docs: add validation to unresolved questions

Signed-off-by: Fabrizio Sestito <[email protected]>
kubewarden · Jun 18, 2024 · 59e6b41 · 59e6b41
1 parent e05159b
commit 59e6b41
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/rfc/0020-policy-group.md b/rfc/0020-policy-group.md
@@ -276,3 +276,9 @@ This approach has the following drawbacks:
 Unfortuantely, no production-ready CEL library is available for Rust.
 Some experimentes were made with [cel-rust](https://github.com/clarkmcc/cel-rust) and [rscel](https://github.com/1BADragon/rscel)
 but they do not pass the official compliance tests yet and are not actively developed.
+
+Furthermore, using two different expression languages in the Kubewarden controller and the policy server could lead to inconsistencies in the validation step.
+For instance, it is possibilie that an expression that is valid in the Kubewarden controller is not valid in the policy server.
+With the current proposal, this expression `"foo".startsWith("f") && policy_1() || policy_2()` would be valid in the Kubewarden controller but not in the policy server,
+since Rhai can be customized to strip down types, standard library functions, and operators that are not needed, keeping only the policy functions and the logical operators.
+However, [this issue](https://github.com/google/cel-go/issues/899) hints that CEL could be stripped down to a minimal set of functionalities as well.