@@ -166,3 +166,189 @@ enable_rule["check_resource_class"]
166166
167167hard_fail["check_resource_class"]
168168----
169+
170+ [#contexts-allowed-by-project-ids]
171+ === `contexts_allowed_by_project_ids`
172+
173+ This function accepts project ids (`PROJECTS`) and
174+ context names (`ALLOWED_CONTEXTS`) as one of the following types:
175+
176+ * string
177+ * set of strings
178+ * array of strings
179+
180+ It prevents the usage of **any** context **not in** `ALLOWED_CONTEXTS` for **all** projects that are **in** `PROJECTS`.
181+
182+ [#definition-contexts-allowed-by-project-ids]
183+ ==== Definition
184+
185+ [source,rego]
186+ ----
187+ contexts_allowed_by_project_ids(
188+ PROJECTS: string | Array<string> | Set<string>
189+ ALLOWED_CONTEXTS: string | Array<string> | Set<string>
190+ )
191+ returns reason <type string>
192+ ----
193+
194+ [#usage-contexts-allowed-by-project-ids]
195+ ==== Usage
196+
197+ [source,rego]
198+ ----
199+ package org
200+
201+ import future.keywords
202+ import data.circleci.config
203+
204+ policy_name["a_unique_policy_name"]
205+
206+ rule_contexts_allowed_by_project_ids = config.contexts_allowed_by_project_ids(
207+ ["${PROJECT_1_UUID}","${PROJECT_2_UUID}"],
208+ ["${ALLOWED_CONTEXT_NAME_1}","${ALLOWED_CONTEXT_NAME_2}"]
209+ )
210+
211+ enable_rule["rule_contexts_allowed_by_project_ids"]
212+
213+ hard_fail["rule_contexts_allowed_by_project_ids"]
214+ ----
215+
216+ [#contexts-blocked-by-project-ids]
217+ === `contexts_blocked_by_project_ids`
218+
219+ This function accepts project IDs (`PROJECTS`) and
220+ context names (`BLOCKED_CONTEXTS`) as one of the following types:
221+
222+ * string
223+ * set of strings
224+ * array of strings
225+
226+ It blocks the usage of **any** context **in** `BLOCKED_CONTEXTS` for **all** projects **in** `PROJECTS`.
227+
228+ [#definition-contexts-blocked-by-project-ids]
229+ ==== Definition
230+
231+ [source,rego]
232+ ----
233+ contexts_blocked_by_project_ids(
234+ PROJECTS: string | Array<string> | Set<string>
235+ BLOCKED_CONTEXTS: string | Array<string> | Set<string>
236+ )
237+ returns reason: string
238+ ----
239+
240+ [#usage-contexts-blocked-by-project-ids]
241+ ==== Usage
242+
243+ [source,rego]
244+ ----
245+ package org
246+
247+ import future.keywords
248+ import data.circleci.config
249+
250+ policy_name["a_unique_policy_name"]
251+
252+ rule_contexts_blocked_by_project_ids = config.contexts_blocked_by_project_ids(
253+ ["${PROJECT_1_UUID}","${PROJECT_2_UUID}"],
254+ ["${BLOCKED_CONTEXT_1}","${BLOCKED_CONTEXT_2}"]
255+ )
256+
257+ enable_rule["rule_contexts_blocked_by_project_ids"]
258+
259+ hard_fail["rule_contexts_blocked_by_project_ids"]
260+ ----
261+
262+
263+ [#contexts-reserved-by-project-ids]
264+ === `contexts_reserved_by_project_ids`
265+
266+ This function accepts project ids (`PROJECTS`) and
267+ context names (`RESERVED_CONTEXTS`) as one of the following types:
268+
269+ * string
270+ * set of strings
271+ * array-of-strings
272+
273+ It blocks the usage of **any** context **in** `RESERVED_CONTEXTS` for **all** projects **not in** `PROJECTS`.
274+
275+ [#definition-contexts-reserved-by-project-ids]
276+ ==== Definition
277+
278+ [source,rego]
279+ ----
280+ contexts_reserved_by_project_ids(
281+ PROJECTS: string | Array<string> | Set<string>
282+ RESERVED_CONTEXTS: string | Array<string> | Set<string>
283+ )
284+ returns reason: string
285+ ----
286+
287+ [#usage-contexts-reserved-by-project-ids]
288+ ==== Usage
289+
290+ [source,rego]
291+ ----
292+ package org
293+
294+ import future.keywords
295+ import data.circleci.config
296+
297+ policy_name["a_unique_policy_name"]
298+
299+ rule_contexts_reserved_by_project_ids = config.contexts_reserved_by_project_ids(
300+ ["${PROJECT_1_UUID}","${PROJECT_2_UUID}"],
301+ ["${RESERVED_CONTEXT_1}","${RESERVED_CONTEXT_2}"]
302+ )
303+
304+ enable_rule["rule_contexts_reserved_by_project_ids"]
305+
306+ hard_fail["rule_contexts_reserved_by_project_ids"]
307+ ----
308+
309+
310+ [#contexts-reserved-by-branches]
311+ === `contexts_reserved_by_branches`
312+
313+ This function accepts VCS branch names (`BRANCHES`) and
314+ context names (`RESERVED_CONTEXTS`) as one of the following types:
315+
316+ * string
317+ * set-of-strings
318+ * array-of-strings
319+
320+ Branch names **not in** `BRANCHES` are **not** allowed to use the contexts **in** `RESERVED_CONTEXTS`, however, other contexts may be used.
321+
322+ [#definition-contexts-reserved-by-branches]
323+ ==== Definition
324+
325+ [source,rego]
326+ ----
327+ contexts_reserved_by_branches(
328+ BRANCHES: string | Array<string> | Set<string>
329+ CONTEXT_LIST: string | Array<string> | Set<string>
330+ )
331+ returns reason: string
332+ ----
333+
334+ [#usage-contexts-reserved-by-branches]
335+ ==== Usage
336+
337+ [source,rego]
338+ ----
339+ package org
340+
341+ import future.keywords
342+ import data.circleci.config
343+
344+ policy_name["a_unique_policy_name"]
345+
346+ rule_contexts_reserved_by_branches = config.contexts_reserved_by_branches(
347+ ["${BRANCH_1}, "${BRANCH_2}", "${BRANCH_3}"]",
348+ ["${RESERVED_CONTEXT_1}","${RESERVED_CONTEXT_2}"]
349+ )
350+
351+ enable_rule["rule_contexts_reserved_by_branches"]
352+
353+ hard_fail["rule_contexts_reserved_by_branches"]
354+ ----
0 commit comments