Add policy enforcement for attribute registry.

Makefile

@@ -103,6 +103,16 @@ install-yamllint:
 yamllint:
 	yamllint .
 
+# Check semantic convention policies on YAML files
+.PHONY: check-policies
+check-policies:
+	docker run --rm -v $(PWD)/model:/source -v $(PWD)/policies:/policies -v $(PWD)/templates:/templates \
+		otel/weaver:${WEAVER_VERSION} registry check \
+		--registry=/source \
+		--diagnostic-format=ansi \
+		--diagnostic-template=/templates/diagnostic \
+		--policy=/policies/registry.rego
+
 # Generate markdown tables from YAML definitions
 .PHONY: table-generation
 table-generation:
@@ -172,7 +182,7 @@ fix-format:
 # Run all checks in order of speed / likely failure.
 # As a last thing, run attribute registry generation and git-diff for differences.
 .PHONY: check
-check: misspell markdownlint check-format markdown-toc compatibility-check markdown-link-check attribute-registry-generation
+check: misspell markdownlint check-format markdown-toc compatibility-check markdown-link-check check-policies attribute-registry-generation
 	git diff --exit-code ':*.md' || (echo 'Generated markdown Table of Contents is out of date, please run "make markdown-toc" and commit the changes in this PR.' && exit 1)
 	@echo "All checks complete"
 

policies/registry.rego

@@ -0,0 +1,42 @@
+package before_resolution
+
+# This file enforces policies requiring all attributes to be defined within
+# a semantic convention "registry".  This is a naming/structure convention
+# used by semantic conventions.
+
+# Helper to create attribute registry violations.
+attr_registry_violation(violation_id, group_id, attr_id) = violation {
+	violation := {
+		"id": violation_id,
+		"type": "semconv_attribute",
+		"category": "attribute_registry",
+		"group": group_id,
+		"attr": attr_id,
+	}
+}
+
+# We only allow attribute groups in the attribute registry.
+deny[attr_registry_violation("registry_must_be_attribute_group", group.id, "")] {
+	group := input.groups[_]
+	startswith(group.id, "registry.")
+	group.type != "attribute_group"
+}
+
+# Any group that is NOT in the attribute registry that has an attribute id is
+# in violation of not using the attribute registry.
+deny[attr_registry_violation("nonregistry_with_id_attr", group.id, attr.id)] {
+	group := input.groups[_]
+	not startswith(group.id, "registry.")
+	attr := group.attributes[_]
+	attr.id != null
+}
+
+# A registry `attribute_group` containing at least one `ref` attribute is
+# considered invalid if it's not in the registry group.
+deny[attr_registry_violation("registry_with_ref_attr", group.id, attr.ref)] {
+	group := input.groups[_]
+	startswith(group.id, "registry.")
+    attr := group.attributes[_]
+	attr.ref != null
+}
+

templates/diagnostic/ansi/errors.txt.j2

@@ -0,0 +1,31 @@
+{{ "Semantic Convention Model Validation Failures" | ansi_bold | ansi_red }}:
+
+{% for item in ctx %}
+{%- if item.error.type == "policy_violation" %}
+{%- if item.error.violation.category == "attribute_registry" %}
+{{ item.error.provenance | ansi_red}}:
+{%- if item.error.violation.id == "registry_must_be_attribute_group" %}
+  Group {{ item.error.violation.group | ansi_green }} cannot be defined in the registry.
+  not an attribute group.
+{%- elif item.error.violation.id == "nonregistry_with_id_attr" %}
+  Attribute {{ item.error.violation.attr | ansi_cyan }} cannot be defined in Group {{ item.error.violation.group | ansi_green }}
+  Attribute Group not in Attribute Registry.
+{%- elif item.error.violation.id == "registry_with_ref_attr" %}
+  Attribute {{ item.error.violation.attr | ansi_cyan }} cannot be defined in Group {{ item.error.violation.group | ansi_green }}
+  Registry cannot contain attribute references.
+{%- else %}
+UNKNOWN ATTRIBUTE REGISTRY ERROR! Please open a ticket agianst semconv with this info: 
+{{ debug(item) }}
+{%- endif %}
+{%- else %}
+{{ item.error.provenance | ansi_red }}:
+  Violation: {{ item.error.violation.id | ansi_bold | ansi_green }}
+  - Category         : {{ item.error.violation.category | ansi_cyan }}
+  - Type             : {{ item.error.violation.type | ansi_cyan }}
+  - SemConv group    : {{ item.error.violation.group | ansi_cyan }}
+  - SemConv attribute: {{ item.error.violation.attr | ansi_cyan }}
+{%- endif %}
+{% else %}
+{{ item.diagnostic.ansi_message }}
+{%- endif %}
+{%- endfor %}

templates/diagnostic/ansi/weaver.yaml

@@ -0,0 +1,4 @@
+templates:
+  - pattern: errors.txt.j2
+    filter: .
+    application_mode: single