Skip to content

Commit

Permalink
Add config per policy source
Browse files Browse the repository at this point in the history
  • Loading branch information
lcarva committed Sep 19, 2023
1 parent df2bb8a commit eb47aa6
Show file tree
Hide file tree
Showing 7 changed files with 101 additions and 4 deletions.
16 changes: 16 additions & 0 deletions api/config/appstudio.redhat.com_enterprisecontractpolicies.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,22 @@ spec:
items:
description: Source defines policies and data that are evaluated together
properties:
config:
description: Config specifies which policy rules are included, or excluded, from the provided policy source urls.
properties:
exclude:
description: Exclude is a set of policy exclusions that, in case of failure, do not block the success of the outcome.
items:
type: string
type: array
x-kubernetes-list-type: set
include:
description: Include is a set of policy inclusions that are added to the policy evaluation. These take precedence over policy exclusions.
items:
type: string
type: array
x-kubernetes-list-type: set
type: object
data:
description: List of go-getter style policy data source urls
items:
Expand Down
22 changes: 21 additions & 1 deletion api/v1alpha1/enterprisecontractpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,9 +61,29 @@ type Source struct {
// +optional
// +kubebuilder:validation:Type:=object
RuleData *extv1.JSON `json:"ruleData,omitempty"`
// Config specifies which policy rules are included, or excluded, from the
// provided policy source urls.
// +optional
// +kubebuilder:validation:Type:=object
Config SourceConfig `json:"config,omitempty"`
}

// SourceConfig specifies config options for a policy source.
type SourceConfig struct {
// Exclude is a set of policy exclusions that, in case of failure, do not block
// the success of the outcome.
// +optional
// +listType:=set
Exclude []string `json:"exclude,omitempty"`
// Include is a set of policy inclusions that are added to the policy evaluation.
// These take precedence over policy exclusions.
// +optional
// +listType:=set
Include []string `json:"include,omitempty"`
}

// EnterpriseContractPolicyConfiguration configuration of modifications to policy evaluation
// EnterpriseContractPolicyConfiguration configuration of modifications to policy evaluation.
// DEPRECATED: Use the config for a policy source instead.
type EnterpriseContractPolicyConfiguration struct {
// Exclude set of policy exclusions that, in case of failure, do not block
// the success of the outcome.
Expand Down
26 changes: 26 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,22 @@ spec:
items:
description: Source defines policies and data that are evaluated together
properties:
config:
description: Config specifies which policy rules are included, or excluded, from the provided policy source urls.
properties:
exclude:
description: Exclude is a set of policy exclusions that, in case of failure, do not block the success of the outcome.
items:
type: string
type: array
x-kubernetes-list-type: set
include:
description: Include is a set of policy inclusions that are added to the policy evaluation. These take precedence over policy exclusions.
items:
type: string
type: array
x-kubernetes-list-type: set
type: object
data:
description: List of go-getter style policy data source urls
items:
Expand Down
3 changes: 2 additions & 1 deletion docs/modules/ROOT/examples/k8s-example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ spec:
- room_temperature
description: ACME & co policy
sources:
- data:
- config: {}
data:
- git::https://github.com/acme/ec-policy.git//data?ref=prod
name: simple
policy:
Expand Down
3 changes: 2 additions & 1 deletion docs/modules/ROOT/examples/spec-example.json
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@
],
"data": [
"git::https://github.com/acme/ec-policy.git//data?ref=prod"
]
],
"config": {}
}
],
"configuration": {
Expand Down
19 changes: 18 additions & 1 deletion docs/modules/ROOT/pages/reference.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Appears In: xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contr
[id="{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-enterprisecontractpolicyconfiguration"]
=== EnterpriseContractPolicyConfiguration

EnterpriseContractPolicyConfiguration configuration of modifications to policy evaluation
EnterpriseContractPolicyConfiguration configuration of modifications to policy evaluation. DEPRECATED: Use the config for a policy source instead.

[quote]
Appears In: xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-enterprisecontractpolicyspec[$$EnterpriseContractPolicySpec$$]
Expand Down Expand Up @@ -133,6 +133,23 @@ Appears In: xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contr
| *`policy`* __string array__ | List of go-getter style policy source urls
| *`data`* __string array__ | List of go-getter style policy data source urls
| *`ruleData`* __JSON__ | Arbitrary rule data that will be visible to policy rules
| *`config`* __xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-sourceconfig[$$SourceConfig$$]__ | Config specifies which policy rules are included, or excluded, from the provided policy source urls.
|===


[id="{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-sourceconfig"]
=== SourceConfig

SourceConfig specifies config options for a policy source.

[quote]
Appears In: xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-source[$$Source$$]

[cols="25a,75a", options="header"]
|===
| Field | Description
| *`exclude`* __string array__ | Exclude is a set of policy exclusions that, in case of failure, do not block the success of the outcome.
| *`include`* __string array__ | Include is a set of policy inclusions that are added to the policy evaluation. These take precedence over policy exclusions.
|===


0 comments on commit eb47aa6

Please sign in to comment.