Documentation
¶
Overview ¶
Package config knows how to read and parse config.yaml.
Index ¶
- Constants
- func BranchRequirements(org, repo, branch string, presubmits map[string][]job.Presubmit) ([]string, []string, []string)
- func Labels() []string
- func ValidateController(c *Controller) error
- func VolumeMountPaths() []string
- func VolumeMounts() []string
- type Agent
- type Branch
- type BranchProtection
- type Config
- func (c *Config) GetBranchProtection(org, repo, branch string) (*Policy, error)
- func (c Config) GetKeeperContextPolicy(org, repo, branch string) (*KeeperContextPolicy, error)
- func (c *Config) GetPolicy(org, repo, branch string, b Branch) (*Policy, error)
- func (c *Config) GetPostsubmits(repository scm.Repository) []job.Postsubmit
- func (c *Config) GetPresubmits(repository scm.Repository) []job.Presubmit
- type ContextPolicy
- type Controller
- type Cookie
- type Delta
- type DeltaChan
- type Getter
- type GitHubOptions
- type GithubOAuthConfig
- type JenkinsOperator
- type JobConfig
- type Keeper
- type KeeperContextPolicy
- type KeeperContextPolicyOptions
- type KeeperMergeCommitTemplate
- type KeeperOrgContextPolicy
- type KeeperQueries
- type KeeperQuery
- type KeeperRepoContextPolicy
- type Org
- type OwnersDirExcludes
- type PipelineKind
- type Plank
- type Policy
- type ProviderConfig
- type ProwConfig
- type PubsubSubscriptions
- type PullRequestMergeType
- type PushGateway
- type QueryMap
- type Repo
- type Restrictions
- type ReviewPolicy
Constants ¶
const ( // LighthouseJobTypeLabel is added in resources created by lighthouse and // carries the job type (presubmit, postsubmit, periodic, batch) // that the pod is running. LighthouseJobTypeLabel = "lighthouse.jenkins-x.io/type" // LighthouseJobIDLabel is added in resources created by lighthouse and // carries the ID of the LighthouseJob that the pod is fulfilling. // We also name resources after the LighthouseJob that spawned them but // this allows for multiple resources to be linked to one // LighthouseJob. LighthouseJobIDLabel = "lighthouse.jenkins-x.io/id" // CreatedByLighthouse is added on resources created by Lighthosue. // Since resources often live in another cluster/namespace, // the k8s garbage collector would immediately delete these // resources CreatedByLighthouse = "created-by-lighthouse" // DefaultClusterAlias specifies the default context for resources owned by jobs (pods/builds). DefaultClusterAlias = "default" )
Variables ¶
This section is empty.
Functions ¶
func BranchRequirements ¶
func BranchRequirements(org, repo, branch string, presubmits map[string][]job.Presubmit) ([]string, []string, []string)
BranchRequirements partitions status contexts for a given org, repo branch into three buckets:
- contexts that are always required to be present
- contexts that are required, _if_ present
- contexts that are always optional
func ValidateController ¶
func ValidateController(c *Controller) error
ValidateController validates the provided controller config.
func VolumeMountPaths ¶
func VolumeMountPaths() []string
VolumeMountPaths returns a string slice with *MountPath consts in it.
func VolumeMounts ¶
func VolumeMounts() []string
VolumeMounts returns a string slice with *MountName consts in it.
Types ¶
type Agent ¶
type Agent struct {
// contains filtered or unexported fields
}
Agent watches a path and automatically loads the config stored therein.
type Branch ¶
type Branch struct {
Policy
}
Branch holds protection policy overrides for a particular branch.
type BranchProtection ¶
type BranchProtection struct {
Policy
// ProtectTested determines if branch protection rules are set for all repos
// that Prow has registered jobs for, regardless of if those repos are in the
// branch protection config.
ProtectTested bool `json:"protect-tested-repos,omitempty"`
// Orgs holds branch protection options for orgs by name
Orgs map[string]Org `json:"orgs,omitempty"`
// AllowDisabledPolicies allows a child to disable all protection even if the
// branch has inherited protection options from a parent.
AllowDisabledPolicies bool `json:"allow_disabled_policies,omitempty"`
// AllowDisabledJobPolicies allows a branch to choose to opt out of branch protection
// even if Prow has registered required jobs for that branch.
