Open cova-fe opened 2 years ago
Hi all, I'm working on some rego rules for RAM and I have some use cases where the usage of a single
deny [{}] {}, as recommended in current rego rules guide
deny [{}] {}
https://github.com/GoogleCloudPlatform/policy-library/blob/main/docs/constraint_template_authoring.md#write-rego-rule-for-constraint-template
could lead to some complex code.
So I'm wondering why it is not possible to use something like
allow {} deny [{ msg1 }] {logic} deny [{ msg2 }] {logic}
and so on. As this should be a valid rego approach, is there underlying issue that could prevent this approach? Thanks.
Hi all, I'm working on some rego rules for RAM and I have some use cases where the usage of a single
deny [{}] {}, as recommended in current rego rules guidehttps://github.com/GoogleCloudPlatform/policy-library/blob/main/docs/constraint_template_authoring.md#write-rego-rule-for-constraint-template
could lead to some complex code.
So I'm wondering why it is not possible to use something like
and so on. As this should be a valid rego approach, is there underlying issue that could prevent this approach? Thanks.