diff --git a/verifier/models.go b/verifier/models.go index 0f28164..d8bb9eb 100644 --- a/verifier/models.go +++ b/verifier/models.go @@ -23,6 +23,7 @@ type Constraint struct { Rule string `yaml:"rule"` AllowIfNoClaim bool `yaml:"allowIfNoClaim"` Warn bool `yaml:"warn"` + Debug string `yaml:"debug"` } type ExpectedStepPredicates struct { diff --git a/verifier/rules.go b/verifier/rules.go index 7ee3191..a968ea4 100644 --- a/verifier/rules.go +++ b/verifier/rules.go @@ -142,10 +142,18 @@ func applyAttributeRules(env *cel.Env, input interpreter.Activation, rules []Con switch result := out.Value().(type) { case bool: if !result { + var message string + if r.Debug == "" { + message = fmt.Sprintf("verification failed for rule '%s'", r.Rule) + } else { + message = fmt.Sprintf("%s\nin rule '%s'", r.Debug, r.Rule) + } + if !r.Warn { - return fmt.Errorf("verification failed for rule '%s'", r.Rule) + return fmt.Errorf(message) } - log.Warnf("Rule %s failed.", r.Rule) + + log.Warnf("%s", message) } case error: log.Info(result) diff --git a/verifier/verifier.go b/verifier/verifier.go index 168ddf5..9636d3b 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -266,6 +266,7 @@ func substituteParameters(layout *Layout, parameters map[string]string) (*Layout Rule: replace(replacer, attributeRule.Rule), AllowIfNoClaim: attributeRule.AllowIfNoClaim, Warn: attributeRule.Warn, + Debug: replace(replacer, attributeRule.Debug), } } }