AllowDisabledJobPolicies bool `json:"allow_disabled_job_policies,omitempty"`
}
BranchProtection specifies the global branch protection policy
func (BranchProtection) GetOrg ¶
func (bp BranchProtection) GetOrg(name string) *Org
GetOrg returns the org config after merging in any global policies.
type Config ¶
type Config struct {
JobConfig
ProwConfig
}
Config is a read-only snapshot of the config.
func LoadYAMLConfig ¶
LoadYAMLConfig loads the configuration from the given data
func (*Config) GetBranchProtection ¶
GetBranchProtection returns the policy for a given branch.
Handles merging any policies defined at repo/org/global levels into the branch policy.
func (Config) GetKeeperContextPolicy ¶
func (c Config) GetKeeperContextPolicy(org, repo, branch string) (*KeeperContextPolicy, error)
GetKeeperContextPolicy parses the prow config to find context merge options. If none are set, it will use the prow jobs configured and use the default github combined status. Otherwise if set it will use the branch protection setting, or the listed jobs.
func (*Config) GetPolicy ¶
GetPolicy returns the protection policy for the branch, after merging in presubmits.
func (*Config) GetPostsubmits ¶
func (c *Config) GetPostsubmits(repository scm.Repository) []job.Postsubmit
GetPostsubmits lets return all the post submits
func (*Config) GetPresubmits ¶
func (c *Config) GetPresubmits(repository scm.Repository) []job.Presubmit
GetPresubmits lets return all the pre submits for the given repo
type ContextPolicy ¶
type ContextPolicy struct {
// Contexts appends required contexts that must be green to merge
Contexts []string `json:"contexts,omitempty"`
// Strict overrides whether new commits in the base branch require updating the PR if set
Strict *bool `json:"strict,omitempty"`
}
ContextPolicy configures required github contexts. When merging policies, contexts are appended to context list from parent. Strict determines whether merging to the branch invalidates existing contexts.
type Controller ¶
type Controller struct {
// JobURLTemplateString compiles into JobURLTemplate at load time.
JobURLTemplateString string `json:"job_url_template,omitempty"`
// JobURLTemplate is compiled at load time from JobURLTemplateString. It
// will be passed a builder.PipelineOptions and is used to set the URL for the
// "Details" link on GitHub as well as the link from deck.
JobURLTemplate *template.Template `json:"-"`
// ReportTemplateString compiles into ReportTemplate at load time.
ReportTemplateString string `json:"report_template,omitempty"`
// ReportTemplate is compiled at load time from ReportTemplateString. It
// will be passed a builder.PipelineOptions and can provide an optional blurb below
// the test failures comment.
ReportTemplate *template.Template `json:"-"`
// MaxConcurrency is the maximum number of tests running concurrently that
// will be allowed by the controller. 0 implies no limit.
MaxConcurrency int `json:"max_concurrency,omitempty"`
// MaxGoroutines is the maximum number of goroutines spawned inside the
// controller to handle tests. Defaults to 20. Needs to be a positive
// number.
MaxGoroutines int `json:"max_goroutines,omitempty"`
// AllowCancellations enables aborting presubmit jobs for commits that
// have been superseded by newer commits in Github pull requests.
AllowCancellations bool `json:"allow_cancellations,omitempty"`
}
Controller holds configuration applicable to all agent-specific prow controllers.
type Cookie ¶
type Cookie struct {
Secret string `json:"secret,omitempty"`
}
Cookie holds the secret returned from github that authenticates the user who authorized this app.
type Delta ¶
type Delta struct {
Before, After Config
}
Delta represents the before and after states of a Config change detected by the Agent.
type DeltaChan ¶
type DeltaChan = chan<- Delta
DeltaChan is a channel to receive config delta events when config changes.
type GitHubOptions ¶
type GitHubOptions struct {
// LinkURLFromConfig is the string representation of the link_url config parameter.
// This config parameter allows users to override the default GitHub link url for all plugins.
// If this option is not set, we assume "https://github.com".
LinkURLFromConfig string `json:"link_url,omitempty"`
// LinkURL is the url representation of LinkURLFromConfig. This variable should be used
// in all places internally.
