santoshdts
Reputation: 33
Rego number of policies evaluated
I am trying to validate some policies using the /opa/rego package.
The policies are evaluated as expected in this script. But, I also want to count the number of rules and the rule names evaluated as well.
I tried accessing the count and rule name as well using len(rego.ResultSet) But, though I am passing two rules, I am getting a count of one.
Here's part of Go script:
import (
...
"github.com/open-policy-agent/opa/rego"
)
<snip>
// Create Rego for query and evaluation
regoQuery := rego.New(
// Rego rule package
// rego.Package("data.dockerfile_validation"),
rego.Query("data.dockerfile_validation"),
// rego policy file
rego.Module("./policy/security.rego", string(regoPolicyCode)),
rego.Input(inputData),
)
// Evaluate the Rego query
rs, err := regoQuery.Eval(context.Background())
// Get the number of policies evaluated by regoQuery
fmt.Printf("Number of policies evaluated by regoQuery: %v\n", len(rs))
The rego policies I am passing are as follows:
package dockerfile_validation
# Enforce a Base Image Prefix with Chainguard images:
untrusted_base_image {
input[i].Cmd == "from"
val := split(input[i].Value, "/")
val[0] == "cgr.dev/chainguard/"
}
# Avoid 'Latest' Tag for Base Images:
latest_base_image {
input[i].Cmd == "from"
val := split(input[i].Value[0], ":")
not contains(lower(val[1]), "latest")
}
Can someone help me on this!
Upvotes: 1
Views: 249
Answers (0)
Related Questions
- OPA REGO deconstructing nested array
- Using OR condition in OPA rego
- Rego: merge arrays from different objects
- Can OPA check all rules individually or these rules have to be combined into one parent rule to make a decision?
- Rego Object matching and comparison
- UTF-8 character support in Rego policies/rules
- Rego Validation Array Compare
- Test Cases for Rego Polices
- Rego object.get with multileve key