Fregot json unmarshaling behaves differently than unmarshling in OPA.
passbt opened this issue · comments
Bard commented
When I run the command fregot test lib rules tests/rules
I get the error below.
fregot (eval error):
"rules\tf\aws\s3\bucket_policy.rego" (line 17, column 12):
builtin error:
17| policy := json.unmarshal(input.policy)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Expected string but got null
Stack trace:
rule rules.tf_aws_s3_bucket_policy.policy at rules\tf\aws\s3\bucket_policy.rego:22:13
rule rules.tf_aws_s3_bucket_policy.transport_policy at rules\tf\aws\s3\bucket_policy.rego:40:3
rule rules.tf_aws_s3_bucket_policy.allow at tests/rules\tf\aws\s3\bucket_ssl_test.rego:20:7
rule rules.tf_aws_s3_bucket_policy.test_s3_bucket_sse at tests:1:1
Line 17 of bucket_policy.rego looks like: policy := json.unmarshal(input.policy)
When I run the OPA version of the command above my test pass okay:
opa test .\tests\rules\tf\aws\s3 .\rules\ .\lib\
PASS: 2/2`
In case you need it, the structure of input is below.
= {
"id": "aws_s3_bucket.no_policy",
"acl": "private",
"_provider": "aws",
"website": [],
"replication_configuration": [],
"cors_rule": [],
"tags": null,
"bucket_prefix": null,
"policy": null,
"server_side_encryption_configuration": [],
"grant": [],
"object_lock_configuration": [],
"logging": [],
"lifecycle_rule": [],
"_type": "aws_s3_bucket",
"force_destroy": true
}
Policy will either be null
or contain a string of JSON.
I'm running version fregot v0.13.4