Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support nested conditions in custom rule #86

Open
9albi opened this issue Jul 25, 2024 · 0 comments
Open

Support nested conditions in custom rule #86

9albi opened this issue Jul 25, 2024 · 0 comments

Comments

@9albi
Copy link

9albi commented Jul 25, 2024

Problem

It's not possible to have composite rule within custom rule due to Terraform SDK limitation (nested datastructure as a schema is not supported)
Its possible to create a nested custom rule with api (in json)

// custom rule configuration json
"rules": [
        {
            "conditions": {
                "any": [
                    {
                        "all": [
                            // condition 1
                        ]
                    },
                    {
                        "all": [
                            // condition 2
                             ,
                           // condition 3
                        ]
                    }
                ]
            },
            // event 
        }
    ]

This rule cannot be translated directly into HCL conformity_custom_rule rules block.

Proposal

One way of solving this would be to:

  • remove the operation from the rules attributes
  • conditions type is string(validated as a json) that can be generated
  • passthrough the value of conditions to api request payload without extra processing
// conformity_custom_rule
  rules {
    event_type = ""
    conditions = jsonencode(
        {
          any = [{
            all = [
              {
                fact     = ""
                operator = ""
                value    = ""
              }
            ]
            },
            {
              all = [
                {
                  fact     = ""
                  operator = ""
                  value    = ""
                },
                {
                  fact     = ""
                  operator = ""
                  value    = ""
                }
              ]
          }]
        }
      )
  }

I don't hold this for the best solution but I would still like to hear your opinion
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@9albi