Revisit policy behavior

[flavio]

As discussed with the other maintainers, this policy is a bit confusing. We're going to change drastically its behavior to make things more obvious to our end users.

Renaming actions

anyIn -> containsAnyOf

Given these setting: [a, b]

input	outcome
a	true
b	true
a,b	true
a,b,c	true
c	false
a, c	true
b, c	true
empty	false

anyNotIn -> doesNotContainAnyOf

Given these setting: [a, b]

input	outcome
a	false
b	false
a,b	false
a,b,c	false
c	true
a, c	false
b, c	false
empty	true

allAreUsed -> containsAllOf

Given these setting: [a, b]

input	outcome
a	false
b	false
a,b	true
a,b,c	true
c	false
a, c	false
b, c	false
empty	false

notAllAreUsed -> doesNotContainAllOf

Given these setting: [a, b]

input	outcome
a	true
b	true
a,b	false
a,b,c	false
c	true
a, c	true
b, c	true
empty	true

true means the request is valid

Looking at the truth tables above:

• true: the request is accepted because it's valid
• false: the request is rejected because it's not valid

Env variable value is no longer relevant

The policy is not going to look at the value of an environment variable. It focuses only of the name of the environment variable.

New settings syntax

The settings of the policy are changed to be like that:

settings:
  # only one directive can be set
  # for more complex logic you can use a Policy Group and
  # combine multiple instances of this policy using the logical
  # operators of your choice

  # containsAnyOf: []
  # doesNotContainAnyOf: []
  # doesNotContainAllOf: []

  containsAllOf:
  - MARIADB_USER
  - MARIADB_PASSWORD