Open Policy Agent
Combining exit codes and 'defined' string return values from rules #228
Replies: 2 comments 2 replies
-
|
As you've noted, with the Commonly, you'd use |
Beta Was this translation helpful? Give feedback.
-
|
@srenatus thank you for the confirmation. Maybe this limitation could be improved for greater evaluation flexibility? |
Beta Was this translation helpful? Give feedback.
-
|
I guess we could add a feature of some sort; but I wonder if there's no hacky acceptable workaround out there. Like, throw in a |
Beta Was this translation helpful? Give feedback.
-
|
The 'hacky' solution I'm thinking of right now is to grep output and return an exit code from there.
I think that snippet could make it in a CI/CD pipeline. Otherwise a shell script should achieve something similar. We thought about those print statements, but we're going to have a lot of policies and would prefer to avoid death by print statements. |
Beta Was this translation helpful? Give feedback.
-
I want to return a non-zero exit code when my policy fails so that my CI/CD buildspec stops building. I also want to return a string error message from my rule(s).
I noticed the --fail and --fail-defined options for opa eval command. These options seem perfect. However, returning a string
technically isn't 'failing' or returning 'undefined'. So, it seems to me impossible to return a string error message as well as
a non-zero exit code without also sabotaging a good output string and test case.
Am I correct here? Is there any way to get the best of both worlds? I'm still new to Rego
Ex rego file:
input:
{"message": "world"}Running the following command will return a non-zero exit code no matter what
opa eval -i .\input.json -d .\test_rego.rego 'data.play.hello' --fail-defined -f rawSimilarly, the command below won't help because in this case the result is always defined
opa eval -i .\input.json -d .\test_rego.rego 'data.play.hello' --fail -f rawAny help is appreciated
Beta Was this translation helpful? Give feedback.
All reactions