Documentation ¶
Index ¶
- func Functions(runner tflint.Runner) []func(*rego.Rego)
- func MockFunctions() []func(*rego.Rego)
- func NewTestRunner(files map[string]string) (*testRunner, hcl.Diagnostics)
- func TesterFunctions(runner tflint.Runner) []*tester.Builtin
- func TesterMockFunctions() []*tester.Builtin
- type Config
- type Engine
- type Issue
- type Rule
- type RuleSet
- type TestRule
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MockFunctions ¶
MockFunctions return mocks for custom functions as Rego options. Mock functions are usually not needed outside of testing, but are provided for compilation.
func NewTestRunner ¶
func TesterFunctions ¶
TesterFunctions return custom functions as tester.Builtin.
func TesterMockFunctions ¶
TesterMockFunctions return mocks for custom functions.
Types ¶
type Config ¶
type Config struct {
PolicyDir string `hclext:"policy_dir,optional"`
}
Config is the configuration for the ruleset.
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
Engine evaluates policies and returns issues. In other words, this is a wrapper of rego.New(...).Eval().
func (*Engine) RunQuery ¶
RunQuery executes a query referencing a rule and returns the generated Set document as Result. rego.ResultSet is parsed according to the following conventions:
- All rules should be under the "tflint" package - Rule should return a tflint.issue()
Example:
```
deny_test[issue] { [condition] issue := tflint.issue("not allowed", resource.decl_range) }
```
func (*Engine) RunTest ¶
RunTest runs a policy test. The details are hidden inside open-policy-agent/opa/tester and this is a wrapper of it. Test results are emitted as issues if failed or errored.
A runner is provided, but in many cases the runner is never actually used, as test runners are generated inside mock functions. See TesterMockFunctions for details.
type Rule ¶
type Rule struct { tflint.DefaultRule // contains filtered or unexported fields }
Rule is a container for rules defined by Rego to satisfy tflint.Rule
type RuleSet ¶
type RuleSet struct { tflint.BuiltinRuleSet // contains filtered or unexported fields }
RuleSet is the custom ruleset for OPA
func (*RuleSet) ApplyConfig ¶
func (r *RuleSet) ApplyConfig(body *hclext.BodyContent) error
ApplyConfig loads policies and generates TFLint rules. Run ApplyGlobalConfig after the rules are generated.
func (*RuleSet) ApplyGlobalConfig ¶
ApplyGlobalConfig is normally not expected to be overridden, but since rules are defined dynamically by Rego, it's inconvenient to enable/disable rules here (Called in the order ApplyGlobalConfig -> ApplyConfig). So just save the config so that it can be applied after ApplyConfig.
func (*RuleSet) ConfigSchema ¶
func (r *RuleSet) ConfigSchema() *hclext.BodySchema
type TestRule ¶
type TestRule struct { tflint.DefaultRule // contains filtered or unexported fields }
TestRule is a container for tests defined by Rego to satisfy tflint.Rule
func NewTestRule ¶
NewTestRule returns a tflint.Rule from a Rego rule. Note that the rule names in TFLint and in Rego are different.