Skip to content

Commit

Permalink
Add tests for rego policies (#1334)
Browse files Browse the repository at this point in the history
Co-authored-by: Aaron Clawson <[email protected]>
Co-authored-by: Liudmila Molkova <[email protected]>
  • Loading branch information
3 people authored and ezimuel committed Aug 20, 2024
1 parent e5e0d9d commit ae0e066
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 0 deletions.
5 changes: 5 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,11 @@ check-policies:
--diagnostic-format=ansi \
--policy=/policies/registry.rego

# Test rego policies
.PHONY: test-policies
test-policies:
docker run --rm -v $(PWD)/policies:/policies openpolicyagent/opa:0.67.1 test --explain fails /policies

# Generate markdown tables from YAML definitions
.PHONY: table-generation
table-generation:
Expand Down
24 changes: 24 additions & 0 deletions policies/registry_test.rego
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
package before_resolution_test

import data.before_resolution

import future.keywords.if

test_registry_attribute_groups if {
count(before_resolution.deny) > 0 with input as {"groups": [{"id": "registry.test", "type": "foo"}]}
count(before_resolution.deny) == 0 with input as {"groups": [{"id": "registry.test", "type": "attribute_group"}]}
}

test_attribute_ids if {
# This requires a prefix for use with opa, but weaver will fill in.
count(before_resolution.deny) > 0 with input as {"groups": [{"id": "not_registry", "prefix": "", "attributes": [{"id": "foo"}]}]}
count(before_resolution.deny) == 0 with input as {"groups": [
{"id": "registry.test", "prefix": "", "attributes": [{"id": "foo"}]},
{"id": "not_registry", "prefix": "", "attributes": [{"ref": "foo"}]},
]}
}

test_attribute_refs if {
count(before_resolution.deny) > 0 with input as {"groups": [{"id": "registry.foo", "attributes": [{"ref": "foo"}]}]}
count(before_resolution.deny) == 0 with input as {"groups": [{"id": "not_registry", "attributes": [{"ref": "foo"}]}]}
}

0 comments on commit ae0e066

Please sign in to comment.