Add lint rule, update test rule, add both to CI test rule (#51)

* Add lint rule, update test rule, add both to CI test rule

Signed-off-by: wwwil <[email protected]>

* Update AKS Basic package format and add tests

Signed-off-by: wwwil <[email protected]>

Author: wwwil

Makefile

@@ -71,8 +71,15 @@ bundle-all-platforms:
 
 # Packages
 
-package-test:
-	cd $(ROOT_DIR) && go run ./main.go package test ./preflight-packages/examples.jetstack.io
+packages-lint:
+	cd $(ROOT_DIR) && \
+	go run . package lint $(ROOT_DIR)/preflight-packages/jetstack.io/pods && \
+	go run . package lint $(ROOT_DIR)/preflight-packages/examples.jetstack.io/aks_basic && \
+	go run . package lint $(ROOT_DIR)/preflight-packages/examples.jetstack.io/gke_basic
+
+packages-test:
+	cd $(ROOT_DIR) && \
+	go run . package test $(ROOT_DIR)/preflight-packages/examples.jetstack.io
 
 # Docker image
 
@@ -96,7 +103,7 @@ export PATH:=$(GOPATH)/bin:$(PATH)
 ci-deps:
 	go install golang.org/x/lint/golint
 
-ci-test: ci-deps test lint
+ci-test: ci-deps test lint packages-test packages-lint
 
 ci-build: ci-test build build-docker-image build-all-platforms bundle-all-platforms push-docker-image-canary
 

preflight-packages/examples.jetstack.io/aks_basic/aks.rego

@@ -3,8 +3,8 @@ package aks_basic
 # See https://github.com/jetstack/preflight/blob/master/docs/datagatherers/aks.md for more details
 import input.aks as aks
 
-# Rule 'rbac_enabled'
-default preflight_rbac_enabled = false
-preflight_rbac_enabled {
-        aks.Cluster.properties.enableRBAC == true
+# RBAC Enabled
+rbac_enabled[message] {
+	not aks.Cluster.properties.enableRBAC == true
+	message := "rbac is not enabled"
 }

preflight-packages/examples.jetstack.io/aks_basic/aks_test.rego

@@ -0,0 +1,51 @@
+package aks_basic
+
+assert_allowed(output) = output {
+	trace(sprintf("GOT: %s", [concat(",", output)]))
+	trace("WANT: empty set")
+	output == set()
+}
+
+assert_violates(output, messages) = output {
+	trace(sprintf("GOT: %s", [concat(",", output)]))
+	trace(sprintf("WANT: %s", [concat(",", messages)]))
+	output == messages
+}
+
+cluster(x) = y { y := {"aks": {"Cluster": x }} }
+
+# RBAC Enabled
+test_rbac_enabled_enabled {
+	output := rbac_enabled with input as cluster(
+		{
+			"properties": {
+				"enableRBAC": true
+			}
+		}
+	)
+	assert_allowed(output)
+}
+test_rbac_enabled_disabled {
+	output := rbac_enabled with input as cluster(
+		{
+			"properties": {
+				"enableRBAC": false
+			}
+		}
+	)
+	assert_violates(output,
+		{
+			"rbac is not enabled"
+		}
+	)
+}
+test_rbac_enabled_missing {
+	output := rbac_enabled with input as cluster(
+		{}
+	)
+	assert_violates(output,
+		{
+			"rbac is not enabled"
+		}
+	)
+}