LinkURL *url.URL
}
GitHubOptions allows users to control how prow applications display GitHub website links.
type GithubOAuthConfig ¶
type GithubOAuthConfig struct {
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
RedirectURL string `json:"redirect_url"`
Scopes []string `json:"scopes,omitempty"`
FinalRedirectURL string `json:"final_redirect_url"`
CookieStore *sessions.CookieStore `json:"-"`
}
GithubOAuthConfig is a config for requesting users access tokens from Github API. It also has a Cookie Store that retains user credentials deriving from Github API.
func (*GithubOAuthConfig) InitGithubOAuthConfig ¶
func (gac *GithubOAuthConfig) InitGithubOAuthConfig(cookie *sessions.CookieStore)
InitGithubOAuthConfig creates an OAuthClient using GithubOAuth config and a Cookie Store to retain user credentials.
type JenkinsOperator ¶
type JenkinsOperator struct {
Controller `json:",inline"`
// LabelSelectorString compiles into LabelSelector at load time.
// If set, this option needs to match --label-selector used by
// the desired jenkins-operator. This option is considered
// invalid when provided with a single jenkins-operator config.
//
// For label selector syntax, see below:
// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
LabelSelectorString string `json:"label_selector,omitempty"`
// LabelSelector is used so different jenkins-operator replicas
// can use their own configuration.
LabelSelector labels.Selector `json:"-"`
}
JenkinsOperator is config for the jenkins-operator controller.
type Keeper ¶
type Keeper struct {
// SyncPeriodString compiles into SyncPeriod at load time.
SyncPeriodString string `json:"sync_period,omitempty"`
// SyncPeriod specifies how often Keeper will sync jobs with Github. Defaults to 1m.
SyncPeriod time.Duration `json:"-"`
// StatusUpdatePeriodString compiles into StatusUpdatePeriod at load time.
StatusUpdatePeriodString string `json:"status_update_period,omitempty"`
// StatusUpdatePeriod specifies how often Keeper will update Github status contexts.
// Defaults to the value of SyncPeriod.
StatusUpdatePeriod time.Duration `json:"-"`
// Queries represents a list of GitHub search queries that collectively
// specify the set of PRs that meet merge requirements.
Queries KeeperQueries `json:"queries,omitempty"`
// A key/value pair of an org/repo as the key and merge method to override
// the default method of merge. Valid options are squash, rebase, and merge.
MergeType map[string]PullRequestMergeType `json:"merge_method,omitempty"`
// A key/value pair of an org/repo as the key and Go template to override
// the default merge commit title and/or message. Template is passed the
// PullRequest struct (prow/github/types.go#PullRequest)
MergeTemplate map[string]KeeperMergeCommitTemplate `json:"merge_commit_template,omitempty"`
// URL for keeper status contexts.
// We can consider allowing this to be set separately for separate repos, or
// allowing it to be a template.
TargetURL string `json:"target_url,omitempty"`
// PRStatusBaseURL is the base URL for the PR status page.
// This is used to link to a merge requirements overview
// in the keeper status context.
PRStatusBaseURL string `json:"pr_status_base_url,omitempty"`
// BlockerLabel is an optional label that is used to identify merge blocking
// Github issues.
// Leave this blank to disable this feature and save 1 API token per sync loop.
BlockerLabel string `json:"blocker_label,omitempty"`
// SquashLabel is an optional label that is used to identify PRs that should
// always be squash merged.
// Leave this blank to disable this feature.
SquashLabel string `json:"squash_label,omitempty"`
// RebaseLabel is an optional label that is used to identify PRs that should
// always be rebased and merged.
// Leave this blank to disable this feature.
RebaseLabel string `json:"rebase_label,omitempty"`
// MergeLabel is an optional label that is used to identify PRs that should
// always be merged with all individual commits from the PR.
// Leave this blank to disable this feature.
MergeLabel string `json:"merge_label,omitempty"`
// MaxGoroutines is the maximum number of goroutines spawned inside the
// controller to handle org/repo:branch pools. Defaults to 20. Needs to be a
// positive number.
MaxGoroutines int `json:"max_goroutines,omitempty"`
// KeeperContextPolicyOptions defines merge options for context. If not set it will infer
// the required and optional contexts from the prow jobs configured and use the github
// combined status; otherwise it may apply the branch protection setting or let user
// define their own options in case branch protection is not used.
