opa

package
v0.44.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 29, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DownloadPolicyE

func DownloadPolicyE(t testing.TestingT, rulePath string) (string, error)

DownloadPolicyE takes in a rule path written in go-getter syntax and downloads it to a temporary directory so that it can be passed to opa. The temporary directory that is used is cached based on the go-getter base path, and reused across calls. For example, if you call DownloadPolicyE with the go-getter URL multiple times:

git::https://github.com/mponton/terratest.git//policies/foo.rego?ref=master

The first time the gruntwork-io/terratest repo will be downloaded to a new temp directory. All subsequent calls will reuse that first temporary dir where the repo was cloned. This is preserved even if a different subdir is requested later, e.g.: git::https://github.com/mponton/terratest.git//examples/bar.rego?ref=master. Note that the query parameters are always included in the base URL. This means that if you use a different ref (e.g., git::https://github.com/mponton/terratest.git//examples/bar.rego?ref=v0.39.3), then that will be cloned to a new temporary directory rather than the cached dir.

func Eval

func Eval(t testing.TestingT, options *EvalOptions, jsonFilePaths []string, resultQuery string)

EvalE runs `opa eval` on the given JSON files using the configured policy file and result query. Translates to:

opa eval -i $JSONFile -d $RulePath $ResultQuery

This will asynchronously run OPA on each file concurrently using goroutines. This will fail the test if any one of the files failed.

func EvalE

func EvalE(t testing.TestingT, options *EvalOptions, jsonFilePaths []string, resultQuery string) error

EvalE runs `opa eval` on the given JSON files using the configured policy file and result query. Translates to:

opa eval -i $JSONFile -d $RulePath $ResultQuery

This will asynchronously run OPA on each file concurrently using goroutines.

Types

type EvalOptions

type EvalOptions struct {
	// Whether OPA should run checks with failure.
	FailMode FailMode

	// Path to rego file containing the OPA rules. Can also be a remote path defined in go-getter syntax. Refer to
	// https://github.com/hashicorp/go-getter#url-format for supported options.
	RulePath string

	// Set a logger that should be used. See the logger package for more info.
	Logger *logger.Logger

	// When true, keep any temp files and folders that are created for the purpose of running opa eval.
	DebugKeepTempFiles bool

	// When true, disable the functionality where terratest reruns the opa check on the same file and query all elements
	// on error. By default, terratest will rerun the opa eval call with `data` query so you can see all the contents
	// evaluated.
	DebugDisableQueryDataOnError bool
}

EvalOptions defines options that can be passed to the 'opa eval' command for checking policies on arbitrary JSON data via OPA.

type FailMode

type FailMode int

FailMode signals whether `opa eval` should fail when the query returns an undefined value (FailUndefined), a defined value (FailDefined), or not at all (NoFail).

const (
	FailUndefined FailMode = iota
	FailDefined
	NoFail
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL