chore: skip AdmissionReview in doc generate

open-policy-agent · Sep 28, 2023 · 117e7d5 · 117e7d5
1 parent bd942ad
commit 117e7d5
Show file tree

Hide file tree

Showing 18 changed files with 18 additions and 605 deletions.
diff --git a/scripts/website/generate.go b/scripts/website/generate.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"gopkg.in/yaml.v3"
+	"k8s.io/utils/strings/slices"
 )
 
 const (
@@ -28,6 +29,9 @@ const (
 	mutationPattern      = `(\s*)(type:\s+'category',\s+label:\s+'Mutation',\s+collapsed:\s+true,\s+items:\s*\[\s)(\s*)([^\]]*,)`
 )
 
+// Skip including examples for the following Kinds
+var skipExampleKinds = []string{"AdmissionReview"}
+
 // Suite ...
 // ToDo (nilekh): Get this struct from the Gatekeeper repo.
 type Suite struct {
@@ -140,7 +144,20 @@ func main() {
 								fmt.Println("error while reading ", testCase.Object)
 								panic(err)
 							}
-							examples += fmt.Sprintf("<details>\n<summary>%s</summary>\n\n```yaml\n%s\n```\n\nUsage\n\n```shell\nkubectl apply -f %s\n```\n\n</details>\n", testCase.Name, exampleContent, exampleRawURL)
+
+							exampleResource := make(map[string]interface{})
+							err = yaml.Unmarshal(exampleContent, &exampleResource)
+							if err != nil {
+								fmt.Printf("error while unmarshaling: %v", exampleRawURL)
+								panic(err)
+							}
+
+							if exampleKind, ok := exampleResource["kind"].(string); !ok {
+								fmt.Printf("error while parsing kind: %v", exampleRawURL)
+								panic(err)
+							} else if !slices.Contains(skipExampleKinds, exampleKind) {
+								examples += fmt.Sprintf("<details>\n<summary>%s</summary>\n\n```yaml\n%s\n```\n\nUsage\n\n```shell\nkubectl apply -f %s\n```\n\n</details>\n", testCase.Name, exampleContent, exampleRawURL)
+							}
 						}
 
 						allExamples += fmt.Sprintf("<details>\n<summary>%s</summary><blockquote>\n\n%s\n%s\n\n</blockquote></details>", test.Name, constraintExample, examples)

diff --git a/website/docs/validation/allow-privilege-escalation.md b/website/docs/validation/allow-privilege-escalation.md
@@ -222,37 +222,6 @@ Usage
 kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/allow-privilege-escalation/samples/psp-allow-privilege-escalation-container/disallowed_ephemeral.yaml
 ```
 
-</details>
-<details>
-<summary>update</summary>
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
-  operation: "UPDATE"
-  object:
-    apiVersion: v1
-    kind: Pod
-    metadata:
-      name: nginx-privilege-escalation-disallowed
-      labels:
-        app: nginx-privilege-escalation
-    spec:
-      containers:
-      - name: nginx
-        image: nginx
-        securityContext:
-          allowPrivilegeEscalation: true
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/allow-privilege-escalation/samples/psp-allow-privilege-escalation-container/update.yaml
-```
-
 </details>
 
 

diff --git a/website/docs/validation/automount-serviceaccount-token.md b/website/docs/validation/automount-serviceaccount-token.md
@@ -161,36 +161,6 @@ Usage
 kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/general/automount-serviceaccount-token/samples/automount-serviceaccount-token/example_disallowed.yaml
 ```
 
-</details>
-<details>
-<summary>update</summary>
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
-  operation: "UPDATE"
-  object:
-    apiVersion: v1
-    kind: Pod
-    metadata:
-      name: nginx-automountserviceaccounttoken-update
-      labels:
-        app: nginx-automountserviceaccounttoken
-    spec:
-      automountServiceAccountToken: true
-      containers:
-        - name: nginx
-          image: nginx
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/general/automount-serviceaccount-token/samples/automount-serviceaccount-token/update.yaml
-```
-
 </details>
 
 

diff --git a/website/docs/validation/capabilities.md b/website/docs/validation/capabilities.md
@@ -317,46 +317,6 @@ Usage
 kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/capabilities/samples/capabilities-demo/disallowed_ephemeral.yaml
 ```
 
-</details>
-<details>
-<summary>update</summary>
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
-  operation: "UPDATE"
-  object:
-    apiVersion: v1
-    kind: Pod
-    metadata:
-      name: opa-disallowed
-      labels:
-        owner: me.agilebank.demo
-    spec:
-      containers:
-        - name: opa
-          image: openpolicyagent/opa:0.9.2
-          args:
-            - "run"
-            - "--server"
-            - "--addr=localhost:8080"
-          securityContext:
-            capabilities:
-              add: ["disallowedcapability"]
-          resources:
-            limits:
-              cpu: "100m"
-              memory: "30Mi"
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/capabilities/samples/capabilities-demo/update.yaml
-```
-
 </details>
 
 

diff --git a/website/docs/validation/ephemeralstoragelimit.md b/website/docs/validation/ephemeralstoragelimit.md
@@ -471,44 +471,6 @@ Usage
 kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/general/ephemeralstoragelimit/samples/container-must-have-ephemeral-storage-limit/example_disallowed_ephemeral_storage_limit_1Pi-initContainer.yaml
 ```
 