ContextOptions KeeperContextPolicyOptions `json:"context_options,omitempty"`
// BatchSizeLimitMap is a key/value pair of an org or org/repo as the key and
// integer batch size limit as the value. The empty string key can be used as
// a global default.
// Special values:
// 0 => unlimited batch size
// -1 => batch merging disabled :(
BatchSizeLimitMap map[string]int `json:"batch_size_limit,omitempty"`
}
Keeper is config for the keeper pool.
func (*Keeper) BatchSizeLimit ¶
BatchSizeLimit return the batch size limit for the given repo
func (*Keeper) MergeCommitTemplate ¶
func (t *Keeper) MergeCommitTemplate(org, repo string) KeeperMergeCommitTemplate
MergeCommitTemplate returns a struct with Go template string(s) or nil
func (*Keeper) MergeMethod ¶
func (t *Keeper) MergeMethod(org, repo string) PullRequestMergeType
MergeMethod returns the merge method to use for a repo. The default of merge is returned when not overridden.
type KeeperContextPolicy ¶
type KeeperContextPolicy struct {
// whether to consider unknown contexts optional (skip) or required.
SkipUnknownContexts *bool `json:"skip-unknown-contexts,omitempty"`
RequiredContexts []string `json:"required-contexts,omitempty"`
RequiredIfPresentContexts []string `json:"required-if-present-contexts"`
OptionalContexts []string `json:"optional-contexts,omitempty"`
// Infer required and optional jobs from Branch Protection configuration
FromBranchProtection *bool `json:"from-branch-protection,omitempty"`
}
KeeperContextPolicy configures options about how to handle various contexts.
func (*KeeperContextPolicy) IsOptional ¶
func (cp *KeeperContextPolicy) IsOptional(c string) bool
IsOptional checks whether a context can be ignored. Will return true if - context is registered as optional - required contexts are registered and the context provided is not required Will return false otherwise. Every context is required.
func (*KeeperContextPolicy) MissingRequiredContexts ¶
func (cp *KeeperContextPolicy) MissingRequiredContexts(contexts []string) []string
MissingRequiredContexts discard the optional contexts and only look of extra required contexts that are not provided.
func (*KeeperContextPolicy) Validate ¶
func (cp *KeeperContextPolicy) Validate() error
Validate returns an error if any contexts are listed more than once in the config.
type KeeperContextPolicyOptions ¶
type KeeperContextPolicyOptions struct {
KeeperContextPolicy
// Github Orgs
Orgs map[string]KeeperOrgContextPolicy `json:"orgs,omitempty"`
}
KeeperContextPolicyOptions holds the default policy, and any org overrides.
type KeeperMergeCommitTemplate ¶
type KeeperMergeCommitTemplate struct {
TitleTemplate string `json:"title,omitempty"`
BodyTemplate string `json:"body,omitempty"`
Title *template.Template `json:"-"`
Body *template.Template `json:"-"`
}
KeeperMergeCommitTemplate holds templates to use for merge commits.
type KeeperOrgContextPolicy ¶
type KeeperOrgContextPolicy struct {
KeeperContextPolicy
Repos map[string]KeeperRepoContextPolicy `json:"repos,omitempty"`
}
KeeperOrgContextPolicy overrides the policy for an org, and any repo overrides.
type KeeperQueries ¶
type KeeperQueries []KeeperQuery
KeeperQueries is a KeeperQuery slice.
func (KeeperQueries) OrgExceptionsAndRepos ¶
OrgExceptionsAndRepos determines which orgs and repos a set of queries cover. Output is returned as a mapping from 'included org'->'repos excluded in the org' and a set of included repos.
func (KeeperQueries) QueryMap ¶
func (tqs KeeperQueries) QueryMap() *QueryMap
QueryMap creates a QueryMap from KeeperQueries
type KeeperQuery ¶
type KeeperQuery struct {
Orgs []string `json:"orgs,omitempty"`
Repos []string `json:"repos,omitempty"`
ExcludedRepos []string `json:"excludedRepos,omitempty"`
ExcludedBranches []string `json:"excludedBranches,omitempty"`
IncludedBranches []string `json:"includedBranches,omitempty"`
Labels []string `json:"labels,omitempty"`
MissingLabels []string `json:"missingLabels,omitempty"`
Milestone string `json:"milestone,omitempty"`
ReviewApprovedRequired bool `json:"reviewApprovedRequired,omitempty"`
}
KeeperQuery is turned into a GitHub search query. See the docs for details: https://help.github.com/articles/searching-issues-and-pull-requests/
func (KeeperQuery) ForRepo ¶
func (tq KeeperQuery) ForRepo(org, repo string) bool
ForRepo indicates if the keeper query applies to the specified repo.
func (*KeeperQuery) Query ¶
func (tq *KeeperQuery) Query() string
Query returns the corresponding github search string for the keeper query.
func (*KeeperQuery) Validate ¶
func (tq *KeeperQuery) Validate() error
Validate returns an error if the query has any errors.
