Example Entity Checker Policy
This is an example policy for the OPA Entity Checker plugin. This policy is used to check if an entity has the correct metadata set. This could be used as a starting point for your own policies.
package entity_checker
import rego.v1
# Helper function to check if the entity has a system set
is_system_present if {
input.spec.system
}
# Check if the entity has tags set, if not add a warning violation
violation contains {"check_title": entity_check, "message": msg, "level": "warning"} if {
not input.metadata.tags
entity_check := "Tags"
msg := "You do not have any tags set!"
}
# Check the lifecycle of the entity and if it is not valid add an error violation
violation contains {"check_title": entity_check, "message": msg, "level": "error"} if {
valid_lifecycles = {"production", "development", "experimental"}
not valid_lifecycles[input.spec.lifecycle]
entity_check := "Lifecycle"
msg := "Incorrect lifecycle, should be one of production, development, or experimental!"
}
# Check if the entity has a system set, if not add an error violation
violation contains {"check_title": entity_check, "message": msg, "level": "error"} if {
not is_system_present
entity_check := "System"
msg := "System is missing!"
}
# Check if the entity type is valid, if not add an error violation
violation contains {"check_title": entity_check, "message": msg, "level": "error"} if {
valid_types = {"website", "library", "service"}
not valid_types[input.spec.type]
entity_check := "Type"
msg := "Incorrect component type!"
}