Giter VIP home page Giter VIP logo

Comments (5)

jalseth avatar jalseth commented on July 4, 2024

Edit: Apologies I misread the question, my previous comment wasn't relevant.

Showing the "successes" without additional rules isn't possible. Rego is a query language, so the only thing Conftest gets back from the OPA engine are the matches for the deny rules. You may also want to read #731 (comment) for related (slightly different request) previous discussion on this.

from conftest.

ssodhi-intuit avatar ssodhi-intuit commented on July 4, 2024

Appreciate your input. We are also looking into other open source tools, and found that regula is solving this problem by implementing a wrapper rego code that evaluates the object and populates PASS in addition to any FAILURE.
Reference:

  1. Regula github
  2. Wrapper code

Wondering if this is something you can support as well?

from conftest.

boranx avatar boranx commented on July 4, 2024

here are my 2 cents:
We could do that as an extra step when the query is evaluated: https://github.com/open-policy-agent/conftest/blob/master/policy/engine.go#L444
If we compare the input with resultSet, and get a diff to see what tests are not evaluated(passing- aka nomatch), then we'd be able to check their locations as well
However, this would be an overhead as it wouldn't have any effect on the outcome(query evaluation) besides pretty printing of the success scenarios

from conftest.

apratinav-intuit avatar apratinav-intuit commented on July 4, 2024

@jalseth @boranx Thanks for your input.

We did some more study and wanted to check if you see any issues in supporting Allow rule in Conftest? Right now, we do see Conftest has support for Violation/Warn/Deny rules. Having support for Allow rule would give control back to policy author and write more rules that would let them show non-violating (or compliant) resources. Of course this would mean some additional changes in the code like adding support for allow rule, the way success count is populated, display allowed resource details in different conftest supported format (like json.. so on) etc.

We wanted to hear your thoughts and check that you would be open to taking that as PR contribution to this repo.

Looking forward to hearing from you.

Thanks
Akshay

from conftest.

boranx avatar boranx commented on July 4, 2024

do you think would #584 help to address the need or you think "allow" would need to be introduced anyway?
I'd like to loop @jpreese too as he might have better insights overall

from conftest.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.