Giters

loft-sh / jspolicy

jsPolicy - Easier & Faster Kubernetes Policies using JavaScript or TypeScript

Home Page:https://www.jspolicy.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Allow to parameterize the policies

as42sl opened this issue · comments

commented

Do you have a plan for parameterizing the policies to avoid duplicated code?

For example when I want to deny multiple namespaces I could write generic code that gets the namespace as a parameter and then create multiple JsPolicy files that reference the same JsPolicyBundle:

apiVersion: policy.jspolicy.com/v1beta1
kind: JsPolicy
metadata:
  name: "deny-default-namespace.example.com"
spec:
  bundle: "deny-namespace.example.com"
  operations: ["CREATE"]
  resources: ["*"]
  scope: Namespaced
  parameters:
     namespace: default

apiVersion: policy.jspolicy.com/v1beta1
kind: JsPolicy
metadata:
  name: "deny-other-namespace.example.com"
spec:
  bundle: "deny-namespace.example.com"
  operations: ["CREATE"]
  resources: ["*"]
  scope: Namespaced
  parameters:
     namespace: other