From fccc4b94a15e17dcbe9a3eba2fe2aa14b3f9475b Mon Sep 17 00:00:00 2001 From: Zoran Regvart Date: Tue, 24 Oct 2023 17:11:28 +0200 Subject: [PATCH] Add volatile configuration option With this it is now possible to define a per-source include or exclude configuration that is applicable for certain date range. resolves #191 --- ...redhat.com_enterprisecontractpolicies.yaml | 38 ++++++++++++++++ .../enterprisecontractpolicy_types.go | 29 ++++++++++++ api/v1alpha1/zz_generated.deepcopy.go | 45 +++++++++++++++++++ ...redhat.com_enterprisecontractpolicies.yaml | 38 ++++++++++++++++ docs/modules/ROOT/pages/reference.adoc | 27 +++++++++++ 5 files changed, 177 insertions(+) diff --git a/api/config/appstudio.redhat.com_enterprisecontractpolicies.yaml b/api/config/appstudio.redhat.com_enterprisecontractpolicies.yaml index 25323d4..ea76075 100644 --- a/api/config/appstudio.redhat.com_enterprisecontractpolicies.yaml +++ b/api/config/appstudio.redhat.com_enterprisecontractpolicies.yaml @@ -122,6 +122,44 @@ spec: description: Arbitrary rule data that will be visible to policy rules type: object x-kubernetes-preserve-unknown-fields: true + volatileConfig: + description: Specifies volatile configuration that can include or exclude policy rules based on effective time. + properties: + exclude: + description: Exclude is a set of policy exclusions that, in case of failure, do not block the success of the outcome. + items: + properties: + effectiveOn: + format: date-time + type: string + effectiveUntil: + format: date-time + type: string + value: + type: string + required: + - value + type: object + type: array + x-kubernetes-list-type: set + include: + description: Include is a set of policy inclusions that are added to the policy evaluation. These take precedence over policy exclusions. + items: + properties: + effectiveOn: + format: date-time + type: string + effectiveUntil: + format: date-time + type: string + value: + type: string + required: + - value + type: object + type: array + x-kubernetes-list-type: set + type: object type: object minItems: 1 type: array diff --git a/api/v1alpha1/enterprisecontractpolicy_types.go b/api/v1alpha1/enterprisecontractpolicy_types.go index f2eb1f1..8913ef6 100644 --- a/api/v1alpha1/enterprisecontractpolicy_types.go +++ b/api/v1alpha1/enterprisecontractpolicy_types.go @@ -69,6 +69,11 @@ type Source struct { // +optional // +kubebuilder:validation:Type:=object Config *SourceConfig `json:"config,omitempty"` + // Specifies volatile configuration that can include or exclude policy rules + // based on effective time. + // +optional + // +kubebuilder:validation:Type:=object + VolatileConfig *VolatileSourceConfig `json:"volatileConfig,omitempty"` } // SourceConfig specifies config options for a policy source. @@ -85,6 +90,30 @@ type SourceConfig struct { Include []string `json:"include,omitempty"` } +type VolatileCriteria struct { + Value string `json:"value"` + // +optional + // +kubebuilder:validation:Format:=date-time + EffectiveOn string `json:"effectiveOn,omitempty"` + // +optional + // +kubebuilder:validation:Format:=date-time + EffectiveUntil string `json:"effectiveUntil,omitempty"` +} + +// VolatileSourceConfig specifies volatile configuration for a policy source. +type VolatileSourceConfig struct { + // Exclude is a set of policy exclusions that, in case of failure, do not block + // the success of the outcome. + // +optional + // +listType=set + Exclude []VolatileCriteria `json:"exclude,omitempty"` + // Include is a set of policy inclusions that are added to the policy evaluation. + // These take precedence over policy exclusions. + // +optional + // +listType=set + Include []VolatileCriteria `json:"include,omitempty"` +} + // EnterpriseContractPolicyConfiguration configuration of modifications to policy evaluation. // DEPRECATED: Use the config for a policy source instead. type EnterpriseContractPolicyConfiguration struct { diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index e9afd48..d8f1c33 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -199,6 +199,11 @@ func (in *Source) DeepCopyInto(out *Source) { *out = new(SourceConfig) (*in).DeepCopyInto(*out) } + if in.VolatileConfig != nil { + in, out := &in.VolatileConfig, &out.VolatileConfig + *out = new(VolatileSourceConfig) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Source. @@ -235,3 +240,43 @@ func (in *SourceConfig) DeepCopy() *SourceConfig { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolatileCriteria) DeepCopyInto(out *VolatileCriteria) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolatileCriteria. +func (in *VolatileCriteria) DeepCopy() *VolatileCriteria { + if in == nil { + return nil + } + out := new(VolatileCriteria) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolatileSourceConfig) DeepCopyInto(out *VolatileSourceConfig) { + *out = *in + if in.Exclude != nil { + in, out := &in.Exclude, &out.Exclude + *out = make([]VolatileCriteria, len(*in)) + copy(*out, *in) + } + if in.Include != nil { + in, out := &in.Include, &out.Include + *out = make([]VolatileCriteria, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolatileSourceConfig. +func (in *VolatileSourceConfig) DeepCopy() *VolatileSourceConfig { + if in == nil { + return nil + } + out := new(VolatileSourceConfig) + in.DeepCopyInto(out) + return out +} diff --git a/config/crd/bases/appstudio.redhat.com_enterprisecontractpolicies.yaml b/config/crd/bases/appstudio.redhat.com_enterprisecontractpolicies.yaml index 25323d4..ea76075 100644 --- a/config/crd/bases/appstudio.redhat.com_enterprisecontractpolicies.yaml +++ b/config/crd/bases/appstudio.redhat.com_enterprisecontractpolicies.yaml @@ -122,6 +122,44 @@ spec: description: Arbitrary rule data that will be visible to policy rules type: object x-kubernetes-preserve-unknown-fields: true + volatileConfig: + description: Specifies volatile configuration that can include or exclude policy rules based on effective time. + properties: + exclude: + description: Exclude is a set of policy exclusions that, in case of failure, do not block the success of the outcome. + items: + properties: + effectiveOn: + format: date-time + type: string + effectiveUntil: + format: date-time + type: string + value: + type: string + required: + - value + type: object + type: array + x-kubernetes-list-type: set + include: + description: Include is a set of policy inclusions that are added to the policy evaluation. These take precedence over policy exclusions. + items: + properties: + effectiveOn: + format: date-time + type: string + effectiveUntil: + format: date-time + type: string + value: + type: string + required: + - value + type: object + type: array + x-kubernetes-list-type: set + type: object type: object minItems: 1 type: array diff --git a/docs/modules/ROOT/pages/reference.adoc b/docs/modules/ROOT/pages/reference.adoc index 63cbfe1..1f987a4 100644 --- a/docs/modules/ROOT/pages/reference.adoc +++ b/docs/modules/ROOT/pages/reference.adoc @@ -143,6 +143,7 @@ Appears In: xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contr | *`data`* __string array__ | List of go-getter style policy data source urls | *`ruleData`* __xref:{anchor_prefix}-k8s-io-apiextensions-apiserver-pkg-apis-apiextensions-v1-json[$$JSON$$]__ | Arbitrary rule data that will be visible to policy rules | *`config`* __xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-sourceconfig[$$SourceConfig$$]__ | Config specifies which policy rules are included, or excluded, from the provided policy source urls. +| *`volatileConfig`* __xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-volatilesourceconfig[$$VolatileSourceConfig$$]__ | Specifies volatile configuration that can include or exclude policy rules based on effective time. |=== @@ -162,3 +163,29 @@ Appears In: xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contr |=== +[id="{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-volatilecriteria"] +=== VolatileCriteria (xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-struct-value string -json-value- effectiveon string -json-effectiveon-omitempty- effectiveuntil string -json-effectiveuntil-omitempty-[$$struct{Value string "json:\"value\""; EffectiveOn string "json:\"effectiveOn,omitempty\""; EffectiveUntil string "json:\"effectiveUntil,omitempty\""}$$]) + + + +[quote] +Appears In: xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-volatilesourceconfig[$$VolatileSourceConfig$$] + + + +[id="{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-volatilesourceconfig"] +=== VolatileSourceConfig + +VolatileSourceConfig specifies volatile configuration for a policy source. + +[quote] +Appears In: xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-source[$$Source$$] + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`exclude`* __xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-volatilecriteria[$$VolatileCriteria$$] array__ | Exclude is a set of policy exclusions that, in case of failure, do not block the success of the outcome. +| *`include`* __xref:{anchor_prefix}-github-com-enterprise-contract-enterprise-contract-controller-api-v1alpha1-volatilecriteria[$$VolatileCriteria$$] array__ | Include is a set of policy inclusions that are added to the policy evaluation. These take precedence over policy exclusions. +|=== + +