mirror of
https://github.com/inspec/inspec
synced 2024-11-10 07:04:15 +00:00
Fix opa_api and opa_cli resource to handle empty result
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This commit is contained in:
parent
f09d49da66
commit
63e7eb5395
6 changed files with 32 additions and 0 deletions
|
@ -50,6 +50,7 @@ An OPA query as a JSON data file or a string in JSON format.
|
|||
The following examples show how to use this Chef InSpec audit resource.
|
||||
|
||||
describe opa_api(url: "localhost:8181/v1/data/example/allow", data: "input.json") do
|
||||
its["result"] { shoule_not be nil }
|
||||
its(["result"]) { should eq true }
|
||||
its("allow") { should eq "true" }
|
||||
end
|
||||
|
@ -62,6 +63,12 @@ For a full list of available matchers, please visit our [matchers page](/inspec/
|
|||
|
||||
## Properties
|
||||
|
||||
### result
|
||||
|
||||
The `result` property checks whether query output is nil.
|
||||
|
||||
its('result') { should be nil }
|
||||
|
||||
### allow
|
||||
|
||||
The `allow` property checks if specific input is as per the policy defined in OPA. If `allow` is not defined in the policy file then this matcher will not work.
|
||||
|
|
|
@ -59,6 +59,7 @@ This is the full path to the OPA binary or EXE file used for running the OPA CLI
|
|||
The following examples show how to use this Chef InSpec audit resource:
|
||||
|
||||
describe opa_cli(query: "data.example.allow", policy: "example.rego", data: "input.json", opa_executable_path: "./opa") do
|
||||
its["result"] { shoule_not be nil }
|
||||
its(["result", 0, "expressions", 0, "value"]) { should eq true }
|
||||
its("allow") { should eq "true" }
|
||||
end
|
||||
|
@ -71,6 +72,12 @@ For a full list of available matchers, please visit our [matchers page](/inspec/
|
|||
|
||||
## Properties
|
||||
|
||||
### result
|
||||
|
||||
The `result` property checks whether query output is nil.
|
||||
|
||||
its('result') { should be nil }
|
||||
|
||||
### allow
|
||||
|
||||
The `allow` property checks if specific input is as per the policy defined in OPA. If `allow` is not defined in the policy file then this matcher will not work.
|
||||
|
|
|
@ -12,6 +12,10 @@ module Inspec::Resources
|
|||
super({ content: @content })
|
||||
end
|
||||
|
||||
def result
|
||||
@content == {} || @content["result"].empty? ? nil : @content
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def parse(content)
|
||||
|
|
|
@ -586,7 +586,9 @@ class MockLoader
|
|||
"semanage boolean -l -n" => cmd.call("semanage-boolean"),
|
||||
"Get-ChildItem -Path \"C:\\Program Files\\MongoDB\\Server\" -Name" => cmd.call("mongodb-version"),
|
||||
"opa eval -i 'input.json' -d 'example.rego' 'data.example.allow'" => cmd.call("opa-result"),
|
||||
"opa eval -i 'input.json' -d 'example.rego' 'data.example.voilation'" => cmd.call("opa-empty-result"),
|
||||
"curl -X POST localhost:8181/v1/data/example/violation -d @v1-data-input.json -H 'Content-Type: application/json'" => cmd.call("opa-api-result"),
|
||||
"curl -X POST localhost:8181/v1/data/example/violation -d @v1-data-input1.json -H 'Content-Type: application/json'" => cmd.call("opa-api-empty-result"),
|
||||
|
||||
# ibmdb2
|
||||
"/opt/ibm/db2/V11.5/bin/db2 attach to db2inst1; /opt/ibm/db2/V11.5/bin/db2 get database manager configuration" => cmd.call("ibmdb2_conf_output"),
|
||||
|
|
|
@ -9,6 +9,12 @@ describe "Inspec::Resources::OpaApi" do
|
|||
_(resource.params["result"]).must_include "ci"
|
||||
end
|
||||
|
||||
it "verify opa api query result parsing when output is empty" do
|
||||
resource = load_resource("opa_api", url: "localhost:8181/v1/data/example/violation", data: "v1-data-input1.json")
|
||||
_(resource.result).must_be_nil
|
||||
_(resource.params["result"]).must_equal([])
|
||||
end
|
||||
|
||||
it "fails when url or data is nil." do
|
||||
resource = load_resource("opa_api")
|
||||
_(resource.resource_failed?).must_equal true
|
||||
|
|
|
@ -9,6 +9,12 @@ describe "Inspec::Resources::OpaCli" do
|
|||
_(resource.allow).must_equal false
|
||||
end
|
||||
|
||||
it "verify opa eval query result parsing when output is empty" do
|
||||
resource = load_resource("opa_cli", policy: "example.rego", data: "input.json", query: "data.example.voilation")
|
||||
_(resource.result).must_be_nil
|
||||
_(resource.params).must_equal({})
|
||||
end
|
||||
|
||||
it "fails when policy, data or query is nil." do
|
||||
resource = load_resource("opa_cli")
|
||||
_(resource.resource_failed?).must_equal true
|
||||
|
|
Loading…
Reference in a new issue