Output Engine

Using Tera Templates

Generate structured output resources from graph data using Tera's text templating and conditional logic.

Using Tera Templates

This example generates a new service_summary resource for every application that is on the edge network. Each summary is made available as a downloadable JSON file.

data/output/service_summary.toml

origin_resource = "application"

# Define some static data available to the template
output_metadata = { version = "1.1", author = "security-team" }

[[output]]
resource_type = "service_summary"
name = "summary-for-{{ origin_resource.name }}"
filename = "summary-{{ origin_resource.name }}.json"
mimetype = "application/json"
match_on = [
  { property = "network_zone", value = "edge" }
]
# The template uses Tera to generate a JSON object, including conditional logic.
# All variables from the context (`origin_resource`, `output_metadata`) are available.
template = '''
{
  "output_author": "{{ output_metadata.author }}",
  "application_name": "{{ origin_resource.name }}",
  "owner": "{{ origin_resource.has_responsibility[0].node.name }}",
  "hosting_details": {
    "platform": "{{ origin_resource.runs_on[0].node.name }}",
    "criticality": "{% if origin_resource.environment == 'prod' %}"high"{% else %}"low"{% endif %}"
  }
}
'''
  • Graph Impact:
    1. The importer finds all application resources that match the match_on criteria (e.g., app-1 and app-2).

    2. It creates a single new resource of type service_summary. This resource’s primary key (name) is also set to service_summary.

    3. For each matching application (app-1, app-2): a. It renders the name template to get the primary key for a new resource (e.g., summary-for-app-1). b. It renders the template, which produces a JSON object string. c. It parses this JSON string. d. It creates a new resource of type service_summary with the generated name. The keys and values from the parsed JSON become the properties of this new resource.

    4. For app-1, a new service_summary resource is created with properties like:

      {
        "name": "summary-for-app-1",
        "filename": "summary-app-1.json",
        "mimetype": "application/json",
        "output_author": "security-team",
        "application_name": "app-1",
        "owner": "team-alpha",
        "hosting_details": { ... }
      }
      
    5. A similar resource is created for app-2.

    6. Finally, a DESCRIBED_BY relationship is created from each matching application (app-1, app-2) to its corresponding new service_summary resource.