A tool to pull all the known_package standard violations for a catalog and then do a regex lookup and create overrides if desired.
You don't need to unless it solves a workflow challenge involving the known_packages standard. The known_packages standard will trigger for all internal packages that a company uses, essentially any package that is unknown to the upstream repositories. This can create a lot of noise for companies that use a lot of internal packages. This script automates matching packages that have triggered the known_package standard in a catalog, creates an override for the packages that match and then writes the misses to a .csv report for further investigation.
Note: Creating overrides in an automated fasion should be done with care. Start with patterns that you're confident with, review the packages that are misses and also audit the override export report to ensure that a packages override isn't being created for a truly unknown package.
Note: This iteration of regerride creates a package override without specifying specific releases and results in a wildcard being set for the release. This approach has drawnbacks from a security perspective.
- Ensure you have python 3.9 or higher installed.
There are five variables that need to be set in order for the script to execute properly
- ORGANIZATION - Set in the script, scipt can be modified ot use it as an envar if desired
- CATALOG - Set in the script, scipt can be modified ot use it as an envar if desired
- CATALOG_STANDARD - This script is intended to be used with the
known_packagesstandard but could be adapted to work with other standards - TIDELIFT_API_KEY - This script requires a user api key which needs to be set as an environment variable and stored securly as a secret variable.
- OVERRIDE_STATUS - an override can have a status of
approvedordenied
The regex patterns are added to a control file calls package_patterns.txt. Add one or more package name patterns for the script to look for matches.