Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/chen-keinan/go-opa-validate

go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.
https://github.com/chen-keinan/go-opa-validate

evaluator golang k8s kubernetes opa policy rego

Last synced: 3 months ago
JSON representation

go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.

Host: GitHub
URL: https://github.com/chen-keinan/go-opa-validate
Owner: chen-keinan
License: apache-2.0
Created: 2021-10-02T18:26:18.000Z (about 3 years ago)
Default Branch: master
Last Pushed: 2023-07-03T06:17:08.000Z (over 1 year ago)
Last Synced: 2024-09-28T09:07:32.519Z (3 months ago)
Topics: evaluator, golang, k8s, kubernetes, opa, policy, rego
Language: Go
Homepage:
Size: 339 KB
Stars: 8
Watchers: 2
Forks: 2
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

        [![Go Report Card](https://goreportcard.com/badge/github.com/chen-keinan/opa-policy-validate)](https://goreportcard.com/report/github.com/chen-keinan/opa-policy-validate)

[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/chen-keinan/go-command-eval/blob/master/LICENSE)



[![Gitter](https://badges.gitter.im/beacon-sec/community.svg)](https://gitter.im/beacon-sec/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)





# go-opa-validate

go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.

* [Installation](#installation)

* [Usage](#usage)

* [Contribution](#Contribution)

## Installation

```shell

go install github.com/chen-keinan/go-opa-validate

```

## Usage 

#### (support json and yaml formats)

#### json data example: data.json

```json

{

  "kind": "AdmissionReview",

  "request": {

    "kind": {

      "kind": "Pod",

      "version": "v1"

    },

    "object": {

      "metadata": {

        "name": "myapp"

      },

      "spec": {

        "containers": [

          {

            "image": "hooli.com/mysql",

            "name": "mysql-backend"

          }

        ]

      }

    }

  }

}

```

#### OPA policy example : denyPolicy

```shell

package example

default deny = false

deny {

	some i

	input.request.kind.kind == "Pod"

	image := input.request.object.spec.containers[i].image

	not startswith(image, "hooli.com/")

}

```

Full code example

```go

package main

import (

	"fmt"

	"github.com/chen-keinan/go-opa-validate/validator"

	"io/ioutil"

	"os"

)

func main() {

	data, err := ioutil.ReadFile("./example/data.json")

	if err != nil {

		fmt.Println(err)

		os.Exit(1)

	}

	policy, err := ioutil.ReadFile("./example/denyPolicy")

	if err != nil {

		fmt.Println(err)

		os.Exit(1)

	}

	validateResult, err := validator.NewPolicyEval().EvaluatePolicy([]string{"deny"}, string(policy), string(data))

	if err != nil {

		fmt.Println(err)

		os.Exit(1)

	}

	if len(validateResult) > 0 {

		fmt.Println(fmt.Sprintf("eval result for property %v with value %v",validateResult[0].ExpressionValue[0].Text ,validateResult[0].ExpressionValue[0].Value))

	}

}

```

## Contribution

code contribution is welcome !

contribution with passing tests and linter is more than welcome :)