-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlocals.fp
169 lines (162 loc) · 4.56 KB
/
locals.fp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
locals {
gcp_labels_common_tags = {
category = "labels"
plugin = "gcp"
service = "GCP"
}
}
// Notification level
locals {
notification_level_enum = ["info", "verbose", "error"]
}
// Consts
locals {
level_verbose = "verbose"
level_info = "info"
level_error = "error"
style_ok = "ok"
style_info = "info"
style_alert = "alert"
}
// Common Texts
locals {
description_database = "Database connection string."
description_approvers = "List of notifiers to be used for obtaining action/approval decisions."
description_connection = "Name of the GCP connection to be used for any authenticated actions."
description_max_concurrency = "The maximum concurrency to use for responding to detection items."
description_notifier = "The name of the notifier to use for sending notification messages."
description_notifier_level = "The verbosity level of notification messages to send."
description_default_action = "The default action to use for the detected item, used if no input is provided."
description_enabled_actions = "The list of enabled actions to provide to approvers for selection."
description_trigger_enabled = "If true, the trigger is enabled."
description_trigger_schedule = "The schedule on which to run the trigger if enabled."
}
locals {
base_label_rules = {
add = try(var.base_label_rules.add, {})
remove = try(var.base_label_rules.remove, [])
remove_except = try(var.base_label_rules.remove_except, [])
update_keys = try(var.base_label_rules.update_keys, {})
update_values = try(var.base_label_rules.update_values, {})
}
}
locals {
incorrect_labels_default_action_enum = ["notify", "apply", "skip"]
}
locals {
operators = ["~", "~*", "like", "ilike", "="]
labels_query_template = <<-EOF
with original_labels as (
select
__TITLE__ as title,
__ID__ as id,
project,
sp_connection_name as conn,
__ZONE__ as zone,
coalesce(labels, '{}'::jsonb) as labels,
l.key,
l.value
from
__TABLE_NAME__
left join
jsonb_each_text(labels) as l(key,value) on true
),
updated_labels as (
select
id,
key as old_key,
case
when false then key
__UPDATE_KEYS_OVERRIDE__
else key
end as new_key,
value
from
original_labels
),
required_labels as (
select
r.id,
null as old_key,
a.key as new_key,
a.value
from
(select distinct __ID__ as id from __TABLE_NAME__) r
cross join (
values
__ADD_OVERRIDE__
) as a(key, value)
where not exists (
select 1 from updated_labels ul where ul.id = r.id and ul.new_key = a.key
)
),
all_labels as (
select id, old_key, new_key, value from updated_labels
union all
select id, old_key, new_key, value from required_labels where new_key is not null
),
allowed_labels as (
select distinct
id,
new_key
from (
select
id,
new_key,
case
__REMOVE_EXCEPT_OVERRIDE__
else false
end as allowed
from all_labels
) a
where allowed = true
),
remove_labels as (
select distinct id, key from (
select
id,
new_key as key,
case
__REMOVE_OVERRIDE__
else false
end as remove
from all_labels) r
where remove = true
union
select id, old_key as key from all_labels where old_key is not null and old_key != new_key
union
select id, new_key as key from all_labels a where not exists (select 1 from allowed_labels al where al.id = a.id and al.new_key = a.new_key)
),
updated_values as (
select
id,
new_key,
value as old_value,
case
when false then value
__UPDATE_VALUES_OVERRIDE__
else value
end as updated_value
from
all_labels
)
select * from (
select
l.title,
l.id::text,
l.project,
l.zone,
l.conn,
coalesce((select jsonb_agg(key) from remove_labels rl where rl.id = l.id and key is not null), '[]'::jsonb) as remove,
coalesce((select jsonb_object_agg(al.new_key, al.value) from all_labels al where al.id = l.id and al.new_key != coalesce(al.old_key, '') and not exists (
select 1 from remove_labels rl where rl.id = al.id and rl.key = al.new_key
)), '{}'::jsonb) || coalesce((select jsonb_object_agg(uv.new_key, uv.updated_value) from updated_values uv where uv.id = l.id and uv.updated_value != uv.old_value and not exists (
select 1 from remove_labels rl where rl.id = uv.id and rl.key = uv.new_key
)), '{}'::jsonb) as upsert
from
original_labels l
group by l.title, l.id, l.project, l.zone, l.conn
) result
where remove != '[]'::jsonb or upsert != '{}'::jsonb;
EOF
}