Skip to content

Document how to use policy/lib functions in custom policies #1747

Description

@st3penta

Users writing their own custom Conforma/EC policies may want to import and reuse the helper functions provided by the policy/lib package (e.g. data.lib.metadata.result_helper, data.lib.tekton, data.lib.image, data.lib.time, etc.) rather than reimplementing common patterns.

Currently, there is no documentation explaining:

  • What library packages are available and what functions they expose
  • How to import policy/lib alongside custom policy rules (via policy config sources or OCI bundles)
  • Examples of writing a custom policy rule that uses lib helpers (e.g. using result_helper for consistent violation formatting, or data.lib.tekton for accessing task results)
  • The relationship between the deprecated data.lib.* paths and the new domain-specific packages (data.lib.metadata.*, data.lib.tekton.*, etc.)

The authoring.adoc page covers rule annotations and pitfalls but does not mention the lib package at all. The policy_bundles.adoc page notes that lib is included in the bundles but doesn't explain how to use it. The backwards-compatibility shim in policy/lib/lib.rego was explicitly added for external consumers, confirming this is a supported use case.

Acceptance Criteria:

  • Add a section to the policy authoring docs (or a dedicated page) documenting the available policy/lib sub-packages and their key functions
  • Provide at least one example of a custom policy rule that imports and uses lib helpers
  • Explain how to include policy/lib in a policy configuration for custom policies
  • Note the deprecation of the old data.lib.* paths in favor of the new domain-specific packages

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationImprovements or additions to documentationgood first issueGood for newcomers

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions