implement opa_eval to evaluate a query and store the result in a file

Author: ffortier

examples/simple/BUILD.bazel

@@ -1,4 +1,4 @@
-load("@rules_opa//opa:defs.bzl", "opa_binary", "opa_check", "opa_eval_binary", "opa_library", "opa_test")
+load("@rules_opa//opa:defs.bzl", "opa_binary", "opa_check", "opa_eval", "opa_eval_binary", "opa_library", "opa_test")
 
 opa_library(
     name = "simple",
@@ -44,4 +44,12 @@ opa_eval_binary(
     deps = [":simple"],
 )
 
+opa_eval(
+    name = "check_bob_json",
+    out = "bob.json",
+    input = '{"name":"bob"}',
+    query = "data.main.allow",
+    deps = [":simple"],
+)
+
 exports_files(["schemas/input.json"])

opa/defs.bzl

@@ -1,15 +1,17 @@
-load("//opa/private:opa_toolchain.bzl", _OpacInfo = "OpacInfo", _opa_toolchain = "opa_toolchain")
-load("//opa/private:opa_library.bzl", _OpaInfo = "OpaInfo", _opa_library = "opa_library")
-load("//opa/private:opa_test.bzl", _opa_test = "opa_test")
+load("//opa/private:opa_binary.bzl", _opa_binary = "opa_binary")
 load("//opa/private:opa_check.bzl", _opa_check = "opa_check")
+load("//opa/private:opa_eval.bzl", _opa_eval = "opa_eval")
 load("//opa/private:opa_eval_binary.bzl", _opa_eval_binary = "opa_eval_binary")
-load("//opa/private:opa_binary.bzl", _opa_binary = "opa_binary")
+load("//opa/private:opa_library.bzl", _OpaInfo = "OpaInfo", _opa_library = "opa_library")
+load("//opa/private:opa_test.bzl", _opa_test = "opa_test")
+load("//opa/private:opa_toolchain.bzl", _OpacInfo = "OpacInfo", _opa_toolchain = "opa_toolchain")
 
 opa_toolchain = _opa_toolchain
 opa_library = _opa_library
 opa_test = _opa_test
 opa_check = _opa_check
 opa_eval_binary = _opa_eval_binary
+opa_eval = _opa_eval
 opa_binary = _opa_binary
 OpaInfo = _OpaInfo
 OpacInfo = _OpacInfo

opa/private/opa_eval.bzl

@@ -0,0 +1,86 @@
+load(":opa_library.bzl", "OpaInfo")
+
+def _opa_eval_impl(ctx):
+    toolchain = ctx.toolchains["//tools:toolchain_type"].opacinfo
+    out_file = ctx.actions.declare_file(ctx.attr.out)
+
+    if len(ctx.attr.deps) != 1:
+        fail("opa_eval only allow a single deps")
+
+    bundle = ctx.attr.deps[0][OpaInfo].bundle
+    additional_inputs = []
+
+    args = ctx.actions.args()
+
+    args.add(toolchain.opa)
+    args.add("eval")
+    args.add("-b").add(bundle)
+
+    if ctx.attr.partial:
+        args.add("--partial")
+    if ctx.file.input_file:
+        additional_inputs.append(ctx.file.input_file)
+        args.add("--input").add(ctx.file.input_file)
+    if ctx.attr.input:
+        input_file = ctx.actions.declare_file(ctx.label.name + "_input.txt")
+        ctx.actions.write(output = input_file, content = ctx.attr.input)
+        additional_inputs.append(input_file)
+        args.add("--input").add(input_file)
+    if ctx.attr.unknowns:
+        args.add("--unknowns").add(",".join(ctx.attr.unknowns))
+
+    args.add("--format=%s" % (ctx.attr.format))
+    args.add(ctx.attr.query)
+
+    ctx.actions.run_shell(
+        tools = [toolchain.opa],
+        inputs = [bundle] + additional_inputs,
+        outputs = [out_file],
+        arguments = [args],
+        command = "$@ > " + out_file.path,
+    )
+
+    return [
+        DefaultInfo(
+            files = depset([out_file]),
+        ),
+    ]
+
+opa_eval = rule(
+    implementation = _opa_eval_impl,
+    attrs = {
+        "deps": attr.label_list(
+            providers = [OpaInfo],
+            mandatory = True,
+            doc = "The bundle to evaluate",
+        ),
+        "query": attr.string(
+            mandatory = True,
+            doc = "The query to evaluate",
+        ),
+        "out": attr.string(
+            mandatory = True,
+            doc = "Output file name",
+        ),
+        "format": attr.string(
+            default = "json",
+            values = ["json", "values", "bindings", "pretty", "source", "raw"],
+            doc = "The output format (see https://www.openpolicyagent.org/docs/latest/cli/#output-formats)",
+        ),
+        "partial": attr.bool(
+            default = False,
+            doc = "perform partial evaluation",
+        ),
+        "unknowns": attr.string_list(
+            doc = "set paths to treat as unknown during partial evaluation",
+        ),
+        "input": attr.string(
+            doc = "input",
+        ),
+        "input_file": attr.label(
+            allow_single_file = True,
+            doc = "input",
+        ),
+    },
+    toolchains = ["//tools:toolchain_type"],
+)

opa/private/opa_eval_binary.bzl

@@ -5,7 +5,7 @@ def _opa_eval_binary_impl(ctx):
     toolchain = ctx.toolchains["//tools:toolchain_type"].opacinfo
 
     if len(ctx.attr.deps) != 1:
-        fail("opa_binary only allow a single deps")
+        fail("opa_eval_binary only allow a single deps")
 
     bundle = ctx.attr.deps[0][OpaInfo].bundle