enterprise-contract · simonbaird · Jan 17, 2025 · Jan 17, 2025 · Jan 17, 2025 · Jan 17, 2025
diff --git a/Makefile b/Makefile
@@ -120,8 +120,15 @@ acceptance: ## Run all acceptance tests
 	cd acceptance && go test -coverprofile "$$ACCEPTANCE_WORKDIR/coverage-acceptance.out" -timeout $(ACCEPTANCE_TIMEOUT) ./... && \
 	go run -modfile "$$ACCEPTANCE_WORKDIR/tools/go.mod" github.com/wadey/gocovmerge "$$ACCEPTANCE_WORKDIR/coverage-acceptance.out" > "$(ROOT_DIR)/coverage-acceptance.out"
 
+# Beware this doesn't produce the code coverage data, so it's not a good replacement for `make acceptance`
+acceptance-steps: build ## Run acceptance tests feature by feature
+	@for f in $$(git ls-files features/*.feature | xargs -n1 -exec basename -s .feature); do
+	  $(MAKE) feature_$$f; \
+	done;
+
 # Add @focus above the feature you're hacking on to use this
 # (Mainly for use with the feature-% target below)
+# Fixme: It does a needless build every time
 .PHONY: focus-acceptance
 focus-acceptance: build ## Run acceptance tests with @focus tag
 	@cd acceptance && go test -tags=acceptance . -args -tags=@focus

diff --git a/acceptance/examples/allow_all.rego b/acceptance/examples/allow_all.rego
@@ -1,4 +1,6 @@
 # Simplest never-failing policy
 package main
 
+import rego.v1
+
 allow := []
diff --git a/acceptance/examples/disallowed_functions.rego b/acceptance/examples/disallowed_functions.rego
@@ -6,8 +6,7 @@
 #   test that certain rego functions are not allowed.
 package policy.capabilities
 
-import future.keywords.contains
-import future.keywords.if
+import rego.v1
 
 # METADATA
 # title: use env var

diff --git a/acceptance/examples/fail_with_data.rego b/acceptance/examples/fail_with_data.rego
@@ -1,5 +1,7 @@
 package main
 
-deny[result] {
+import rego.v1
+
+deny contains result if {
     result := sprintf("Failure due to %s", [data.rule_data.banana_fail_reason])
 }
diff --git a/acceptance/examples/fetch_blob.rego b/acceptance/examples/fetch_blob.rego
@@ -1,8 +1,6 @@
 package blobby
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # custom:

diff --git a/acceptance/examples/filtering.rego b/acceptance/examples/filtering.rego
@@ -6,9 +6,7 @@
 #   showcase the filtering logic with include/exclude/collection.
 package policy.filtering
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # title: always pass

diff --git a/acceptance/examples/future_deny.rego b/acceptance/examples/future_deny.rego
@@ -1,6 +1,8 @@
 package main
 
-deny[{"msg": result, "effective_on": effective_on}] {
+import rego.v1
+
+deny contains {"msg": result, "effective_on": effective_on} if {
     result := "Fails in 2099"
 	effective_on := "2099-01-01T00:00:00Z"
 }
diff --git a/acceptance/examples/gloomy_day.rego b/acceptance/examples/gloomy_day.rego
@@ -1,13 +1,15 @@
 # Provide one always passing rule and one always failing rule
 package gloomy
 
+import rego.v1
+
 # METADATA
 # title: Allow gloomy rule
 # description: This rule will never fail
 # custom:
 #   short_name: happy
 #   failure_msg: Always succeeds
-deny[result] {
+deny contains result if {
     false
     result := "Never fails"
 }
@@ -18,7 +20,7 @@ deny[result] {
 # custom:
 #   short_name: sad
 #   failure_msg: Always fails
-deny[result] {
+deny contains result if {
 	result := {
 		"code": "gloomy.sad",
 		"effective_on": "2022-01-01T00:00:00Z",

diff --git a/acceptance/examples/happy_day.rego b/acceptance/examples/happy_day.rego
@@ -1,6 +1,8 @@
 # Simplest never-failing policy
 package main
 
+import rego.v1
+
 # METADATA
 # title: Allow rule
 # description: This rule will never fail
@@ -10,7 +12,7 @@ package main
 #   solution: Easy
 #   collections:
 #   - A
-deny[result] {
+deny contains result if {
     false
     result := "Never denies"
 }
diff --git a/acceptance/examples/image_config.rego b/acceptance/examples/image_config.rego
@@ -1,17 +1,15 @@
 # Verify image config data from input.
 package image_config
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # title: Image Title Label
 # description: Check if the image has the org.opencontainers.image.title label set.
 # custom:
 #   short_name: image_title_set
 #   failure_msg: Missing image title label
-deny contains err(rego.metadata.rule()) {
+deny contains err(rego.metadata.rule()) if {
     not input.image.config.Labels["org.opencontainers.image.title"]
 }
 
@@ -21,7 +19,7 @@ deny contains err(rego.metadata.rule()) {
 # custom:
 #   short_name: parent_image_title_set
 #   failure_msg: Missing parent image title label
-deny contains err(rego.metadata.rule()) {
+deny contains err(rego.metadata.rule()) if {
     not input.image.parent.config.Labels["org.opencontainers.image.title"]
 }
 
