-
Notifications
You must be signed in to change notification settings - Fork 19
Expand file tree
/
Copy pathmismatch_prefix_allowed_false.rego
More file actions
57 lines (47 loc) · 1.56 KB
/
mismatch_prefix_allowed_false.rego
File metadata and controls
57 lines (47 loc) · 1.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package aap_policy_examples
prefix_delimiter := "_"
# job_template_prefix extracts the substring before the first prefix_delimiter in `input.job_template.name`.
job_template_prefix := jtp if {
parts := split(input.job_template.name, prefix_delimiter)
jtp := parts[0]
}
# inventory_prefix extracts the substring before the first prefix_delimiter in `input.inventory.name`.
inventory_prefix := inv_pref if {
parts := split(input.inventory.name, prefix_delimiter)
inv_pref := parts[0]
}
# project_prefix extracts the substring before the first prefix_delimiter in `input.project.name`.
project_prefix := proj_pref if {
parts := split(input.project.name, prefix_delimiter)
proj_pref := parts[0]
}
# credentials_prefixes is a list of prefix values from each credential's name.
credentials_prefixes := [cprefix |
cred := input.credentials[_] # iterate over credentials
parts := split(cred.name, prefix_delimiter) # split name
cprefix := parts[0] # grab the first part
]
# mismatch is true if either:
# 1. The project prefix != job template prefix, OR
# 2. The inventory prefix != job template prefix OR
# 3. Any credential's prefix != job template prefix.
mismatch if {
project_prefix != job_template_prefix
}
mismatch if {
inventory_prefix != job_template_prefix
}
mismatch if {
some cp in credentials_prefixes
cp != job_template_prefix
}
default mismatch_prefix_allowed_false := {
"allowed": true,
"violations": [],
}
mismatch_prefix_allowed_false := {
"allowed": false,
"violations": ["Mismatch prefix between Inventory, Credentials and Project detected."],
} if {
mismatch
}