Merge pull request #1016 from jvanz/rename-url-field

fix!: renames "url" field into "module".

Author: jvanz

README.md

@@ -37,11 +37,11 @@ This is an example of the policies file:
 
 ```yml
 psp-apparmor:
-  url: registry://ghcr.io/kubewarden/policies/psp-apparmor:v0.1.3
+  module: registry://ghcr.io/kubewarden/policies/psp-apparmor:v0.1.3
 psp-capabilities:
-  url: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.3
+  module: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.3
 namespace_simple:
-  url: file:///tmp/namespace-validate-policy.wasm
+  module: file:///tmp/namespace-validate-policy.wasm
   settings:
     valid_namespace: kubewarden-approved
 ```
@@ -98,22 +98,22 @@ This is an example of the policies file with a policy group:
 pod-image-signatures: # policy group
   policies:
     - name: sigstore_pgp
-      url: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
+      module: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
       settings:
         signatures:
           - image: "*"
             pubKeys:
               - "-----BEGIN PUBLIC KEY-----xxxxx-----END PUBLIC KEY-----"
               - "-----BEGIN PUBLIC KEY-----xxxxx-----END PUBLIC KEY-----"
     - name: sigstore_gh_action
-      url: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
+      module: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
       settings:
         signatures:
           - image: "*"
             githubActions:
             owner: "kubewarden"
     - name: reject_latest_tag
-      url: ghcr.io/kubewarden/policies/trusted-repos-policy:v0.1.12
+      module: ghcr.io/kubewarden/policies/trusted-repos-policy:v0.1.12
       settings:
         tags:
           reject:
@@ -133,7 +133,7 @@ that is allowed to access:
 strict-ingress-checks:
   policies:
     - name: unique_ingress
-      url: ghcr.io/kubewarden/policies/cel-policy:latest
+      module: ghcr.io/kubewarden/policies/cel-policy:latest
       contextAwareResources:
         - apiVersion: networking.k8s.io/v1
           kind: Ingress
@@ -154,13 +154,13 @@ strict-ingress-checks:
               !variables.knownHost.exists_one(hosts, sets.intersects(hosts, variables.desiredHosts))
             message: "Cannot reuse a host across multiple ingresses"
     - name: https_only
-      url: ghcr.io/kubewarden/policies/ingress:latest
+      module: ghcr.io/kubewarden/policies/ingress:latest
       settings:
         requireTLS: true
         allowPorts: [443]
         denyPorts: [80]
     - name: http_only
-      url: ghcr.io/kubewarden/policies/ingress:latest
+      module: ghcr.io/kubewarden/policies/ingress:latest
       settings:
         requireTLS: false
         allowPorts: [80]

policies.yml.example

@@ -1,30 +1,30 @@
 psp-apparmor:
-  url: registry://ghcr.io/kubewarden/policies/psp-apparmor:v0.1.7
+  module: registry://ghcr.io/kubewarden/policies/psp-apparmor:v0.1.7
 psp-capabilities:
-  url: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.7
+  module: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.7
   allowedToMutate: true
   settings:
     allowed_capabilities: ["*"]
     required_drop_capabilities: ["KILL"]
 pod-image-signatures: # policy group
   policies:
     sigstore_pgp:
-      url: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
+      module: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
       settings:
         signatures:
           - image: "*"
             pubKeys:
               - "-----BEGIN PUBLIC KEY-----xxxxx-----END PUBLIC KEY-----"
               - "-----BEGIN PUBLIC KEY-----xxxxx-----END PUBLIC KEY-----"
     sigstore_gh_action:
-      url: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
+      module: ghcr.io/kubewarden/policies/verify-image-signatures:v0.2.8
       settings:
         signatures:
           - image: "*"
             githubActions:
             owner: "kubewarden"
     reject_latest_tag:
-      url: ghcr.io/kubewarden/policies/trusted-repos-policy:v0.1.12
+      module: ghcr.io/kubewarden/policies/trusted-repos-policy:v0.1.12
       settings:
         tags:
           reject:

