opa

package

v0.6.0 Latest Latest Go to latest Published: Feb 23, 2024 License: MPL-2.0 Imports: 34 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/terraform-linters/tflint-ruleset-opa

Links

Open Source Insights

Documentation ¶

Index ¶

func Functions(runner tflint.Runner) []func(*rego.Rego)
func MockFunctions() []func(*rego.Rego)
func NewTestRunner(files map[string]string) (*testRunner, hcl.Diagnostics)
func TesterFunctions(runner tflint.Runner) []*tester.Builtin
func TesterMockFunctions() []*tester.Builtin
type Config
type Engine
- func NewEngine(ret *loader.Result) (*Engine, error)
- func (e *Engine) RunQuery(rule *Rule, runner tflint.Runner) ([]*Issue, error)
- func (e *Engine) RunTest(rule *TestRule, runner tflint.Runner) ([]*Issue, error)
type Issue
type Rule
- func NewRule(regoRule *ast.Rule, engine *Engine) *Rule
type RuleSet
type TestRule
- func NewTestRule(regoRule *ast.Rule, engine *Engine) *TestRule

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Functions ¶

func Functions(runner tflint.Runner) []func(*rego.Rego)

Functions return custom functions as Rego options.

func MockFunctions ¶

func MockFunctions() []func(*rego.Rego)

MockFunctions return mocks for custom functions as Rego options. Mock functions are usually not needed outside of testing, but are provided for compilation.

func NewTestRunner ¶

func NewTestRunner(files map[string]string) (*testRunner, hcl.Diagnostics)

func TesterFunctions ¶

func TesterFunctions(runner tflint.Runner) []*tester.Builtin

TesterFunctions return custom functions as tester.Builtin.

func TesterMockFunctions ¶

func TesterMockFunctions() []*tester.Builtin

TesterMockFunctions return mocks for custom functions.

Types ¶

type Config ¶

type Config struct {
	PolicyDir string `hclext:"policy_dir,optional"`
}

Config is the configuration for the ruleset.

type Engine ¶

type Engine struct {
	// contains filtered or unexported fields
}

Engine evaluates policies and returns issues. In other words, this is a wrapper of rego.New(...).Eval().

func NewEngine ¶

func NewEngine(ret *loader.Result) (*Engine, error)

NewEngine returns a new engine based on the policies loaded

func (*Engine) RunQuery ¶

func (e *Engine) RunQuery(rule *Rule, runner tflint.Runner) ([]*Issue, error)

RunQuery executes a query referencing a rule and returns the generated Set document as Result. rego.ResultSet is parsed according to the following conventions:

- All rules should be under the "tflint" package - Rule should return a tflint.issue()

Example:

```

deny_test[issue] {
  [condition]

  issue := tflint.issue("not allowed", resource.decl_range)
}

```

func (*Engine) RunTest ¶

func (e *Engine) RunTest(rule *TestRule, runner tflint.Runner) ([]*Issue, error)

RunTest runs a policy test. The details are hidden inside open-policy-agent/opa/tester and this is a wrapper of it. Test results are emitted as issues if failed or errored.

A runner is provided, but in many cases the runner is never actually used, as test runners are generated inside mock functions. See TesterMockFunctions for details.

type Rule ¶

type Rule struct {
	tflint.DefaultRule
	// contains filtered or unexported fields
}

Rule is a container for rules defined by Rego to satisfy tflint.Rule

func NewRule ¶

func NewRule(regoRule *ast.Rule, engine *Engine) *Rule

NewRule returns a tflint.Rule from a Rego rule. Note that the rule names in TFLint and in Rego are different.

func (*Rule) Check ¶

func (r *Rule) Check(runner tflint.Runner) error

func (*Rule) Enabled ¶

func (r *Rule) Enabled() bool

func (*Rule) Link ¶

func (r *Rule) Link() string

func (*Rule) Name ¶

func (r *Rule) Name() string

func (*Rule) RegoName ¶

func (r *Rule) RegoName() string

func (*Rule) Severity ¶

func (r *Rule) Severity() tflint.Severity

func (*RuleSet) ApplyConfig ¶

func (r *RuleSet) ApplyConfig(body *hclext.BodyContent) error

ApplyConfig loads policies and generates TFLint rules. Run ApplyGlobalConfig after the rules are generated.

func (*RuleSet) ApplyGlobalConfig ¶

func (r *RuleSet) ApplyGlobalConfig(config *tflint.Config) error

ApplyGlobalConfig is normally not expected to be overridden, but since rules are defined dynamically by Rego, it's inconvenient to enable/disable rules here (Called in the order ApplyGlobalConfig -> ApplyConfig). So just save the config so that it can be applied after ApplyConfig.

func (*RuleSet) ConfigSchema ¶

func (r *RuleSet) ConfigSchema() *hclext.BodySchema

type TestRule ¶

type TestRule struct {
	tflint.DefaultRule
	// contains filtered or unexported fields
}

TestRule is a container for tests defined by Rego to satisfy tflint.Rule

func NewTestRule ¶

func NewTestRule(regoRule *ast.Rule, engine *Engine) *TestRule

NewTestRule returns a tflint.Rule from a Rego rule. Note that the rule names in TFLint and in Rego are different.

func (*TestRule) Check ¶

func (r *TestRule) Check(runner tflint.Runner) error

func (*TestRule) Enabled ¶

func (r *TestRule) Enabled() bool

func (*TestRule) Link ¶

func (r *TestRule) Link() string

func (*TestRule) Name ¶

func (r *TestRule) Name() string

func (*TestRule) RegoName ¶

func (r *TestRule) RegoName() string

func (*TestRule) Severity ¶

func (r *TestRule) Severity() tflint.Severity

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

opa