Merge pull request #10 from ticketmaster/fix-schema-files

ffortier · web-flow · commit aa4ca836b5e4 · 2023-08-08T12:20:06.000-04:00
fix opa_check rule when a list of files is passed
diff --git a/examples/multiple_schema_files/BUILD.bazel b/examples/multiple_schema_files/BUILD.bazel
@@ -0,0 +1,19 @@
+load("@rules_opa//opa:defs.bzl", "opa_check", "opa_library")
+
+opa_library(
+    name = "multiple_schema_files",
+    srcs = ["main.rego"],
+    strip_prefix = package_name(),
+    visibility = ["//examples:__subpackages__"],
+)
+
+opa_check(
+    name = "multiple_schema_files_check",
+    size = "small",
+    bundle = ":multiple_schema_files",
+    schema_files = [
+        "//examples/simple:schemas/input.json",
+        ":admins.json",
+    ],
+    strict = True,
+)
diff --git a/examples/multiple_schema_files/admins.json b/examples/multiple_schema_files/admins.json
@@ -0,0 +1,6 @@
+{
+    "type": "array",
+    "items": {
+        "type": "string"
+    }
+}
diff --git a/examples/multiple_schema_files/main.rego b/examples/multiple_schema_files/main.rego
@@ -0,0 +1,14 @@
+# METADATA
+# scope: subpackages
+# schemas:
+#   - input: schema.input
+#   - data.admins: schema.admins
+package main
+
+import future.keywords
+
+allow if {
+	input.name in data.admins
+}
+
+#
diff --git a/examples/simple/BUILD.bazel b/examples/simple/BUILD.bazel
@@ -43,3 +43,5 @@ opa_eval_binary(
     query = "data.main.allow",
     deps = [":simple"],
 )
+
+exports_files(["schemas/input.json"])
diff --git a/opa/private/opa_check.bzl b/opa/private/opa_check.bzl
@@ -14,11 +14,7 @@ def _opa_check_test_impl(ctx):
     if ctx.files.schema_files:
         files.extend(ctx.files.schema_files)
 
-    runfiles = ctx.runfiles(
-        files = files,
-    )
-
-    args = []
+    args = ["set -xe\n"]
 
     args.append(toolchain.opa.short_path)
     args.append("check")
@@ -29,19 +25,27 @@ def _opa_check_test_impl(ctx):
         args.append("-s")
         args.append("%s/" % (ctx.file.schema_dir.short_path))
     elif ctx.files.schema_files:
-        for f in ctx.files.schema_files:
-            args.append("-s")
-            args.append(f.short_path)
+        args.insert(1, "schema_dir=`mktemp -d`\n")
+        args.insert(2, "cp %s $schema_dir\n" % (" ".join([f.short_path for f in ctx.files.schema_files])))
+        args.append("-s")
+        args.append("$schema_dir")
 
     if ctx.file.capabilities:
         args.append("--capabilities")
         args.append(ctx.file.capabilities.short_path)
 
+    if ctx.attr.strict:
+        args.append("--strict")
+
     ctx.actions.write(
         output = tester_file,
         content = " ".join(args),
     )
 
+    runfiles = ctx.runfiles(
+        files = files,
+    )
+
     return [
         DefaultInfo(
             executable = tester_file,
@@ -71,6 +75,9 @@ _opa_check_test = rule(
             providers = [ProtoInfo],
             doc = "Protobuf definition to generate json schemas",
         ),
+        "strict": attr.bool(
+            doc = "enable compiler strict mode",
+        ),
         "capabilities": attr.label(
             doc = "set capabilities.json file path",
             allow_single_file = True,

Original file line number	Diff line number	Diff line change
`@@ -43,3 +43,5 @@ opa_eval_binary(`
`43`	`43`	`query = "data.main.allow",`
`44`	`44`	`deps = [":simple"],`
`45`	`45`	`)`
	`46`	`+`
	`47`	`+exports_files(["schemas/input.json"])`