feat(opa mutator): include warnings

mxab · Feb 25, 2023 · e4fdfe0 · e4fdfe0
1 parent 9fae1e8
commit e4fdfe0
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 8 deletions.
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -19,7 +19,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
-        go-version: 1.2
+        go-version: 1.20
     - name: Install dependencies
       run: go get -v ./...
     - name: Build

diff --git a/admissionctrl/mutator/opa_json_patch.go b/admissionctrl/mutator/opa_json_patch.go
@@ -3,6 +3,7 @@ package mutator
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 
 	jsonpatch "github.com/evanphx/json-patch"
 	"github.com/hashicorp/go-hclog"
@@ -16,14 +17,22 @@ type OpaJsonPatchMutator struct {
 }
 
 func (j *OpaJsonPatchMutator) Mutate(job *api.Job) (out *api.Job, warnings []error, err error) {
-
+	allWarnings := make([]error, 0)
 	ctx := context.TODO()
 	for _, ruleSet := range j.ruleSets {
-		result, err := ruleSet.Eval(ctx, job)
+		results, err := ruleSet.Eval(ctx, job)
 		if err != nil {
 			return nil, nil, err
 		}
-		patchData, ok := result[0].Bindings["patch"].([]interface{})
+
+		warnings, ok := results[0].Bindings["warnings"].([]interface{})
+
+		if ok && len(warnings) > 0 {
+			for _, warn := range warnings {
+				allWarnings = append(allWarnings, fmt.Errorf("%s (%s)", warn, ruleSet.Name()))
+			}
+		}
+		patchData, ok := results[0].Bindings["patch"].([]interface{})
 		patchJSON, err := json.Marshal(patchData)
 		if err != nil {
 			return nil, nil, err
@@ -55,7 +64,7 @@ func (j *OpaJsonPatchMutator) Mutate(job *api.Job) (out *api.Job, warnings []err
 
 	}
 
-	return job, nil, nil
+	return job, allWarnings, nil
 }
 func (j *OpaJsonPatchMutator) Name() string {
 	return "jsonpatch"

diff --git a/admissionctrl/mutator/opa_json_patch_test.go b/admissionctrl/mutator/opa_json_patch_test.go
@@ -1,6 +1,7 @@
 package mutator
 
 import (
+	"fmt"
 	"testing"
 
 	"github.com/hashicorp/go-hclog"
@@ -54,12 +55,39 @@ func TestJSONPatcher_Mutate(t *testing.T) {
 			wantWarnings: []error{},
 			wantErr:      false,
 		},
+		{
+			name: "warning and world",
+			j: newMutator(t, []opa.OpaQueryAndModule{
+				{
+					Filename: testutil.Filepath(t, "opa/mutators/hello_world_meta.rego"),
+					Query:    `patch = data.hello_world_meta.patch`,
+				},
+				{
+					Filename: testutil.Filepath(t, "opa/errors.rego"),
+					Query: `
+
+					warnings = data.dummy.warnings
+					`,
+				},
+			}),
+
+			args: args{
+				job: &api.Job{},
+			},
+			wantOut: &api.Job{
+				Meta: map[string]string{
+					"hello": "world",
+				},
+			},
+			wantWarnings: []error{fmt.Errorf("This is a warning message (%s)", testutil.Filepath(t, "opa/errors.rego"))},
+			wantErr:      false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			gotOut, gotWarnings, err := tt.j.Mutate(tt.args.job)
 			require.Equal(t, tt.wantErr, err != nil, "JSONPatcher.Mutate() error = %v, wantErr %v", err, tt.wantErr)
-			assert.Empty(t, gotWarnings)
+			assert.Equal(t, tt.wantWarnings, gotWarnings, "JSONPatcher.Mutate() gotWarnings = %v, want %v", gotWarnings, tt.wantWarnings)
 			assert.Equal(t, tt.wantOut, gotOut)
 
 		})

diff --git a/admissionctrl/validator/opa_validator_test.go b/admissionctrl/validator/opa_validator_test.go
@@ -96,7 +96,7 @@ func TestOpaValidatorSimple(t *testing.T) {
 
 			opa, err := NewOpaValidator([]opa.OpaQueryAndModule{
 				{
-					Filename: testutil.Filepath(t, "opa/validators/errors.rego"),
+					Filename: testutil.Filepath(t, "opa/errors.rego"),
 					Query:    tt.query,
 				},
 			})

diff --git a/testdata/opa/validators/errors.rego → testdata/opa/errors.rego b/testdata/opa/validators/errors.rego → testdata/opa/errors.rego
@@ -6,4 +6,4 @@ errors[errMsg] {
 
 warnings[warnMsg] {
 	warnMsg := "This is a warning message"
-}
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,4 +6,4 @@ errors[errMsg] { @@
     warnings[warnMsg] {
     	warnMsg := "This is a warning message"
-    }
+    }