opa icon indicating copy to clipboard operation
opa copied to clipboard

Published 20 hours ago verified publisher icon open-policy-agent

Allow detached metadata block to annotate rules currently unreachable

Open anderseknert opened this issue 1 year ago • 0 comments

Using nested/ref head rules is nice, as it allows incrementally building nested structures. Given a common example like the one below however poses a challenge for metadata:

package policy

decision.allow if {
    # ... conditions ...
}

decision.reasons := message if {
    # ... conditions ...
}

The natural entrypoint here would be the decision rule/object, but it's currently not possibe to annotate as such, as any metadata block above the rules will be bound to the full path (e.g. decision.allow) and not just decision. It's not possible to create a "standalone" decision rule either, as that would conflict with the other declaration.

Allowing a detached metadata block for these rules would be helpful. We could use the scope attribute as a "free form" value that mus point to a path to a rule in the same package/file.

package policy

# METADATA
# scope: decision
# entrypoint: true

decision.allow if {
    # ... conditions ...
}

decision.reasons := message if {
    # ... conditions ...
}

anderseknert avatar Oct 29 '24 16:10 anderseknert