-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rule: prefer-package-imports
#349
Conversation
b0c38fc
to
35dce6d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me!
@@ -565,15 +571,76 @@ func (l Linter) lintWithRegoRules( | |||
} | |||
} | |||
|
|||
func (l Linter) lintWithRegoAggregateRules( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does it makes sense to cover this in linter_test too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added a simple test 👍 And as it's covered by an e2e test too it's probably good enough for the time being.
aggregate_report contains violation if { | ||
all_package_paths := {pkg | | ||
some entry in input.aggregate | ||
pkg := entry.aggregate_data.package_path |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Even if a file has no imports, its package path will still be set here right? I think this is the case, but just wanted to check that all_package_paths
will be set to all packages, rather than all packages with imports.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep!
This builds upon the design laid out in #282, and on @sesponda's excellent work on that. My approach for testing this was to implement an actual "real world" linter rule from the backlog, and `prefer-package-imports` seemed like a good choice. The rule aggregates package names (or paths) from each input file, along with any import paths. The report rule then checks each import collected against the list of package paths to determine if the import matches a package. If not, the rule will consider that a violation. As is often the case when real world meets the original design, "some" modifications proved to be necessary. The collection of aggregate data is now run alongside the usual linter rule evaluation, as we conveniently may use the same input files for aggregating data. Once that's done, we now send another eval call using only the data aggregated as input. Each aggregate rule is now provided only the data aggregated by _that rule_, so there's no need for policy authors to traverse through all of the aggregates, but one may simply refer to the `input.aggregate` array for the same set of entries as one collected previously. I've also had to add an alternative schema for the input when these rules are evaluated (currently only enforced by `regal test`). Perhaps `anyOf` would be a better option than two separate schemas, but I'll explore that at a later point. Fixes #326 Fixes #343 Signed-off-by: Anders Eknert <anders@styra.com>
35dce6d
to
9a6994e
Compare
This builds upon the design laid out in #282, and on @sesponda's excellent work on that. My approach for testing this was to implement an actual "real world" linter rule from the backlog, and
prefer-package-imports
seemed like a goodchoice. The rule aggregates package names (or paths) from each input file, along with any import paths.
The report rule then checks each import collected against the list of package paths to determine if the import matches a package. If not, the rule will consider that a violation.
As is often the case when real world meets the original design, "some" modifications proved to be necessary.
The collection of aggregate data is now run alongside the usual linter rule evaluation, as we conveniently may use the same input files for aggregating data. Once that's done, we now send another eval call using only the data aggregated as input. Each aggregate rule is now provided only the data aggregated by that rule, so there's no need for policy authors to traverse through all of the aggregates, but one may simply refer to the
input.aggregate
array for the same set of entries as one collected previously.I've also had to add an alternative schema for the input when these rules are evaluated (currently only enforced by
regal test
). PerhapsanyOf
would be a better option than two separate schemas, but I'll explore that at a later point.Fixes #326
Fixes #343