feat: do not download bundle in cli

We can now download the bundle in the snyk-iac-test executable, so we don't need to download it here. We are leaving the env variable `IAC_BUNDLE_PATH` in place, so that it can be used for local development and debugging.
snyk · Oct 19, 2022 · d339015 · d339015
1 parent 10190c0
commit d339015
Show file tree

Hide file tree

Showing 11 changed files with 22 additions and 425 deletions.
diff --git a/src/cli/commands/test/iac/local-execution/types.ts b/src/cli/commands/test/iac/local-execution/types.ts
@@ -364,8 +364,6 @@ export enum IaCErrorCodes {
 
   // Rules bundle errors.
   InvalidUserRulesBundlePathError = 1130,
-  FailedToDownloadRulesBundleError = 1131,
-  FailedToCacheRulesBundleError = 1132,
 
   // Unified Policy Engine executable errors.
   InvalidUserPolicyEnginePathError = 1140,

diff --git a/src/lib/iac/test/v2/errors.ts b/src/lib/iac/test/v2/errors.ts
@@ -10,7 +10,7 @@ const snykIacTestErrorsUserMessages = {
   NoPaths: 'No valid paths were provided',
   CwdTraversal:
     'Running the scan from outside of the current working directory is not supported',
-  NoBundle: 'A rules bundle were not provided',
+  NoBundle: 'A rule bundle was not provided',
   OpenBundle: "The Snyk CLI couldn't open the rules bundle",
   InvalidSeverityThreshold:
     'The provided severity threshold is invalid. The following values are supported: "low", "medium", "high", "critical"',

diff --git a/src/lib/iac/test/v2/local-cache/index.ts b/src/lib/iac/test/v2/local-cache/index.ts
@@ -1,5 +1,5 @@
 import { TestConfig } from '../types';
-import { initRulesBundle } from './rules-bundle';
+import { getLocalRulesBundle } from './rules-bundle';
 import { initPolicyEngine } from './policy-engine';
 import { createDirIfNotExists } from '../../../file-utils';
 import { CustomError } from '../../../../errors';
@@ -17,7 +17,7 @@ export async function initLocalCache(
     await createDirIfNotExists(testConfig.iacCachePath);
 
     const policyEnginePath = await initPolicyEngine(testConfig);
-    const rulesBundlePath = await initRulesBundle(testConfig);
+    const rulesBundlePath = getLocalRulesBundle();
 
     return { policyEnginePath, rulesBundlePath };
   } catch (err) {

diff --git a/src/lib/iac/test/v2/local-cache/policy-engine/constants/utils.ts b/src/lib/iac/test/v2/local-cache/policy-engine/constants/utils.ts
@@ -1,12 +1,12 @@
 import * as os from 'os';
 
 const policyEngineChecksums = `
-289368b4e85d455c619b7f25e1680ca520e61f0bd727a02b55adeff85980ee57  snyk-iac-test_0.33.5_Linux_arm64
-51092d8e7bb51a0b7323f5e8f072d9f6690e2cc81561eba0615e847f68f00731  snyk-iac-test_0.33.5_Linux_x86_64
-6836d69eb527cf9ae8d87327278624ca3a487afff86da5a87c81d4a1a8785ce9  snyk-iac-test_0.33.5_Darwin_arm64
-83740d8b61000b986a6092188897b98dbeea634c64840c8beaaf9199f7055b68  snyk-iac-test_0.33.5_Darwin_x86_64
-bdc42a135e8319768841f56f0985722a7aabdc8c6259b9e426dc55efc37ecf61  snyk-iac-test_0.33.5_Windows_x86_64.exe
-cb34a3e8aaddebe2e2ba01c62c042723f832c686626cad1e15e296b7a0c0106c  snyk-iac-test_0.33.5_Windows_arm64.exe
+01cd66d6d7f18fb3fa191dd5acf948c17951176464eec77a391794b365f55e2d  snyk-iac-test_0.34.0_Linux_x86_64
+0e1c3d9a961b5fbb701449fc7b4640d598831997b259ab99ff7ce53a8e792aa4  snyk-iac-test_0.34.0_Windows_arm64.exe
+74a23e9fd003f69687cb3aedf7124a51a77011710a9b3d7ff78eb8f80f6c749a  snyk-iac-test_0.34.0_Linux_arm64
+7a5ef250f9cc70b403ee8e7a1a5c471835712b097119e170ee3b6edf8ecaac71  snyk-iac-test_0.34.0_Windows_x86_64.exe
+820ee51cf1511cf61f42be4bbfed5c9d0bcf630f573ba2626312bfcb2b1f1520  snyk-iac-test_0.34.0_Darwin_x86_64
+eb015f6e79c3ee30b3ce536b2f024a361019aef3d939149d3e7e143710328174  snyk-iac-test_0.34.0_Darwin_arm64
 `;
 
