Allow data-only bundles

[lcarva]

This commit allows the command conftest push to create a bundle that contains data but no policies.

Signed-off-by: Luiz Carvalho [email protected]

[lcarva]

It looks like the failures are due to some underlying CI issue?

12:12:05 PM: Installing dependencies
12:12:05 PM: /opt/build-bin/run-build-functions.sh: line 351: /opt/buildhome/python3.7/bin/activate: No such file or directory
12:12:05 PM: Error setting python version from runtime.txt
12:12:05 PM: Please see https://github.com/netlify/build-image/blob/focal/included_software.md for current versions
12:12:05 PM: Build was terminated: Build script returned non-zero exit code: 1

[boranx]

yeah, recently the build image has been updated to focal, and seems like it comes with py 3.8
I've created #755 to fix, once its merged, the PR can be rebased or the same changes could be applied

[jalseth]

Thanks @boranx for fixing that. I've approved and merged the change.

[lcarva]

Thanks! Checks are now passing after rebasing.

[lcarva]

I realized I opened this PR without providing much context. A data-only bundle would be useful for my use case because it allows my policies to be customizable by simply using a different data set.

For example, I have a rego rule that verifies an image reference comes from a list of allowed OCI registries. I want the list of allowed registries to be customizable without having to change the rego rule.

There's a workaround that can be used to avoid this change:

$ echo 'package empty' > empty.rego
$ conftest push --data ./data --policy ./empty.rego <image>

Basically, use an empty policy to satisfy the requirement. That feels a bit clunky and may have unintended side-effects.

[jalseth]

LGTM, minor changes requested.

[boranx]

/lgtm too
thanks for the PR @lcarva 👍

[lcarva]

I think I addressed all the review comments. Let me know if there's anything else needed to merge this. 🙏