-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rule: no-defined-entrypoint
#355
Conversation
@@ -0,0 +1,26 @@ | |||
# METADATA | |||
# description: No defined entrypoint |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This message is a little short. Suggestions welcome!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something like: Entrypoint annotation missing
? It's the same length, but perhaps gives a little more idea about what's been tested and why Regal is failing here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I went with Missing entrypoint annotation
👍
count(input.aggregate) == 0 | ||
|
||
violation := result.fail(rego.metadata.chain(), {}) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These rules are just so simple! @sesponda note how input aggregate always is defined and at minimum an empty set/array, like how you wanted it to be. This is possible now since we're not even evaluating these rules if aggregate rules are disabled (because only one file linted or for other reasons).
9f927eb
to
481a84c
Compare
@@ -0,0 +1,26 @@ | |||
# METADATA | |||
# description: No defined entrypoint |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something like: Entrypoint annotation missing
? It's the same length, but perhaps gives a little more idea about what's been tested and why Regal is failing here.
allow if { | ||
some role in input.user.roles | ||
role in data.permissions.admin_roles | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would these examples be clearer if the unnamed entrypoint allow
showed how entrypoints often gather the results from various other rules?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah.. I agree that'd be good! I've wanted to make all examples self-contained, so that they'd be copy-pasteable... but might be worth expanding a bit on this example and have a helper rule or two. I'll take a look!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated to include two helper rules :)
Aggregate rule number two, in which we aggregate entrypoint annotations, and fail if we don't find any. Fixes #154 Signed-off-by: Anders Eknert <anders@styra.com>
481a84c
to
c70f207
Compare
Aggregate rule number two, in which we aggregate entrypoint annotations, and fail if we don't find any.
Fixes #154