feat(azure_policy): test runner, compiler fixes, and example program#700
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a YAML-driven Azure Policy test runner and refines Azure Policy compiler/runtime behavior, along with an example CLI workflow and documentation to demonstrate end-to-end policy evaluation.
Changes:
- Introduces/expands the Rust YAML test harness for Azure Policy parsing/compilation/evaluation (including host-await responses) and updates related parser/builtin test inputs.
- Applies several Azure Policy compiler/builtin fixes (template function support errors, template-expression handling, cross-resource effect details shaping, parameter default handling) and adjusts lexer length limits.
- Adds an
azure-policy-eval/azure-policy-aliasesexample flow, C# AliasRegistry tests, and README documentation for Azure Policy usage.
Reviewed changes
Copilot reviewed 36 out of 36 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/lexer/mod.rs | Updates max-column test to reflect increased default/override limits. |
| tests/azure_policy_builtins/cases/date_time_add.yaml | Aligns datetime builtin expectations with normalized ISO-8601 + timezone output. |
| tests/azure_policy/parser_tests/mod.rs | Minor refactor/cleanup in YAML parser test runner variable naming/flow. |
| tests/azure_policy/parser_tests/cases/policy_rule.yaml | Removes old standalone YAML parser-rule suite cases (now covered elsewhere). |
| tests/azure_policy/parser_tests/cases/policy_definition.yaml | Removes old standalone YAML policy-definition parser suite cases. |
| tests/azure_policy/normalization/mod.rs | Removes the prior YAML-driven normalization test runner. |
| tests/azure_policy/normalization/cases/round_trip.yaml | Removes prior normalization round-trip cases. |
| tests/azure_policy/normalization/cases/registry_api.yaml | Removes prior registry API normalization cases. |
| tests/azure_policy/normalization/cases/normalize_sub_resources.yaml | Removes prior sub-resource normalization cases. |
| tests/azure_policy/normalization/cases/normalize_envelope.yaml | Removes prior envelope normalization cases. |
| tests/azure_policy/normalization/cases/normalize_basic.yaml | Removes prior basic normalization cases. |
| tests/azure_policy/normalization/cases/malformed_input.yaml | Removes prior malformed-input normalization/denormalization behavior pinning. |
| tests/azure_policy/normalization/cases/envelope_pipeline.yaml | Removes prior envelope pipeline normalization test cases. |
| tests/azure_policy/normalization/cases/edge_cases.yaml | Removes prior edge-case normalization behavior pinning. |
| tests/azure_policy/normalization/cases/denormalize_basic.yaml | Removes prior basic denormalization cases. |
| tests/azure_policy/normalization/cases/denormalize_aliases.yaml | Removes prior alias-driven denormalization cases. |
| tests/azure_policy/normalization/cases/data_plane_manifest.yaml | Removes prior data-plane manifest normalization cases. |
| tests/azure_policy/normalization/cases/data_plane_breadth.yaml | Removes prior broad data-plane normalization cases. |
| tests/azure_policy/normalization/cases/data_plane_advanced.yaml | Removes prior advanced data-plane normalization cases. |
| tests/azure_policy/mod.rs | Adds the main YAML test runner that compiles and evaluates Azure Policy programs (including host-await wiring). |
| src/utils/limits/length.rs | Raises DEFAULT_MAX_COL to accommodate long Azure Policy template expressions. |
| src/languages/azure_policy/mod.rs | Exposes the Azure Policy compiler module publicly (under rvm). |
| src/languages/azure_policy/compiler/template_dispatch.rs | Returns clear “unsupported” errors for guid/uniqueString template functions. |
| src/languages/azure_policy/compiler/expressions.rs | Adjusts JSON/template-expression compilation to avoid re-parsing already-resolved top-level literals; removes defaults register caching. |
| src/languages/azure_policy/compiler/effects_modify_append.rs | Alters Modify/Append details handling and preserves Modify condition as literal runtime JSON. |
| src/languages/azure_policy/compiler/effects.rs | Narrows cross-resource structured effect details emission to roleDefinitionIds and type. |
| src/languages/azure_policy/compiler/core.rs | Removes cached parameter-defaults register tracking from register cleanup logic. |
| src/builtins/azure_policy/template_functions_misc.rs | Updates notes around guid/uniqueString being unimplemented and template-only. |
| src/builtins/azure_policy/template_functions_datetime.rs | Normalizes datetime parsing/formatting to always emit ISO-8601 with explicit timezone (Z for UTC). |
| examples/regorus/main.rs | Adds azure-policy-eval and azure-policy-aliases subcommands (feature-gated). |
