Open in app

Sign up

Sign in

Write

Sign up

Sign in

OPA/Rego — Generating Documentation

Patrick Picard
ITNEXT
Published in
2 min readSep 20, 2021

--

In my previous blog entry, I shared details about a tool called konstraint. That entry focused on generating YAML. As a follow up, I will delve deeper into the documentation generation capabilities.

Many programming languages make the use of documentation conventions in code and will often have annotations to support a parser to extract the data to generate documentation.

Konstraint does this for rego language. Let’s have a look at rego header and the available annotations & output documentation:

# @title this is a basic title for my policy
#
# This is the longer explanation of my policy details 
# and the opinions it enforces# @enforcement deny  # This is the default, but could be dryrun# The line below is used to generate the constraint by linking the resource types of interest to the policy
# @kinds core/pod bigquerydatasets.crnm.cloud.google.com/BigQueryDataset# The line below defines parameters for the ConstraintTemplate. As such, you need to define the Constraints yourself.
# @parameter <name> array string
# @parameter resource_types array string
  • @title — This becomes the heading for the policy in the documentation. It will also used in creating a table of contents
  • @enforcement — This documents whether the policy is deny or in dryrun mode. The default is deny
  • @kinds — Space separated list of resources in apiGroup/resourceName format for the Constraint to attach to.
  • @parameter — Defines a parameter for the ConstraintTemplate CRD and its data types

konstraint doc will parse rego files for documentation blocks as shown above and generate a policies.md file with a table of contents and the explanation for each policy.

To demonstrate the tool and the output, I have created a sample repository: https://github.com/patpicos/rego_doc_gen

Conclusion

Automated documentation generation is one more small step in ensuring the documentation is maintained and kept up to date. The make directives can be used in a pre-commit hook or in a CI pipeline to ensure the repository is up to date on every merge.

Opa Gatekeeper
Opa
Rego
Konstraint

--

--

Patrick Picard
ITNEXT
Follow

Written by Patrick Picard

347 Followers

Sr. Cloud Consultant

Follow

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams