chore: rework opa mutation rules to produce actual arrays

mxab · Jan 31, 2024 · 2ed3664 · 2ed3664
1 parent 2690891
commit 2ed3664
Show file tree

Hide file tree

Showing 6 changed files with 194 additions and 293 deletions.
diff --git a/example/example2/mutators/hello_world_meta.rego b/example/example2/mutators/hello_world_meta.rego
@@ -1,30 +1,28 @@
 package hello_world_meta
 
+import rego.v1
 
-patch[operation] {
+add_meta_ops contains operation if {
+	object.get(input, "Meta", null) == null
 
-    not input.Meta
-    operation := {
-        "op": "add",
-        "path": "/Meta",
-        "value": {}
-    }
+	operation := {
+		"op": "add",
+		"path": "/Meta",
+		"value": {},
+	}
 }
-patch[operation] {
 
-    is_null(input.Meta)
-    operation := {
-        "op": "add",
-        "path": "/Meta",
-        "value": {}
-    }
-}
-patch[operation] {
+add_hello_to_meta_ops contains operation if {
+	object.get(input, ["Meta", "hello"], null) == null
 
-    not input.Meta.hello
-    operation := {
-        "op": "add",
-        "path": "/Meta/hello",
-        "value": "world"
-    }
+	operation := {
+		"op": "add",
+		"path": "/Meta/hello",
+		"value": "world",
+	}
 }
+
+patch := [ operation |
+    some ops in [add_meta_ops, add_hello_to_meta_ops]
+    operation := ops[_]
+]
diff --git a/example/example2/mutators/hello_world_meta_test.rego b/example/example2/mutators/hello_world_meta_test.rego
@@ -1,68 +1,64 @@
 package hello_world_meta_test
 
-import data.hello_world_meta.patch
+import data.hello_world_meta
 
-import future.keywords
+import rego.v1
 
 test_hello_world if {
-	e := patch with input as {
+	e := hello_world_meta.patch with input as {
 		"ID": "my-job",
 		"Meta": {},
 	}
-    e[{
-        "op": "add",
-        "path": "/Meta/hello",
-        "value": "world"
-    }]
-
+	count(e) == 1
+	e == [{
+		"op": "add",
+		"path": "/Meta/hello",
+		"value": "world",
+	}]
 }
 
 test_hello_world_add_meta if {
-	e := patch with input as {
-		"ID": "my-job"
-	}
-    count(e) == 2
-    trace(sprintf("patch: %v", [e]))
+	e := hello_world_meta.patch with input as {"ID": "my-job"}
 
-    e == {
-        {
-            "op": "add",
-            "path": "/Meta",
-            "value": {}
-        },
-        {
-            "op": "add",
-            "path": "/Meta/hello",
-            "value": "world"
-        }
-    }
+	e == [
+		{
+			"op": "add",
+			"path": "/Meta",
+			"value": {},
+		},
+		{
+			"op": "add",
+			"path": "/Meta/hello",
+			"value": "world",
+		},
+    ]
 }
+
 test_hello_world_add_meta_if_meta_null if {
-	e := patch with input as {
+	e := hello_world_meta.patch with input as {
 		"ID": "my-job",
-        "Meta": null
+		"Meta": null,
 	}
-    count(e) == 2
-    trace(sprintf("patch: %v", [e]))
+	count(e) == 2
 
-    e == {
-        {
-            "op": "add",
-            "path": "/Meta",
-            "value": {}
-        },
-        {
-            "op": "add",
-            "path": "/Meta/hello",
-            "value": "world"
-        }
-    }
+	e == [
+		{
+			"op": "add",
+			"path": "/Meta",
+			"value": {},
+		},
+		{
+			"op": "add",
+			"path": "/Meta/hello",
+			"value": "world",
+		},
+    ]
 }
+
 test_hello_world_no_code_if_exists if {
-	e := patch with input as {
+	e := hello_world_meta.patch with input as {
 		"ID": "my-job",
-		"Meta": {"hello": "world"}
+		"Meta": {"hello": "world"},
 	}
-    count(e) == 0
-
+	count(e) == 0
 }
diff --git a/example/example3/mutators/pg.rego b/example/example3/mutators/pg.rego
@@ -1,14 +1,13 @@
 package pginject
 
-import future.keywords
+import rego.v1
 
 vault_policy := "db-access"
 
