Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-4697

RFE Create tools to assist in Policy development

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Done
    • Icon: Major Major
    • ACM 2.12.0
    • ACM 2.7.0
    • GRC
    • False
    • None
    • False
    • Not Selected
    • 0% To Do, 0% In Progress, 100% Done

      Epic Goal

      As a user writing templates in a policy there is no way to test to see the output of the template.  Currently you have to create a policy to see if there are any errors.  But that still does not show the output generated by the template. 

      Simple cases reading information from a secret isn't too difficult, however once you start trying to parse that data it become difficult and time consuming.  Consider a more difficult use case: Policy to clean up groups that are either empty or contain users which have been removed from the cluster.  https://gist.github.com/brian-jarvis/0752ae38e00158316d3e748fc3a1a993   It is very difficult to validate the policy generated to ensure it is correct.

      ACM should provide a tool that template code can be executed with and will return the generated output. 

       

      https://github.com/stolostron/go-template-utils?tab=readme-ov-file#template-resolver-cli-beta provides a starting place.  However, this needs to support the following use cases.

      • Ability to pipe the output from the PolicyGenerator execution to the TemplateResolver (TR).  The input may contain multiple Policies, Placements, Bindings, and PolicySets.  The output from the TR should be only the Policies. 
      • Ability to pass a manifest file that contains only a ConfigurationPolicy or object-templates-raw (ACM-11524.  If need be the TR could output a ConfigurationPolicy wrapping the object-templates-raw input manifest.
      • (Runway permitting) Dry run of ConfigurationPolicy in local-development for testing purposes

      Why is this important?

      Creating more advanced policies becomes very difficult.  This would enable customers to validate the Policy code before creating the policy in the cluster.

       

              gparvin-redhat Gus Parvin
              rhn-support-bjarvis Brian Jarvis
              Matthew Prahl Matthew Prahl
              Derek Ho Derek Ho
              Gus Parvin Gus Parvin
              Sho Weimer Sho Weimer
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: