我正在尝试为允许策略覆盖但在正常情况下在简单JSON文档中使用“策略配置”的实现创建默认策略。
我将输入用作“策略配置”,数据是策略要处理的数据。数据本身是经过预处理的,其中“$error”是已评估错误的JSON元素。
该策略似乎工作正常,但据我了解,它必须是一种更简单的方式来表达相同的事物rego,因此也更加优化(当前的策略需要大约 1 毫秒来评估)。
操场包含以下要在线评估的设置。
干杯,马里奥 :)
输入.json
{
"range": {"IDT**": [-100, 100], "RHCS**": [20, 200]},
"report": ["ODT", "IDT_*_O2"],
"skip": ["IDT**"]
}
数据.json
{
"target": {
"IDT": 22,
"IDT_C1_O1": 22.2,
"IDT_C1_O2": 101,
"IDT_C1_O3": "$error",
"IDT_C1_O4": "$error",
"ODT": "$error",
"RHCS_C13_O44": "$error"
}
}
评估cbprovider rego策略后的输出是
{
"all_errors": [ "RHCS_C13_O44", "IDT_C1_O3", "IDT_C1_O4", "ODT", "IDT_C1_O2" ],
"report": [ "ODT", "IDT_C1_O2" ],
"skip": [ "IDT_C1_O3", "IDT_C1_O4" ]
}
package cbprovider
# Errors to be skipped
# If present in report as well it will not be skipped
# (report overrides skip)
skip[dp] {
my := data.target[dp]
my == "$error"
matchSkip(dp)
not matchReport(dp)
}
# Errors to be skipped when out of range
skip[dp] {
my := data.target[dp]
my != "$error"
matchSkip(dp)
not matchReport(dp)
range := get_range(dp)
not in_range(my, range[0], range[1])
}
# Errors to be reported
# If matches both in skip and report -> report overrides skip
report[dp] {
my := data.target[dp]
my == "$error"
matchReport(dp)
}
# Errors to be reported when out of range
report[dp] {
my := data.target[dp]
my != "$error"
matchReport(dp)
range := get_range(dp)
not in_range(my, range[0], range[1])
}
all_errors[dp] {
my := data.target[dp]
my == "$error"
}
all_errors[dp] {
my := data.target[dp]
my != "$error"
range := get_range(dp)
not in_range(my, range[0], range[1])
}
in_range(num, low, high) {
num >= low
num <= high
}
get_range(dp) = range {
some key
range := input.range[key]
glob.match(key, ["_"], dp)
}
matchSkip(dp) {
some i
input.skip[i]
glob.match(input.skip[i], ["_"], dp)
}
matchReport(dp) {
some i
input.report[i]
glob.match(input.report[i], ["_"], dp)
}