Skip to content

feat: Default loading path for data #1248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
majiayu000 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: Default loading path for data #1248

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 10 additions & 4 deletions internal/commands/test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,15 @@ Some policies are dependant on external data. This data is loaded in separately
from policies. The location of any data directory or file can be specified with
the '--data' flag. If a directory is specified, it will be recursively searched for
any data files. Right now any '.json' or '.yaml' file will be loaded in
and made available in the Rego policies. Data will be made available in Rego based on
the file path where the data was found. For example, if data is stored
under 'policy/exceptions/my_data.yaml', and we execute the following command:
and made available in the Rego policies.

If no '--data' flag is specified and a 'data' directory exists in the current
working directory, it will be used as the default data directory. This allows
for convenient consumption of bundles that include both policies and data.

Data will be made available in Rego based on the file path where the data was
found. For example, if data is stored under 'policy/exceptions/my_data.yaml',
and we execute the following command:

$ conftest test --data policy <input-file>

Expand Down Expand Up @@ -192,7 +198,7 @@ func NewTestCommand(ctx context.Context) *cobra.Command {
cmd.Flags().StringSliceP("policy", "p", []string{"policy"}, "Path to the Rego policy files directory")
cmd.Flags().StringSliceP("update", "u", []string{}, "A list of URLs can be provided to the update flag, which will download before the tests run")
cmd.Flags().StringSliceP("namespace", "n", []string{"main"}, "Test policies in a specific namespace")
cmd.Flags().StringSliceP("data", "d", []string{}, "A list of paths from which data for the rego policies will be recursively loaded")
cmd.Flags().StringSliceP("data", "d", []string{}, "A list of paths from which data for the rego policies will be recursively loaded (default [data] if the directory exists)")

cmd.Flags().StringSlice("proto-file-dirs", []string{}, "A list of directories containing Protocol Buffer definitions")
cmd.Flags().Bool("tls", true, "Use TLS to access the registry")
Expand Down
5 changes: 4 additions & 1 deletion internal/commands/verify.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ If a directory is specified, it will be recursively searched for
any data files. Data will be made available in Rego based on
the structure of the data that was loaded.

If no '--data' flag is specified and a 'data' directory exists in the current
working directory, it will be used as the default data directory.

For example, if a yaml file was loaded that had the structure:

people:
Expand Down Expand Up @@ -146,7 +149,7 @@ func NewVerifyCommand(ctx context.Context) *cobra.Command {

cmd.Flags().String("capabilities", "", "Path to JSON file that can restrict opa functionality against a given policy. Default: all operations allowed")
cmd.Flags().String("rego-version", "v1", "Which version of Rego syntax to use. Options: v0, v1")
cmd.Flags().StringSliceP("data", "d", []string{}, "A list of paths from which data for the rego policies will be recursively loaded")
cmd.Flags().StringSliceP("data", "d", []string{}, "A list of paths from which data for the rego policies will be recursively loaded (default [data] if the directory exists)")
cmd.Flags().StringSliceP("policy", "p", []string{"policy"}, "Path to the Rego policy files directory")

cmd.Flags().StringSlice("proto-file-dirs", []string{}, "A list of directories containing Protocol Buffer definitions")
Expand Down
7 changes: 7 additions & 0 deletions runner/test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,13 @@ type TestRunner struct {
// Run executes the TestRunner, verifying all Rego policies against the given
// list of configuration files.
func (t *TestRunner) Run(ctx context.Context, fileList []string) (output.CheckResults, error) {
// Apply default data path if no data paths are specified and the default directory exists
if len(t.Data) == 0 {
if info, err := os.Stat("data"); err == nil && info.IsDir() {
t.Data = []string{"data"}
}
}

files, err := parseFileList(fileList, t.Ignore)
if err != nil {
return nil, fmt.Errorf("parse files: %w", err)
Expand Down
8 changes: 8 additions & 0 deletions runner/verify.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"
"context"
"fmt"
"os"
"strings"

"github.com/open-policy-agent/conftest/output"
Expand Down Expand Up @@ -36,6 +37,13 @@ const (

// Run executes the Rego tests for the given policies.
func (r *VerifyRunner) Run(ctx context.Context) (output.CheckResults, []*tester.Result, error) {
// Apply default data path if no data paths are specified and the default directory exists
if len(r.Data) == 0 {
if info, err := os.Stat("data"); err == nil && info.IsDir() {
r.Data = []string{"data"}
}
}

capabilities, err := policy.LoadCapabilities(r.Capabilities)
if err != nil {
return nil, nil, fmt.Errorf("load capabilities: %w", err)
Expand Down