Rego对象匹配与比较
Rego对象匹配与比较
提问于 2022-05-11 11:27:45
我试图从给定的输入中匹配域键(“example.com”),如果值不相同,则返回一个错误。到目前为止,这就是我所想的,但我似乎无法匹配域密钥,因此测试失败了。如有任何建议,将不胜感激。
OPA政策:
package main
import data.config
default warning_mode = []
warning_mode = config.warn_mode { config.warn_mode }
array_contains(arr, elem) {
arr[_] = elem
}
exception[rules] {
rules := config.exceptions.rules
}
deny_missing_config[msg] {
not config
msg := "Missing configuration file"
}
## Main
aws_ses_dkim[a] {
a := input.resource_changes[_]
a.type == "aws_ses_domain_dkim"
}
aws_ses_domain[e] {
e := input.resource_changes[_]
e.type == "aws_ses_domain_identity"
}
ses_missing_dkim[msg] {
a := aws_ses_dkim[_]
e := aws_ses_domain[_]
walk(a, [["values", "domain"], x])
walk(e, [["values", "domain"], y])
err := x - y
not err == set()
msg := sprintf("Placeholder error", [err, a.address, e.address])
}
## Test Cases
deny_ses_missing_dkim[msg]{
not array_contains(warning_mode, "ses_missing_dkim")
ses_missing_dkim[_] != []
msg := ses_missing_dkim[_]
}
warn_ses_missing_dkim[msg]{
array_contains(warning_mode, "ses_missing_dkim")
ses_missing_dkim[_] != []
msg := ses_missing_dkim[_]
}
test_ses_missing_dkim_invalid {
i := data.mock.invalid_ses_dkim
r1 := warn_ses_missing_dkim with input as i with data.config.warn_mode as []
count(r1) == 0
r2 := warn_ses_missing_dkim with input as i with data.config.warn_mode as ["ses_missing_dkim"]
count(r2) == 1
r3 := deny_ses_missing_dkim with input as i with data.config.warn_mode as []
count(r3) == 1
r4 := deny_ses_missing_dkim with input as i with data.config.warn_mode as ["ses_missing_dkim"]
count(r4) == 0
count(r1) + count(r2) == 1
count(r3) + count(r4) == 1
}
test_ses_missing_dkim_valid {
i := data.mock.ses_dkim
r1 := warn_ses_missing_dkim with input as i with data.config.warn_mode as []
r2 := warn_ses_missing_dkim with input as i with data.config.warn_mode as ["ses_missing_dkim"]
r3 := deny_ses_missing_dkim with input as i with data.config.warn_mode as []
r4 := deny_ses_missing_dkim with input as i with data.config.warn_mode as ["ses_missing_dkim"]
count(r1) + count(r2) + count(r3) + count(r4) == 0
}输入(Terraform ):
"resource_changes":[
{
"address":"aws_ses_domain_dkim.example",
"mode":"managed",
"type":"aws_ses_domain_dkim",
"name":"example",
"provider_name":"registry.terraform.io/hashicorp/aws",
"schema_version":0,
"values":{
"domain":"example.com"
},
"sensitive_values":{
"dkim_tokens":[
]
}
},
{
"address":"aws_ses_domain_identity.example",
"mode":"managed",
"type":"aws_ses_domain_identity",
"name":"example",
"provider_name":"registry.terraform.io/hashicorp/aws",
"schema_version":0,
"values":{
"domain":"example.com"
},
"sensitive_values":{
}
}
]回答 1
Stack Overflow用户
回答已采纳
发布于 2022-05-11 12:08:14
由x函数检索的y和walk值将是字符串,因此err := x - s将无法工作。如果您想要一组值,可以将walk调用包装在一个集合理解中,以获得一组所有值:
ses_missing_dkim[msg] {
a := aws_ses_dkim[_]
e := aws_ses_domain[_]
xs := {x | walk(a, [["values", "domain"], x])}
ys := {y | walk(e, [["values", "domain"], y])}
err := xs - ys
not err == set()
msg := sprintf("Placeholder error", [err, a.address, e.address])
}不过,您可能不需要walk,因为值总是在已知路径上。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/72200237
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号