search

open-policy-agent / conftest

Write tests against structured configuration data using the Open Policy Agent Rego query language
https://conftest.dev
Other
2.85k stars 303 forks source link

Improper if Usage seems to miss a valid case #934

Closed chriskuchin closed 6 months ago

chriskuchin commented 6 months ago

So this MR made a change it v0.49.0 to flag bad usages of the if keyword.

However I use conftest in my terraform pipelines and rolling to v0.49.0 caused my pipelines to all error with

  • policy_set: regula: conftest: Error: running test: load: loading policies: rule is using 'if' keyword without 'contains' keyword: rule in /opt/policies/regula/rules/tf/aws/security_groups/ingress_11215.rego at line 31

This points to this rule in the regula repository. From my understanding this is not a problem but the regex is failing on this case.

Happy to understand where I misunderstand the problem. I have rolled back to v0.48.0 for now.

FYI @boranx & @jalseth

jalseth commented 6 months ago

This appears to be a bug with a bare deny without the [msg] portion which changes the Rego AST representation.