Documentation
¶
Overview ¶
Package opavalidation validates OPA policies for Insights.
Index ¶
- Constants
- func FindFilesWithExtension(dir, ext string) ([]string, error)
- func HumanizeMapOutput(m map[string]error, keyNoun string) string
- func HumanizeStringsOutput(s []string, noun string) string
- func Run(regoFileName, objectFileName string, expectAIOptions ExpectActionItemOptions, ...) (actionItems, error)
- func RunBatch(batchDir string, expectAIOptions ExpectActionItemOptions, ...) (successfulPolicies, failedPolicies []string, err error)
- func ValidateRego(ctx context.Context, regoAsString string, objectAsBytes []byte, ...) (actionItems, error)
- type ExpectActionItemOptions
Constants ¶
const (
DefaultKubeObjectNamespace = "notset" // The namespace to use if one is unspecified
)
Variables ¶
This section is empty.
Functions ¶
func FindFilesWithExtension ¶
FindFilesWithExtension returns a slice of filenames from the given dir, that have the given extension.
func HumanizeMapOutput ¶
HumanizeMapOutput returns a Humanized string listing a maps keys with its error values in parenthesis. The supplied keyNoun will be pluralized if there are more than one key in the map.
func HumanizeStringsOutput ¶
HumanizeStringsOutput returns a humanized string listing the slice of strings.
func Run ¶
func Run(regoFileName, objectFileName string, expectAIOptions ExpectActionItemOptions, insightsInfo fwrego.InsightsInfo, objectNamespaceOverride string) (actionItems, error)
Run is a ValidateRego() wrapper that validates and prints resulting actionItems. This is meant to be called from a cobra.Command{}.
func RunBatch ¶
func RunBatch(batchDir string, expectAIOptions ExpectActionItemOptions, insightsInfo fwrego.InsightsInfo, objectNamespaceOverride string) (successfulPolicies, failedPolicies []string, err error)
RunBatch is a Run() wrapper that processes multiple OPA policies. It does not return the actionItems from each call to Run(), as there would not be correlation of actionItems to their OPA policy. This is meant to be called from a cobra.Command{}. Each OPA policy is validated with a Kubernetes manifest file named of the form {base rego filename} and the extensions .yaml, .success.yaml, and .failure.yaml (the last two of which are configurable).
func ValidateRego ¶
func ValidateRego(ctx context.Context, regoAsString string, objectAsBytes []byte, insightsInfo fwrego.InsightsInfo, eventType string, objectNamespaceOverride string) (actionItems, error)
ValidateRego validates rego by executing rego with an input object. Validation includes signatures for Insights-provided rego functions.
Types ¶
type ExpectActionItemOptions ¶ added in v1.0.2
type ExpectActionItemOptions struct {
Default bool // Used if none of the below filename extensions applies.
SuccessFileExtension, FailureFileExtension string
}
ExpectActionItemOptions bundles multiple settings about whether and when OPA policies are expected to output an action item. If a Kubernetes manifest file has the SuccessFileExtension, no action item is expected. If a Kubernetes manifest file has the FailureFileExtension, an action item is expected. The default expectation of an action item is used when the Kubernetes manifest file has neither file extension.
func (ExpectActionItemOptions) ForFileName ¶ added in v1.0.2
func (o ExpectActionItemOptions) ForFileName(fileName string) bool
ForFileName returns true if the given Kubernetes manifest file name should expectan OPA policy to output an action item.
Source Files