 export const policyEngineVersion = getPolicyEngineVersion();

diff --git a/src/lib/iac/test/v2/local-cache/rules-bundle/download.ts b/src/lib/iac/test/v2/local-cache/rules-bundle/download.ts
diff --git a/src/lib/iac/test/v2/local-cache/rules-bundle/index.ts b/src/lib/iac/test/v2/local-cache/rules-bundle/index.ts
@@ -1,10 +1,14 @@
-import { TestConfig } from '../../types';
-import { downloadRulesBundle } from './download';
+import config from '../../../../../config';
+import * as createDebugLogger from 'debug';
 
-export async function initRulesBundle(testConfig: TestConfig): Promise<string> {
-  // We are currently using the legacy rules bundle and we need to re-download it each time to use the latest one available.
-  // debugLogger('Looking for rules bundle locally');
-  // let rulesBundlePath = await lookupLocalRulesBundle(testConfig);
+const debugLog = createDebugLogger('snyk-iac');
 
-  return await downloadRulesBundle(testConfig);
+export function getLocalRulesBundle(): string {
+  // IAC_BUNDLE_PATH is a developer setting that is not useful to most users. It
+  // is not a replacement for custom rules.
+  if (!config.IAC_BUNDLE_PATH) {
+    return '';
+  }
+  debugLog(`Located a local rules bundle at ${config.IAC_BUNDLE_PATH}`);
+  return config.IAC_BUNDLE_PATH;
 }
diff --git a/src/lib/iac/test/v2/local-cache/rules-bundle/lookup-local.ts b/src/lib/iac/test/v2/local-cache/rules-bundle/lookup-local.ts
diff --git a/test/jest/unit/cli/commands/test/iac/v2/index.spec.ts b/test/jest/unit/cli/commands/test/iac/v2/index.spec.ts
@@ -4,7 +4,6 @@ import chalk from 'chalk';
 
 import * as scanLib from '../../../../../../../../src/lib/iac/test/v2/scan';
 import * as downloadPolicyEngineLib from '../../../../../../../../src/lib/iac/test/v2/local-cache/policy-engine/download';
-import * as downloadRulesBundleLib from '../../../../../../../../src/lib/iac/test/v2/local-cache/rules-bundle/download';
 import { test } from '../../../../../../../../src/cli/commands/test/iac/v2/index';
 import { isValidJSONString } from '../../../../../../acceptance/iac/helpers';
 import { SnykIacTestError } from '../../../../../../../../src/lib/iac/test/v2/errors';
@@ -86,10 +85,6 @@ describe('test', () => {
     jest
       .spyOn(downloadPolicyEngineLib, 'downloadPolicyEngine')
       .mockResolvedValue('');
-
-    jest
-      .spyOn(downloadRulesBundleLib, 'downloadRulesBundle')
-      .mockResolvedValue('');
   });
 
   afterEach(() => {

diff --git a/test/jest/unit/lib/iac/test/v2/setup/local-cache/index.spec.ts b/test/jest/unit/lib/iac/test/v2/setup/local-cache/index.spec.ts
@@ -1,6 +1,5 @@
 import * as pathLib from 'path';
 import * as initPolicyEngineLib from '../../../../../../../../../src/lib/iac/test/v2/local-cache/policy-engine';
-import * as initRulesBundleLib from '../../../../../../../../../src/lib/iac/test/v2/local-cache/rules-bundle';
 import * as fileUtils from '../../../../../../../../../src/lib/iac/file-utils';
 import { initLocalCache } from '../../../../../../../../../src/lib/iac/test/v2/local-cache';
 import { TestConfig } from '../../../../../../../../../src/lib/iac/test/v2/types';
@@ -12,141 +11,88 @@ describe('initLocalCache', () => {
   });
 
   it('creates the IaC cache directory if it does not exist', async () => {
-    // Arrange
     const testPolicyEnginePath = 'test-policy-engine-path';
-    const testRulesBundlePath = 'test-rules-bundle-path';
     const testTestConfig = {
       iacCachePath: pathLib.join('iac', 'cache', 'path'),
     } as TestConfig;
 
     jest
       .spyOn(initPolicyEngineLib, 'initPolicyEngine')
       .mockImplementation(async () => testPolicyEnginePath);
-    jest
-      .spyOn(initRulesBundleLib, 'initRulesBundle')
-      .mockImplementation(async () => testRulesBundlePath);
     const createDirIfNotExistsSpy = jest
       .spyOn(fileUtils, 'createDirIfNotExists')
       .mockImplementation(async () => undefined);
 
