Comments (5)
Edit: Apologies I misread the question, my previous comment wasn't relevant.
Showing the "successes" without additional rules isn't possible. Rego is a query language, so the only thing Conftest gets back from the OPA engine are the matches for the deny
rules. You may also want to read #731 (comment) for related (slightly different request) previous discussion on this.
from conftest.
Appreciate your input. We are also looking into other open source tools, and found that regula is solving this problem by implementing a wrapper rego code that evaluates the object and populates PASS in addition to any FAILURE.
Reference:
Wondering if this is something you can support as well?
from conftest.
here are my 2 cents:
We could do that as an extra step when the query is evaluated: https://github.com/open-policy-agent/conftest/blob/master/policy/engine.go#L444
If we compare the input
with resultSet
, and get a diff to see what tests are not evaluated(passing- aka nomatch), then we'd be able to check their locations as well
However, this would be an overhead as it wouldn't have any effect on the outcome(query evaluation) besides pretty printing of the success scenarios
from conftest.
@jalseth @boranx Thanks for your input.
We did some more study and wanted to check if you see any issues in supporting Allow rule in Conftest? Right now, we do see Conftest has support for Violation/Warn/Deny rules. Having support for Allow rule would give control back to policy author and write more rules that would let them show non-violating (or compliant) resources. Of course this would mean some additional changes in the code like adding support for allow rule, the way success count is populated, display allowed resource details in different conftest supported format (like json.. so on) etc.
We wanted to hear your thoughts and check that you would be open to taking that as PR contribution to this repo.
Looking forward to hearing from you.
Thanks
Akshay
from conftest.
do you think would #584 help to address the need or you think "allow" would need to be introduced anyway?
I'd like to loop @jpreese too as he might have better insights overall
from conftest.
Related Issues (20)
- Investigate generics usage in parser and engine packages HOT 2
- conftest read json file failed due to json file contains BOM HOT 3
- Rules returning a boolean (no msg) HOT 2
- parse_config not working for dockerfile HOT 2
- OPA doesn't consider built-in error fatal, but Conftest does. Can we revert the change? HOT 1
- Conftest does not output detailed summary report HOT 1
- Dependabot should update all parsers
- Implement option for custom output destinations in `output.Get()`
- Sarif Format Support HOT 2
- Has anyone used conftest in s390x environment? HOT 3
- Parser for nginx HOT 2
- Error in documentation for pulling OCI registry
- Using Conftest with OPA bundles HOT 1
- Invalid parsing of ResourceQuota yaml file HOT 1
- Improper if Usage seems to miss a valid case HOT 1
- Jsonnet parser cannot handle relative imports HOT 4
- Critical vulnerability in github.com/hashicorp/go-getter: CVE-2024-3817 HOT 2
- terraform policy does not work
- Bug: conftest pull breaks policy files if a file name is conflicted HOT 1
- Use OPA's improved
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from conftest.