Currently, OPA policies are only handed the input properties of the resource in question, which is available via the input variable in the .rego file.
However, Pulumi Policies have access to a larger set of inputs from the AnalyzeRequest type - including the following in addition to input properties:
type
urn
name
options
provider
Ideally, these would all be available to policy evaluation in addition to input properties.
We will need to understand whether we can/should introduce these via a breaking change to the existing input variable, or via a new source that can be referenced from the .rego policies.
Currently, OPA policies are only handed the input properties of the resource in question, which is available via the
inputvariable in the.regofile.However, Pulumi Policies have access to a larger set of inputs from the
AnalyzeRequesttype - including the following in addition to input properties:typeurnnameoptionsproviderIdeally, these would all be available to policy evaluation in addition to input properties.
We will need to understand whether we can/should introduce these via a breaking change to the existing
inputvariable, or via a new source that can be referenced from the.regopolicies.