Examples include: * an org name that is empty or includes a / * repos that are not org/repo * a label that is in both the labels and missing_labels section * a branch that is in both included and excluded branch set.
type KeeperRepoContextPolicy ¶
type KeeperRepoContextPolicy struct {
KeeperContextPolicy
Branches map[string]KeeperContextPolicy `json:"branches,omitempty"`
}
KeeperRepoContextPolicy overrides the policy for repo, and any branch overrides.
type Org ¶
Org holds the default protection policy for an entire org, as well as any repo overrides.
type OwnersDirExcludes ¶ added in v0.0.703
type OwnersDirExcludes struct {
// Repos configures a directory blacklist per repo (or org)
Repos map[string][]string `json:"repos"`
// Default configures a default blacklist for repos (or orgs) not
// specifically configured
Default []string `json:"default"`
}
OwnersDirExcludes is used to configure which directories to ignore when searching for OWNERS{,_ALIAS} files in a repo.
type PipelineKind ¶ added in v0.0.693
type PipelineKind string
PipelineKind specifies how the job is triggered.
const ( // PresubmitJob means it runs on unmerged PRs. PresubmitJob PipelineKind = "presubmit" // PostsubmitJob means it runs on each new commit. PostsubmitJob PipelineKind = "postsubmit" // Periodic job means it runs on a time-basis, unrelated to git changes. PeriodicJob PipelineKind = "periodic" // BatchJob tests multiple unmerged PRs at the same time. BatchJob PipelineKind = "batch" )
Various job types.
type Plank ¶
type Plank struct {
// ReportTemplateString compiles into ReportTemplate at load time.
ReportTemplateString string `json:"report_template,omitempty"`
// ReportTemplate is compiled at load time from ReportTemplateString. It
// will be passed a builder.PipelineOptions and can provide an optional blurb below
// the test failures comment.
ReportTemplate *template.Template `json:"-"`
}
Plank is config for the plank controller.
type Policy ¶
type Policy struct {
// Protect overrides whether branch protection is enabled if set.
Protect *bool `json:"protect,omitempty"`
// RequiredStatusChecks configures github contexts
RequiredStatusChecks *ContextPolicy `json:"required_status_checks,omitempty"`
// Admins overrides whether protections apply to admins if set.
Admins *bool `json:"enforce_admins,omitempty"`
// Restrictions limits who can merge
Restrictions *Restrictions `json:"restrictions,omitempty"`
// RequiredPullRequestReviews specifies github approval/review criteria.
RequiredPullRequestReviews *ReviewPolicy `json:"required_pull_request_reviews,omitempty"`
// Exclude specifies a set of regular expressions which identify branches
// that should be excluded from the protection policy
Exclude []string `json:"exclude,omitempty"`
}
Policy for the config/org/repo/branch. When merging policies, a nil value results in inheriting the parent policy.
type ProviderConfig ¶ added in v0.0.699
type ProviderConfig struct {
// Kind is the go-scm driver name
Kind string `json:"kind,omitempty"`
// Server is the base URL for the provider, like https://github.com
Server string `json:"server,omitempty"`
// BotUser is the username on the provider the bot will use
BotUser string `json:"botUser,omitempty"`
}
ProviderConfig is optionally used to configure information about the SCM provider being used. These values will be used as fallbacks if environment variables aren't set.
type ProwConfig ¶
type ProwConfig struct {
Keeper Keeper `json:"tide,omitempty"`
Plank Plank `json:"plank,omitempty"`
BranchProtection BranchProtection `json:"branch-protection,omitempty"`
Orgs map[string]org.Config `json:"orgs,omitempty"`
// TODO: Move this out of the main config.
