HomePhabricator

Allow for configuration policies

Authored by dduvall on Mar 7 2018, 4:31 AM.

Description

Allow for configuration policies

Summary:
Implements a rough interface for validating configuration against
arbitrary policy rules. Policies are provided as YAML and passed via the
command line as file paths or remote URIs.

The format of policies is:

enforcements:
  - path: <path>
    rule: <rule>

Where <path> is a YAML-ish path to a config field and <rule> is any
expression our config validator understands (expressions built in by the
validator library and custom tags defined in config.validation.go).

Example policy:

enforcements:
  - path: variants.production.base
    rule: oneof=debian:jessie debian:stretch
  - path: variants.production.runs.as
    rule: ne=foo
  - path: variants.production.node.dependencies
    rule: isfalse

Command flag parsing was implemented in main.go to support the new
--policy=uri flag and improve existing handling of --version and the
usage statement.

Test Plan: Run go test ./....

Reviewers: thcipriani, demon, hashar, mmodell, Release-Engineering-Team

Reviewed By: thcipriani, Release-Engineering-Team

Tags: Release-Engineering-Team

Differential Revision: https://phabricator.wikimedia.org/D999

Details

Committed
dduvallMar 19 2018, 10:55 PM
Reviewer
Release-Engineering-Team
Differential Revision
D999: Allow for configuration policies
Parents
rGBLBR6896e655eb5c: Support Python projects
Branches
Unknown
Tags
Unknown
ChangeId
None