Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECENG-679] added eval policy subcommand to get raw opa evalution #761

Merged
merged 3 commits into from
Jul 28, 2022
Merged

[SECENG-679] added eval policy subcommand to get raw opa evalution #761

merged 3 commits into from
Jul 28, 2022

Conversation

sagar-connect
Copy link
Contributor

@sagar-connect sagar-connect commented Jul 27, 2022
edited
Loading

Checklist

=========

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have checked for similar issues and haven't found anything relevant.
  • This is not a security issue (which should be reported here: https://circleci.com/security/)
  • I have read Contribution Guidelines.

Changes

=======

  • Added eval subcommand under policy command
  • added unit-tests for eval subcommand
  • moved owner-id flag declaration from policy root to individual subcommands

Rationale

=========

The rationale behind adding subcommand is allowing the advanced users of our circleci-policy-agent to obtain raw opa evaluation response and evaluate whether our helper functions are working as intended.

Considerations

==============

The owner-id flag isn't declared at root policy command level, because for eval subcommand it is not needed. and decide` subcommand it is optional.

@codecov
Copy link

codecov bot commented Jul 27, 2022
edited
Loading

Codecov Report

Merging #761 (b03b8d7) into master (f06195a) will increase coverage by 0.34%.
The diff coverage is 66.29%.

@@            Coverage Diff             @@
##           master     #761      +/-   ##
==========================================
+ Coverage   32.64%   32.99%   +0.34%     
==========================================
  Files          46       46              
  Lines        5413     5477      +64     
==========================================
+ Hits         1767     1807      +40     
- Misses       3390     3402      +12     
- Partials      256      268      +12
Impacted Files Coverage Δ
cmd/policy/policy.go 77.38% <66.29%> (-4.35%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f06195a...b03b8d7. Read the comment docs.

@sagar-connect sagar-connect marked this pull request as ready for review July 27, 2022 20:26
@sagar-connect sagar-connect requested a review from a team as a code owner July 27, 2022 20:26
@davidmdm
Copy link
Contributor

There's a lot of common code in getLocalDecision and getLocalEvaluation, (especially around loading policy files from the FS). I am not generally someone who recommends anything DRY. but this may be a good candidate.

@davidmdm
Copy link
Contributor

Secondly I believe eval should take a positional argument (although a flag would be acceptable) to let them specify the query.

Sometimes all I want to know is if my helper rule has the output I expect, and as a customer I don't necessarily want to query the whole data document but only my helper.

circle policy eval --policy ./policy.rego --input ./config.yml --query data.org.my_helper_rule

@sagar-connect sagar-connect merged commit 366cc54 into master Jul 28, 2022
@sagar-connect sagar-connect deleted the SECENG-679-policy-raw-opa-eval-command branch July 28, 2022 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidmdm davidmdm davidmdm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sagar-connect @davidmdm