diff --git a/Makefile b/Makefile index 04bf994524..93bc327444 100644 --- a/Makefile +++ b/Makefile @@ -111,6 +111,15 @@ install-yamllint: yamllint: yamllint . +# Check semantic convention policies on YAML files +.PHONY: check-policies +check-policies: + docker run --rm -v $(PWD)/model:/source -v $(PWD)/policies:/policies -v $(PWD)/templates:/templates \ + otel/weaver:${WEAVER_VERSION} registry check \ + --registry=/source \ + --diagnostic-format=ansi \ + --policy=/policies/registry.rego + # Generate markdown tables from YAML definitions .PHONY: table-generation table-generation: @@ -180,7 +189,7 @@ fix-format: # Run all checks in order of speed / likely failure. # As a last thing, run attribute registry generation and git-diff for differences. .PHONY: check -check: misspell markdownlint check-format markdown-toc compatibility-check markdown-link-check attribute-registry-generation +check: misspell markdownlint check-format markdown-toc compatibility-check markdown-link-check check-policies attribute-registry-generation git diff --exit-code ':*.md' || (echo 'Generated markdown Table of Contents is out of date, please run "make markdown-toc" and commit the changes in this PR.' && exit 1) @echo "All checks complete" diff --git a/docs/attributes-registry/tls.md b/docs/attributes-registry/tls.md index e17de0dc0a..1e030397e3 100644 --- a/docs/attributes-registry/tls.md +++ b/docs/attributes-registry/tls.md @@ -6,8 +6,8 @@ # TLS -- [Tls](#tls-attributes) -- [Tls Deprecated](#tls-deprecated-attributes) +- [TLS Attributes](#tls-attributes) +- [TLS Deprecated Attributes](#tls-deprecated-attributes) ## TLS Attributes diff --git a/policies/registry.rego b/policies/registry.rego new file mode 100644 index 0000000000..1c73ef450a --- /dev/null +++ b/policies/registry.rego @@ -0,0 +1,42 @@ +package before_resolution + +# This file enforces policies requiring all attributes to be defined within +# a semantic convention "registry". This is a naming/structure convention +# used by semantic conventions. + +# Helper to create attribute registry violations. +attr_registry_violation(violation_id, group_id, attr_id) = violation { + violation := { + "id": violation_id, + "type": "semantic_convention_policies", + "category": "attribute_registry_checks", + "group": group_id, + "attr": attr_id, + } +} + +# We only allow attribute groups in the attribute registry. +deny[attr_registry_violation("attribute_registry_can_only_contain_attribute_groups", group.id, "")] { + group := input.groups[_] + startswith(group.id, "registry.") + group.type != "attribute_group" +} + +# Any group that is NOT in the attribute registry that has an attribute id is +# in violation of not using the attribute registry. +deny[attr_registry_violation("attributes_must_be_defined_in_attribute_registry", group.id, attr.id)] { + group := input.groups[_] + not startswith(group.id, "registry.") + attr := group.attributes[_] + attr.id != null +} + +# A registry `attribute_group` containing at least one `ref` attribute is +# considered invalid if it's not in the registry group. +deny[attr_registry_violation("attributes_in_registry_cannot_reference_each_other", group.id, attr.ref)] { + # TODO - this will need to be updated to support `embed` in the future. + group := input.groups[_] + startswith(group.id, "registry.") + attr := group.attributes[_] + attr.ref != null +}