Feature Overview

The sprig library includes a "fail" function that can be used to intentionally throw an error during policy templating. This would be useful when other template logic determines that conditions are not correct but no other function explicitly fails. For example, when using fromConfigMap to retrieve a key that is not present, the function produces a empty string and not an error, when sometimes a missing key is evidence of misconfiguration and should prevent the template from resolving.

Currently there are workarounds for this like calling functions that will intentionally fail (such as looking up a resource that is known to not exist, or using lookup instead of fromConfigMap so that accessing nonexistent elements fail) but this has less clarity than a fail function that allows for custom error messages and can be unsafe (e.g. a resource with that name used to create errors is created).

Goals{}

• Able to safely report misconfiguration and prevent templates relying on misconfigured resources from resolving or enforcing.

Requirements

This Section: A list of specific needs or objectives that a Feature must
deliver to satisfy the Feature.. Some requirements will be flagged as MVP.
If an MVP gets shifted, the feature shifts. If a non MVP requirement slips,
it does not shift the feature.

Background, and strategic fit

Templates are enforced by ACM governance, so if a misconfigured element is used by a template it could enforce incorrect manifests on a cluster. Providing a option to safely fail encourages safe and secure design of templates by providing a obvious way to expose errors.

Documentation Considerations

• Would need to be added to list of ACM functions in documentation, with example of syntax and usage.