chore: rename opa notation function

mxab · Jan 16, 2024 · 9df7ca3 · 9df7ca3
1 parent 6706583
commit 9df7ca3
Show file tree

Hide file tree

Showing 7 changed files with 138 additions and 18 deletions.
diff --git a/admissionctrl/opa/opa.go b/admissionctrl/opa/opa.go
@@ -25,12 +25,15 @@ func CreateQuery(filename string, query string, ctx context.Context, verifier no
 	if err != nil {
 		return nil, err
 	}
-
-	preparedQuery, err := rego.New(
+	options := []func(*rego.Rego){
 		rego.Query(query),
-		rego.Function1(
+		rego.Module(filename, string(module)),
+	}
+	if verifier != nil {
+		options = append(options, rego.Function1(
+
 			&rego.Function{
-				Name: "valid_notation_image",
+				Name: "notation_verify_image",
 				Decl: types.NewFunction(types.Args(types.S), types.B),
 			},
 			func(bctx rego.BuiltinContext, a *ast.Term) (*ast.Term, error) {
@@ -43,8 +46,10 @@ func CreateQuery(filename string, query string, ctx context.Context, verifier no
 				}
 				return ast.BooleanTerm(false), nil
 			}),
-		rego.Module(filename, string(module)),
-	).PrepareForEval(ctx)
+		)
+	}
+
+	preparedQuery, err := rego.New(options...).PrepareForEval(ctx)
 
 	if err != nil {
 		return nil, err

diff --git a/admissionctrl/opa/opa_test.go b/admissionctrl/opa/opa_test.go
@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"github.com/hashicorp/nomad/api"
+	"github.com/mxab/nacp/admissionctrl/notation"
 	"github.com/mxab/nacp/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -106,16 +107,19 @@ func TestNotationImageValidation(t *testing.T) {
 	tt := []struct {
 		name           string
 		image          string
+		verifier       notation.ImageVerifier
 		expectedErrors []interface{}
 	}{
 		{
 			name:           "valid image",
 			image:          "validimage:latest",
+			verifier:       new(DummyVerifier),
 			expectedErrors: []interface{}{},
 		},
 		{
-			name:  "invalid image",
-			image: "invalidimage:latest",
+			name:     "invalid image",
+			image:    "invalidimage:latest",
+			verifier: new(DummyVerifier),
 			expectedErrors: []interface{}{
 				"Image is not in valid",
 			},
@@ -129,9 +133,11 @@ func TestNotationImageValidation(t *testing.T) {
 
 			path := testutil.Filepath(t, "opa/test_notation.rego")
 
-			query, err := CreateQuery(path, `
-		errors = data.opatest.errors
-	`, ctx, new(DummyVerifier))
+			query, err := CreateQuery(path,
+				"errors = data.opatest.errors",
+				ctx,
+				tc.verifier,
+			)
 			job := &api.Job{
 				TaskGroups: []*api.TaskGroup{
 					{
@@ -156,3 +162,18 @@ func TestNotationImageValidation(t *testing.T) {
 		})
 	}
 }
+
+func TestCreateQueryIfNotationFnIsUsedButVerifierIsNil(t *testing.T) {
+
+	ctx := context.Background()
+
+	path := testutil.Filepath(t, "opa/test_notation.rego")
+
+	_, err := CreateQuery(path,
+		"errors = data.opatest.errors",
+		ctx,
+		nil,
+	)
+	assert.Error(t, err, "Error creating query")
+
+}
diff --git a/example/notation/capabilities.json b/example/notation/capabilities.json
@@ -1,7 +1,7 @@
 {
   "builtins": [
     {
-      "name": "valid_notation_image",
+      "name": "notation_verify_image",
       "decl": {
         "args": [
           {

