fix(resources): files domain support for resources auditing

config.json

@@ -0,0 +1,5 @@
+{
+  "server": {
+      "protocol": "https"
+  }
+}

src/pkg/domains/files/files.go

@@ -2,6 +2,7 @@ package files
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io/fs"
 	"os"
@@ -20,6 +21,8 @@ type Domain struct {
 func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error) {
 	var workDir string
 	var ok bool
+	var errs error
+	tmpDRs := make(map[string]interface{})
 	if workDir, ok = ctx.Value(types.LulaValidationWorkDir).(string); !ok {
 		// if unset, assume lula is working in the same directory the inputFile is in
 		workDir = "."
@@ -28,6 +31,7 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 	// see TODO below: maybe this is a REAL directory?
 	dst, err := os.MkdirTemp("", "lula-files")
 	if err != nil {
+		// allow returning on error here?
 		return nil, err
 	}
 
@@ -58,7 +62,11 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 		file := filepath.Join(workDir, fi.Path)
 		relname, err := copyFile(dst, file)
 		if err != nil {
-			return nil, fmt.Errorf("error writing local files: %w", err)
+			// Assign empty data value for reporting purposes
+			tmpDRs[fi.Name] = map[string]interface{}{}
+			filenames[file] = fi.Name
+			errs = errors.Join(errs, fmt.Errorf("error writing local files: %w", err))
+			continue
 		}
 
 		// and save this info for later
@@ -68,23 +76,32 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 	// get a list of all the files we just downloaded in the temporary directory
 	files, err := listFiles(dst)
 	if err != nil {
-		return nil, fmt.Errorf("error walking downloaded file tree: %w", err)
+		errs = errors.Join(errs, fmt.Errorf("error walking downloaded file tree: %w", err))
+		return tmpDRs, errs
 	}
 
 	// conftest's parser returns a map[string]interface where the filenames are
 	// the primary map keys.
+	// need to test this to understand the outcomes on a single file error on the return values
 	config, err := parser.ParseConfigurations(files)
+	// Copy values over to the temporary domain resources
+	for k, v := range config {
+		tmpDRs[k] = v
+	}
 	if err != nil {
-		return nil, err
+		errs = errors.Join(errs, err)
+		return tmpDRs, errs
 	}
 
 	// clean up the resources so it's using the filepath.Name as the map key,
 	// instead of the file path.
-	drs := make(types.DomainResources, len(config)+len(unstructuredFiles)+len(filesWithParsers))
-	for k, v := range config {
+	drs := make(types.DomainResources, len(tmpDRs)+len(unstructuredFiles)+len(filesWithParsers))
+	for k, v := range tmpDRs {
 		rel, err := filepath.Rel(dst, k)
 		if err != nil {
-			return nil, fmt.Errorf("error determining relative file path: %w", err)
+			errs = errors.Join(errs, fmt.Errorf("error determining relative file path: %w", err))
+			drs[k] = v
+			continue
 		}
 		drs[filenames[rel]] = v
 	}
@@ -102,7 +119,8 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 			file := filepath.Join(workDir, fi.Path)
 			relname, err := copyFile(parserDir, file)
 			if err != nil {
-				return nil, fmt.Errorf("error writing local files: %w", err)
+				drs[fi.Name] = map[string]interface{}{}
+				errs = errors.Join(errs, fmt.Errorf("error writing local files: %w", err))
 			}
 
 			// and save this info for later
@@ -112,7 +130,8 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 		// get a list of all the files we just downloaded in the temporary directory
 		files, err := listFiles(parserDir)
 		if err != nil {
-			return nil, fmt.Errorf("error walking downloaded file tree: %w", err)
+			errs = errors.Join(errs, fmt.Errorf("error walking downloaded file tree: %w", err))
+			return drs, errs
 		}
 
 		parsedConfig, err := parser.ParseConfigurationsAs(files, parserName)
@@ -123,7 +142,9 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 		for k, v := range parsedConfig {
 			rel, err := filepath.Rel(parserDir, k)
 			if err != nil {
-				return nil, fmt.Errorf("error determining relative file path: %w", err)
+				errs = errors.Join(errs, fmt.Errorf("error determining relative file path: %w", err))
+				drs[filenames[k]] = v
+				continue
 			}
 			drs[filenames[rel]] = v
 		}
@@ -136,12 +157,14 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 		path := filepath.Clean(filepath.Join(workDir, f.Path))
 		b, err := os.ReadFile(path)
 		if err != nil {
-			return nil, fmt.Errorf("error reading source files: %w", err)
+			errs = errors.Join(errs, fmt.Errorf("error reading source files: %w", err))
+			drs[path] = ""
+			continue
 		}
 		drs[f.Name] = string(b)
 	}
 
-	return drs, nil
+	return drs, errs
 }
 
 // IsExecutable returns false; the file domain is read-only.

test.json

@@ -0,0 +1,7 @@
+{
+  "config": {
+    "server": {
+      "protocol": "https"
+    }
+  }
+}

validation.yaml

@@ -0,0 +1,37 @@
+domain:
+  type: file
+  file-spec:
+    filepaths:
+    - Name: config
+      path: config.json
+provider:
+  type: opa
+  opa-spec:
+    rego: |
+      package validate
+      import rego.v1
+
+      # Default values
+      default validate := false
+      default msg := "Not evaluated"
+      
+      validate if {
+        check_server_protocol.result
+      }
+      msg = check_server_protocol.msg
+      
+      config := input["config"]
+      protocol := config.server.protocol
+      
+      check_server_protocol = {"result": true, "msg": msg} if {
+        protocol == "https"
+        msg := "Server protocol is set to https"
+      } else = {"result": false, "msg": msg} if {
+        protocol == "http"
+        msg := "Server Protocol must be https - http is disallowed"
+      }
+
+    output:
+      validation: validate.validate
+      observations:
+        - validate.msg