src/config.rs

@@ -318,7 +318,7 @@ pub enum PolicyOrPolicyGroupSettings {
 #[serde(deny_unknown_fields, rename_all = "camelCase")]
 pub struct PolicyGroupMember {
     /// Thge URL where the policy is located
-    pub url: String,
+    pub module: String,
     /// The settings for the policy
     pub settings: Option<HashMap<String, serde_yaml::Value>>,
     /// The list of Kubernetes resources the policy is allowed to access
@@ -341,7 +341,7 @@ pub enum PolicyOrPolicyGroup {
     #[serde(rename_all = "camelCase")]
     Policy {
         /// The URL where the policy is located
-        url: String,
+        module: String,
         #[serde(default)]
         /// The mode of the policy
         policy_mode: PolicyMode,
@@ -485,7 +485,7 @@ mod tests {
         let policies_yaml = r#"
 ---
 example:
-    url: ghcr.io/kubewarden/policies/context-aware-policy:0.1.0
+    module: ghcr.io/kubewarden/policies/context-aware-policy:0.1.0
     settings: {}
     allowedToMutate: true
     contextAwareResources:
@@ -499,10 +499,10 @@ group_policy:
     message: "group policy message"
     policies:
         policy1:
-            url: ghcr.io/kubewarden/policies/policy1:0.1.0
+            module: ghcr.io/kubewarden/policies/policy1:0.1.0
             settings: {}
         policy2:
-            url: ghcr.io/kubewarden/policies/policy2:0.1.0
+            module: ghcr.io/kubewarden/policies/policy2:0.1.0
             settings: {}
 "#;
 
@@ -516,7 +516,7 @@ group_policy:
             (
                 "example".to_owned(),
                 PolicyOrPolicyGroup::Policy {
-                    url: "ghcr.io/kubewarden/policies/context-aware-policy:0.1.0".to_owned(),
+                    module: "ghcr.io/kubewarden/policies/context-aware-policy:0.1.0".to_owned(),
                     policy_mode: PolicyMode::Protect,
                     allowed_to_mutate: Some(true),
                     settings: Some(HashMap::new()),
@@ -542,15 +542,15 @@ group_policy:
                         (
                             "policy1".to_owned(),
                             PolicyGroupMember {
-                                url: "ghcr.io/kubewarden/policies/policy1:0.1.0".to_owned(),
+                                module: "ghcr.io/kubewarden/policies/policy1:0.1.0".to_owned(),
                                 settings: Some(HashMap::new()),
                                 context_aware_resources: BTreeSet::new(),
                             },
                         ),
                         (
                             "policy2".to_string(),
                             PolicyGroupMember {
-                                url: "ghcr.io/kubewarden/policies/policy2:0.1.0".to_owned(),
+                                module: "ghcr.io/kubewarden/policies/policy2:0.1.0".to_owned(),
                                 settings: Some(HashMap::new()),
                                 context_aware_resources: BTreeSet::new(),
                             },
@@ -568,30 +568,30 @@ group_policy:
         r#"
 ---
 example:
-  url: file:///tmp/namespace-validate-policy.wasm
+  module: file:///tmp/namespace-validate-policy.wasm
   settings: {}
 "#, json!({})
     )]
     #[case::settings_missing(
         r#"
 ---
 example:
-  url: file:///tmp/namespace-validate-policy.wasm
+  module: file:///tmp/namespace-validate-policy.wasm
 "#, json!({})
     )]
     #[case::settings_null(
         r#"
 ---
 example:
-  url: file:///tmp/namespace-validate-policy.wasm
+  module: file:///tmp/namespace-validate-policy.wasm
   settings: null
 "#, json!({})
     )]
     #[case::settings_provided(
         r#"
 ---
 example:
-  url: file:///tmp/namespace-validate-policy.wasm
+  module: file:///tmp/namespace-validate-policy.wasm
   settings:
     "counter": 1
     "items": ["a", "b"]
@@ -617,7 +617,7 @@ example:
         let policies_yaml = r#"
 ---
 example:
-  url: file:///tmp/namespace-validate-policy.wasm
+  module: file:///tmp/namespace-validate-policy.wasm
   settings: {}
 "#;
         let mut temp_file = NamedTempFile::new().unwrap();
@@ -654,17 +654,17 @@ example:
         r#"
 ---
 example:
-  url: file:///tmp/namespace-validate-policy.wasm
+  module: file:///tmp/namespace-validate-policy.wasm
   settings: {}
 group_policy:
   expression: "true"
   message: "group policy message"
   policies:
     policy1:
-      url: file:///tmp/namespace-validate-policy.wasm
+      module: file:///tmp/namespace-validate-policy.wasm
       settings: {}
     policy2:
-      url: file:///tmp/namespace-validate-policy.wasm
+      module: file:///tmp/namespace-validate-policy.wasm
       settings: {}
 "#,
         true
@@ -673,7 +673,7 @@ group_policy:
         r#"
 ---
 example/invalid:
-  url: file:///tmp/namespace-validate-policy.wasm
+  module: file:///tmp/namespace-validate-policy.wasm
   settings: {}
 "#,
         false
@@ -682,17 +682,17 @@ example/invalid:
         r#"
 ---
 example:
-  url: file:///tmp/namespace-validate-policy.wasm
+  module: file:///tmp/namespace-validate-policy.wasm
   settings: {}
 group_policy:
   expression: "true"
   message: "group policy message"
   policies:
     policy1/a:
-      url: file:///tmp/namespace-validate-policy.wasm
+      module: file:///tmp/namespace-validate-policy.wasm
       settings: {}
     policy2:
-      url: file:///tmp/namespace-validate-policy.wasm
+      module: file:///tmp/namespace-validate-policy.wasm
       settings: {}
 "#,
         false

src/evaluation/evaluation_environment.rs

@@ -214,7 +214,7 @@ impl<'engine, 'precompiled_policies> EvaluationEnvironmentBuilder<'engine, 'prec
 
             match policy {
                 PolicyOrPolicyGroup::Policy {
-                    url,
+                    module: url,
                     policy_mode,
                     allowed_to_mutate,
                     context_aware_resources,
@@ -297,7 +297,7 @@ impl<'engine, 'precompiled_policies> EvaluationEnvironmentBuilder<'engine, 'prec
                         if let Err(e) = self.bootstrap_policy(
                             &mut eval_env,
                             policy_id.clone(),
-                            &policy.url,
+                            &policy.module,
                             policy_evaluation_settings,
                             eval_ctx,
                         ) {
@@ -820,7 +820,7 @@ mod tests {
             policies.insert(
                 policy_id.to_string(),
                 PolicyOrPolicyGroup::Policy {
-                    url: policy_url.clone(),
+                    module: policy_url.clone(),
                     policy_mode: PolicyMode::Protect,
                     allowed_to_mutate: None,
                     settings: None,
@@ -838,7 +838,7 @@ mod tests {
                 policies: vec![(
                     "happy_policy_1".to_string(),
                     PolicyGroupMember {
-                        url: "file:///tmp/happy_policy_1.wasm".to_string(),
+                        module: "file:///tmp/happy_policy_1.wasm".to_string(),
                         settings: None,
                         context_aware_resources: BTreeSet::new(),
                     },
@@ -865,7 +865,7 @@ mod tests {
                 policies: vec![(
                     "happy_policy_1".to_string(),
                     PolicyGroupMember {
-                        url: "file:///tmp/happy_policy_1.wasm".to_string(),
+                        module: "file:///tmp/happy_policy_1.wasm".to_string(),
                         settings: None,
                         context_aware_resources: BTreeSet::new(),
                     },
@@ -902,7 +902,7 @@ mod tests {
                 policies: vec![(
                     "happy_policy_1".to_string(),
                     PolicyGroupMember {
-                        url: "file:///tmp/happy_policy_1.wasm".to_string(),
+                        module: "file:///tmp/happy_policy_1.wasm".to_string(),
                         settings: None,
                         context_aware_resources: BTreeSet::new(),
                     },
@@ -921,23 +921,23 @@ mod tests {
                     (
                         "happy_policy_1".to_string(),
                         PolicyGroupMember {
-                            url: "file:///tmp/happy_policy_1.wasm".to_string(),
+                            module: "file:///tmp/happy_policy_1.wasm".to_string(),
                             settings: None,
                             context_aware_resources: BTreeSet::new(),
                         },
                     ),
                     (
                         "unhappy_policy_1".to_string(),
                         PolicyGroupMember {
-                            url: "file:///tmp/unhappy_policy_1.wasm".to_string(),
+                            module: "file:///tmp/unhappy_policy_1.wasm".to_string(),
                             settings: None,
                             context_aware_resources: BTreeSet::new(),
                         },
                     ),
                     (
                         "unhappy_policy_2".to_string(),
                         PolicyGroupMember {
-                            url: "file:///tmp/unhappy_policy_1.wasm".to_string(),
+                            module: "file:///tmp/unhappy_policy_1.wasm".to_string(),
                             settings: None,
                             context_aware_resources: BTreeSet::new(),
                         },
@@ -959,23 +959,23 @@ mod tests {
                     (
                         "happy_policy_1".to_string(),
                         PolicyGroupMember {
-                            url: "file:///tmp/happy_policy_1.wasm".to_string(),
+                            module: "file:///tmp/happy_policy_1.wasm".to_string(),
                             settings: None,
                             context_aware_resources: BTreeSet::new(),
                         },
                     ),
                     (
                         "unhappy_policy_1".to_string(),
                         PolicyGroupMember {
-                            url: "file:///tmp/unhappy_policy_1.wasm".to_string(),
+                            module: "file:///tmp/unhappy_policy_1.wasm".to_string(),
                             settings: None,
                             context_aware_resources: BTreeSet::new(),
                         },
                     ),
                     (
                         "unhappy_policy_2".to_string(),
                         PolicyGroupMember {
-                            url: "file:///tmp/unhappy_policy_1.wasm".to_string(),
+                            module: "file:///tmp/unhappy_policy_1.wasm".to_string(),
                             settings: None,
                             context_aware_resources: BTreeSet::new(),
                         },