frameworks icon indicating copy to clipboard operation
frameworks copied to clipboard

Published 20 hours ago verified publisher icon open-policy-agent

Driver interface `AddConstraint` improvement

Open acpana opened this issue 1 year ago • 0 comments

overview

At the moment, AddConstraint's definition (docs) states:

        // AddConstraint adds a Constraint to Driver for a particular Template. Future
	// calls to Query may reference the added Constraint. Replaces the existing
	// Constraint if it already exists.
        AddConstraint(ctx context.Context, constraint *unstructured.Unstructured) error

However, if no Template has already been added, via AddTemplate, the behavior is undefined. At present, the rego driver "fails silently":

https://github.com/open-policy-agent/frameworks/blob/3f237e2710faee505189afd605cfe75ed89dd446/constraint/pkg/client/drivers/rego/driver.go#L150-L164

solutions

  1. Define the behavior and enforce it. Update the docs and if the targets is not found err out with some helpful error like TemplateNotFound 
targets, found := ...
if not found, error
  1. Modify the signature of AddConstraint to also include the Template that we want to associate the Constraint with. This approach would probably require some rethinking or regrokking of the flow for both AddTemplate and AddConstraint so it may actually be more work than value.

acpana avatar Apr 21 '23 00:04 acpana