-</details>
-<details>
-<summary>ephemeral-storage-limit-update</summary>
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
-  operation: "UPDATE"
-  object:
-    apiVersion: v1
-    kind: Pod
-    metadata:
-      name: opa-allowed
-      labels:
-        owner: me.agilebank.demo
-    spec:
-      containers:
-        - name: opa
-          image: openpolicyagent/opa:0.9.2
-          args:
-            - "run"
-            - "--server"
-            - "--addr=localhost:8080"
-          resources:
-            limits:
-              cpu: "100m"
-              memory: "1Gi"
-              ephemeral-storage: "1Pi"
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/general/ephemeralstoragelimit/samples/container-must-have-ephemeral-storage-limit/update.yaml
-```
-
 </details>
 
 

diff --git a/website/docs/validation/flexvolume-drivers.md b/website/docs/validation/flexvolume-drivers.md
@@ -184,43 +184,6 @@ Usage
 kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/flexvolume-drivers/samples/psp-flexvolume-drivers/example_disallowed.yaml
 ```
 
-</details>
-<details>
-<summary>update</summary>
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
-  operation: "UPDATE"
-  object:
-    apiVersion: v1
-    kind: Pod
-    metadata:
-      name: nginx-flexvolume-driver-disallowed
-      labels:
-        app: nginx-flexvolume-driver
-    spec:
-      containers:
-      - name: nginx
-        image: nginx
-        volumeMounts:
-        - mountPath: /test
-          name: test-volume
-          readOnly: true
-      volumes:
-      - name: test-volume
-        flexVolume:
-          driver: "example/testdriver" #"example/lvm"
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/flexvolume-drivers/samples/psp-flexvolume-drivers/update.yaml
-```
-
 </details>
 
 

diff --git a/website/docs/validation/forbidden-sysctls.md b/website/docs/validation/forbidden-sysctls.md
@@ -208,41 +208,6 @@ Usage
 kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/forbidden-sysctls/samples/psp-forbidden-sysctls/example_allowed.yaml
 ```
 
-</details>
-<details>
-<summary>update</summary>
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
-  operation: "UPDATE"
-  object:
-    apiVersion: v1
-    kind: Pod
-    metadata:
-      name: nginx-forbidden-sysctls-disallowed
-      labels:
-        app: nginx-forbidden-sysctls
-    spec:
-      containers:
-        - name: nginx
-          image: nginx
-      securityContext:
-        sysctls:
-          - name: kernel.msgmax
-            value: "65536"
-          - name: net.core.somaxconn
-            value: "1024"
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/forbidden-sysctls/samples/psp-forbidden-sysctls/update.yaml
-```
-
 </details>
 
 

diff --git a/website/docs/validation/fsgroup.md b/website/docs/validation/fsgroup.md
@@ -216,42 +216,6 @@ Usage
 kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/fsgroup/samples/psp-fsgroup/example_allowed.yaml
 ```
 
-</details>
-<details>
-<summary>update</summary>
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
-  operation: "UPDATE"
-  object:
-    apiVersion: v1
-    kind: Pod
-    metadata:
-      name: fsgroup-disallowed
-    spec:
-      securityContext:
-        fsGroup: 2000 # directory will have group ID 2000
-      volumes:
-      - name: fsgroup-demo-vol
-        emptyDir: {}
-      containers:
-      - name: fsgroup-demo
-        image: busybox
-        command: [ "sh", "-c", "sleep 1h" ]
-        volumeMounts:
-        - name: fsgroup-demo-vol
-          mountPath: /data/demo
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/fsgroup/samples/psp-fsgroup/update.yaml
-```
-
 </details>
 
 

diff --git a/website/docs/validation/host-filesystem.md b/website/docs/validation/host-filesystem.md
@@ -292,43 +292,6 @@ Usage
 kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/host-filesystem/samples/psp-host-filesystem/disallowed_ephemeral.yaml
 ```
 
-</details>
-<details>
-<summary>update</summary>
-
-```yaml
-kind: AdmissionReview
-apiVersion: admission.k8s.io/v1beta1
-request:
-  operation: "UPDATE"
-  object:
-    apiVersion: v1
-    kind: Pod
-    metadata:
-      name: nginx-host-filesystem
-      labels:
-        app: nginx-host-filesystem-disallowed
-    spec:
-      containers:
-      - name: nginx
-        image: nginx
-        volumeMounts:
-        - mountPath: /cache
-          name: cache-volume
-          readOnly: true
-      volumes:
-      - name: cache-volume
-        hostPath:
-          path: /tmp # directory location on host
-
-```
-
-Usage
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/pod-security-policy/host-filesystem/samples/psp-host-filesystem/update.yaml
-```
-
 </details>