opa

package

v0.48.1 Latest Latest Go to latest Published: Dec 17, 2024 License: Apache-2.0 Imports: 11 Imported by: 11

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/gruntwork-io/terratest

Documentation ¶

Index ¶

func DownloadPolicyE(t testing.TestingT, rulePath string) (string, error)
func Eval(t testing.TestingT, options *EvalOptions, jsonFilePaths []string, ...)
func EvalE(t testing.TestingT, options *EvalOptions, jsonFilePaths []string, ...) (err error)
func EvalWithOutput(t testing.TestingT, options *EvalOptions, jsonFilePaths []string, ...) (outputs []string)
func EvalWithOutputE(t testing.TestingT, options *EvalOptions, jsonFilePaths []string, ...) (outputs []string, err error)
type EvalOptions
type FailMode

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DownloadPolicyE ¶ added in v0.40.20

func DownloadPolicyE(t testing.TestingT, rulePath string) (string, error)

DownloadPolicyE takes in a rule path written in go-getter syntax and downloads it to a temporary directory so that it can be passed to opa. The temporary directory that is used is cached based on the go-getter base path, and reused across calls. For example, if you call DownloadPolicyE with the go-getter URL multiple times:

git::https://github.com/gruntwork-io/terratest.git//policies/foo.rego?ref=main

The first time the gruntwork-io/terratest repo will be downloaded to a new temp directory. All subsequent calls will reuse that first temporary dir where the repo was cloned. This is preserved even if a different subdir is requested later, e.g.: git::https://github.com/gruntwork-io/terratest.git//examples/bar.rego?ref=main Note that the query parameters are always included in the base URL. This means that if you use a different ref (e.g., git::https://github.com/gruntwork-io/terratest.git//examples/bar.rego?ref=v0.39.3), then that will be cloned to a new temporary directory rather than the cached dir.

func Eval ¶

func Eval(t testing.TestingT, options *EvalOptions, jsonFilePaths []string, resultQuery string)

EvalE runs `opa eval` on the given JSON files using the configured policy file and result query. Translates to:

opa eval -i $JSONFile -d $RulePath $ResultQuery

This will asynchronously run OPA on each file concurrently using goroutines. This will fail the test if any one of the files failed.

func EvalE ¶

func EvalE(t testing.TestingT, options *EvalOptions, jsonFilePaths []string, resultQuery string) (err error)

EvalE runs `opa eval` on the given JSON files using the configured policy file and result query. Translates to:

opa eval -i $JSONFile -d $RulePath $ResultQuery

This will asynchronously run OPA on each file concurrently using goroutines.

func EvalWithOutput ¶ added in v0.48.0

func EvalWithOutput(t testing.TestingT, options *EvalOptions, jsonFilePaths []string, resultQuery string) (outputs []string)

EvalE runs `opa eval` on the given JSON files using the configured policy file and result query. Translates to:

opa eval -i $JSONFile -d $RulePath $ResultQuery

This will asynchronously run OPA on each file concurrently using goroutines. This will fail the test if any one of the files failed. For each file, the output will be returned on the outputs slice.

func EvalWithOutputE ¶ added in v0.48.0

func EvalWithOutputE(t testing.TestingT, options *EvalOptions, jsonFilePaths []string, resultQuery string) (outputs []string, err error)

EvalWithOutputE runs `opa eval` on the given JSON files using the configured policy file and result query. Translates to:

opa eval -i $JSONFile -d $RulePath $ResultQuery

This will asynchronously run OPA on each file concurrently using goroutines. For each file, the output will be returned on the outputs slice.

Types ¶

type EvalOptions ¶

type EvalOptions struct {
	// Whether OPA should run checks with failure.
	FailMode FailMode

	// Path to rego file containing the OPA rules. Can also be a remote path defined in go-getter syntax. Refer to
	// https://github.com/hashicorp/go-getter#url-format for supported options.
	RulePath string

	// Set a logger that should be used. See the logger package for more info.
	Logger *logger.Logger

	// When true, keep any temp files and folders that are created for the purpose of running opa eval.
	DebugKeepTempFiles bool

	// When true, disable the functionality where terratest reruns the opa check on the same file and query all elements
	// on error. By default, terratest will rerun the opa eval call with `data` query so you can see all the contents
	// evaluated.
	DebugDisableQueryDataOnError bool
}

EvalOptions defines options that can be passed to the 'opa eval' command for checking policies on arbitrary JSON data via OPA.

type FailMode ¶

type FailMode int

FailMode signals whether `opa eval` should fail when the query returns an undefined value (FailUndefined), a defined value (FailDefined), or not at all (NoFail).

const (
	FailUndefined FailMode = iota
	FailDefined
	NoFail
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL