Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flesh out base Rego module #2

Open
mansam opened this issue Jan 25, 2024 · 0 comments
Open

Flesh out base Rego module #2

mansam opened this issue Jan 25, 2024 · 0 comments

Comments

@mansam
Copy link
Collaborator

mansam commented Jan 25, 2024
edited
Loading

In the current prototype, the resources are pulled down into lists that are organized by namespace. This mapping of namespaces to lists of resources is what is used as input to the policy engine. To simplify rules writing and cut down on boilerplate, we should establish a Rego base module that provides convenient ways to access the data pulled down from the cluster, that other policies can import and use. For example, the following Rego module would create collections named deployments and pods that consist of all of the objects of the appropriate kinds from all namespaces.

package lib.konveyor
import future.keywords

deployments[deployment] {
    some list in input.namespaces[_]
    some item in list.items
    item.kind == "Deployment"
    deployment := item
}

pods[pod] {
    some list in input.namespaces[_]
    some item in list.items
    item.kind == "Pod"
    pod := item
}

(We also may want to reconsider the way resources are pulled from the cluster and organized prior to feeding them into the policy engine, if we can come up with a way that will further simplify rule writing.)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mansam