Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add mindev ruletype init to kick off a rule type #5228

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add mindev ruletype init to kick off a rule type #5228

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
188 changes: 188 additions & 0 deletions cmd/dev/app/rule_type/init.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,188 @@
// SPDX-FileCopyrightText: Copyright 2023 The Minder Authors
// SPDX-License-Identifier: Apache-2.0

package rule_type

import (
"errors"
"fmt"
"os"
"path/filepath"
"regexp"

"github.com/spf13/cobra"
)

// CmdInit is the command for initializing a rule type definition
func CmdInit() *cobra.Command {
initCmd := &cobra.Command{
Use: "init",
Short: "initialize a rule type definition",
Long: `The 'ruletype init' subcommand allows you to initialize a rule type definition

The first positional argument is the directory to initialize the rule type in.
The rule type will be initialized in the current directory if no directory is provided.
`,
RunE: initCmdRun,
SilenceUsage: true,
}

initCmd.Flags().StringP("name", "n", "", "name of the rule type")
initCmd.Flags().BoolP("skip-tests", "s", false, "skip creating test files")

if err := initCmd.MarkFlagRequired("name"); err != nil {
fmt.Fprintf(os.Stderr, "Error marking flag as required: %s\n", err)
os.Exit(1)
}

return initCmd
}

func initCmdRun(cmd *cobra.Command, args []string) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about having this operate in a more "wizard" style in terms of prompting for missing data rather than people needing to figure out the flag arguments up front and then getting a file with a bunch of comments to fill in?

name := cmd.Flag("name").Value.String()
skipTests := cmd.Flag("skip-tests").Value.String() == "true"
dir := "."
if len(args) > 0 {
dir = args[0]
}

if err := validateRuleTypeName(name); err != nil {
return err
}

ruleTypeFileName := filepath.Join(dir, name+".yaml")
ruleTypeTestFileName := filepath.Join(dir, name+".test.yaml")
ruleTypeTestDataDirName := filepath.Join(dir, name+".testdata")

if err := assertFilesDontExist(
ruleTypeFileName, ruleTypeTestFileName, ruleTypeTestDataDirName); err != nil {
return err
}

// Create rule type file
if err := createRuleTypeFile(ruleTypeFileName, name); err != nil {
return err
}
cmd.Printf("Created rule type file: %s\n", ruleTypeFileName)

if !skipTests {
// Create rule type test file
if err := createRuleTypeTestFile(ruleTypeTestFileName); err != nil {
return err
}
cmd.Printf("Created rule type test file: %s\n", ruleTypeTestFileName)

// Create rule type test data directory
if err := createRuleTypeTestDataDir(ruleTypeTestDataDirName); err != nil {
return err
}
cmd.Printf("Created rule type test data directory: %s\n", ruleTypeTestDataDirName)
}

return nil
}

func validateRuleTypeName(name string) error {
if name == "" {
return errors.New("name cannot be empty")
}

validName := regexp.MustCompile(`^[a-zA-Z0-9_]+$`)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a different regex from https://github.com/mindersec/minder/blob/main/proto/minder/v1/minder.proto#L2496. Not sure if we want to try to re-use that validation?


// regexp to validate name
if !validName.MatchString(name) {
return errors.New("name must only contain alphanumeric characters and underscores")
}

return nil
}

func assertFilesDontExist(files ...string) error {
for _, file := range files {
if _, err := os.Stat(file); err == nil {

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Odd empty newline here.

return fmt.Errorf("file %s already exists", file)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if you want to check os.IsExist(err) here before returning this error -- there could be a different reason the stat fails, like a missing parent directory.

}
}

return nil
}

func createRuleTypeFile(fileName, name string) error {
return createFileWithContent(fileName, fmt.Sprintf(`---
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It feels like we should use text/template here rather than fmt.Sprintf, particularly if we start to input more data before outputting the rule.

version: v1
release_phase: alpha
type: rule-type
name: %s
display_name: # Display name for the rule type
short_failure_message: # Short message to display when the rule fails
severity:
value: medium
context: {}
description: | # Description of the rule type
guidance: | # Guidance for the rule type. This helps users understand how to fix the issue.
def:
in_entity: repository # The entity type the rule applies to
rule_schema: {}
ingest:
type: git
git:
eval:
type: rego
rego:
type: deny-by-default
def: |
package minder

import rego.v1

default allow := false

allow if {
true
}

message := "This is a test message"
`, name))
}

func createRuleTypeTestFile(fileName string) error {
return createFileWithContent(fileName, `---
tests:
- name: "TEST NAME GOES HERE""
def: {}
params: {}
expect: "pass"
entity: &test-repo
type: repository
entity:
owner: "coolhead"
name: "haze-wave"
# http:
# body_file: HTTP_BODY_FILE
# git:
# repo_base: REPO_BASE_PATH
Comment on lines +161 to +164
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It feels like these could benefit from a bit more documentation in a comment, e.g.

Suggested change
# http:
# body_file: HTTP_BODY_FILE
# git:
# repo_base: REPO_BASE_PATH
# When testing a rule, additional content can be supplied
# from files in the `{{ .RuleName }}.testdata` directory.
# File paths below are relative to this directory.
# http:
# # Input from the `http` ingest type.
# body_file: HTTP_BODY_FILE
# git:
# # Input from the `git` ingest type. Base paths contain
# # directory contents, but do not actually need to be a
# # git repository.
# repo_base: REPO_BASE_PATH

`)
}

func createRuleTypeTestDataDir(dirName string) error {
if err := os.Mkdir(dirName, 0750); err != nil {
return fmt.Errorf("error creating directory %s: %w", dirName, err)
}

return nil
}

func createFileWithContent(fileName, content string) error {
file, err := os.Create(filepath.Clean(fileName))
if err != nil {
return fmt.Errorf("error creating file %s: %w", fileName, err)
}
defer file.Close()

if _, err := file.WriteString(content); err != nil {
return fmt.Errorf("error writing to file %s: %w", fileName, err)
}

return nil
Comment on lines +177 to +187
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we simply use os.WriteFile(fileName, byte[](content), 0644) for this?

}
1 change: 1 addition & 0 deletions cmd/dev/app/rule_type/ruletype.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ func CmdRuleType() *cobra.Command {
rtCmd.AddCommand(CmdTest())
rtCmd.AddCommand(CmdLint())
rtCmd.AddCommand(CmdValidateUpdate())
rtCmd.AddCommand(CmdInit())

return rtCmd
}
Loading