Users writing their own custom Conforma/EC policies may want to import and reuse the helper functions provided by the policy/lib package (e.g. data.lib.metadata.result_helper, data.lib.tekton, data.lib.image, data.lib.time, etc.) rather than reimplementing common patterns.
Currently, there is no documentation explaining:
- What library packages are available and what functions they expose
- How to import
policy/lib alongside custom policy rules (via policy config sources or OCI bundles)
- Examples of writing a custom policy rule that uses lib helpers (e.g. using
result_helper for consistent violation formatting, or data.lib.tekton for accessing task results)
- The relationship between the deprecated
data.lib.* paths and the new domain-specific packages (data.lib.metadata.*, data.lib.tekton.*, etc.)
The authoring.adoc page covers rule annotations and pitfalls but does not mention the lib package at all. The policy_bundles.adoc page notes that lib is included in the bundles but doesn't explain how to use it. The backwards-compatibility shim in policy/lib/lib.rego was explicitly added for external consumers, confirming this is a supported use case.
Acceptance Criteria:
- Add a section to the policy authoring docs (or a dedicated page) documenting the available
policy/lib sub-packages and their key functions
- Provide at least one example of a custom policy rule that imports and uses lib helpers
- Explain how to include
policy/lib in a policy configuration for custom policies
- Note the deprecation of the old
data.lib.* paths in favor of the new domain-specific packages
Users writing their own custom Conforma/EC policies may want to import and reuse the helper functions provided by the
policy/libpackage (e.g.data.lib.metadata.result_helper,data.lib.tekton,data.lib.image,data.lib.time, etc.) rather than reimplementing common patterns.Currently, there is no documentation explaining:
policy/libalongside custom policy rules (via policy config sources or OCI bundles)result_helperfor consistent violation formatting, ordata.lib.tektonfor accessing task results)data.lib.*paths and the new domain-specific packages (data.lib.metadata.*,data.lib.tekton.*, etc.)The
authoring.adocpage covers rule annotations and pitfalls but does not mention the lib package at all. Thepolicy_bundles.adocpage notes that lib is included in the bundles but doesn't explain how to use it. The backwards-compatibility shim inpolicy/lib/lib.regowas explicitly added for external consumers, confirming this is a supported use case.Acceptance Criteria:
policy/libsub-packages and their key functionspolicy/libin a policy configuration for custom policiesdata.lib.*paths in favor of the new domain-specific packages