search

open-policy-agent / conftest

Write tests against structured configuration data using the Open Policy Agent Rego query language
https://conftest.dev
Other
2.82k stars 298 forks source link

Jsonnet parser cannot handle relative imports #939

Open coord-e opened 2 months ago

coord-e commented 2 months ago

Jsonnet has an import construct to load other jsonnet files. The following configuration successfully evaluates as follows:

# config/main.jsonnet
local data = import './data.libsonnet';
{
  data: data
}
# config/data.libsonnet
{
  hello: "world"
}
$ jsonnet config/main.jsonnet
{
   "data": {
      "hello": "world"
   }
}

However, conftest cannot handle relative imports (in directories other than .).

$ conftest test config/main.jsonnet
Error: running test: parse configurations: parser unmarshal: evaluate anonymous snippet: RUNTIME ERROR: couldn't open import "./data.libsonnet": no match locally or in the Jsonnet library paths
        1:14-39 thunk <data> from <$>
        3:9-13  object <anonymous>
        Field "data"
        During manifestation
, path: config/main.jsonnet

Although the specification seems not specifying how the import-ed relative paths are resolved, most jsonnet implementations handle these paths as if they're relative to the import-ing file.

We can work around this by jsonnet config/main.jsonnet | conftest test -, but native support is better in context of data.conftest.file support, nicer error reportings, etc.

Version information

$ conftest -v
Conftest: 0.51.0
OPA: 0.63.0
jalseth commented 2 months ago

It seems the current implementation uses the EvaluateAnonymousSnippet function which is likely the reason it does not attempt to import other files. EvaluateFile also exists which likely has the desired behavior but doesn't work well with the conftest's parser interface. Additional investigation and testing will be needed before we can add this.

jalseth commented 2 months ago

After some testing, it looks like the import path in the jsonnet config is relative to $PWD, not main.jsonnet. If you import ./config/data.libsonnet it works as expected.

coord-e commented 2 months ago

it looks like the import path in the jsonnet config is relative to $PWD, not main.jsonnet. If you import ./config/data.libsonnet it works as expected.

that is indeed behavior of conftest's jsonnet parser, but isn't that of the most jsonnet CLI implementation (such as google/go-jsonnet, google/jsonnet, etc). my request is to align conftest's import behavior to accept the exactly same jsonnet configuration as the known existing jsonnet implementation accepts.

jalseth commented 2 months ago

I would welcome a PR.