Skip to content

Commit

Permalink
Fix mindev ruletype lint. (#4828)
Browse files Browse the repository at this point in the history
We recently changed the behaviour of `minder ruletype create` and
`apply` to ignore files that do not define rule types. This allowed us
to add test files to `mindersec/minder-rules-and-profiles`, but it in
turn broke `mindev`.

This change makes `mindev` behave like `minder` by splitting folder
walk from ruletype validation.

Fixes #4819
  • Loading branch information
blkt authored Oct 25, 2024
1 parent 30decca commit 1bc9af5
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 53 deletions.
2 changes: 1 addition & 1 deletion cmd/cli/app/ruletype/ruletype_apply.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ func applyCommand(_ context.Context, cmd *cobra.Command, _ []string, conn *grpc.
return cli.MessageAndError("Error validating file flag", err)
}

files, err := util.ExpandFileArgs(fileFlag)
files, err := util.ExpandFileArgs(fileFlag...)
if err != nil {
return cli.MessageAndError("Error expanding file args", err)
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/cli/app/ruletype/ruletype_create.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ func createCommand(_ context.Context, cmd *cobra.Command, _ []string, conn *grpc
return cli.MessageAndError("Error validating file flag", err)
}

files, err := util.ExpandFileArgs(fileFlag)
files, err := util.ExpandFileArgs(fileFlag...)
if err != nil {
return cli.MessageAndError("Error expanding file args", err)
}
Expand Down
64 changes: 35 additions & 29 deletions cmd/dev/app/rule_type/lint.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import (
"gopkg.in/yaml.v3"

"github.com/mindersec/minder/internal/engine/eval/rego"
"github.com/mindersec/minder/internal/util/cli"
"github.com/mindersec/minder/internal/util"
minderv1 "github.com/mindersec/minder/pkg/api/protobuf/go/minder/v1"
)

Expand Down Expand Up @@ -46,65 +46,71 @@ func lintCmdRun(cmd *cobra.Command, _ []string) error {
skipRego := cmd.Flag("skip-rego").Value.String() == "true"

ctx := cmd.Context()

rtpathStr := rtpath.Value.String()

var errors []error
walkerr := filepath.Walk(rtpathStr, func(path string, info os.FileInfo, walkerr error) error {
if walkerr != nil {
return fmt.Errorf("error walking path %s: %w", path, walkerr)
}
files, err := util.ExpandFileArgs(rtpathStr)
if err != nil {
return fmt.Errorf("error expanding file args: %w", err)
}

if info.IsDir() {
return nil
var errors []error
for _, f := range files {
if shouldSkipFile(f.Path) {
continue
}

if !cli.IsYAMLFileAndNotATest(path) {
return nil
rt, err := readRuleTypeFromFile(f.Path)
if err != nil && f.Expanded && minderv1.YouMayHaveTheWrongResource(err) {
cmd.PrintErrf("Skipping file %s: not a rule type\n", f.Path)
continue
}

rt, err := readRuleTypeFromFile(path)
if err != nil {
errors = append(errors, fmt.Errorf("error reading rule type from file %s: %w", path, err))
return nil
errors = append(errors, fmt.Errorf("error reading rule type from file %s: %w", f.Path, err))
continue
}

if err := rt.Validate(); err != nil {
errors = append(errors, fmt.Errorf("error validating rule type: %w", err))
return nil
errors = append(errors, fmt.Errorf("error validating rule type from file %s: %w", f.Path, err))
continue
}

// get file name without extension
ruleName := strings.TrimSuffix(filepath.Base(path), filepath.Ext(path))
ruleName := strings.TrimSuffix(filepath.Base(f.Path), filepath.Ext(f.Path))
if rt.Name != ruleName {
errors = append(errors, fmt.Errorf("rule type name does not match file name: %s != %s", rt.Name, ruleName))
return nil
continue
}

if rt.Def.Eval.Type == rego.RegoEvalType && !skipRego {
if err := validateRegoRule(ctx, rt.Def.Eval.Rego, rtpathStr, cmd.OutOrStdout()); err != nil {
errors = append(errors, fmt.Errorf("failed validating rego rule: %w", err))
return nil
errors = append(errors, fmt.Errorf("failed validating rego rule from file %s: %w", f.Path, err))
continue
}
}

return nil
})

if walkerr != nil {
return fmt.Errorf("error walking path %s: %w", rtpathStr, walkerr)
}

if len(errors) > 0 {
for _, err := range errors {
fmt.Fprintln(cmd.ErrOrStderr(), err)
cmd.PrintErrf("%s\n", err)
}
return fmt.Errorf("failed linting rule type")
}

return nil
}

func shouldSkipFile(f string) bool {
// if the file is not json or yaml, skip it
// Get file extension
ext := filepath.Ext(f)
switch ext {
case ".yaml", ".yml", ".json":
return false
default:
fmt.Fprintf(os.Stderr, "Skipping file %s: not a yaml or json file\n", f)
return true
}
}

func validateRegoRule(ctx context.Context, r *minderv1.RuleType_Definition_Eval_Rego, path string, out io.Writer) error {
if r == nil {
return fmt.Errorf("rego rule is nil")
Expand Down
38 changes: 16 additions & 22 deletions internal/util/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (
"errors"
"fmt"
"io"
"io/fs"
"math"
"net/http"
"net/url"
Expand Down Expand Up @@ -415,7 +414,7 @@ type ExpandedFile struct {
// ExpandFileArgs expands a list of file arguments into a list of files.
// If the file list contains "-" or regular files, it will leave them as-is.
// If the file list contains directories, it will expand them into a list of files.
func ExpandFileArgs(files []string) ([]ExpandedFile, error) {
func ExpandFileArgs(files ...string) ([]ExpandedFile, error) {
var expandedFiles []ExpandedFile
for _, f := range files {
if f == "-" {
Expand All @@ -425,37 +424,32 @@ func ExpandFileArgs(files []string) ([]ExpandedFile, error) {
})
continue
}

f = filepath.Clean(f)
fi, err := os.Stat(f)
if err != nil {
return nil, fmt.Errorf("error getting file info: %w", err)
}

if fi.IsDir() {
// expand directory
err := filepath.Walk(f, func(path string, info fs.FileInfo, err error) error {
if err != nil {
return fmt.Errorf("error walking directory: %w", err)
}

if !info.IsDir() {
expandedFiles = append(expandedFiles, ExpandedFile{
Path: path,
Expanded: true,
})
}
expanded := fi.IsDir()
err = filepath.Walk(f, func(path string, info os.FileInfo, walkerr error) error {
if walkerr != nil {
return fmt.Errorf("error walking path %s: %w", path, walkerr)
}

if info.IsDir() {
return nil
})
if err != nil {
return nil, fmt.Errorf("error walking directory: %w", err)
}
} else {
// add file

expandedFiles = append(expandedFiles, ExpandedFile{
Path: f,
Expanded: false,
Path: path,
Expanded: expanded,
})

return nil
})
if err != nil {
return nil, fmt.Errorf("error walking directory: %w", err)
}
}

Expand Down

0 comments on commit 1bc9af5

Please sign in to comment.