@@ -33,7 +31,7 @@ deny contains err(rego.metadata.rule()) {
 # custom:
 #   short_name: image_distinct_title_set
 #   failure_msg: Image does not have a distinct title
-deny contains err(rego.metadata.rule()) {
+deny contains err(rego.metadata.rule()) if {
     l1 := input.image.config.Labels["org.opencontainers.image.title"]
     l2 := input.image.parent.config.Labels["org.opencontainers.image.title"]
     l1 == l2

diff --git a/acceptance/examples/keyless.rego b/acceptance/examples/keyless.rego
@@ -1,8 +1,6 @@
 package keyless
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # custom:

diff --git a/acceptance/examples/oci_image_files.rego b/acceptance/examples/oci_image_files.rego
@@ -2,7 +2,6 @@ package files
 
 import rego.v1
 
-
 # METADATA
 # custom:
 #   short_name: match

diff --git a/acceptance/examples/olm_manifests.rego b/acceptance/examples/olm_manifests.rego
@@ -1,8 +1,6 @@
 package olm_manifests
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # title: Manifests are there

diff --git a/acceptance/examples/pipeline_basic.rego b/acceptance/examples/pipeline_basic.rego
@@ -1,13 +1,15 @@
 package pipeline.main
 
+import rego.v1
+
 expected_kind := "Pipeline"
 
 # METADATA
 # title: Pipeline kind is expected
 # description: Check that the pipeline is a kind of "Pipeline"
 # custom:
 #   short_name: expected_kind
-deny[result] {
+deny contains result if {
 	expected_kind != input.kind
 	result := "invalid kind"
 }
diff --git a/acceptance/examples/purl.rego b/acceptance/examples/purl.rego
@@ -1,8 +1,6 @@
 package purl
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # custom:

diff --git a/acceptance/examples/reject.rego b/acceptance/examples/reject.rego
@@ -1,9 +1,7 @@
 # Simplest always-failing policy
 package main
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # title: Reject rule

diff --git a/acceptance/examples/rules_with_dependencies.rego b/acceptance/examples/rules_with_dependencies.rego
@@ -1,7 +1,6 @@
 package pkg
 
-import future.keywords.contains
-import future.keywords.if
+import rego.v1
 
 # METADATA
 # custom:

diff --git a/acceptance/examples/trace_debug.rego b/acceptance/examples/trace_debug.rego
@@ -1,7 +1,6 @@
 package main
 
-import future.keywords.contains
-import future.keywords.if
+import rego.v1
 
 # METADATA
 # title: Debug

diff --git a/acceptance/examples/unsupported.rego b/acceptance/examples/unsupported.rego
@@ -1,5 +1,7 @@
 package unsupported
 
-deny {
+import rego.v1
+
+deny if {
     true
 }
diff --git a/acceptance/examples/warn.rego b/acceptance/examples/warn.rego
@@ -1,6 +1,8 @@
 # Simplest always-warning policy
 package main
 
-warn[result] {
+import rego.v1
+
+warn contains result if {
     result := "Has a warning"
 }
diff --git a/acceptance/examples/with_annotations.rego b/acceptance/examples/with_annotations.rego
@@ -1,11 +1,13 @@
 package policy.release.kitty
 
+import rego.v1
+
 # METADATA
 # title: Kittens
 # description: Fluffy
 # custom:
 #   short_name: purr
 #
-deny[result] {
+deny contains result if {
     result := "Meow"
 }
diff --git a/acceptance/go.mod b/acceptance/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/fatih/color v1.17.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/gkampitakis/ciinfo v0.3.0 // indirect
 	github.com/gkampitakis/go-diff v1.3.2 // indirect
@@ -120,7 +120,7 @@ require (
 	github.com/google/safetext v0.0.0-20240722112252-5a72de7e7962 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect
 	github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
@@ -162,6 +162,7 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
+	github.com/open-policy-agent/opa v1.0.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
@@ -171,7 +172,7 @@ require (
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
-	github.com/prometheus/client_golang v1.20.2 // indirect
+	github.com/prometheus/client_golang v1.20.5 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.58.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
@@ -215,27 +216,31 @@ require (
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	go.mongodb.org/mongo-driver v1.16.1 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
-	go.opentelemetry.io/otel v1.29.0 // indirect
-	go.opentelemetry.io/otel/metric v1.29.0 // indirect
-	go.opentelemetry.io/otel/trace v1.29.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
+	go.opentelemetry.io/otel v1.33.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect
+	go.opentelemetry.io/otel/metric v1.33.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.33.0 // indirect
+	go.opentelemetry.io/otel/trace v1.33.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.4.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.32.0 // indirect
 	golang.org/x/mod v0.21.0 // indirect
 	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/oauth2 v0.24.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.29.0 // indirect
 	golang.org/x/term v0.28.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.6.0 // indirect
+	golang.org/x/time v0.8.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/api v0.196.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
-	google.golang.org/grpc v1.67.0 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect
+	google.golang.org/grpc v1.69.2 // indirect
+	google.golang.org/protobuf v1.35.2 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect