Currently, Engine is responsible for returning an enforcement action. This was originally intended to allow for the possibility of dynamic enforcement actions, but that would be incompatible with the capabilities of the CEL KEP. As such, it should be removed.
|
enforcementAction, found, err := unstructured.NestedString(constraint.Object, "spec", "enforcementAction") |
|
if err != nil { |
|
return nil, err |
|
} |
|
if !found { |
|
enforcementAction = apiconstraints.EnforcementActionDeny |
|
} |
|
|
|
result.EnforcementAction = enforcementAction |
Currently, Engine is responsible for returning an enforcement action. This was originally intended to allow for the possibility of dynamic enforcement actions, but that would be incompatible with the capabilities of the CEL KEP. As such, it should be removed.
frameworks/constraint/pkg/client/drivers/to_result.go
Lines 82 to 90 in 9f70a3e