Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Annotation-based ignore #267

Open
mrueg opened this issue May 4, 2022 · 1 comment
Open

Annotation-based ignore #267

mrueg opened this issue May 4, 2022 · 1 comment
Labels
enhancement New feature or request examples

Comments

@mrueg
Copy link
Contributor

mrueg commented May 4, 2022

It would be interesting to extend the rego library with support for an annotation-based ignore.
An annotation could look like the following

konstraint/ignore: POL-0001, POL-0003

the logic could then allow to check for annotations on the object to ignore specific policies.

The policies itself should have a variable that allow this behavior, as the default should still be to enforce.
@jalseth jalseth added enhancement New feature or request examples labels May 5, 2022
@jalseth
Copy link
Collaborator

jalseth commented May 5, 2022

Hi @mrueg, thanks for filing this issue. If I understand correctly, the ask here is to add a rule that would except any resources with a label from a policy that matches one in a konstraint/ignore (or similar) annotation?

If so, I'd welcome a PR to add this to the examples to show what is possible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request examples
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mrueg @jalseth