Chaining Datasources

A Datasource describes one type of API call. However, sometimes multiple levels of requests need to be made if you have a resource that is a subresource to another resource. For example, a policy validating that there are no publicly accessible S3 buckets must first fetch all the bucket names then fetch the ACLs for each bucket. In this case a datasource definition can reference a resources definition or another datasource definition. The syntax used to refer to a resources definition is @<resource definition name> and the syntax used to refer to another datasource definition is $<datasource definition name>. For example:

resources "clouds", type: "rs_cm.clouds" 

 

resources "instances", type: "rs_cm.instances" do 

   iterate @clouds# iterate through the data retrieved by the 

                              # "clouds" resource definition. 

 

   cloud_href href(iter_item) # iter_item returns the cloud data currently 

                              # being iterated on. 

end 

Note:iterate may appear only once in a given datasource definition.

As shown in the example above references are typically used together with the iterate reserved word to iterate over the elements of the data. If the data is not an array then iterate takes care of wrapping it with a single element array.

References may also be used directly as argument of other functions such as val, href, size or select.

Finally, references can be used when defining the parameters given to run_script:

datasource "permissions" do 

   run_script "get_permissions", @instances, @security_groups 

end