Open zregvart opened 1 year ago
Hi
Apparently, as you mentioned, it considers the result only for the forms deny[msg] or violation[{"msg": msg}]
What would be the use cases of having rules returning just a boolean?
As far as I can imagine, the following would always fail no matter how the body is evaluated
deny_no_msg2 = true {
false # OR not.input.data.field
}
If it's a need, we'd welcome a PR addressing the issue with the changes you pointed out above
@boranx, the example you provided does not cause a failure. conftest reports it as passed.
I don't have a use case for using a rule that returns just a boolean, but it is quite surprising that it always passes. It is certainly a pitfall for users.
Hello :wave:
Are Rego rules without the
msg
, e.g. ones returning a boolean supported?Given this Rego rule:
When I run
conftest test input.json --all-namespaces
I get:I was expecting that the
*_no_msg
rules that matched would also appear in the output. Perhaps something like:I'm looking at the comment here, and I'm not certain that what is stated there is correct, the
*_no_msg
rules above did returntrue
but were counted towards successes.Perhaps the rules returning a boolean
true
could be considered, for example using something like: