Skip to content

Commit

Permalink
only check schemas when schemas are provided (open-policy-agent#7124)
Browse files Browse the repository at this point in the history
only check schemas when schemas are provided

Signed-off-by: Tyler Schade <[email protected]>
  • Loading branch information
tjons authored Oct 18, 2024
1 parent d7ec933 commit 555fe84
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 7 deletions.
3 changes: 2 additions & 1 deletion ast/check.go
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,8 @@ func (tc *typeChecker) checkRule(env *TypeEnv, as *AnnotationSet, rule *Rule) {
}

ref := schemaAnnot.Path
if ref == nil && refType == nil {
// if we do not have a ref or a reftype, we should not evaluate this rule.
if ref == nil || refType == nil {
continue
}

Expand Down
22 changes: 16 additions & 6 deletions cmd/check_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@ func TestCheckFailsOnInvalidRego(t *testing.T) {

// Assert that 'schemas' annotations with schema refs are only informing the type checker when the --schema flag is used
func TestCheckWithSchemasAnnotationButNoSchemaFlag(t *testing.T) {
policyWithSchemaRef := `
policiesWithSchemaRef := []string{`
package test
import rego.v1
# METADATA
Expand All @@ -220,11 +220,21 @@ import rego.v1
p if {
rego.metadata.rule() # presence of rego.metadata.* calls must not trigger unwanted schema evaluation
input.foo == 42 # type mismatch with schema that should be ignored
}`
}`,
`
package p
err := testCheckWithSchemasAnnotationButNoSchemaFlag(policyWithSchemaRef)
if err != nil {
t.Fatalf("unexpected error from eval with schema ref: %v", err)
# METADATA
# schemas:
# - data.p.x: schema["nope"]
bug := data.p.x
`}

for i, pol := range policiesWithSchemaRef {
err := testCheckWithSchemasAnnotationButNoSchemaFlag(pol)
if err != nil {
t.Fatalf("unexpected error from eval policy %d with schema ref: %v", i, err)
}
}

policyWithInlinedSchema := `
Expand All @@ -238,7 +248,7 @@ p if {
input.foo == 42 # type mismatch with schema that should be ignored
}`

err = testCheckWithSchemasAnnotationButNoSchemaFlag(policyWithInlinedSchema)
err := testCheckWithSchemasAnnotationButNoSchemaFlag(policyWithInlinedSchema)
// We expect an error here, as inlined schemas are always used for type checking
if !strings.Contains(err.Error(), "rego_type_error: match error") {
t.Fatalf("unexpected error from eval with inlined schema, got: %v", err)
Expand Down

0 comments on commit 555fe84

Please sign in to comment.