Better abstraction of policy runtimes

kubewarden / policy-evaluator

Crate used by Kubewarden that is able to evaluate policies with a given input, request to evaluate and settings.

Apache License 2.0

15 stars 9 forks source link

Better abstraction of policy runtimes #24

Closed flavio closed 3 years ago

flavio commented 3 years ago

Right now policy-evaluator has to runtimes: waPC (the original one) and burrego (the one that handles OPA and Gatekeeper policies).

The current codebase deals with that by using some match statements (basically Rust equivalent of a switch). This makes the code ugly and hard to maintain.

We can remove this complexity by using some Rust traits.

For more details about the pieces of the code that have to be updated, take a look at the comments against this PR: https://github.com/kubewarden/policy-evaluator/pull/22

ereslibre commented 3 years ago

Unless I'm misunderstanding I wouldn't do this at this time. Currently, we have a Runtime enum, and based on the variant, the validate or validate_settings on the Runtime type will behave differently.

This is not a case of different types having to implement a common interface. Please, tell me if I'm missing anything here.

flavio commented 3 years ago

We discussed a possible alternative to this approach: create two structs that "hold" the functions needed by the evaluation. Then have the enum use the right struct.

This is a middle-ground solution, we can iterate over that if we're unhappy

ereslibre commented 3 years ago

Handled in https://github.com/kubewarden/policy-evaluator/pull/28