-
Notifications
You must be signed in to change notification settings - Fork 534
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2467 from snyk/feat/iac-yaml-support
#### What does this PR do? This PR bumps @open-policy-agent/opa-wasm to [1.6.0](https://github.com/open-policy-agent/npm-opa-wasm/releases/tag/1.6.0) to include support for the `yaml.unmarshal()` function in Rego and support for Node 10. This allows the `snyk iac` command to support additional policies that unmarshall YAML content within Terraform configuration. #### Where should the reviewer start? package.json is the primary change here but the implementation of `yaml.unmarshal()` is here: open-policy-agent/npm-opa-wasm#100 This also removes the use of the `mock-fs` package in the file-scanner.spec.ts test as the opa-wasm package will use `console.error` to write out a warning to stderr when loading the wasm fixture and this somehow causes `mock-fs` to throw the following error bringing the test suite down: ``` ENOENT: no such file or directory, lstat '/Users/Aron/Code/snyk/node_modules/@jest/console/node_modules' ``` Rather than debug this weird behavior we've decided to just mock out the function that loads the fixtures directly in the test suite. #### How should this be manually tested? [rules.zip](https://github.com/snyk/snyk/files/7719060/rules.zip) Download the above zip file containing a custom rules bundle and unzip: With the `snyk-iac-rules` tool build a custom bundle: ``` % snyk-iac-rules build ``` Then test the fixture with the latest snyk cli: ``` % snyk-dev iac test --rules=bundle.tar.gz rules/HELLO/fixtures/sg.tf ``` You should see 15 issues found vs. 14 when run with current snyk. #### What are the relevant tickets? [CFG-1271]
- Loading branch information
Showing
5 changed files
with
59 additions
and
53 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters