Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarification of inspect to create OPA policy #1

Open
jimmyraywv opened this issue Apr 29, 2022 · 1 comment
Open

Clarification of inspect to create OPA policy #1

jimmyraywv opened this issue Apr 29, 2022 · 1 comment

Comments

@jimmyraywv
Copy link

So, if I run: kubectl advise-policy inspect --OPADefaultRule > opa-psp.rego in a ns with multiple service accounts and multiple applied PSPs, I seem to get an OPA policy that reflects the aggregate of all the rules specified in all the PSPs within the target ns. Is that correct? Is there a way to target a specific PSP and generate an OPA policy from it, with this tool?
@darryk10
Copy link
Collaborator

darryk10 commented May 3, 2022

Hi,
Thanks for the question. The tool is actually checking the env for the specific ns and generate PSP or OPA policies. It isn't evaluating the PSPs already deployed and convert those PSPs in OPAs but it's generating the OPA policy based on the env directly. So at the moment there isn't the feature to translate a specific PSP to OPA in this tool. However this could be a feature for the future.
Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jimmyraywv @darryk10