| examples/regorus/azure_policy_data/require_https_storage.json | Adds a sample Azure Policy definition used by the example CLI. |
| examples/regorus/azure_policy_data/non_compliant_storage.json | Adds a non-compliant sample resource for the example CLI. |
| examples/regorus/azure_policy_data/compliant_storage.json | Adds a compliant sample resource for the example CLI. |
| examples/regorus/azure_policy.rs | Implements the Azure Policy example subcommands: compile + normalize + evaluate pipeline, plus alias listing. |
| bindings/csharp/Regorus.Tests/AzurePolicyTests.cs | Adds C# AliasRegistry normalization/denormalization tests via bindings. |
| README.md | Documents Azure Policy preview support and provides quick-start commands. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 36 out of 36 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
anakrish
force-pushed
the
azure-policy-compiler-pr-5c
branch
from
658c039 to
71b0bfb
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 45 out of 45 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
anakrish
force-pushed
the
azure-policy-compiler-pr-5c
branch
3 times, most recently
from
78a14e6 to
a2d00ee
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 41 out of 41 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
anakrish
force-pushed
the
azure-policy-compiler-pr-5c
branch
from
a2d00ee to
4f82f47
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 41 out of 41 changed files in this pull request and generated 3 comments.
Comments suppressed due to low confidence (2)
examples/regorus/main.rs:7
mod azure_policyis gated only onfeature = "azure_policy", but the module (and theAzurePolicyEvalsubcommand) usesregorus::rvmand the Azure Policycompilermodule, which are behindfeature = "rvm". Building with--no-default-features --features azure_policywill fail to compile. Consider gating the module/subcommand onall(feature = "azure_policy", feature = "rvm"), or splitting the module so non-RVM pieces (like alias listing) can still compile withoutrvm.
examples/regorus/main.rs:308- Both
AzurePolicyEvalandAzurePolicyAliasesvariants are gated only onfeature = "azure_policy", butAzurePolicyEvalrequiresrvm(RegoVM + compiler). If you wantazure-policy-aliasesto be usable withoutrvm, gate only the eval variant onall(feature = "azure_policy", feature = "rvm")and keep the aliases variant onfeature = "azure_policy"(and adjust theazure_policymodule accordingly).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
anakrish
force-pushed
the
azure-policy-compiler-pr-5c
branch
2 times, most recently
from
9a1dd30 to
ebf05fb
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 41 out of 41 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
anakrish
force-pushed
the
azure-policy-compiler-pr-5c
branch
4 times, most recently
from
d0e35bb to
a5f7566
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
anakrish
force-pushed
the
azure-policy-compiler-pr-5c
branch
from
9e5ab34 to
ea596ed
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
anakrish
force-pushed
the
azure-policy-compiler-pr-5c
branch
from
ea596ed to
cd71ce7
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Adds the YAML test runner that exercises the companion test data PRs, plus several compiler fixes surfaced during testing: - Removed parameter register caching that produced wrong results inside short-circuiting allOf/anyOf blocks; added literal-index caching for parameter defaults to avoid repeated O(n) literal-table scans - Simplified cross-resource effect details to only emit roleDefinitionIds and type (deployment templates are not evaluated for compliance) - Replaced guid/uniqueString builtins with clear "unsupported" errors - Normalized datetime output to ISO 8601 with Z suffix - Added azure_policy parser MAX_COL constant (8192) for long template expressions, keeping the global DEFAULT_MAX_COL at 1024 - Added rvm to azure_policy feature dependencies since the compiler targets RVM bytecode Also restructures the example binary into examples/regorus/ with new azure-policy-eval and azure-policy-aliases subcommands, adds C# alias normalization tests, and documents Azure Policy support in the README. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Anand Krishnamoorthi <anakrish@microsoft.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Adds the YAML test runner that exercises the test data from #698 and #699, plus several compiler fixes surfaced during testing:
rvmtoazure_policyfeature dependencies since the compiler targets RVM bytecodeAlso restructures the example binary into
examples/regorus/with newazure-policy-evalandazure-policy-aliasessubcommands, adds C# alias normalization tests, and documents Azure Policy support in the README.Part 3 of 3 — split from #695 to enable Copilot review. #698 and #699 are merged.