From 3e148ce7bcf9186f96f47ebe9088daf466052f55 Mon Sep 17 00:00:00 2001 From: Neeraj Tickoo Date: Mon, 19 Aug 2024 15:39:36 -0500 Subject: [PATCH] support conditional python policy evaluation. Description: if a python policy implements should_evaluate_policy method, it can choose to have its evaluate a resource or ignore to be part of policy engine evaluation chain. --- rpe/engines/python.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/rpe/engines/python.py b/rpe/engines/python.py index 869928d..76492ff 100644 --- a/rpe/engines/python.py +++ b/rpe/engines/python.py @@ -83,6 +83,13 @@ def evaluate(self, resource): for policy_name, policy_cls in matched_policies.items(): try: + if hasattr(policy_cls, "should_evaluate_policy"): + should_evaluate_policy_res = policy_cls.should_evaluate_policy(resource) + if not should_evaluate_policy_res: + print(f"Policy: {policy_name}, will not be evaluated for resource {resource} " + f"as should_evaluate_policy returned {should_evaluate_policy_res}") + continue + if hasattr(policy_cls, "evaluate"): eval_result = policy_cls.evaluate(resource) if not isinstance(eval_result, EvaluationResult):