LINK}\n Files: null\n FlagsUsed: []\n Name: RUN\n PrependShell: true\n - CmdLine:\n - apk update \u0026\u0026 apk add unzip \u0026\u0026 unzip -o ${SIGNER_BINARY_FILE}\n Files: null\n FlagsUsed: []\n Name: RUN\n PrependShell: true\n - CmdLine:\n - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=\"-w -s\" -o kyverno-notation-aws\n .\n Files: null\n FlagsUsed: []\n Name: RUN\n PrependShell: true\n Comment: \"\"\n From:\n Image: '\"golang:1.20.6-alpine3.18\"'\n Location:\n - End:\n Character: 0\n Line: 4\n Start:\n Character: 0\n Line: 4\n Name: builder\n Platform: $BUILD_PLATFORM\n SourceCode: FROM --platform=$BUILD_PLATFORM $BUILDER_IMAGE as builder\n- BaseName: gcr.io/distroless/static:nonroot\n Commands:\n - Name: WORKDIR\n Path: /\n - Env:\n - Key: PLUGINS_DIR\n Value: /plugins\n Name: ENV\n - Chmod: \"\"\n Chown: \"\"\n DestPath: plugins/com.amazonaws.signer.notation.plugin/notation-com.amazonaws.signer.notation.plugin\n From: builder\n Link: false\n Name: COPY\n SourceContents: null\n SourcePaths:\n - notation-com.amazonaws.signer.notation.plugin\n - Chmod: \"\"\n Chown: \"\"\n DestPath: kyverno-notation-aws\n From: builder\n Link: false\n Name: COPY\n SourceContents: null\n SourcePaths:\n - kyverno-notation-aws\n - CmdLine:\n - /kyverno-notation-aws\n Files: null\n Name: ENTRYPOINT\n PrependShell: false\n Comment: \"\"\n From:\n Image: gcr.io/distroless/static:nonroot\n Location:\n - End:\n Character: 0\n Line: 20\n Start:\n Character: 0\n Line: 20\n Name: \"\"\n Platform: \"\"\n SourceCode: FROM gcr.io/distroless/static:nonroot\n"
}
]
}

0 comments on commit e1401c0

Please sign in to comment.