-patch contains operation if {
+add_vault_ops contains operation if {
 	input.TaskGroups[g].Tasks[t].Meta.postgres
 
-	input.TaskGroups[g].Tasks[t].Vault == null
-	trace(sprintf("injecting postgres task %d into group %d", [t, g]))
+	object.get(input.TaskGroups[g].Tasks[t], "Vault", null) == null
 
 	operation := {
 		"op": "add",
@@ -23,7 +22,7 @@ patch contains operation if {
 	}
 }
 
-patch contains operation if {
+add_vault_policy_ops contains operation if {
 	input.TaskGroups[g].Tasks[t].Meta.postgres
 
 	operation := {
@@ -33,10 +32,10 @@ patch contains operation if {
 	}
 }
 
-patch contains operation if {
+add_env_template_block_ops contains operation if {
 	input.TaskGroups[g].Tasks[t].Meta.postgres
 
-	input.TaskGroups[g].Tasks[t].Templates == null
+	object.get(input.TaskGroups[g].Tasks[t], "Templates", null) == null
 
 	operation := {
 		"op": "add",
@@ -45,10 +44,9 @@ patch contains operation if {
 	}
 }
 
-patch contains operation if {
+add_env_template_ops contains operation if {
 	input.TaskGroups[g].Tasks[t].Meta.postgres
 
-
 	operation := {
 		"op": "add",
 		"path": sprintf("/TaskGroups/%d/Tasks/%d/Templates/-", [g, t]),
@@ -72,11 +70,11 @@ patch contains operation if {
 		},
 	}
 }
+
 env_tmpl := native_tmpl if {
 	input.TaskGroups[g].Tasks[t].Meta.postgres == "native"
 
-
-	native_tmpl:= concat("\n", [
+	native_tmpl := concat("\n", [
 		"{{ range nomadService \"postgres\" }}",
 		"PGHOSTADDR={{ .Address }}",
 		"PGPORT={{ .Port }}",
@@ -87,13 +85,12 @@ env_tmpl := native_tmpl if {
 		"PGPASSWORD={{ .Data.password }}",
 		"{{ end }}",
 	])
-
 }
+
 env_tmpl := spring_boot_tmpl if {
 	input.TaskGroups[g].Tasks[t].Meta.postgres == "springboot"
 
-
-	spring_boot_tmpl:= concat("\n", [
+	spring_boot_tmpl := concat("\n", [
 		"{{ range nomadService \"postgres\" }}",
 		"SPRING_DATASOURCE_URL=jdbc:postgresql://{{ .Address }}:{{ .Port }}/postgres",
 		"{{ end }}",
@@ -102,11 +99,12 @@ env_tmpl := spring_boot_tmpl if {
 		"SPRING_DATASOURCE_PASSWORD={{ .Data.password }}",
 		"{{ end }}",
 	])
-
 }
-patch contains operation if {
+
+add_constaint_block_ops contains operation if {
 	input.TaskGroups[g].Tasks[t].Meta.postgres
-	input.TaskGroups[g].Constraints == null
+
+	object.get(input.TaskGroups[g].Tasks[t], "Constraints", null) == null
 
 	operation := {
 		"op": "add",
@@ -115,13 +113,18 @@ patch contains operation if {
 	}
 }
 
-patch contains operation if {
+add_vault_constraint_block_ops contains operation if {
 	input.TaskGroups[g].Tasks[t].Meta.postgres
-	not input.TaskGroups[g].Constraints[{
-		"LTarget": "${attr.vault.version}",
-		"Operand": "semver",
-		"RTarget": ">= 0.6.1"
-	}]
+
+	constraints := object.get(input.TaskGroups[g].Tasks[t], "Constraints", [])
+	every constraint in constraints {
+		constraint != {
+			"LTarget": "${attr.vault.version}",
+			"Operand": "semver",
+			"RTarget": ">= 0.6.1",
+		}
+	}
+
 	operation := {
 		"op": "add",
 		"path": sprintf("/TaskGroups/%d/Constraints/-", [g]),
@@ -132,3 +135,15 @@ patch contains operation if {
 		},
 	}
 }
+
+patch := [operation |
+	some ops in [
+		add_vault_ops,
+		add_vault_policy_ops,
+		add_env_template_block_ops,
+		add_env_template_ops,
+		add_constaint_block_ops,
+		add_vault_constraint_block_ops,
+	]
+	operation := ops[_]
+]