Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow structured errors in rules #243

Merged
merged 5 commits into from Feb 19, 2020

Conversation

jpreese
Copy link
Member

@jpreese jpreese commented Feb 18, 2020

This is based heavily off of the work done by @gwkunze in #100. Master has diverged quite a bit since the original discussions and PRs, so the important bits were cherrypicked from there.

This PR enables rego rules to use structured errors in their rules

e.g.

warn[msg] {
  kubernetes.is_service
  msg = sprintf("Found service %s but services are not allowed", [name])
}

could now be

violation[{"msg": msg, "details":{"additional": "extra stuff here if wanted"}}] {
  kubernetes.is_service
  msg = sprintf("Found service %s but services are not allowed", [name])
}

This will enable us to support Gatekeeper policies that require a rule header of

violation[{"msg": msg, "details":{}}]

@jpreese jpreese mentioned this pull request Feb 18, 2020
@boranx
Copy link
Member

boranx commented Feb 19, 2020

@jpreese overall looks good
I'd prefer to merge it after commits are squashed into one.

@jpreese
Copy link
Member Author

jpreese commented Feb 19, 2020

@boranx once approved we can click the Squash and merge button. I usually don't bother squashing until that point.

boranx
boranx approved these changes Feb 19, 2020
Copy link
Member

@boranx boranx left a comment

lgtm

@jpreese jpreese merged commit 93ee280 into open-policy-agent:master Feb 19, 2020
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants