Skip to content

Commit 5be116f

Browse files
author
Trong Nhan Mai
authored
chore: remove running the policy engine when --show-prelude is provided (#270)
Signed-off-by: Trong Nhan Mai <[email protected]>
1 parent 776ba21 commit 5be116f

File tree

2 files changed

+33
-20
lines changed

2 files changed

+33
-20
lines changed

src/macaron/__main__.py

Lines changed: 20 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from macaron.config.target_config import TARGET_CONFIG_SCHEMA
1919
from macaron.output_reporter.reporter import HTMLReporter, JSONReporter, PolicyReporter
2020
from macaron.parsers.yaml.loader import YamlLoader
21-
from macaron.policy_engine.policy_engine import run_policy_engine
21+
from macaron.policy_engine.policy_engine import run_policy_engine, show_prelude
2222
from macaron.slsa_analyzer.analyzer import Analyzer
2323

2424
logger: logging.Logger = logging.getLogger(__name__)
@@ -95,18 +95,25 @@ def verify_policy(verify_policy_args: argparse.Namespace) -> int:
9595
logger.critical("The database file does not exist.")
9696
return os.EX_OSFILE
9797

98-
if not os.path.isfile(verify_policy_args.file):
99-
logger.critical('The policy file "%s" does not exist.', verify_policy_args.file)
100-
return os.EX_OSFILE
98+
if verify_policy_args.show_prelude:
99+
show_prelude(verify_policy_args.database)
100+
return os.EX_OK
101+
102+
if verify_policy_args.file:
103+
if not os.path.isfile(verify_policy_args.file):
104+
logger.critical('The policy file "%s" does not exist.', verify_policy_args.file)
105+
return os.EX_OSFILE
106+
107+
result = run_policy_engine(verify_policy_args.database, verify_policy_args.file)
108+
policy_reporter = PolicyReporter()
109+
policy_reporter.generate(global_config.output_path, result)
101110

102-
result = run_policy_engine(verify_policy_args.database, verify_policy_args.show_prelude, verify_policy_args.file)
103-
policy_reporter = PolicyReporter()
104-
policy_reporter.generate(global_config.output_path, result)
111+
if ("failed_policies" in result) and any(result["failed_policies"]):
112+
return os.EX_DATAERR
105113

106-
if ("failed_policies" in result) and any(result["failed_policies"]):
107-
return os.EX_DATAERR
114+
return os.EX_OK
108115

109-
return os.EX_OK
116+
return os.EX_USAGE
110117

111118

112119
def perform_action(action_args: argparse.Namespace) -> None:
@@ -264,10 +271,11 @@ def main(argv: list[str] | None = None) -> None:
264271

265272
# Verify the Datalog policy.
266273
vp_parser = sub_parser.add_parser(name="verify-policy")
274+
vp_group = vp_parser.add_mutually_exclusive_group(required=True)
267275

268276
vp_parser.add_argument("-d", "--database", required=True, type=str, help="Path to the database.")
269-
vp_parser.add_argument("-f", "--file", required=True, type=str, help="Path to the Datalog policy.")
270-
vp_parser.add_argument("-s", "--show-prelude", required=False, action="store_true", help="Show policy prelude.")
277+
vp_group.add_argument("-f", "--file", type=str, help="Path to the Datalog policy.")
278+
vp_group.add_argument("-s", "--show-prelude", action="store_true", help="Show policy prelude.")
271279

272280
args = main_parser.parse_args(argv)
273281

src/macaron/policy_engine/policy_engine.py

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -139,15 +139,25 @@ def _check_version(database_path: str) -> None:
139139
sys.exit(os.EX_DATAERR)
140140

141141

142-
def run_policy_engine(database_path: str, show_prelude: bool, policy_file: str) -> dict:
142+
def show_prelude(database_path: str) -> None:
143+
"""Show the Datalog prelude for a database and exit.
144+
145+
Parameters
146+
----------
147+
database_path: str
148+
The SQLite database file to show the prelude for.
149+
"""
150+
prelude = get_generated(database_path)
151+
logger.info("\n%s", prelude)
152+
153+
154+
def run_policy_engine(database_path: str, policy_file: str) -> dict:
143155
"""Evaluate a policy based on configuration and exit.
144156
145157
Parameters
146158
----------
147159
database_path: str
148160
The SQLite database file to evaluate the policy against
149-
show_prelude: bool
150-
Just show the policy prelude and exit.
151161
policy_file: str
152162
The policy file to evaluate
153163
@@ -156,11 +166,6 @@ def run_policy_engine(database_path: str, show_prelude: bool, policy_file: str)
156166
dict
157167
The policy engine result.
158168
"""
159-
if show_prelude:
160-
prelude = get_generated(database_path)
161-
logger.info("\n%s", prelude)
162-
return {}
163-
164169
# TODO: uncomment the following line when the check is improved.
165170
# _check_version(database_path)
166171

0 commit comments

Comments
 (0)