-    // Act
     await initLocalCache(testTestConfig);
 
-    // Assert
     expect(createDirIfNotExistsSpy).toHaveBeenCalledWith(
       testTestConfig.iacCachePath,
     );
   });
 
   it('initializes the Policy Engine executable', async () => {
-    // Arrange
     const testPolicyEnginePath = 'test-policy-engine-path';
-    const testRulesBundlePath = 'test-rules-bundle-path';
     const testTestConfig = {
       iacCachePath: pathLib.join('iac', 'cache', 'path'),
     } as TestConfig;
 
     const initPolicyEngineSpy = jest
       .spyOn(initPolicyEngineLib, 'initPolicyEngine')
       .mockImplementation(async () => testPolicyEnginePath);
-    jest
-      .spyOn(initRulesBundleLib, 'initRulesBundle')
-      .mockImplementation(async () => testRulesBundlePath);
     jest
       .spyOn(fileUtils, 'createDirIfNotExists')
       .mockImplementation(async () => undefined);
 
-    // Act
     await initLocalCache(testTestConfig);
 
-    // Assert
     expect(initPolicyEngineSpy).toHaveBeenCalledWith(testTestConfig);
   });
 
-  it('initializes the rules bundle', async () => {
-    // Arrange
-    const testPolicyEnginePath = 'test-policy-engine-path';
-    const testRulesBundlePath = 'test-rules-bundle-path';
-    const testTestConfig = {
-      iacCachePath: pathLib.join('iac', 'cache', 'path'),
-    } as TestConfig;
-
-    jest
-      .spyOn(initPolicyEngineLib, 'initPolicyEngine')
-      .mockImplementation(async () => testPolicyEnginePath);
-    const initRulesSpy = jest
-      .spyOn(initRulesBundleLib, 'initRulesBundle')
-      .mockImplementation(async () => testRulesBundlePath);
-    jest
-      .spyOn(fileUtils, 'createDirIfNotExists')
-      .mockImplementation(async () => undefined);
-
-    // Act
-    await initLocalCache(testTestConfig);
-
-    // Assert
-    expect(initRulesSpy).toHaveBeenCalledWith(testTestConfig);
-  });
-
-  it('returns the cached resrouce paths', async () => {
-    // Arrange
+  it('returns the cached resource paths', async () => {
     const testPolicyEnginePath = 'test-policy-engine-path';
-    const testRulesBundlePath = 'test-rules-bundle-path';
     const testTestConfig = {
       iacCachePath: pathLib.join('iac', 'cache', 'path'),
     } as TestConfig;
 
     jest
       .spyOn(initPolicyEngineLib, 'initPolicyEngine')
       .mockImplementation(async () => testPolicyEnginePath);
-    jest
-      .spyOn(initRulesBundleLib, 'initRulesBundle')
-      .mockImplementation(async () => testRulesBundlePath);
     jest
       .spyOn(fileUtils, 'createDirIfNotExists')
       .mockImplementation(async () => undefined);
 
     const expected = {
       policyEnginePath: testPolicyEnginePath,
-      rulesBundlePath: testRulesBundlePath,
+      rulesBundlePath: '',
     };
-    // Act
     const res = await initLocalCache(testTestConfig);
 
-    // Assert
     expect(res).toStrictEqual(expected);
   });
 
   describe.each`
     failingResource               | module                 | methodName
     ${'cache directory'}          | ${fileUtils}           | ${'createDirIfNotExists'}
     ${'Policy Engine executable'} | ${initPolicyEngineLib} | ${'initPolicyEngine'}
-    ${'rules bundle'}             | ${initRulesBundleLib}  | ${'initRulesBundle'}
   `(
     'when the initialization for the $failingResource fails',
     ({ module, methodName }) => {
       it('throws an error', async () => {
-        // Arrange
         const testPolicyEnginePath = 'test-policy-engine-path';
-        const testRulesBundlePath = 'test-rules-bundle-path';
         const testTestConfig = {
           iacCachePath: pathLib.join('iac', 'cache', 'path'),
         } as TestConfig;
 
         jest
           .spyOn(initPolicyEngineLib, 'initPolicyEngine')
           .mockImplementation(async () => testPolicyEnginePath);
-        jest
-          .spyOn(initRulesBundleLib, 'initRulesBundle')
-          .mockImplementation(async () => testRulesBundlePath);
         jest
           .spyOn(fileUtils, 'createDirIfNotExists')
           .mockImplementation(async () => undefined);
         jest.spyOn(module, methodName).mockImplementation(async () => {
           throw new FailedToInitLocalCacheError();
         });
 
-        // Act + Assert
         await expect(initLocalCache(testTestConfig)).rejects.toThrow(
           FailedToInitLocalCacheError,
         );