feat: support optional message

f2c7f476 · Roy Hadad · 9442127f · f2c7f476 · f2c7f476 · f2c7f476
Commit f2c7f476 authored 2 years ago by Roy Hadad
Hide whitespace changes
Inline Side-by-side

Showing

with 46 additions and 25 deletions
+46 -25
--- a/internal/fixtures/regoDemo/regoRules/main.rego
+++ b/internal/fixtures/regoDemo/regoRules/main.rego
@@ -13,5 +13,5 @@ deny[error] {

 deny[error] {
    compute.isKindDeployment
-    error := { "ruleID": "REGO_RULE_3", "message": "this rule failed, here is why 3" }
+    error := { "ruleID": "REGO_RULE_3" }
 }
--- a/pkg/evaluation/evaluator.go
+++ b/pkg/evaluation/evaluator.go
@@ -160,10 +160,12 @@ func (e *Evaluator) evaluateConfiguration(failedRulesByFiles FailedRulesByFiles,
 	skipAnnotations := extractSkipAnnotations(configuration)
 	for _, rule := range policyCheckData.Policy.Rules {
 		if rule.IsRegoRule {
-			if regoRulesResults[rule.RuleIdentifier] != "" {
-
-				messageOnFailure := regoRulesResults[rule.RuleIdentifier]
-				if messageOnFailure == "" {
+			currentRegoRuleFailure := regoRulesResults[rule.RuleIdentifier]
+			if currentRegoRuleFailure != nil {
+				var messageOnFailure string
+				if currentRegoRuleFailure.Message != "" {
+					messageOnFailure = currentRegoRuleFailure.Message
+				} else {
 					messageOnFailure = rule.MessageOnFailure
 				}

@@ -171,15 +173,13 @@ func (e *Evaluator) evaluateConfiguration(failedRulesByFiles FailedRulesByFiles,
 					Name:             rule.RuleName,
 					DocumentationUrl: "",
 					MessageOnFailure: messageOnFailure,
-					Configurations: []cliClient.Configuration{
-						{
-							Name:        configuration.MetadataName,
-							Kind:        configuration.Kind,
-							Occurrences: 1,     // TODO add occurrences count
-							IsSkipped:   false, // TODO add skip support
-							SkipMessage: "",
-						},
-					},
+					Configurations: []cliClient.Configuration{{
+						Name:        configuration.MetadataName,
+						Kind:        configuration.Kind,
+						Occurrences: currentRegoRuleFailure.Occurrences,
+						IsSkipped:   false, // TODO add skip support
+						SkipMessage: "",
+					}},
 				})
 			}
 			continue

--- a/pkg/rego/rego.go
+++ b/pkg/rego/rego.go
@@ -17,9 +17,15 @@ type DenyItem struct {

 type DenyArray []DenyItem

-type RegoRulesResults map[string]string
+type RegoRuleFailure struct {
+	RuleID      string
+	Message     string
+	Occurrences int
+}
+
+type RegoRulesFailures map[string]*RegoRuleFailure

-func GetRegoRulesFailures(regoRulesFiles *FilesAsStruct, configurationJson string) (regoRulesResults RegoRulesResults) {
+func GetRegoRulesFailures(regoRulesFiles *FilesAsStruct, configurationJson string) (regoRulesResults RegoRulesFailures) {
 	var paths []string
 	for k := range *regoRulesFiles {
 		paths = append(paths, k)
@@ -30,12 +36,22 @@ func GetRegoRulesFailures(regoRulesFiles *FilesAsStruct, configurationJson strin
 		denyArray = runRegoRule(paths, configurationJson)
 	})

-	regoRulesResults = make(RegoRulesResults)
+	regoRulesResults = make(RegoRulesFailures)
 	for _, denyItem := range denyArray {
-		if regoRulesResults[denyItem.ruleID] == "" {
-			regoRulesResults[denyItem.ruleID] = denyItem.message
+		currentRuleFailure := regoRulesResults[denyItem.ruleID]
+		if currentRuleFailure == nil {
+			regoRulesResults[denyItem.ruleID] = &RegoRuleFailure{
+				RuleID:      denyItem.ruleID,
+				Message:     denyItem.message,
+				Occurrences: 1,
+			}
 		} else {
-			regoRulesResults[denyItem.ruleID] = regoRulesResults[denyItem.ruleID] + ", " + denyItem.message
+			currentRuleFailure.Occurrences++
+			if currentRuleFailure.Message != "" && denyItem.message != "" {
+				currentRuleFailure.Message = currentRuleFailure.Message + ", " + denyItem.message
+			} else if denyItem.message != "" {
+				currentRuleFailure.Message = denyItem.message
+			}
 		}
 	}

@@ -81,16 +97,21 @@ func runRegoRule(regoFilePaths []string, yamlFileToTest string) DenyArray {
 			log.Fatal("Error: could not convert result to DenyItem")
 		}

-		// TODO support optional message
-		itemMessage, ok1 := denyItemConverted["message"].(string)
-		itemRuleID, ok2 := denyItemConverted["ruleID"].(string)
+		optionalMessage := denyItemConverted["message"]
+		var optionalMessageAsString string
+		if optionalMessage != nil {
+			optionalMessageAsString = optionalMessage.(string)
+		} else {
+			optionalMessageAsString = ""
+		}

-		if !ok1 || !ok2 {
+		itemRuleID, ok := denyItemConverted["ruleID"].(string)
+		if !ok {
 			log.Fatal("Error: could not convert result to DenyItem")
 		}

 		return DenyItem{
-			message: itemMessage,
+			message: optionalMessageAsString,
 			ruleID:  itemRuleID,
 		}
 	})