class Spacelift::Policy::Rule
Rule
represents a single rule applied to all resources.
Attributes
check[RW]
matchers[RW]
name[R]
Public Class Methods
new(name) { |self| ... }
click to toggle source
# File lib/spacelift/policy/rule.rb, line 10 def initialize(name) @name = name @matchers = [] @check = nil yield self freeze validate end
Public Instance Methods
process(resource)
click to toggle source
# File lib/spacelift/policy/rule.rb, line 19 def process(resource) return [true, nil] if ok?(resource) [false, Violation.new(address: resource.address, rule: name)] end
then(&block)
click to toggle source
# File lib/spacelift/policy/rule.rb, line 25 def then(&block) raise Error, "check already defined on rule '#{name}'" if check self.check = block end
when(&block)
click to toggle source
# File lib/spacelift/policy/rule.rb, line 31 def when(&block) matchers << block self end
when_action_is(*actions)
click to toggle source
# File lib/spacelift/policy/rule.rb, line 36 def when_action_is(*actions) required = Set.new(actions) self.when do |resource| Set.new(resource.change.actions).intersect?(required) end end
when_managed()
click to toggle source
# File lib/spacelift/policy/rule.rb, line 44 def when_managed self.when { |resource| resource.mode == 'managed' } end
when_type_is(*types)
click to toggle source
# File lib/spacelift/policy/rule.rb, line 48 def when_type_is(*types) self.when { |resource| types.include?(resource.type) } end
Private Instance Methods
ok?(resource)
click to toggle source
# File lib/spacelift/policy/rule.rb, line 56 def ok?(resource) return true unless matchers.all? { |matcher| matcher.call(resource) } change = resource.change check.call(change.before, change.after) end
validate()
click to toggle source
# File lib/spacelift/policy/rule.rb, line 63 def validate raise Error, "no matchers defined on rule '#{name}'" if matchers.empty? raise Error, "no check defined on rule '#{name}'" unless check end