diff --git a/example/notation/demo.tape b/example/notation/demo.tape
@@ -0,0 +1,93 @@
+# VHS documentation
+#
+# Require:
+
+#
+# Settings:
+#   Set FontSize <number>           Set the font size of the terminal
+#   Set FontFamily <string>         Set the font family of the terminal
+#   Set Height <number>             Set the height of the terminal
+#   Set Width <number>              Set the width of the terminal
+#   Set LetterSpacing <float>       Set the font letter spacing (tracking)
+#   Set LineHeight <float>          Set the font line height
+#   Set LoopOffset <float>%         Set the starting frame offset for the GIF loop
+#   Set Theme <json|string>         Set the theme of the terminal
+#   Set Padding <number>            Set the padding of the terminal
+#   Set Framerate <number>          Set the framerate of the recording
+#   Set PlaybackSpeed <float>       Set the playback speed of the recording
+#   Set MarginFill <file|#000000>   Set the file or color the margin will be filled with.
+#   Set Margin <number>             Set the size of the margin. Has no effect if MarginFill isn't set.
+#   Set BorderRadius <number>       Set terminal border radius, in pixels.
+#   Set WindowBar <string>          Set window bar type. (one of: Rings, RingsRight, Colorful, ColorfulRight)
+#   Set WindowBarSize <number>      Set window bar size, in pixels. Default is 40.
+#   Set TypingSpeed <time>          Set the typing speed of the terminal. Default is 50ms.
+#
+# Sleep:
+#   Sleep <time>                    Sleep for a set amount of <time> in seconds
+#
+# Type:
+#   Type[@<time>] "<characters>"    Type <characters> into the terminal with a
+#                                   <time> delay between each character
+#
+# Keys:
+#   Escape[@<time>] [number]        Press the Escape key
+#   Backspace[@<time>] [number]     Press the Backspace key
+#   Delete[@<time>] [number]        Press the Delete key
+#   Insert[@<time>] [number]        Press the Insert key
+#   Down[@<time>] [number]          Press the Down key
+#   Enter[@<time>] [number]         Press the Enter key
+#   Space[@<time>] [number]         Press the Space key
+#   Tab[@<time>] [number]           Press the Tab key
+#   Left[@<time>] [number]          Press the Left Arrow key
+#   Right[@<time>] [number]         Press the Right Arrow key
+#   Up[@<time>] [number]            Press the Up Arrow key
+#   Down[@<time>] [number]          Press the Down Arrow key
+#   PageUp[@<time>] [number]        Press the Page Up key
+#   PageDown[@<time>] [number]      Press the Page Down key
+#   Ctrl+<key>                      Press the Control key + <key> (e.g. Ctrl+C)
+#
+# Display:
+#   Hide                            Hide the subsequent commands from the output
+#   Show                            Show the subsequent commands in the output
+
+Output demo.mp4
+
+Require echo
+Require nomad
+
+Set Shell "zsh"
+Set FontSize 16
+Set Width 1200
+Set Height 600
+
+Set TypingSpeed 100ms # 500ms
+
+Hide
+Type nomad run registry.nomad Enter
+Type "docker rmi localhost:5001/net-monitor:v1" Enter
+
+Show
+Type "docker build -t localhost:5001/net-monitor:v1 https://github.com/wabbit-networks/net-monitor.git\#main" Sleep 500ms  Enter
+
+Type "docker push localhost:5001/net-monitor:v1" Sleep 500ms  Enter
+
+Set TypingSpeed 300ms
+
+Type `export IMAGE=$(docker inspect --format='{{index .RepoDigests 0}}' localhost:5001/net-monitor:v1)` Sleep 1500ms  Enter
+
+Hide
+Type "export NOMAD_ADDR='http://localhost:6464'" Enter
+Show
+
+Type `nomad run -var "image=${IMAGE}" demo.nomad` Sleep 1500ms  Enter
+
+Type `notation sign $IMAGE` Sleep 1500ms  Enter
+
+Type `nomad run -var "image=${IMAGE}" demo.nomad` Sleep 1500ms  Enter
+
+
+Sleep 5s
+
+Hide
+Type "nomad stop -purge registry" Enter
+Show
diff --git a/example/notation/notation.rego b/example/notation/notation.rego
@@ -6,6 +6,7 @@ errors contains msg if {
 	some g, t
 	input.TaskGroups[g].Tasks[t].Driver == "docker"
 	image := input.TaskGroups[g].Tasks[t].Config.image
-	not valid_notation_image(image)
+	# check
+	not notation_verify_image(image)
 	msg := sprintf("TaskGroup %d Task %d image is invalid (image %s)", [g, t, image])
 }
diff --git a/example/notation/notation_test.rego b/example/notation/notation_test.rego
@@ -4,16 +4,16 @@ import future.keywords
 
 import data.image_verification
 
-mock_valid_notation_image("validimage:latest") := true
+mock_notation_verify_image("validimage:latest") := true
 
-mock_valid_notation_image("invalidimage:latest") := false
+mock_notation_verify_image("invalidimage:latest") := false
 
 test_has_no_errors_for_valid_image if {
 	result := image_verification.errors with input as {"TaskGroups": [{"Tasks": [{
 		"Driver": "docker",
 		"Config": {"image": "validimage:latest"},
 	}]}]}
-		with valid_notation_image as mock_valid_notation_image
+		with notation_verify_image as mock_notation_verify_image
 
 	result == set()
 }
@@ -23,7 +23,7 @@ test_has_errors_for_invalid_image if {
 		"Driver": "docker",
 		"Config": {"image": "invalidimage:latest"},
 	}]}]}
-		with valid_notation_image as mock_valid_notation_image
+		with notation_verify_image as mock_notation_verify_image
 
 	result == {"TaskGroup 0 Task 0 image is invalid (image invalidimage:latest)"}
 }
diff --git a/testdata/opa/test_notation.rego b/testdata/opa/test_notation.rego
@@ -4,6 +4,6 @@ errors[errMsg] {
 
 	image := input.TaskGroups[0].Tasks[0].Config.image
 
-	not valid_notation_image(image)
+	not notation_verify_image(image)
 	errMsg := "Image is not in valid"
 }