Open adriil opened 1 year ago
Hi, thanks for reporting the issue
At first glance, this built-in is implemented for gatekeeper's internals: https://open-policy-agent.github.io/gatekeeper/website/docs/externaldata/#motivation. Similar to external_data
's functionality in gatekeeper, we could lean on OPA's http.send
in Conftest and manually download/upload artifacts using http calls (it'd be supported by default, as long as it's not restricted via capabilities
)
Nevertheless, if it's a must/nice-to-have requirement, then we could consider either adding this to Conftest built-ins: https://github.com/open-policy-agent/conftest/tree/master/builtins OR sending the built-in from gatekeeper to OPA upstream in a way Conftest could inherit as well
Hi, thanks for the hint @boranx. I stumbled upon the same with is_exempt() (part of each lib_exclude_update.rego file in the gatekeeper library).
Hi team,
I've a policy that uses
external_data
built-in function, but the compilation fails withundefined function external_data
:import data.lib.kubernetes
violation[{"msg": msg}] {
build a list of keys containing images
}
response_with_error(response) { count(response.errors) > 0 }
response_with_error(response) { count(response.system_error) > 0 }