Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Rego "Prerequisites" for policy API #512

Open
3 tasks
adhilto opened this issue Nov 25, 2024 · 1 comment
Open
3 tasks

Update Rego "Prerequisites" for policy API #512

adhilto opened this issue Nov 25, 2024 · 1 comment
Milestone

Comments

@adhilto
Copy link
Collaborator

adhilto commented Nov 25, 2024

💡 Summary

Update the "Prerequisites" field for each Rego test to indicate if it relies on the policy or reports API.

Motivation and context

Seehttps://github.com//pull/163 for a description of the error handling ScubaGoggles performs, relevant to this issue. Specifically:

  1. The Provider tracks which API calls/functions succeed/fail
  2. The Rego tests are modified to list which API calls/functions they depend on.
  3. The Reporter checks to see if the prerequisites were met before displaying the result.

Currently, not all Rego "tests" have a Prerequisites field. As noted in a comment in the reporter, "If Prerequisites is not defined, assume the test just depends on the reports API." With the addition of the policy API, this is no longer a safe assumption.

Implementation notes

Two different options here.

  1. Ensure that each Rego "test" has a Prerequisites field, noting its dependence on the policy, reports, or other API (e.g., groups).
  2. Add the reports API dependency to the Rego tests that rely on that, then modify the Reporter to assume that if no prerequisites are defined, that the test just depends on the policy API.

The second option would result in less Rego changes short-term.

Acceptance criteria

  • The applicable Rego tests have been updated
  • The provider tracks whether or not the policy API call succeeds or fails
  • The Reporter has been updated as needed
@adhilto adhilto mentioned this issue Nov 25, 2024
13 tasks
@adhilto adhilto added this to the Eel milestone Nov 25, 2024
@adhilto
Copy link
Collaborator Author

adhilto commented Dec 6, 2024

I recommend incorporating the new verify function in policy_api.py. Currently that function checks for all expected settings and prints a warning if any are missing. Incorporating it could look like:

  • Each Rego test tracks which setting it depends on in its Prerequisites section
  • The provider tracks which settings the policy API returned
  • If a setting a rego test needs isn't included, the reporter reports and error for that test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants
@adhilto and others