Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DownloadPolicyE ¶
DownloadPolicyE takes in a rule path written in go-getter syntax and downloads it to a temporary directory so that it can be passed to opa. The temporary directory that is used is cached based on the go-getter base path, and reused across calls. For example, if you call DownloadPolicyE with the go-getter URL multiple times:
git::https://github.com/eunanhardy/terratest.git//policies/foo.rego?ref=master
The first time the eunanhardy/terratest repo will be downloaded to a new temp directory. All subsequent calls will reuse that first temporary dir where the repo was cloned. This is preserved even if a different subdir is requested later, e.g.: git::https://github.com/eunanhardy/terratest.git//examples/bar.rego?ref=master. Note that the query parameters are always included in the base URL. This means that if you use a different ref (e.g., git::https://github.com/eunanhardy/terratest.git//examples/bar.rego?ref=v0.39.3), then that will be cloned to a new temporary directory rather than the cached dir.
func Eval ¶
func Eval(t testing.TestingT, options *EvalOptions, jsonFilePaths []string, resultQuery string)
EvalE runs `opa eval` on the given JSON files using the configured policy file and result query. Translates to:
opa eval -i $JSONFile -d $RulePath $ResultQuery
This will asynchronously run OPA on each file concurrently using goroutines. This will fail the test if any one of the files failed.
func EvalE ¶
func EvalE(t testing.TestingT, options *EvalOptions, jsonFilePaths []string, resultQuery string) error
EvalE runs `opa eval` on the given JSON files using the configured policy file and result query. Translates to:
opa eval -i $JSONFile -d $RulePath $ResultQuery
This will asynchronously run OPA on each file concurrently using goroutines.
Types ¶
type EvalOptions ¶
type EvalOptions struct { // Whether OPA should run checks with failure. FailMode FailMode // Path to rego file containing the OPA rules. Can also be a remote path defined in go-getter syntax. Refer to // https://github.com/hashicorp/go-getter#url-format for supported options. RulePath string // Set a logger that should be used. See the logger package for more info. Logger *logger.Logger // When true, keep any temp files and folders that are created for the purpose of running opa eval. DebugKeepTempFiles bool // When true, disable the functionality where terratest reruns the opa check on the same file and query all elements // on error. By default, terratest will rerun the opa eval call with `data` query so you can see all the contents // evaluated. DebugDisableQueryDataOnError bool }
EvalOptions defines options that can be passed to the 'opa eval' command for checking policies on arbitrary JSON data via OPA.