JenkinsOperators []JenkinsOperator `json:"jenkins_operators,omitempty"`
// LighthouseJobNamespace is the namespace in the cluster that prow
// components will use for looking up LighthouseJobs. The namespace
// needs to exist and will not be created by prow.
// Defaults to "default".
LighthouseJobNamespace string `json:"prowjob_namespace,omitempty"`
// PodNamespace is the namespace in the cluster that prow
// components will use for looking up Pods owned by LighthouseJobs.
// The namespace needs to exist and will not be created by prow.
// Defaults to "default".
PodNamespace string `json:"pod_namespace,omitempty"`
// LogLevel enables dynamically updating the log level of the
// standard logger that is used by all prow components.
//
// Valid values:
//
// "debug", "info", "warn", "warning", "error", "fatal", "panic"
//
// Defaults to "info".
LogLevel string `json:"log_level,omitempty"`
// PushGateway is a prometheus push gateway.
PushGateway PushGateway `json:"push_gateway,omitempty"`
// OwnersDirExcludes is used to configure which directories to ignore when
// searching for OWNERS{,_ALIAS} files in a repo.
OwnersDirExcludes *OwnersDirExcludes `json:"owners_dir_excludes,omitempty"`
// OwnersDirExcludes is DEPRECATED in favor of OwnersDirExcludes
OwnersDirBlacklist *OwnersDirExcludes `json:"owners_dir_blacklist,omitempty"`
// Pub/Sub Subscriptions that we want to listen to
PubSubSubscriptions PubsubSubscriptions `json:"pubsub_subscriptions,omitempty"`
// GitHubOptions allows users to control how prow applications display GitHub website links.
GitHubOptions GitHubOptions `json:"github,omitempty"`
// ProviderConfig contains optional SCM provider information
ProviderConfig *ProviderConfig `json:"providerConfig,omitempty"`
}
ProwConfig is config for all prow controllers
type PubsubSubscriptions ¶
PubsubSubscriptions maps GCP projects to a list of Topics.
type PullRequestMergeType ¶ added in v0.0.693
type PullRequestMergeType string
PullRequestMergeType inidicates the type of the pull request
const ( MergeMerge PullRequestMergeType = "merge" MergeRebase PullRequestMergeType = "rebase" MergeSquash PullRequestMergeType = "squash" )
Possible types of merges for the GitHub merge API
type PushGateway ¶
type PushGateway struct {
// Endpoint is the location of the prometheus pushgateway
// where prow will push metrics to.
Endpoint string `json:"endpoint,omitempty"`
// IntervalString compiles into Interval at load time.
IntervalString string `json:"interval,omitempty"`
// Interval specifies how often prow will push metrics
// to the pushgateway. Defaults to 1m.
Interval time.Duration `json:"-"`
// ServeMetrics tells if or not the components serve metrics
ServeMetrics bool `json:"serve_metrics"`
}
PushGateway is a prometheus push gateway.
type QueryMap ¶
QueryMap is a struct mapping from "org/repo" -> KeeperQueries that apply to that org or repo. It is lazily populated, but threadsafe.
func (*QueryMap) ForRepo ¶
func (qm *QueryMap) ForRepo(org, repo string) KeeperQueries
ForRepo returns the keeper queries that apply to a repo.
type Repo ¶
Repo holds protection policy overrides for all branches in a repo, as well as specific branch overrides.
type Restrictions ¶
Restrictions limits who can merge Users and Teams items are appended to parent lists.
type ReviewPolicy ¶
type ReviewPolicy struct {
// Restrictions appends users/teams that are allowed to merge
DismissalRestrictions *Restrictions `json:"dismissal_restrictions,omitempty"`
// DismissStale overrides whether new commits automatically dismiss old reviews if set
DismissStale *bool `json:"dismiss_stale_reviews,omitempty"`
// RequireOwners overrides whether CODEOWNERS must approve PRs if set
RequireOwners *bool `json:"require_code_owner_reviews,omitempty"`
// Approvals overrides the number of approvals required if set (set to 0 to disable)
Approvals *int `json:"required_approving_review_count,omitempty"`
}
ReviewPolicy specifies github approval/review criteria. Any nil values inherit the policy from the parent, otherwise bool/ints are overridden. Non-empty lists are appended to parent lists.
Source Files
Directories