Hi All, i installed OPA gatekeeper on a downstream...
# general
Hi All, i installed OPA gatekeeper on a downstream cluster from Rancher UI. The requirement is to create a custom OPA policy template which matches two arrays. The arrays are definition of port numbers. For simplicity sake, i have the following:
Copy code
import <http://future.keywords.in|future.keywords.in>

violation[{"msg": msg}] {
    allowedPorts := [8161, 9404, 61616, 5445, 9999, 2022]
    actualPorts := [8161, 9404, 61616, 5445]

	some port in actualPorts; not port in allowedPorts
    msg := sprintf("service has forbidden exposed ports: %v", [actualPorts])
the idea is that if a port in
doesn't match any in
, it should result in a violation. this works fine on the OPA playground. but it doesn't work when used as OPA template in Rancher. it seems the
doesn't work. i've tried
import data.lib.future.keywords
import '<http://github.com/open-policy-agent/opa/internal/future|github.com/open-policy-agent/opa/internal/future>'
, Q> any ideas on how i can compare the arrays or import the required module?